Summary IP.Board e-commerce plugin ‘nexus’ contains two security vulnerabilities that when combined can be used to trigger a pre-auth RCE in AdminCP. Credit An independent security researcher, Egidio Romano from Karma(In)Security, working with SSD Secure…

hauditor is a tool designed to analyze the security headers returned by a web page. - trap-bytes/hauditor

evilginx3 + gophish. Contribute to fin3ss3g0d/evilgophish development by creating an account on GitHub.

Cookies – small files created by sites you visit – are fundamental to the modern web. They make your online experience easier by saving bro...

BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it

An OSINT / digital forensics tool built in Python. Contribute to 6abd/horus development by creating an account on GitHub.

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

Cyber Security Consultancy based in Denmark that specializes in offensive security.

Customized CVE FEED Notifier. Contribute to dark-warlord14/CVENotifier development by creating an account on GitHub.

A security researcher spotted numerous vulnerabilities in the Invision Community software that risked the corresponding e-commerce websites. While the vendors patched one of the two flaws, the other still remains a zero-day despite public disclosure. Multiple

Public disclosure of a vulnerability in AWS Amplify which exposed IAM roles associated with Amplify projects to be assumed by anyone in the world.

Progressing through certifications, developing as a red teamer, breaking into Bug Bounty — many steps along my security journey have been difficult. One of the easiest things I’ve done was breach M…

Journal of Computer Virology and Hacking Techniques - Web applications play a crucial role in modern businesses, offering various services and often exposing sensitive data that can be enticing to...

An OSINT / digital forensics tool built in Python. Contribute to 6abd/horus development by creating an account on GitHub.

Wireless and hardware security expertise, Penetration tests, Mobile security, Trainings, Software-Defined Radio Hacking, Vulnerability research

Legit Security | How to Reduce the Risk of Using External AI Models in Your SDLC. Understand how AI models add risk and how to address it.

Delinea Secret Server is a privileged access management (PAM) solution that helps organizations secure, manage, and monitor privileged…

Welcome to April 2024, again. We’re back, again.

Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.

We’ve seen all the…

This blog covers 2 vulnerabilities discovered by Rhino Security Labs in Kemp LoadMaster load balancers: CVE-2024-2448 and CVE-2024-2449.