Surprisingly often, implementations include functionality where user input is passed to dangerous functions like PHP’s eval() - despite clear warnings. Often, devs are somewhat aware of this danger and attempt to sanitize the input, but this approach …

Black Lotus Labs uncovered a zero-day exploit in Versa Director servers. Learn its impact on SD-WAN security and how to mitigate threats.

In just three Sunday afternoons, I discovered 14 CVEs - and you can too! CVE hunting is more accessible than many realise, and the methodology outlined here requires only a bit of coding knowledge.

Introduction Nothing special here. Got some free time to play around and decided to explore a free VPN from android play store in hopes to find something interesting, solve some riddle and just have fun. For this experiment I chose “BD NET VPN”. It is freely…

Vtiger CRM <= 8.1.0 has a SQL injection vulnerability in the MailManager module.

Vtiger CRM <= 8.1.0 does not correctly check user's privileges. A low-privileged user can interact directly with the `Migration` administrative module to disable arbitrary modules in the instance.

How one security product crippled the world because of bad programming

Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser

We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.

The Jenkins team released an advisory (CVE-2024-43044) for an arbitrary file read vulnerability that allows an agent to be able to read files

Introduction There is a push to use LLMs in all aspects of software engineering, far beyond merely generating code snippets. This push includes integration with code repositories and build systems.…

Clutch - Resources Stay informed with the latest insights, trends, and updates on the Non-Human Identity landscape

Using WPA-Enterprise with EAP-SIM to authenticate against a network using SIM cards

“Launch the Polaris The end doesn’t […]

Deep Linux runtime visibility meets Wireshark. Contribute to aquasecurity/traceeshark development by creating an account on GitHub.

Whether you are in charge of deciding what Cloud solution to choose for your organization or you are a Security Professional trying to decide what Cloud technology to learn, when it comes to choosi…

CVE-2024-37084 is a critical security vulnerability in Spring Cloud Skipper, specifically related to how the application processes YAML input. The vulnerability arises from the use of the standard...