During the pandemic I took up Bluetooth (BT) sniffing as a way to get out of the house. I didn’t know what was out there for BT devices, but it felt important to know what the implications were of the new over-the-air, no-auth, cross-device, firmware-level…

We identified Pre-auth RCE vulnerabilities in Canon printers (CVE-2023-0853, CVE-2023-0854) and also discovered Pre-auth RCE flaws in HP printers, which led to our achievement of the Master of Pwn noscript at Pwn2Own Toronto 2022. This article will detail the…

Unveil the best open source malware analysis tools to bolster your cybersecurity. Learn about their key features, functions, and how they work.

Reveal Security Issues in your Most Critical Systems.

“When hackers tell me it’s so […]

Kubernetes is essentially a framework of various services that make up its typical architecture, which can be divided into two roles: the control-plane, which serves as a central control hub and ho…

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

MBS does not have evidence so far that the personal information has been misused. Read more at straitstimes.com.

Session Hijacking Visual Exploitation. Contribute to doyensec/Session-Hijacking-Visual-Exploitation development by creating an account on GitHub.

You're out for a stroll and spot a house with its front door wide open. Out of concern, you try to inform the owner about the door. Unexpectedly, the owner snaps back, insisting the door is shut. This is a story about the worst vulnerability disclosure process…

The Israel-ISISHamas conflict has recently seen an alarming shift from traditional battlegrounds to sophisticated cyber warfare.

We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers common risks and attack surfaces so you know what to expect when using it.

This post details the process of exploiting CVE-2023-32782 in PRTG to gain remote code execution.

Nautilus researchers evaluated the disclosure process of open-source projects and found flaws that allowed harvesting the vulnerabilities before patched

masscan with exclusive excludes. Contribute to acidvegas/avoidr development by creating an account on GitHub.

In the realm of cybersecurity, Advanced Persistent Threat (APT) groups continue to evolve and adapt, often employing innovative techniques…

All sufficiently big public package registries are a mess full of malware, name squatting, and drama:
crates.io has a single user owning names like “any”, “bash”, and “class”. npmjs.com had a drama with left-pad when a single maintainer of a single one-liner…

The Kitchen Sink is a name of Bluetooth Low Energy (BLE) attack that sends random advertisement packets that targets iOS, Android, and Windows devices the same time in the vicinity. The attack is called “Kitchen Sink” because it tries to send every possible…

The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate