Lumma Stealer and AMOS are used in the campaign.

Recently, I paid attention to some open-source projects and technical articles related to security that involve large language models (LLMs). The authors emphasized the use of LLMs, but a closer look…

Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

Cybermonit is a modern platform for monitoring CVS vulnerabilities, data leaks, ransomware attacks and ongoing DDoS attacks, enabling rapid threat identification and effective response to cyber incidents.

Latest version: v2.10.0 CRADLE Intelligence Hub Batteries included collaborative knowledge management solution for threat intelligence researchers.

Hacking a Low-Cost Electric Toothbrush

In our team's latest blog post, we build a few examples that showcase ways in which memory corruption vulnerabilities could manifest in Delphi code despite being included in a list of "memory safe" languages within a paper published by the NSA. We cover how…

I recently helped a company recover their data from the Akira ransomware without paying the ransom. I'm sharing how I did it, along with the full source code.



The code is here: https://github.com/yohanes/akira-bruteforce



To clarify, multiple ransomware…

This article marks the first in a series aimed at sharing my adventures, personal notes, and insights into the Android kernel. My focus…

Technical analysis of NULL Pointer Dereference bugs, mitigations, and exploit development challenges on Apple Silicon macOS.

Stay informed with the latest insights in our Infostealers weekly report. Explore key findings, trends and data on info-stealing activities.

Deep dive into CVE-2025-24016 a critical remote code execution (RCE) vulnerability affecting Wazuh, a widely used open-source SIEM platform.

I recently joined watchTowr, and it is, therefore, time - time for my first watchTowr Labs blogpost, previously teased in a tweet of a pre-auth RCE chain affecting some ‘unknown software’.

Joining the team, I wanted to maintain the trail of destruction left…

Any service using xml-crypto or a Node.js SAML implementation using it, should update immediately to the latest version. WorkOS customers are safe and were not impacted.

Company-wide visibility and advocacy along with a pragmatic approach will set up security teams for success.

I know, we have written it multiple times now, but in case you are just tuning in, Doyensec had found themselves on a cruise ship touring the Mediterranean for our company retreat. To kill time between parties, we had some hacking sessions analyzing real…

Summary This advisory describes an out-of-bounds write vulnerability in the Linux kernel that achieves local privilege escalation on Ubuntu 22.04 for active user sessions. Credit An independent security researcher working with SSD Secure Disclosure. Vendor…

Found a security vulnerability? Discover our forms for reporting security issues to Google: for the standard VRP, Google Play, and Play Data Abuse.