0x01 PrefaceHere is the explicit denoscription about Spring Kafka deserialization vulnerability in Vmware security bulletin. Reference https://spring.io/security/cve-2023-34040 According to the descrip

The article covers the concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.

Introduction When fuzzing large-scale applications, using a single server (even with 4 64-core AMD Ryzen CPUs) may not be powerful enough by itself. That’s where parallelized/distributed fuzzing comes in (i.e. automatic sharing of results between fuzzing…

IT-Sicherheit beim elektronischen Gesundheitsdossier im Fürstentum Liechtenstein

Due to a recent Google change, MFA isn't truly MFA.

Learn about VulnCheck's development of an exploit for CVE-2023-36845, leading to stealthy code execution on Juniper firewalls, while also assessing the prevalence of unpatched systems in the wild.

AMBERSQUID is a cloud-native cryptojacking operation that leverages AWS services and can cost victims more than $10,000/day.

Defend yourself against tracking and surveillance. Circumvent censorship.

CVE-2023-38346 is a directory traversal vulnerability in Wind River's tarExtract function in VxWorks discovered by Pentagrid during a penetration test and source code review.

Explore this post and more from the netsec community

Dissecting DarkGate’s new key log encryption and tools to decrypt key log files

Crawlector is a threat hunting framework designed for scanning websites for malicious objects. - MFMokbel/Crawlector

The recent discontinuation of the JavaScript code virtualization tool “vm2” sounds the alarm for under-maintained open source packages. This post discusses the factors that led to its discontinuation and what can be done to save “isolated-vm”, the best alternative…

Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers an XSS vulnerability in Tutanota Desktop and how it can be prevented.