Picture this: a feature from a security appliance that willingly dispatches its password hashes to any device on the network. That is precisely what WatchGuard's SSO does under certain circumstances. Does a bad feature warrant filing a CVE? I'm not sure.

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...

For too long, web race condition attacks have focused on a tiny handful of scenarios. Their true potential has been masked thanks to tricky workflows, missing tooling, and simple network jitter hiding

A technical blog

CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.

author : pad, x.com/123456 i just stumbled into a skiptracing/ssn doxing service on fiverr wow and it inspired me to write a second post on doxing that is relevant in 2023. the skiptracing/ssn platform in question on fiverr is called tloxp - a tool used by…

Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.

ipapi.is offers precise IP data via a user-friendly API, encompassing geolocation, ASN data, hosting detection, VPN detection, and proxy detection.

The Wi-Fi network scanning functionality of the D-Link DAP-X1860 range extender is susceptible to remote command injection. Attackers who create a Wi-Fi network with a crafted SSID in range of the extender can run shell commands during the setup process or…

Shifting organisations from traditional point-in-time security assessments to a holistic view of overall security requires an innovative approach to cyber security assessments.

Air Europa leaks credit card information and advices passengers to call their banks and cancel payment cards.

Update your NGINX configuration to mitigate a possible denial-of-service attack implemented on the server-side portion of the HTTP/2 specification.

Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet.

New research into an (legacy) extension for Microsoft Endpoint Configuration Manager/SCCM/ConfigMgr reveal new attack paths for Active Directory domain compromise or elevation of privileges.

Google Cloud stopped the largest known DDoS attack to date, which exploited HTTP/2 stream multiplexing using the new “Rapid Reset” technique.

Malware packages found on PyPI stealing cloud credentials from unsuspecting developers.

ipapi.is offers precise IP data via a user-friendly API, encompassing geolocation, ASN data, hosting detection, VPN detection, and proxy detection.

Posted by sanitybit - 42 votes and no comments

Posted by Vegetable_Machine_45 - 108 votes and 27 comments

A detailed repository of vulnerabilities that I discovered in The Squid Caching Proxy.