Explore what Port 80 revealed about the internet in Project Resonance (Wave 12) and the insights gained from this key web traffic gateway.

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Cyberbro is an open-source application that extracts IoCs from garbage input and checks their reputation using multiple services.

After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability…

Subnoscription websites now like to use magic email links for login. They are extremely annoying.

Nominations are now open for the top 10 new web hacking techniques of 2024! Every year, security researchers from all over the world share their latest findings via blog posts, presentations, PoCs, an

Time-based blind SQL injection : Découvrez comment cette faille se distingue par sa capacité à exfiltrer des données sans activer d'alerte.

📌 This is a cross-post from DEVCORE. The research was first published at Black Hat Europe 2024. Personally, I would like to thank splitline, the co-author of this research & article, whose help

Did you have a good break? Have you had a chance to breathe? Wake up.

It’s 2025, and the chaos continues.

Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly the same.

As an industry, we are on GroundHog day -

The Assistant Prefill feature available in many LLMs can open up models to jailbreaking, including the possibility of persistent prefills to bypass LLM safety alignments.

With the iPhone 15 & iPhone 15 Pro, Apple switched their iPhone to USB-C and introduced a new USB-C controller: The ACE3, a powerful, ver...

Overview


Countless noscript kiddies, dreaming of getting rich, rush into the DDoS black-market industry armed with Mirai source code, imagining they can make a fortune with botnets. Reality, however, is harsh—these individuals arrive full of ambition but…

How 1 youtube video turned out to be a part of a million dollar scam scheme

As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282.

Today, we’re going to walk through exploitation.…

Discover the new Fireblocks API Black Box review performed by CoinFabrik for a detailed analysis of its security and performance.

A recent campaign targeting FortiGate firewalls, where the devices’ management interfaces exposed to the Internet were compromised.

We’ve uncovered a widespread malware campaign targeting WordPress websites, affecting over 5,000 sites globally.
The malicious domain: "https://wp3.xyz/plugin[.]php".

Because we can!