Who likes vulnerabilities in appliances from security vendors? Everyone loves appliance vulnerabilities! If, by 'everyone', you mean various ransomware and APT groups of course (and us).

Regular watchTowr-watchers (meta-towr-watchers?) will remember our…

Researchers at Aqua Nautilus found that 8.2% percent of the most downloaded npm packages are officially deprecated, but the real number is much larger.

Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords.

Introduction With the recent rise and adoption of artificial intelligence technologies, open-source frameworks such as TensorFlow are prime targets for attackers seeking to conduct software supply chain attacks. Over the last several years, Praetorian engineers…

⚠️This appears to be an ongoing campaign. Since publication, additional packages have been released tied to this threat actor. See the IOCs below.

On January 12, 2024 Phylum’s automated risk detection platform alerted us to a suspicious publication on npm.…

When designing authentication systems, it’s common practice to implement backup mechanisms so users can easily regain access to their…

On October 19, 2023, Okta notified its customers of a security breach involving unauthorized access to their support system. This incident occurred when an external party obtained and misused Okta's support service account credentials. The investigation by…

Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indicator matches. - joeavanzato/LogBoost

A Golang package for scanning private and public IPs for open TCP ports 👁️ - CyberRoute/scanme

This post contains the cryptographically-signed BusKill warrant canary #007 for January 2023 to January 2024.

Explore AsyncRAT inner workings. Learn unique decryption techniques to enhance your cybersecurity skills today!

The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations. More specifically, these users have the SeBackupPrivi…

Advisory ID: usd-2023-0046 | Product: Gambio | Vulnerability Type: Deserialization of Untrusted Data (CWE-502)

Summary A vulnerability exists in WifiKey’s AC Gateway allowing remote attackers to trigger a pre-auth RCE vulnerability in the product allowing complete compromise of the device. Credit An independent security researcher working with SSD Secure Disclosure.…

How to escalate privileges on an EC2 instance by abusing user data.

[Confluence] CVE-2023-22527 realworld poc. Contribute to VNCERT-CC/CVE-2023-22527-confluence development by creating an account on GitHub.

[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…

Export Controls are laws and regulations that govern the transfer or disclosure of goods, technology and funds originating in one country to persons or entities based or having citizenship in another country. This applies even if the regulated items are not…

A technical analysis of the Cactus Ransomware malware