An open database of salaries in the InfoSec / Cybersecurity space.

Is Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >

A recent advisory from the U.K. National Cyber Security Centre (NCSC) and international partners details the recently developed tactics...

What can an attacker do if they can edit Terraform state? The answer should be 'nothing' but is actually 'take over your CI/CD pipeline'.

As a continuation in our series of penetration testing stories (who doesn’t love those) we bring you MouseJacking (With Flipper Zero). Check out the first blog post in the series here here. In this engagement, we were successfully able to compromise a network…

Identifies bad bytes from static analysis with any Anti-Virus scanner. - MultSec/MultCheck

The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new…

Analysis of the Enterprise SAST/DAST product landscape - bcdannyboy/EnterpriseSASTDASTProductLandscape

An EBPF based IP4/IPv6 firewall with integrations for OpenZiti edge-routers and tunnellers - netfoundry/zfw

Introduction

TL;DR The Google developer documentation includes CSP examples which use domain wildcards (which have been widely cut & pasted), and additionally there are numerous endpoints within the Google eTLDs which are vulnerable to Javanoscript XSS.

Use Guardio's checker tool to find out if your domain has been compromised by SubdoMailers

In February 2024, Falco graduated within the Cloud Native Computing Foundation (CNCF). Graduation marks an important milestone for a journey...

Buffer Overflow Demonstration on Exploiting Easy RM to MP3 Converter

LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities. - sea-erkin/log-snare

Click to read the article on phrack