A pre-authentication vulnerability exists within DotNetNuke versions 6.0 to 10.0.1, assigned CVE-2025-52488, that allows attackers to steal NTLM hashes.

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

Transform CVSS scores into accurate risk assessments. Calculate real vulnerability risk based on your system's security posture.

Posted by ctflfg - 6 votes and 0 comments

This blog post revisits Cross Session Activation attacks

Summary A critical double free vulnerability in the pipapo set module of the Linux kernel’s NFT subsystem has been discovered. An unprivileged attacker can exploit this vulnerability by sending a specially crafted netlink message, triggering double-free error…

CTO Vincent Berg introduces PQCscan, a free tool that checks SSH and TLS servers for post-quantum cryptography support.

The Intersection of Vibe Coding and Security

Discover how attackers abuse AWS delegated admin and a policy flaw to silently hijack entire organizations. Includes detection and mitigation tips.

Welcome back to yet another day in this parallel universe of security.

This time, we’re looking at Fortinet’s FortiWeb Fabric Connector. “What is that?” we hear you say. That's a great question; no one knows.

For the uninitiated, or unjaded;

Fortinet’s…

Hey! and welcome to another THEY BURNED MY BUG episode. This time, we introduce CVE-2025-25257. An SQLi that I spotted back in Feb. in case someone burn them before i get my bragging rights8157d42995395ba0c0cfccce37b934ebb63d3d5740ba43eda7fa853f389bca2a8…

How we bypassed Meta’s Llama Firewall in real-world tests at Trendyol

Posted by playzeroseige - 3 votes and 0 comments

Posted by oppai_silverman - 14 votes and 0 comments

Hello,