This is the very first article that I am publishing on this blog, I wanted to share this experience with folks that are passionate like myself about Security at 360 degrees and also share my thought …

Posted by Good_Till_970 - 2 votes and 12 comments

Key Takeaways In February 2023, we detected an intrusion that was initiated by a user downloading and executing a file from a SEO-poisoned search result, leading to a Gootloader infection. Around n…

Our Clean Code solution, SonarCloud, led us to a severe security issue in the popular Content Management System Joomla.

An open redirect vulnerability exists in the remains of Google Web Light service, which is being actively exploited in multiple phishing campaigns. Google decided not to fix it, so it might be advisable to block access to the Web Light domain in corporate…

By Nati Tal, Oleg Zaytsev (Guardio Labs)

A technique to find the Account ID of a private S3 bucket.

In the evolving landscape of cybersecurity, adversaries are continually seeking innovative methods to bypass traditional security measures. One such method gaining traction is the use of QR codes. At first glance, QR codes appear as benign tools for quick…

Advanced CyberChef techniques using Registers, Regex and Flow Control

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Two new WiFi vulnerabilities allow hackers to trick you into connecting to fake hotspots and steal your data, and join secure networks without the password.

An open database of salaries in the InfoSec / Cybersecurity space.

Is Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >

A recent advisory from the U.K. National Cyber Security Centre (NCSC) and international partners details the recently developed tactics...

What can an attacker do if they can edit Terraform state? The answer should be 'nothing' but is actually 'take over your CI/CD pipeline'.