What's that Skippy? Another Ivanti Connect Secure vulnerability?

At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis.

Do you know the fun things about these posts?…

We have discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

Shopware is affected by a known SQL injection in older Shopware versions which is fixed in newer Shopware releases. For customers who can not upgrade the main Shopware version the Shopware AG offers the security plugin which patches known vulnerabilities…

Improper input validation in AWS SSM Agent's plugin ID exposes systems to path traversal and privilege escalation attacks.

We at Mozilla believe that people deserve privacy and one of the most important pieces of web privacy is provided through ubiquitous encryption. Because of this, we shipped HTTPS-First by default as of Firefox 136 (March 4th). The mechanism upgrades all page…

Most of the Firefox User Interface (UI), including the address bar and the tab strip, are implemented using standard web technologies like HTML, CSS and JavaScript plus some additional custom components like XUL. One of the advantages of using web technologies…

Discover how antivirus works and how to setup a lab for (Windows Defender) antivirus bypass. Basic code is provided to start experimenting !

The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that

Imagine typing a simple noscript and watching it turn into a full-blown video with visuals, voiceovers, and seamless transitions—all in minutes. That’s the

By Nati Tal (Head of Guardio Labs)

Principal Security Engineer Tao Sauvage discovered two SAP flaws on a client project, resulting in a CVE and a custom tool.

CVE-2025-3248 is a critical code injection vulnerability affecting Langflow, a popular tool used for building out agentic AI workflows. This vulnerability is easily exploitable and enables unauthenticated remote attackers to fully compromise Langflow servers.…

Meta has just dropped a big surprise in the world of artificial intelligence with the release of LLaMA 4, their most advanced open-source AI model yet. This

What academic evaluations found—and vendors avoid discussing. A breakdown of how most tools perform when the codebase isn’t synthetic.