Discover how to detect and hunt Azure Managed Identity abuse using real-world scenarios, log correlations, and high-fidelity detection queries.

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

Modernize your user management while preserving your LDAP with Keycloak. Instead of replacing your LDAP, it's often wiser to reposition it as a source of truth, orchestrated by a modern IAM solution. Keycloak stands out because it can natively federate with…

Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities…

Manipulating Git Histories to Obscure the Truth

Visit the post for more.

Overview

Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX

If you’re stepping into the world of bug bounty hunting, penetration testing, or just want to level up your web hacking skills, you’re…

Privacy is dead: For multiple months, any O2 customer has had their location exposed to call initiators without their knowledge.

Hear about the latest advances in Apple security from our engineering teams, send us your own research, and work directly with us to be recognized and rewarded for helping keep our users safe.

CVE-2025-32421

In my last post, I demonstrated a basic approach to fuzzing an RTOS firmware using AFL++’s Unicorn mode. The provided firmware for that…

Summary Multiple Foscam X5 vulnerabilities have been discovered, the vulnerabilities allow a remote attacker to trigger code execution vulnerabilities in the product. Credit An independent security researcher working with SSD Secure Disclosure. Vendor Response…

Varonis' 2025 State of Data Security Report shares findings from 1,000 real-world IT environments to uncover the dark side of the AI boom and what proactive steps orgs can take to secure critical information.

A new malvertising scheme is turning legitimate e-commerce sites into phishing traps without the knowledge of site owners or advertisers. By exploiting the integrations with Google APIs, they are injecting malicious noscripts into ecommerce sites using JSONP…