The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations. More specifically, these users have the SeBackupPrivi…

Advisory ID: usd-2023-0046 | Product: Gambio | Vulnerability Type: Deserialization of Untrusted Data (CWE-502)

Summary A vulnerability exists in WifiKey’s AC Gateway allowing remote attackers to trigger a pre-auth RCE vulnerability in the product allowing complete compromise of the device. Credit An independent security researcher working with SSD Secure Disclosure.…

How to escalate privileges on an EC2 instance by abusing user data.

[Confluence] CVE-2023-22527 realworld poc. Contribute to VNCERT-CC/CVE-2023-22527-confluence development by creating an account on GitHub.

[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…

Export Controls are laws and regulations that govern the transfer or disclosure of goods, technology and funds originating in one country to persons or entities based or having citizenship in another country. This applies even if the regulated items are not…

A technical analysis of the Cactus Ransomware malware

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

CVE-2024-0204 Fortra GoAnywhere MFT Deep-Dive and Indicators of Compromise. This blog details the authentication bypass which allows an unauthenticated attacker to add an administrative user to the application.

Developers should be using OpenAI roles to mitigate LLM prompt injection, while pentesters are missing vulnerabilities in LLM design.

15 cybersecurity MCQ questions to practice and improve your knowledge in cybersecurity with practicepedia. improve your knowledge

Our security team scanned 189.5M URLs and found more than 18,000 exposed API secrets. Explore the methodology.

Yet another security platform being pwned by trivial vulnerabilities (CVE-2024-22107 & CVE-2024-22108)

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

Paxton Access is a UK-based company specialising in access control solutions. Their products cater to a wide range of security needs in various sectors, including commercial, educational, and healthcare facilities.One of the key products from Paxton Access…

Summary Chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000). Due to recent attack surface changes in Zyxel, the chain described…

For the past eight months, Trail of Bits has worked with the Python Cryptographic Authority to build cryptography-x509-verification, a brand-new, pure-Rust implementation of the X.509 path validation algorithm that TLS and other encryption and authentication…