An analysis of CVE-2023–0872, CVE-2023–40315 & more

All information about Ledger's Connect Kit attack. This suspected “supply chain attack” may leave dapp users open to loss of funds.

IDA Pro plugin for query based searching within the binary useful mainly for vulnerability research. - Accenture/VulFi

How many programmers does it take to filter out 36 characters? You may think this is an opening to a joke, but it’s not.

The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, ZAP, Nuclei, SkipFish, and Wapiti. - OSTEsayed/OSTE-Meta-Scan

Today I’m publicizing a Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization. The vulnerability is easy…

Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164") - dwisiswant0/cve-2023-50164-poc

Introducing a novel technique for e-mail spoofing

This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In early November…

Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities

Log4Shell was proclaimed one of the most critical vulnerabilities, but in this blog, VulnCheck challenges that perspective, revealing the limited number of vulnerable systems still present two years after the initial disclosure.

The story of CVE-2023-6483, my first CVE and biggest security disclosure yet.

We found a serious error in Microsoft’s Attack Simulator program. Without a fix, it would have turned into a real phishing attack platform circumventing all protection mechanisms.

Algosec helps to securely accelerate application delivery by automating application connectivity and security policy across the hybrid network estate.

### Impact
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use th...

In part 1 of this two-part series, Akamai researchers explore two new Windows vulnerabilities that could lead to remote code execution against Outlook clients.