Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

In this post, we explore how to bypass AMSI’s scanning logic by hijacking the RPC layer it depends on — specifically the NdrClientCall3…

Understanding the Evolving Needs, Challenges, and Trends of China’s Software Security Landscape in 2025

Ready your poker face and join us for an exclusive RSA Poker Night with the ZeroPath team. We're bringing together cybersecurity professionals for an evening…

Gui Rambo writes about his coding and reverse engineering adventures.

Senior Security Engineer Alex Conti introduces HANAlyzer, an open-source tool that automates SAP HANA security checks.

This blog post introduces coverage-guided fuzzing with QBDI and libFuzzer targeting Windows ARM64.

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Oligo Security reveals AirBorne, a new set of vulnerabilities in Apple’s AirPlay protocol and SDK. Learn how zero-click RCEs, ACL bypasses, and wormable exploits could endanger Apple and IoT devices worldwide — and how to protect yourself.

Shadow roles in AWS defaults can expose hidden attack paths enabling privilege escalation, cross-service access, and even account compromise

MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our research shows that MCP is a new source of leaks that already…

This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits.

What is this product GFI MailEssentials all about? We’re living the future, right? So let’s ask the GFI AI.

Tencent’s Zhuque Lab recently dropped AI-Infra-Guard V2, an open-source, AI-driven security tool built specifically for MCP servers. After…

Summary MagicINFO exposes an endpoint which: Wrapping all together it is possible to upload a JSP file to execute arbitrary server-side code without having a valid user. Credit An independent security researcher working with SSD Secure Disclosure. Vendor…

Reverse engineering binaries often resembles digital archaeology: excavating layers of compiled code, interpreting obscured logic, and…

You've heard of vibe coding, but have you considered vibe hacking? I tried thinking less to find an authentication bypass and RCE in OpenGamePanel.

Learn how we managed to circumvent "phishing-resistant" MFA based on Windows Hello for Business, during an internal capture-the-flag competition.