An introduction to Threat Hunting and Cobalt Strike

Inside Iran’s online landscape, what Censys sees in access, control, and exposure across the country’s internet.

While looking for an API to use with Home Assistant, I found a remote code execution vulnerability in a popular WiFi-connected alarm clock.

A new browser attack vectors just dropped, and it’s called FileFix — an alternative to the well-known ClickFix attack. This method, discovered and shared by mrd0x, shows how attackers can to execute commands right from browser, without requesting target to…

Security experts

Summary An analysis primarily of Kerio Control revealed a design flaw in the implementation of the communication with GFI AppManager, leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved…

Posted by merklerkmanitee - 0 votes and 2 comments

In the final installment of Cryptominers’ Anatomy, Akamai researchers analyze cryptominers and reveal a novel technique to shut down mining botnet campaigns.

Explore how the Security Policy Evaluation Framework (SPEF) enables automated, dynamic security benchmarking of leading authorization engines—Rego, Cedar, OpenFGA, and Teleport ACD. Developed by Doyensec with support from Teleport, SPEF tests for vulnerabilities…

Beginner-friendly Step-by-step guide to setting up a WireGuard VPN on a VPS. Ideal for bug bounty hunters and privacy-focused users.

Talkback is a smart infosec resource aggregator, designed to help security enthusiasts, practitioners and researchers be more productive.

Episode 01

TL;DR: We discovered a critical vulnerability in open-vsx.org — the open-source VS Code extension marketplace used by over 8,000,000…

Even after patching, many edge devices remain compromised. This post explores how to ethically scan for backdoors left behind.

As an IAM SaaS company, our work often remains in the shadows—until something goes wrong. Today, I want to shed light on how we handle security at the very first layer all IAM systems have: the login page. Specifically, I’ll walk you through an incident we…

Varonis Threat Labs uncovered a phishing campaign with M365's Direct Send feature that spoofs internal users without ever needing to compromise an account.

Pertama Digital Bhd (PDB) is collaborating with Netsec Sdn Bhd to enhance the security, resilience and performance of digital platforms for both the government and private sectors. In a statement, PDB said this partnership addresses the rising complexity…

in this article, we delve deeper into three commonly misunderstood aspects of MCP, providing clarity to help developers, integrators, and security professionals safely leverage MCP-based technologies.

Good intentions don’t always result in good outcomes. This is especially the case with recent suggestions regarding end-to-end-encryption adaptability requirements for number independent communication services. Not only is security an issue, the suggestions…