A deep dive into macOS malware this year.

At least eight U.S. telecom firms and dozens of nations have been tied up in the unprecedented Salt Typhoon attack, according to new details from U.S. officials.

Note This is another attempt in my Android Side Quest (the previous one was Android’s CVE-2020-0238). Intro While digging around through my old gadgets, I found my ancient OnePlus phone that had been gathering dust in a drawer.

Azure CLI was vulnerable to a registry server confusion attack in it’s Azure Container Registry (ACR) module. If an attacker controls the value of the registry name, they can leak the token of the principal, scoped to the ARM API at https://management.azure.com/…

Did I ever tell you what the definition of insanity is? Insanity is doing the exact… same ******* thing… over and over again expecting… **** to change… That. Is. Crazy.Far Cry 3 Intro The peripheral device industry has once again sacrificed security in the…

Apres-Cyber Slopes Summit is a Cybersecurity conference event with trainings and briefings at a ski-in/ski-out resort located within the Canyons Village at Park City Utah, the largest ski resort in the USA. Focused on cybersecurity leaders (e.g. CISOs) and…

BSidesSLC Utah's local Cybersecurity Community. Learn, Train, Compete, and Network. For the people, by the people!

A Real-World Case Study, How I Took Over an Entire Application Using a Classic XSS Vulnerability.

Introduction
Hello, I’m RyotaK (@ryotkak
), a security engineer at Flatt Security Inc.
A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt
on my router.1 After accessing the LuCI, which is the web interface of OpenWrt…

Android Static Analysis is a foundational approach to identifying vulnerabilities in applications without executing them. This blog provides insight into the tools and techniques required for effective analysis. What is Android Static Analysis: Android static…

TL;DR Blockfence recently discovered a rug pull scam carried out through the Telegram group “NoLiquids”, where the scammers promoted fake tokens that

Posted by Brave_State_4859 - 0 votes and 0 comments

Mastering OWASP API Testing: A Visual Guide to Testing OWASP Top 10 API Security with vAPI & real world examples. Learn expert techniques.

The first step to attacking any target is conducting reconnaissance, or simply put, gathering information about the target. Reconnaissance…

On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian’s data, we reconstructed deleted commits, connecting the dots with the initial analysis. This investigation highlights the value of GitGuardian’s…

The blog post examines methods for hacking AI-native applications by detailing vulnerabilities discovered while building KachraCraft, a 3D design generation tool, including techniques for revealing system prompts, executing server-side request forgery (SSRF)…

Fixing security vulnerabilities in a timely manner is more complicated than you realize.

A look into how an unexpectedly weak PRNG in Dart led to Zellic's discovery of multiple vulnerabilities