Customized CVE FEED Notifier. Contribute to dark-warlord14/CVENotifier development by creating an account on GitHub.

A security researcher spotted numerous vulnerabilities in the Invision Community software that risked the corresponding e-commerce websites. While the vendors patched one of the two flaws, the other still remains a zero-day despite public disclosure. Multiple

Public disclosure of a vulnerability in AWS Amplify which exposed IAM roles associated with Amplify projects to be assumed by anyone in the world.

Progressing through certifications, developing as a red teamer, breaking into Bug Bounty — many steps along my security journey have been difficult. One of the easiest things I’ve done was breach M…

Journal of Computer Virology and Hacking Techniques - Web applications play a crucial role in modern businesses, offering various services and often exposing sensitive data that can be enticing to...

An OSINT / digital forensics tool built in Python. Contribute to 6abd/horus development by creating an account on GitHub.

Wireless and hardware security expertise, Penetration tests, Mobile security, Trainings, Software-Defined Radio Hacking, Vulnerability research

Legit Security | How to Reduce the Risk of Using External AI Models in Your SDLC. Understand how AI models add risk and how to address it.

Delinea Secret Server is a privileged access management (PAM) solution that helps organizations secure, manage, and monitor privileged…

Welcome to April 2024, again. We’re back, again.

Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.

We’ve seen all the…

This blog covers 2 vulnerabilities discovered by Rhino Security Labs in Kemp LoadMaster load balancers: CVE-2024-2448 and CVE-2024-2449.

Update (April 19): Yilei Chen announced the discovery of a bug in the algorithm, which he does not know how to fix. This was independently discovered by Hongxun Wu and Thomas Vidick. At present, th…

Update (April 19): Yilei Chen announced the discovery of a bug in the algorithm, which he does not know how to fix. This was independently discovered by Hongxun Wu and Thomas Vidick. At present, th…

Learn how to identify, mitigate, and protect your AI/LLM from jailbreak attacks. This guide helps secure your AI applications from vulnerabilities and reputational damage.

Introduction
Recently, I reported a “Pwn Request” vulnerability in Google’s Flank repository. Flank is described as a “Massively parallel Android and iOS test runner for Firebase Test Lab” and is an official Google open source project.

The vulnerability…

A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).

Overview

Cloud Console Cartographer is an open-source tool that is built to help security teams distill the noise of events generated in cloud logs by activity in AWS console. Could Console Cartographer maps the myriad of events generated in cloud logs to a consolidated…

Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Win...