Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.

TyphoonCon conference and training focus on highly technical offensive security topics.
The event is organized by SSD Secure Disclosure.

security measures, policies that we do for literal namesakes

How to achieve a working remote code execution exploit in an embedded phone without any previous access.

Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments. - GitHub - BC-SECURITY/Moriarty: Mor...

MFA was supposed to solve our security problems, so why do attackers keep getting around it?

In our latest blog post, we introduce coverage-guided fuzzing with a brief denoscription of fundamentals and a demonstration of how modifying program instrumentation can be used to more easily track down the source of vulnerabilities and identify interesting…

Unauthenticated privilege escalation in Horacius (Identity and Access Management) - CVE-2024-29417: a security software vulnerability allows for local privilege escalation, even when Windows is locked.



Disclaimer
This Security Advisory is provided on an…

Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 live credentials are currently leaking publicly on Postman for a…

Legit Security | Dependency Confusion Vulnerability Found in an Archived Apache Project. Get details on the Legit research team's discovery of a dependency confusion vulnerability in an archived Apache project.

Malware Campaign Exploiting Antivirus Updates

Explore the art of automating and visually demonstrating API vulnerabilities you've identified using Postman Workflows.

How to provide secure temporary production access to Azure objects, production networks and cloud infrastructure using Azure Privileged Identity Management.

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

A sandbox escape for Judge0

I was invited to a private bug bounty program of a tech company, one of the biggest tech companies in its country. The scope was pretty…

Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was …

Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?

This article takes an uncommon approach to security articles. Insteading of suggesting ways to enhance your application’s security, this…