Want a high-paying, future-proof career in cybersecurity? Join us for an interactive session where industry experts breaks down everything you need to launch…

IT-Security and stuff - Windows OOBE Breakout Revived

Microsoft introduced Active Directory Web Services (ADWS) in Windows Server 2008 R2 as a method to provide an interface to instances for querying and managing Active Directory over a network. The s…

Learn about CVE-2025-50154 and its risk of NTLM attacks and RCE even after Microsoft’s fix for CVE-2025-24054.

Posted by kaganisildak - 0 votes and 1 comment

Hello world! long time no see. I was so busy, mainly with working on symbol.exchange (btw opened a new “Bug Driven Development” community) and started to try my way in academia.

Examining Critical Vulnerabilities in Xerox FreeFlow Core (CVE-2025-8355 and CVE-2025-8356)

How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC) | AI for Security, AIxCC

Team82 developed an exploit chain specifically targeting vulnerabilities in Axis Communications’ proprietary Axis.Remoting communication protocol which results in pre-auth RCE on Axis Device Manager, a server used to configure and manage fleets of cameras…

Posted by Jann Horn, Google Project Zero Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the...

It’s Friday, but we’re here today with unscheduled content - pushing our previously scheduled shenanigans to next week.

Fortinet is no stranger to the watchTowr Labs research team. Today we’re looking at CVE-2025-25256 - a pre-authentication command injection…

Encrypt Kafka messages at rest without changing app code — using Kroxylicious and OpenBao to meet PCI encryption requirements.

This week, I received an email claiming I had a “New Voice Notification”. The email included a big “Listen to Voicemail” button: Looking at the email headers revealed even more: The email was sent …

Introduction

Affected Versions Vendor Response Linux kernel release the patch (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35f56c554eb1b56b77b3cf197a6b00922d49033d) Background The ipset subsystem in the Linux kernel is a framework used…

Hardcoded credentials, pointless encryption, and generous APIs exposed details of every employee and made it possible to break into internal websites.

Update: Mauro Soria pointed out that this attack vector can be easily adapted for phishing scenarios:

A hands-on, community-powered look at payment system security — from ferrofluid and feature phones to CTF stats and future challenges.

Join us for a LIVE Q&A discussion in the Cybersecurity Club on Discord featuring Karen Scarfone, co-author of the NIST Security Guidelines (SP 800-115).

Phrack staff website.