Introduction
Hello, I’m RyotaK (@ryotkak
), a security engineer at Flatt Security Inc.
A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt
on my router.1 After accessing the LuCI, which is the web interface of OpenWrt…

Android Static Analysis is a foundational approach to identifying vulnerabilities in applications without executing them. This blog provides insight into the tools and techniques required for effective analysis. What is Android Static Analysis: Android static…

TL;DR Blockfence recently discovered a rug pull scam carried out through the Telegram group “NoLiquids”, where the scammers promoted fake tokens that

Posted by Brave_State_4859 - 0 votes and 0 comments

Mastering OWASP API Testing: A Visual Guide to Testing OWASP Top 10 API Security with vAPI & real world examples. Learn expert techniques.

The first step to attacking any target is conducting reconnaissance, or simply put, gathering information about the target. Reconnaissance…

On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian’s data, we reconstructed deleted commits, connecting the dots with the initial analysis. This investigation highlights the value of GitGuardian’s…

The blog post examines methods for hacking AI-native applications by detailing vulnerabilities discovered while building KachraCraft, a 3D design generation tool, including techniques for revealing system prompts, executing server-side request forgery (SSRF)…

Fixing security vulnerabilities in a timely manner is more complicated than you realize.

A look into how an unexpectedly weak PRNG in Dart led to Zellic's discovery of multiple vulnerabilities

We were having a nice uneventful week at watchTowr, when we got news of some ransomware operators using a zero-day exploit in Cleo MFT software - namely, LexiCom, VLTransfer, and Harmony - applications that many large enterprises rely on to share files securely.…

Messenger is used by hundreds of millions of people globally, and as of December 2023, it has adopted end-to-end encryption (E2EE) by default for chats and calls. However, when a group chat is created, it initially does not use E2EE. Interestingly, non-E2EE…

Join Deep Instinct Security Researcher Eliran Nissan as he exposes a powerful new DCOM lateral movement attack that remotely writes custom payloads to create an embedded backdoor.

Team82's research of Ruijie Networks’ cloud and device ecosystem uncovered 10 vulnerabilities that would allow an attacker to execute arbitrary code on every cloud-connected device. Team82 also developed an attack called Open Sesame that allows an attacker…

An analysis of CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway.

A homemade SSPM framework to uncover SaaS security risks

Our findings highlight that at least 336,000 servers expose their Prometheus servers and exporters to the internet