Defend yourself against tracking and surveillance. Circumvent censorship.

CVE-2023-38346 is a directory traversal vulnerability in Wind River's tarExtract function in VxWorks discovered by Pentagrid during a penetration test and source code review.

Explore this post and more from the netsec community

Dissecting DarkGate’s new key log encryption and tools to decrypt key log files

Crawlector is a threat hunting framework designed for scanning websites for malicious objects. - MFMokbel/Crawlector

The recent discontinuation of the JavaScript code virtualization tool “vm2” sounds the alarm for under-maintained open source packages. This post discusses the factors that led to its discontinuation and what can be done to save “isolated-vm”, the best alternative…

Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers an XSS vulnerability in Tutanota Desktop and how it can be prevented.

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property…

Chase online; credit cards, mortgages, commercial banking, auto loans, investing & retirement planning, checking and business banking.

Multiple memory corruption vulnerabilities were discovered in the LibHDF5 library including heap overflow, use-after-free and stack exhaustion.

A couple of weeks ago I published a post about changes in Android 14 that fundamentally break existing approaches to installing system-level…

Finnish law enforcement authorities have announced the dismantling of PIILOPUOTI, a shady online marketplace that specialized in illegal drug trafficking

Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image…

In a regular threat and vulnerability hunting activity, SOCRadar has discovered during their research that thousands of DICOM servers were...

Group-IB analysts discovered and analyzed a cryptojacking campaign on a popular educational resource using Group-IB Managed XDR.

Visual studio code tunnel Introduction Since July 2023, Microsoft is offering the perfect reverse shell, embedded inside Visual Studio Code, a widely used …

Mandos Brief, Week 38 2023: Microsoft's 38TB data leak, Cisco's acquisition of Splunk, LastPass's new security measures, and OpenAI's Red Teaming Network.