The Wi-Fi network scanning functionality of the D-Link DAP-X1860 range extender is susceptible to remote command injection. Attackers who create a Wi-Fi network with a crafted SSID in range of the extender can run shell commands during the setup process or…

Shifting organisations from traditional point-in-time security assessments to a holistic view of overall security requires an innovative approach to cyber security assessments.

Air Europa leaks credit card information and advices passengers to call their banks and cancel payment cards.

Update your NGINX configuration to mitigate a possible denial-of-service attack implemented on the server-side portion of the HTTP/2 specification.

Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet.

New research into an (legacy) extension for Microsoft Endpoint Configuration Manager/SCCM/ConfigMgr reveal new attack paths for Active Directory domain compromise or elevation of privileges.

Google Cloud stopped the largest known DDoS attack to date, which exploited HTTP/2 stream multiplexing using the new “Rapid Reset” technique.

Malware packages found on PyPI stealing cloud credentials from unsuspecting developers.

ipapi.is offers precise IP data via a user-friendly API, encompassing geolocation, ASN data, hosting detection, VPN detection, and proxy detection.

Posted by sanitybit - 42 votes and no comments

Posted by Vegetable_Machine_45 - 108 votes and 27 comments

A detailed repository of vulnerabilities that I discovered in The Squid Caching Proxy.

Microsoft recently found and patched a vulnerability in the Microsoft Kernel streaming service. Learn more here.

Ghostnoscript is the backbone of document processing for a lot of web apps and programs. If you have never heard of Ghostnoscript yet, you still have very likely already used it a lot through various programs such as PDF viewers, office suites or …

Hacking the Cosmos SDK via the watchdog process manager Cosmovisor.

Background As blank smartcards supporting Java Card 3.0.4 become increasingly available, it is becoming popular to use projects like SmartPGP to create homemade OpenPGP Cards to store OpenPGP private keys.

PWK V1

PWK V1 LIST: ,Disclaimer: The boxes that are contained in this list should be used as a way to get started, to build your practical skills, or brush up on any weak points that you may have in your pentesting methodology. This list is not a substitute…

We present the steps that can lead you to another variation of an OS command injection vulnerability (CVE-2023-4249) in multiple Zavio IP camera models.

A Wi-Fi deauthentication attack, also known as a "deauth attack" or "disassociation attack," is a type of denial-of-service that targets wireless networks. The primary goal of this attack is to disconnect or deauthenticate devices (such as smartphones, laptops…

Posted by ijk_xyz2 - 6 votes and no comments