Halo ITSM is an IT support management software that can be deployed on-premise or in the cloud. Currently, there are around ~1000 cloud deployments of this software under the haloitsm.com domain, not accounting for all the on-premise deployments. This software…

Why Detection Is Dead Without Presence

‎Discover comprehensive IP information effortlessly with our enhanced Safari extension! Whenever you visit a website, instantly reveal accurate server IP data (prioritizing IPv4):

- Country and flag
- ISP / Organization
- Connection type (if available)
…

Discovering NDay flaws in ZendTo filesharing software highlighted an interesting fact: without the issuance of CVEs, vulnerabilities can easily go unpatched.

Stay one step ahead of the latest threats and vulnerabilities with vulnerability alerts and threat alerts. Cut through the noise and focus on what matters to your business with advanced alert filtering.

Intercepting XPC Messages With Frida

Explore how AI-enabled implants can generate and execute custom malware commands on the fly, no coding required.

AI that handles compliance for you at startup speed. The effortless way to get SOC 2, HIPAA, GDPR, and ISO 27001 compliant in hours, not months.

What's that Skippy? Another Ivanti Connect Secure vulnerability?

At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis.

Do you know the fun things about these posts?…

We have discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

Shopware is affected by a known SQL injection in older Shopware versions which is fixed in newer Shopware releases. For customers who can not upgrade the main Shopware version the Shopware AG offers the security plugin which patches known vulnerabilities…

Improper input validation in AWS SSM Agent's plugin ID exposes systems to path traversal and privilege escalation attacks.

We at Mozilla believe that people deserve privacy and one of the most important pieces of web privacy is provided through ubiquitous encryption. Because of this, we shipped HTTPS-First by default as of Firefox 136 (March 4th). The mechanism upgrades all page…

Most of the Firefox User Interface (UI), including the address bar and the tab strip, are implemented using standard web technologies like HTML, CSS and JavaScript plus some additional custom components like XUL. One of the advantages of using web technologies…