On October 19, 2023, Okta notified its customers of a security breach involving unauthorized access to their support system. This incident occurred when an external party obtained and misused Okta's support service account credentials. The investigation by…

Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indicator matches. - joeavanzato/LogBoost

A Golang package for scanning private and public IPs for open TCP ports 👁️ - CyberRoute/scanme

This post contains the cryptographically-signed BusKill warrant canary #007 for January 2023 to January 2024.

Explore AsyncRAT inner workings. Learn unique decryption techniques to enhance your cybersecurity skills today!

The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations. More specifically, these users have the SeBackupPrivi…

Advisory ID: usd-2023-0046 | Product: Gambio | Vulnerability Type: Deserialization of Untrusted Data (CWE-502)

Summary A vulnerability exists in WifiKey’s AC Gateway allowing remote attackers to trigger a pre-auth RCE vulnerability in the product allowing complete compromise of the device. Credit An independent security researcher working with SSD Secure Disclosure.…

How to escalate privileges on an EC2 instance by abusing user data.

[Confluence] CVE-2023-22527 realworld poc. Contribute to VNCERT-CC/CVE-2023-22527-confluence development by creating an account on GitHub.

[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…

Export Controls are laws and regulations that govern the transfer or disclosure of goods, technology and funds originating in one country to persons or entities based or having citizenship in another country. This applies even if the regulated items are not…

A technical analysis of the Cactus Ransomware malware

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

CVE-2024-0204 Fortra GoAnywhere MFT Deep-Dive and Indicators of Compromise. This blog details the authentication bypass which allows an unauthenticated attacker to add an administrative user to the application.

Developers should be using OpenAI roles to mitigate LLM prompt injection, while pentesters are missing vulnerabilities in LLM design.

15 cybersecurity MCQ questions to practice and improve your knowledge in cybersecurity with practicepedia. improve your knowledge

Our security team scanned 189.5M URLs and found more than 18,000 exposed API secrets. Explore the methodology.