Craft CMS is one of the most popular PHP-based CMSes globally, boasting over 150,000 sites worldwide. This blog post details a pre-authentication RCE vulnerability affecting Craft CMS versions below 4.13.1 and 5.5.1.

TL;DR Reflected input is often unexploitable because the attack ends up in a place which stops it working, such as inside a quoted attribute.

A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.

Summary A vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. The specific…

CISA's new directive mandates federal agencies secure cloud environments by 2025, introducing SCuBA tools for monitoring and reducing cyberattack surf

Fortinet patches critical flaws in FortiWLM and FortiManager. CVE-2023-34990 risks sensitive data, while CVE-2024-48889 enables command injection.

Join the AI Security group at https://www.linkedin.com/groups/14545517 for more similar content.

Discover how a code review uncovered a JWT algorithm confusion vulnerability (CVE-2024-54150). Learn key insights to enhance your security skills and spot vulnerabilities effectively.

The paper “An Overview of Catastrophic AI Risks” by the Center for AI Safety delves into how advanced AI systems introduce critical cybersecurity challenges. (Join the AI Security group at…

Amazon Web Services (AWS) outlines a structured approach for incident response in Generative AI workloads, emphasizing both response…

Team82 has researched a malware sample called IOCONTROL linked to an Iran-based attack group used to target IoT and OT civilian infrastructure in the U.S. and Israel.

In this episode of Mind the Machine, host Florencio Cano talks about the concept of agentic AI, exploring what makes AI systems capable of autonomously performing tasks and the unique security challenges they present.
While agentic AI can revolutionize industries…

A while ago, I reached out to Mats, the creator behind the YouTube channel Topfvollgold, offering my help with data scraping. I thought it might be useful for his projects and mentioned that I’d be happy to assist if the need ever arose.
Recently, Mats reached…

Introduction: The Art of Non-Intrusive Web Recon
Hello, I’m pizzacat83 (@pizzacat83
), a software engineer at Flatt Security Inc.
When hunting for bugs, understanding the behavior of a target application is invaluable. The more knowledge you gain about the…

TRB500 is a compact, energy-efficient Teltonika Networks 5G gateway with speeds of up to 1 Gbps and backward compatibility. Click here to learn more.