Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.

The Rhino research team decided to take a look at the Appsmith Enterprise Edition product. This led to the discovery of three new CVEs.

CVE-2025-29927

An exposed GitHub token could have been used to launch a supply chain attack on GitHub CodeQL, resulting in source code exposure and repository tampering of CodeQL users.

We estimate that approximately 150,000 websites have been impacted by this campaign. The noscript defines an array of keywords related to betting, gambling, and casino brands both in English and Chinese.

Retr0's Threat Research

smugglo - an easy to use noscript for wrapping files into self-dropping HTML payloads to bypass content filters - b3rito/smugglo

An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued  an out-...

Free and fast file sharing. Send large files easily. No registration required. We transfer files up to 5GB. File upload with great functions. Mail big file now!

Betailing the GX text vulnerability, with an in-depth analysis and comprehensive research to make the study more thorough and exhaustive.

In a previous blog post, I introduced Feberis, a versatile expansion board that enhanced the capabilities of the Flipper Zero by offering additional communication protocols. Now, I am excited to dive into the newly released Feberis Pro, a next-generation…

Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being…

As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of...

The demand for cybersecurity and IT talent has never been greater, making technical recruitment a top priority for the U.S. Department of Defense (DoD). To find the best technical talent, the DoD partnered with Correlation One to execute innovative recruitment…

Introduction I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistently observed the benefits of a partner-focused model versus a classical consultancy model…

Update (April 21, 2025):

The CVE originally referenced in this blog post CVE-2025-2825 has been rejected by NIST. The vulnerability is now officially tracked as CVE-2025-31161. All technical details and the impact discussed in this post remain accurate and…

Learn how sliver can help you bypass EDR with tailored adaptations and discover the benefits of open source security tools.

This Technical Blog provides a simple methodology for identifying, monitoring, and exploiting named pipes.