elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.

A newly disclosed in Telegram for Android, dubbed EvilLoader, allows attackers to disguise malicious APKs as video files, potentially leading to unauthorized malware installations on users' devices.

Un pentest physique mené dans un magasin d’ameublement a permis de mettre au jour plusieurs failles de sécurité importantes.

The discovery of a DoS in the macOS NS_01 driver within Apple’s IONVMeFamily, offering insights into integer overflow detection, and crash analysis.

In this article, we explore TOCTOU vulnerabilities, subtle yet dangerous race conditions that occur when security checks and resource usage are not tightly coupled. In C# development on Windows, where file operations and dynamic code loading are common, understanding…

While analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.

Introduction: Cybersecurity has to be a major concern for businesses in light of the growing cyber threats and increased regulatory pressure. A single breach can cost a business dearly, financially, and reputation-wise. Investing in the operation of security…

This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.

Assetnote, now a searchlight cyber company, has uncovered a zero day REMOTE COMMAND EXECUTION VULNERABILITY in SITECORE EXPERIENCE PLATFORM new Sitecore vulnerabilities discovered

We Manipulated an HR Agent to Betray Its Own Organization and Discovered a Critical Vulnerability in The Process (CVE-2025–26319)

Scan and analyze Chrome extensions for security vulnerabilities, performance issues, and compliance. Get detailed reports and insights.

In many ways, mobile devices lead the security industry when it comes to defense-in-depth and mitigation. Over the years, it has been proven time and again that the kernel cannot be trusted to be secure. As such, there has been effort put into moving secrets…

How to connect the dots between AI technology and real life

Posted by citirix - 32 votes and 20 comments

Binary Security found the undocumented APIs for Azure API Connections. In this post we examine the inner workings of the Connections allowing us to escalate privileges and read secrets in backend resources for services ranging from Key Vaults, Storage Blobs…

HOWTO: build ATF (Trusted Firmware ARM) and OPTEE for RK3588 To better implement the protection of digital assets in embedded systems, we have chosen the RK3588 as the prototype platform.

Learn about CVE-2025-1094, a critical SQL injection vulnerability in PostgreSQL's escaping functions. Discover affected versions, mitigation strategies, and how to protect your systems.

Looking for network management that is effortless? Try Auvik for free, no credit card required and see how easy it is to use and manage. Try it free and get a Raspberry Pi 5 16GB Kit-on us!