TETRA:BURST is a collection of five vulnerabilities, two of which are deemed critical, affecting the Terrestrial Trunked Radio (TETRA) standard used globally by law enforcement, military, critical infrastructure, and industrial asset owners in the power,…

Embedding Scalable Vector Graphics (SVG) can expose websites to code injection. This article explores how SVGs work, the risks they pose, and how to mitigate them.

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers...

This post discusses security concerns and two vulnerabilities in Harmony and oByte, two browser extensions that serves as a cryptocurrency software wallet.

WebPalm is a powerful command-line tool for website mapping and web scraping. With its recursive approach, it can generate a complete tree of all webpages and their links on a website. It can also ...

Application security issues found by Assetnote

By Maciej Domanski Trail of Bits is thrilled to announce the Testing Handbook, the shortest path for developers and security professionals to derive maximum value from the static and dynamic analys…

While popular, GitHub-to-AWS keyless authentication mechanisms can be insecurely configured.

A free tamper-proof tool designed for hackers to record and preserve Proof-of-Hacks (PoH)

Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference room solution…

Lightweight WhoIs client. Contribute to xeptagondev/xep-whois development by creating an account on GitHub.

Rust implementation of lazy_importer. Contribute to kkent030315/razy_importer development by creating an account on GitHub.

A huge Zen 2 leak requires a patch.

Rapid7 is tracking CVE-2023-27997, a purportedly critical remote code execution (RCE) vulnerability in Fortigate SSL VPN firewalls.

Discovered at the end of 2022, SpyNote is now executing an extensive campaign against multiple European customers of different banks. Read the technical analysis to know all his functionalities and how to prevent it.

Enhanced version of secretsdump.py from Impacket. Adds multi-threading and accepts an input file with a list of target hosts for simultaneous secrets extraction. - GitHub - fin3ss3g0d/secretsdump.p...

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets - Legit-Labs/legitify

A catalog of methods to maintain access to the AWS control plane.

A technical write-up for a cross-site request forgery vulnerability present in some Debug Adapter Protocol implementations. The Debug Adapter Protocol is used by VS Code and other development tools to debug programs. The write-up details the vulnerability…