A vulnerability in Electron applications allows attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack.

Imagine if you could peek into the books of India’s biggest companies — before quarterly earnings were announced. By simply looking at…

Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept…

Intercepting and analysing the traffic is one of the important parts of the pentest, whether it’s a mobile, web or desktop application. On…

Learn how to bypass TLS certificate validation on Linux using LD_PRELOAD for security research and debugging of embedded systems and native applications

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via…

Exploiting the mechanism that automatically searches for additional executable files when Windows detects that the requested file does not exist

The ultimate device for pentesters and security enthusiasts. RF, NFC, BLE, and IoT analysis in one platform.

The human element continues to be cybersecurity’s weakest link. Despite organizations spending over $150 billion annually on security…

Worldcoin joins UTEC Peru to advance AMPC-driven quantum-secure technology to enhance privacy and academic validation for decentralized digital identity.

This class teaches Bluetooth reconnaissance & device identification using the Blue2thprinting software.

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

In my previous article, I introduced Hound, an open-source code auditing tool that models the cognitive and organizational processes of…

Binary Security spend a lot of time testing and securing CI/CD setups, especially GitHub Actions. In this two-part series we cover some of the many security considerations when using GitHub Actions, with a focus on securing your CI/CD pipeline against adversaries…

Exploiting vulnerability in the update mechanism of Windows Defender by using a symbolic link folder. Destroying or injecting code into Defender

Detect Suspicious/Malicious ICMP Echo Traffic Using Behavioral and Protocol Semantic Analysis Introduction With release version 2.0, we have added a new advanced detection module to PacketSmith, with the sole objective of scanning for suspicious/malicious…

The popular packages debug and chalk on npm have been compromised with malicious code

The Pentagon publicly posts the stream keys to its Facebook, YouTube, and X channels, exposing livestreams to account takeovers.