Homebrew had a security audit performed in 2023. This audit was funded by the Open Technology Fund and conducted by Trail of Bits. Trail of Bits’ report contained 25 items, of which 16 were fixed, 3 are in progress, and 6 are acknowledged by Homebrew’s maintainers.…

Get ready to discover the power of osquery and osctrl, your dynamic duo for advanced system monitoring and security.

During research on the Vestaboard web platform, the Rhino Security Labs research team identified three vulnerable instances of Broken Access Controls.

515K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to…

Introduction Several times in my enterprise security career I experienced challenges when it came to security defect/vulnerability handling and management. When I joined eBay in 2006, the security team was fairly small and I recall filing a cross-site noscripting…

I recently received my ZimaCube: a NAS from IceWhale, the same company behind the ZimaBlade, ZimaBoard and most notably CasaOS, a UI to manage docker applications.

Why write this?

Oligo Security's research team recently disclosed the “0.0.0.0 Day” vulnerability. This vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network

About WordPress As of 2024, WordPress powers 43% of all websites in the internet. 474 million websites run WordPress software and one or more out of 70 000 plugins. Unfortunately, as history shows, many WordPress plugins, even popular ones, often contain…

Tony Hawk's Pro Strcpy: A game save and RCE exploit for the Tony Hawk game series that can be used to hack Xbox, Playstation 2, Gamecube, and Xbox 360 consoles.

Claroty Team82 is publishing details of our research into Unitronics' integrated PLCs/HMIs, which began on the heels of numerous critical infrastructure attacks that were disclosed last fall, in particular at water treatment facilities in the United States…

This blog post takes a look at the years where eBPF was one of the kernel subsystems that grabbed the attention of a lot of security researchers. We will tell the story of how we discovered CVE-2023-2163, what our root-cause analysis process looked like,…

Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them. In this paper, I'll unleash novel attack concepts to coax out server secrets

VPN exploitations traditionally has been primarily for initial access. Ori David shows just how much more can be done maliciously post-exploit.

Black Hat USA is a great outlet for sharing lessons learned after the CrowdStrike incident.

Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall…

Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856) - securelayer7/CVE-2024-38856_Scanner

The recursive internet scanner gets an upgrade