In the ever-evolving landscape of cybersecurity threats, one name has increasingly become synonymous with stealth and precision: RedLine Stealer. This malicious software, often referred to as a Tro…

File transfer is a critical component in post-exploitation, penetration testing, and red teaming. Different environments require specific…

Ongoing supply chain attack targets Puppeteer users with malicious npm packages.

Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce…

A Malware Scarecrow for Windows 10/11 with a user-friendly touch. - Babyhamsta/Malcrow

While everyone was waiting on news for the successor of the Nintendo Switch, Nintendo released the Alarmo. A small plastic alarm clock that ...

Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large L...

FAQ recently we faced jtagulator out of stock, do you alternative

In this blog post, we describe new techniques to dump files in PHP leveraging filters, and a tool that does it, lightyear.

As launched in the v25 version as a feature preview, the sessions are stored in the database. This means that during a migration, from the 25 to 26 migration, you will not lose your sessions anymore.

Why did the HTTP security headers go to therapy? They had major 'insecurity' issues!HTTP headers are an integral part of the Hypertext Transfer Protocol (HTTP), the foundation of data communication on the World Wide Web. HTTP headers are lines of additional…

Three Buddy Problem – Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, […]

Discover Cleafy's in-depth analysis of a new Android banking Trojan campaign, ToxicPanda, initially linked to TgToxic. Our findings reveal a sophisticated fraud operation targeting European and LATAM banks, using On-Device Fraud (ODF) tactics to execute account…

Web Application Firewalls (WAFs) help to protect web applications by monitoring, filtering, and blocking HTTP traffic to and from a web service. However, WAFs are too often relied upon as...

Binary Security has found several vulnerabilities in Azure API Management (APIM) over the years. These can, among other things, be exploited to escalate privileges from a Reader role to gaining full control of the APIM service. After receiving our reports…

Personal blog of Julien (jvoisin) Voisin