Snowflake’s Cortex AI can expose sensitive data if misconfigured. Learn how it happens—and how Cyera helps protect against AI-driven data leaks

“If you shame attack research, you […]

It’s… another week, and another vendor who is apparently experienced with ransomware gangs but yet struggles with email.

In what we've seen others term "the watchTowr treatment", we are once again (surprise, surprise) disclosing vulnerability research that…

Posted by ethicalhack3r - 12 votes and 0 comments

Control characters like SOH, STX, EOT and ETX were never meant to run your code - but in the world of modern terminal emulators, they sometimes do. In this post, I'll dive into the forgotten mechanics

It’s that time of the year again, Black Hat USA is just a few months away and I’m honored to be back again for another year teaching about…

This blog post will dive into the world of some of the recently published potato techniques that can lead to more serious risks than

AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.

Santizer is the most effective way to enhance the memory safety. Fuzzer helps as well! Fil-C...

CVE-2024-11477, a buffer overflow vulnerability in 7-Zip's ZSTD decompression algorithm; explore the technical details.

Single Sign-On (SSO) related bugs have gotten an incredible amount of hype and a lot of amazing public disclosures in recent years. Just to cite a few examples:

Unit 42 details a new malware obfuscation technique where threat actors hide malware in bitmap resources within .NET applications. These deliver payloads like Agent Tesla or XLoader. Unit 42 details a new malware obfuscation technique where threat actors…

One-Click RCE in ASUS’s Preinstalled Driver Software Introduction This story begins with a conversation about new PC parts.
After ignoring the advice from my friend, I bought a new ASUS motherboard for my PC. I was a little concerned about having a BIOS that…

In this post I will briefly describe the journey I went through while implementing defendnot.
Even though this is most likely not what you expected to see here, but rather than going into full technical details on how everything works, I will describe what…

Scan LLM-Integrated APIs in Minutes

Discover how to detect and hunt Azure Managed Identity abuse using real-world scenarios, log correlations, and high-fidelity detection queries.

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

Modernize your user management while preserving your LDAP with Keycloak. Instead of replacing your LDAP, it's often wiser to reposition it as a source of truth, orchestrated by a modern IAM solution. Keycloak stands out because it can natively federate with…