A couple of weeks ago I published a post about changes in Android 14 that fundamentally break existing approaches to installing system-level…

Finnish law enforcement authorities have announced the dismantling of PIILOPUOTI, a shady online marketplace that specialized in illegal drug trafficking

Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image…

In a regular threat and vulnerability hunting activity, SOCRadar has discovered during their research that thousands of DICOM servers were...

Group-IB analysts discovered and analyzed a cryptojacking campaign on a popular educational resource using Group-IB Managed XDR.

Visual studio code tunnel Introduction Since July 2023, Microsoft is offering the perfect reverse shell, embedded inside Visual Studio Code, a widely used …

Mandos Brief, Week 38 2023: Microsoft's 38TB data leak, Cisco's acquisition of Splunk, LastPass's new security measures, and OpenAI's Red Teaming Network.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

I’ve recently been looking into iRacing, which is an online racing simulation video game.

Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately 30 seconds, it is noteworthy that the process of discovering and crafting the exploit chain consumed…

Using the open source programs/platform, anyone can scan millions of public buckets at once using certain keywords. Typically, buckets...

In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More

CVE: CVE-2023-38831: A New WinRar Vulnerabilty A remote code execution when the user attempts to view a benign file within a ZIP archive. The issue occurs because a) ZIP archive may include a...

Today, we are proud to announce the beta version of SocketSleuth, our new Burp Suite extension for performing security testing against WebSocket-based applications. SocketSleuth was created out of our security research group to aid in our security research…

Dynamic-Static binary instrumentation framework on top of GDB - GitHub - tin-z/GDBleed: Dynamic-Static binary instrumentation framework on top of GDB

Join us on a DNS debugging deep dive, starting from bisecting the problem to reproducing the issue and finding a fix.

The "Common Vulnerabilities and
Exposures" (CVE) system was launched late
in the previous century (September 1999) to track vulnerabilities in
software. Over the years since, it has had a somewhat checkered
reputation, along with some some attempts to
replace…

Telemetry provides the most advanced search and analytics capabilities for telegram data