CVE-2024-1403 Progress OpenEdge Authentication Bypass Deep-Dive and Indicators of Compromise. This blog details the authentication bypass which allows an unauthenticated attacker to access the OpenEdge platform as an administrator.

VMware has released security patches for four vulnerabilities in ESXi, Workstation, and Fusion. Critical flaws CVE-2024-22252 and CVE-2024-22253, use-after-free vulnerabilities in the XHCI USB controller, could lead to code execution. Additionally, CVE-2024…

Lord Nemesis, an Iranian hacktivist group, breaches Rashim Software and its Israeli academic clients in a supply chain attack. Learn about the attack, the risks posed by third-party vendors, and how organizations can strengthen their defenses against politically…

CloudGrappler is an open-source tool that is purpose-built for querying high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure.

Earn $10,000 on bugbounty with this little trick!

Explore how GitHub Actions can be leveraged to rotate IP addresses during password spraying attacks to bypass IP-Based blocking such as Entra Smart lockout.

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing user's session in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution.…

A highly unusual leak last month of internal documents from a private contractor linked to China's government and police revealed the sordid wheeling and dealing that takes place behind the scenes in China's hacking industry.

Personal blog of Julien (jvoisin) Voisin

A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries. - thiagopeixoto/winsos-poc

I will show you how to install and run it on non-rooted Android device using Termux app. This brings convenience of analyzing Android apps directly on device

Learning how to use Trusted Platform Modules (TPMs)

Overview CVE-2024–23897 is a critical vulnerability discovered in Jenkins, with a high CVSS score of 9.8. This vulnerability allows the attacker to read files in the system through the integrated...

NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.

Read about Introduction to LLM Security

CVE-2024-28084 Patched in Inet Wireless Daemon 2.16

A BrainF*ck Inspired Shell Obfuscation Proof-of-Concept - CyberSecurityN00b/shellfeck

In part two of this Team82 series, we examine practical and theoretical attacks against operational technology (OT) through the use of a virtual factory environment. The attacks range in sophistication and present defenders with an opportunity to threat model…