Mirth Connect, by NextGen HealthCare, versions prior to 4.4.1 are vulnerable to an unauthenticated RCE vulnerability, CVE-2023-43208.

Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this vulnerability […]

Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password). - AleksaMCode/WiFi-password-stealer

Article describing an alternative method to trigger shellcode execution

This is a write-up of a vulnerability that I discovered in Windows. The vulnerability was patched in December’s Patch Tuesday, and the CVE assigned to it is CVE-2023-36003. The vulnerability allows a non-elevated process to inject a DLL into an elevated or…

Did you have a good break? Have you had a chance to breathe? Wake up.

It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and…

Revolutionizing Digital Asset Security with the DeRec Alliance 🌐 🔐 #DeRecAlliance #DigitalAssetSecurity #Hedera & #Algorand

A Golang package for scanning private and public IPs for open TCP ports 👁️ - CyberRoute/scanme

Major changes were made to the organization of this repo, with the library backhand now being separated from
the backhand-cli package, which is used to install unsquashfs, replace, and add.
backhan...

I successfully exploited a critical misconfiguration vulnerability in GitHub’s actions/runner images repository. I gained control over build agents used by the repository, accessed secrets, a…

OSTE WLA automate the process of analyzing web server logs with the Python Web Log Analyzer. - OSTEsayed/OSTE-Web-Log-Analyzer

Attribute-Based Access Control (ABAC)
The Definitive Guide to Attribute-Based Access Control (ABAC)
Attribute-based access control (ABAC) has emerged as the next-gen technology for secure access to business-critical data. The complexities of today’s

A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development needs. Outside of the risk of from …

SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your associated domain account.

Organizations are rushing to integrate Large Language Models (LLMs) in order to improve their online customer experience. This exposes them to web LLM ...

A vulnerable API on Toyota Tsusho Insurance Broker India’s premium calculator website exposed Microsoft corporate cloud credentials.

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

Who likes vulnerabilities in appliances from security vendors? Everyone loves appliance vulnerabilities! If, by 'everyone', you mean various ransomware and APT groups of course (and us).

Regular watchTowr-watchers (meta-towr-watchers?) will remember our…