A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets…

Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution.

GitHub Gist: instantly share code, notes, and snippets.

The AI-powered capabilities in Security Advisor will help streamline the process for ThreatDown administrators to access crucial information.

WallEscape vulnerability in util-linux. Contribute to skyler-ferrante/CVE-2024-28085 development by creating an account on GitHub.

Cybersecurity experts are warning that zero-day exploits, which can be used to compromise devices before anyone is aware they’re vulnerable, have become more common as nation-state hackers and cybercriminals find sophisticated ways to carry out their attacks.

By Oleg Zaytsev (Guardio Labs)

Over the past few years, we’ve seen a huge increase in the adoption of identity security  solutions. Since these types of solutions help protect against a whole range of password-guessing and...

Physical implants in turnstiles, replay attacks, and a brief introduction to the Wiegand protocol



Disclaimer
This Security Advisory is provided on an "as is" basis and do not imply any kind of guarantee or warranty. Your use of the information in this…

Today, we are releasing a new tool called SharpConflux, a .NET application built to facilitate Confluence exploration. It allows Red Team operators to easily investigate Confluence instances with the goal of finding credential material and documentation relating…

The Leading Security Assessment Framework for Android. - ReversecLabs/drozer

On 26 March 2024, Phylum’s automated risk detection platform picked up yet another typosquat campaign targeting some attackers’ favorite targets in PyPI. As of writing, this attack still appears to be active and has come in two big waves after about a 20…

By Oriol Castejón Overview This post discusses a use-after-free vulnerability, CVE-2024-0582, in io_uring in the Linux kernel. Despite the vulnerability being patched in the stable kernel in December 2023, it wasn’t ported to Ubuntu kernels for over two months…

Bref Security Audit, sponsored by Amazon Web Services (AWS), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.

Security research on GPTs and LLMs has only just begun. It’s already become a meme to force customer service chatbots to start programming…

In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams.
The first stage of his DevSecOps program: vulnerability management.

A detail guide on how to capture the flag using return oriented programming buffer overflow challenge on ROP Emporium.

Discover what cyber deception is, how it works, and why organizations need it to detect, mislead, and stop attackers effectively.

In this blog post, we’ll go over the construction and tuning of a few Semgrep rules I created while looking at a Ruby on Rails application. Semgrep is a powerful code analysis tool, and while there are a fair number of community rules, the default rules don’t…