A new fraud campaign based on the Android malware "SuperCard X" and innovative NFC relay techniques is impacting Italian's banking. Read our latest report to learn more.

SecureLayer7 discovered CVE-2025-25364, which is a crit­i­cal com­mand in­jec­tion vul­ner­a­bil­i­ty dis­cov­ered in the me.connectify.SMJobBlessHelper XPC ser­vice, a priv­i­leged helper tool...

Companion app for the Acer Windows Mixed Reality Headset - Acer OJO 500

Learn about b3acon, a mail-based C2 using an in-memory C# IMAP client and PowerShell for stealthy communication via email drafts.

The Bug Bounty Radar - Discover and explore the latest public bug bounty programs from top platforms. Find security research opportunities, compare rewards, and access the most comprehensive bug bounty database. 8 new programs added recently.

The Ultimate Guide for Privacy-Conscious Users

Explore decrypted Zigbee traffic data for enhanced IoT network security, performance analysis, and smart home automation insights.

Discover how hackers bypass an antivirus such as Windows Defender, using advanced techniques such as direct syscalls and shellcode encryption

This post is about a vulnerability in the Model Context Protocol (MCP) called “Line Jumping,” where malicious servers can inject prompts through tool denoscriptions to manipulate AI model behavior without being explicitly invoked, effectively bypassing security…

Hey there, code-cracker! I’m the (slightly sleep-deprived) dev who built this little portal to your inner hacker. You’ll be greeted by a pretty purple gradient, mood-setting particles, and an “UNLOCK” button that absolutely refuses to let you in—unless you…

TL;DR — I built an automation that cloned and scanned tens of thousands of public GitHub repos for leaked secrets. For each repository I…

Pacu's newest scenario, enumerating Elastic Beanstalk for Secrets, was built to save users hours of testing during an AWS penetration test.

Cybersecurity analysts often rely on Google to find relevant information while performing analysis.

Security Engineer Luigi Fragale demonstrates how to glitch the STM32F401 to read protected memory using Python and fault injection.

“So we wait, this is our […]

The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

0xdeadc0de Infosec

As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will.

No heist story…

TBD