Summary A critical double free vulnerability in the pipapo set module of the Linux kernel’s NFT subsystem has been discovered. An unprivileged attacker can exploit this vulnerability by sending a specially crafted netlink message, triggering double-free error…

CTO Vincent Berg introduces PQCscan, a free tool that checks SSH and TLS servers for post-quantum cryptography support.

The Intersection of Vibe Coding and Security

Discover how attackers abuse AWS delegated admin and a policy flaw to silently hijack entire organizations. Includes detection and mitigation tips.

Welcome back to yet another day in this parallel universe of security.

This time, we’re looking at Fortinet’s FortiWeb Fabric Connector. “What is that?” we hear you say. That's a great question; no one knows.

For the uninitiated, or unjaded;

Fortinet’s…

Hey! and welcome to another THEY BURNED MY BUG episode. This time, we introduce CVE-2025-25257. An SQLi that I spotted back in Feb. in case someone burn them before i get my bragging rights8157d42995395ba0c0cfccce37b934ebb63d3d5740ba43eda7fa853f389bca2a8…

How we bypassed Meta’s Llama Firewall in real-world tests at Trendyol

Posted by playzeroseige - 3 votes and 0 comments

Posted by oppai_silverman - 14 votes and 0 comments

Hello,

We have deployed Anubis to git.sr.ht.
After some internal discussions we have ultimately decided that the best course
of action to protect git.sr.ht from LLM crawlers is to deploy Anubis. This
software presents some users with a proof-of-work challenge which…

This report analyzes a historical class of security flaws known as “reflected vulnerabilities,”which were once potent zero-day attack vectors targeting early Windows versions and antivirussoftware. We examine classic exploitation techniques, such as parser…

Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware,…

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

Partially solving the problem for procedures that need valid complex parameter types to fuzz, and open sourcing the tool

For my internship, I was tasked by my mentor Le Qi to analyze CVE-2024-30088, a double-fetch race condition bug in the Windows Kernel Image ntoskrnl.exe. A public POC demonstrating EoP from Medium Integrity Level to SYSTEM is available on GitHub here.
Additionally…

This course teaches you how to use the Binary Ninja debugger well enough to use it in classes that depend on it.