Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md

The Oligo research team has discovered a critical vulnerability in meta-llama, an open source framework from Meta for building and deploying GenAI applications.

On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to all vehicles and customer accounts in the United States, Canada, and Japan.

Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected noscripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface…

Learn how to build effective harnesses for fuzzing native libraries on Android. Explore techniques and strategies to uncover vulnerabilities

WinVisor is a hypervisor-based emulator for Windows x64 user-mode executables that leverages the Windows Hypervisor Platform API to provide a virtualized environment for logging syscalls and enabling memory introspection.

In this blog post, we’ll walk through the process of enumerating and exploiting a vulnerable machine named silver platter as part of a…

Accuracy, Coverage & Integration: A Comprehensive Benchmark for Modern SAST Tools

Whether you want to transform into a USB Ethernet adapter and capture network traffic, create custom user interface for your attacks, or use covert storage devices, the USB Army Knife has you covered.

Non-Human Identities (NHIs) are essential for automation but pose unique security challenges requiring tailored management and protection strategies. Know more!

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple services.

Introduction
Hello, I’m RyotaK ( @ryotkak
), a security engineer at GMO Flatt Security Inc.
In October 2024, I was hunting bugs for the GitHub Bug Bounty program. After investigating GitHub Enterprise Server for a while, I felt bored and decided to try to…

The research unveils a new attack surface in Windows by exploiting Best-Fit, an internal charset conversion feature. Through our work, we successfully transformed this feature into several practical attacks, including Path Traversal, Argument Injection, and…

A new way to use BYOVD technique. By combining the file-writing capabilities of a driver with Windows symbolic links

This article lists open-source cybersecurity tools for Linux, Windows, and macOS to help enhance protection and stay ahead of threats.

Welcome to Monday, and what an excitingly fresh start to the week we're all having.

Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling…

The security of embedded systems running Real-Time Operating Systems (RTOS) like Wind River VxWorks is vital in high stakes sectors such as OT, defense, and aviation.

leveraging AiTM and the OAuth 2.0 authorization code flow to steal access and refresh tokens. Modified AITMWorker for steal refreshtokens.

Attached: 1 image

@gvy_dvpont@mastodon.social Got me thinking… can it be done without the lens? This one seems to work!

CVE-2024-49138 is a Windows vulnerability detected by CrowdStrike as exploited in the wild. Microsoft patched the vulnerability on December 10th, […]