A September paper, soon hushed up, shows Chinese researchers may have discovered a class of quantum-annealing algorithm capable of attacking cryptography in a novel way

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.

We uncovered a security issue related to the AWS Cloud Development Kit (CDK), covering over 38,000 account IDs, identified where users were susceptible.

We know that cloud attacks happen very quickly. Our 2024 global threat year-in-review, the third annual threat report from the Sysdig Threat Research Team

I explain how it is possible to locate Google and Apple smartphones legally by misusing device unique Advertising ID and stream of data collected by advertising plugins. These plugins are part of thousands of popular and legitimate apps.

Summary A vulnerability in the Common Log File System (CLFS) driver allows a local user to gain elevated privileges on Windows 11. The vulnerability is in the CClfsBaseFilePersisted::WriteMetadataBlock function, and is due to return value of ClfsDecodeBlock…

Some time ago, while reading up on new CSS features, I asked myself: Is it possible to leak the entire content of an HTML text node only using CSS? The answer is yes! Well, kinda. I found a technique

I discovered multiple vulnerabilities in RtsPer.sys, an SD card reader driver developed by Realtek. These vulnerabilities enable non-privileged users to leak the contents of kernel pool and kernel stack, write to arbitrary kernel memory, and, the most interesting…

So we all know about the ChatGPT4 code execution capability. Now the question is can I execute a little bit offensive code like running netstat to see internal connections? I tried to run ‘ne…

Linux Kernel N-day Exploit/Analysis. Contribute to MaherAzzouzi/LinuxKernel-nday development by creating an account on GitHub.

Lexmark decided to frustrate vulnerability researchers last minute. Let’s have a look at their new root filesystem encryption.

Using Akamai's Guardicore Segmentation platform.

The world of cybersecurity is as dynamic as it is perilous, with threats looming around every digital corner. The recent surge in cyber attacks has amplified concerns…

The Computer Emergency Response Team of India (CERT-In) issued an advisory listing more than dozen ways how the online scams are being perpetrated by fraudsters in the country, including "digital arrest" to dupe people by stealing their money and private…

Clink on my like for quick response

Because we can!

Adventures in Responsible Disclosure

As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of...

An open database of salaries in the InfoSec / Cybersecurity space.