I recently received my ZimaCube: a NAS from IceWhale, the same company behind the ZimaBlade, ZimaBoard and most notably CasaOS, a UI to manage docker applications.

Why write this?

Oligo Security's research team recently disclosed the “0.0.0.0 Day” vulnerability. This vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network

About WordPress As of 2024, WordPress powers 43% of all websites in the internet. 474 million websites run WordPress software and one or more out of 70 000 plugins. Unfortunately, as history shows, many WordPress plugins, even popular ones, often contain…

Tony Hawk's Pro Strcpy: A game save and RCE exploit for the Tony Hawk game series that can be used to hack Xbox, Playstation 2, Gamecube, and Xbox 360 consoles.

Claroty Team82 is publishing details of our research into Unitronics' integrated PLCs/HMIs, which began on the heels of numerous critical infrastructure attacks that were disclosed last fall, in particular at water treatment facilities in the United States…

This blog post takes a look at the years where eBPF was one of the kernel subsystems that grabbed the attention of a lot of security researchers. We will tell the story of how we discovered CVE-2023-2163, what our root-cause analysis process looked like,…

Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them. In this paper, I'll unleash novel attack concepts to coax out server secrets

VPN exploitations traditionally has been primarily for initial access. Ori David shows just how much more can be done maliciously post-exploit.

Black Hat USA is a great outlet for sharing lessons learned after the CrowdStrike incident.

Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall…

Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856) - securelayer7/CVE-2024-38856_Scanner

The recursive internet scanner gets an upgrade

We discovered critical vulnerabilities in six AWS services that range between RCE, full account takeover, manipulation and more.

[ 繁體中文版本 | English Version ] Hey there! This is my research on Apache HTTP Server presented at Black Hat USA 2024. Additionally, this research will also be presented at HITCON and OrangeCon. If you

This innovative tool ensures precision and convenience without the need for soldering, circuit inspe

Stay updated with the latest in Cyber Security, InfoSec, Cryptography, Online Privacy, Hacking, Vulnerability and Threat Research. Discover top news, podcasts, and expert insights, all aggregated in one place