Introduction When fuzzing large-scale applications, using a single server (even with 4 64-core AMD Ryzen CPUs) may not be powerful enough by itself. That’s where parallelized/distributed fuzzing comes in (i.e. automatic sharing of results between fuzzing…

IT-Sicherheit beim elektronischen Gesundheitsdossier im Fürstentum Liechtenstein

Due to a recent Google change, MFA isn't truly MFA.

Learn about VulnCheck's development of an exploit for CVE-2023-36845, leading to stealthy code execution on Juniper firewalls, while also assessing the prevalence of unpatched systems in the wild.

AMBERSQUID is a cloud-native cryptojacking operation that leverages AWS services and can cost victims more than $10,000/day.

Defend yourself against tracking and surveillance. Circumvent censorship.

CVE-2023-38346 is a directory traversal vulnerability in Wind River's tarExtract function in VxWorks discovered by Pentagrid during a penetration test and source code review.

Explore this post and more from the netsec community

Dissecting DarkGate’s new key log encryption and tools to decrypt key log files

Crawlector is a threat hunting framework designed for scanning websites for malicious objects. - MFMokbel/Crawlector

The recent discontinuation of the JavaScript code virtualization tool “vm2” sounds the alarm for under-maintained open source packages. This post discusses the factors that led to its discontinuation and what can be done to save “isolated-vm”, the best alternative…

Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers an XSS vulnerability in Tutanota Desktop and how it can be prevented.

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property…

Chase online; credit cards, mortgages, commercial banking, auto loans, investing & retirement planning, checking and business banking.

Multiple memory corruption vulnerabilities were discovered in the LibHDF5 library including heap overflow, use-after-free and stack exhaustion.

A couple of weeks ago I published a post about changes in Android 14 that fundamentally break existing approaches to installing system-level…

Finnish law enforcement authorities have announced the dismantling of PIILOPUOTI, a shady online marketplace that specialized in illegal drug trafficking