Delinea Secret Server is a privileged access management (PAM) solution that helps organizations secure, manage, and monitor privileged…

Welcome to April 2024, again. We’re back, again.

Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.

We’ve seen all the…

This blog covers 2 vulnerabilities discovered by Rhino Security Labs in Kemp LoadMaster load balancers: CVE-2024-2448 and CVE-2024-2449.

Update (April 19): Yilei Chen announced the discovery of a bug in the algorithm, which he does not know how to fix. This was independently discovered by Hongxun Wu and Thomas Vidick. At present, th…

Update (April 19): Yilei Chen announced the discovery of a bug in the algorithm, which he does not know how to fix. This was independently discovered by Hongxun Wu and Thomas Vidick. At present, th…

Learn how to identify, mitigate, and protect your AI/LLM from jailbreak attacks. This guide helps secure your AI applications from vulnerabilities and reputational damage.

Introduction
Recently, I reported a “Pwn Request” vulnerability in Google’s Flank repository. Flank is described as a “Massively parallel Android and iOS test runner for Firebase Test Lab” and is an official Google open source project.

The vulnerability…

A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).

Overview

Cloud Console Cartographer is an open-source tool that is built to help security teams distill the noise of events generated in cloud logs by activity in AWS console. Could Console Cartographer maps the myriad of events generated in cloud logs to a consolidated…

Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Win...

Hey there, let's dive deep into the world of password sniffing and understand how hackers operate to steal sensitive information like login credentials.

Various one-off pentesting projects written in Nim. Updates happen on a whim. - RePRGM/Nimperiments

A story of curiosity, experimentation, development, million euro deal, fraudsters, abandonment and revitalization.
From the inception of the F/OSS Arachni WebAppSec scanner to the opening of Ecsypno’s doors with its flagship product Codename SCNR.

A modern, versatile, high-performace, modular, scalable and easy to integrate WebAppSec DAST scanner.

Explore the Codename SCNR DAST/IAST web application security scanner and our F/OSS projects.

MalStatWare automates malware analysis with Python. Extract key details like file size, type, hash, path, and digital signature. It analyzes headers, APIs, and strings, giving quick insights for th...

AppView is an open source instrumentation utility for any application, regardless of its runtime, with no code modification required. Collect only the data you need for full observability of your applications, systems and infrastructure.

Good morning!