Detect Suspicious/Malicious ICMP Echo Traffic Using Behavioral and Protocol Semantic Analysis Introduction With release version 2.0, we have added a new advanced detection module to PacketSmith, with the sole objective of scanning for suspicious/malicious…

The popular packages debug and chalk on npm have been compromised with malicious code

The Pentagon publicly posts the stream keys to its Facebook, YouTube, and X channels, exposing livestreams to account takeovers.

Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first…

At DefCon, Oligo Security revealed critical Apple CarPlay vulnerabilities, including CVE-2025-24132 in the AirPlay SDK. Learn how attackers exploit iAP2 and AirPlay to compromise connected cars, and why patching delays leave vehicles exposed.

I learn about cryptographic vulnerabilities all the time, and they generally fill me with some combination of jealousy (“oh, why didn’t I think of that”) or else they impress me w…

Key Takeaways The intrusion began when a user downloaded and executed a malicious file impersonating DeskSoft’s EarthTime application but instead dropped SectopRAT malware. The threat actor d…

We’re back - it’s a day, in a month, in a year - and once again, something has happened.

In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherwise”, we present even further evidence that as a

Posted by Hakyza - 11 votes and 1 comment

Permiso launches Inboxfuscation, an open-source tool enabling organizations to detect Unicode-obfuscated Microsoft Exchange inbox rules and secure Microsoft 365.

Bidding farewell to one of the last kernel address leaks, CVE-2025-53136. Even patches can open new doors for exploitation.

Hello folks,

Default‑deny HTTP(S) for dev tools and AI agents. Script rules in JS or shell, log every request, and keep egress within your policy.

Welcome to the first issue of Pentesting Weekly Digest — your curated roundup of the most important news, tools, and vulnerabilities from the world of penetration testing and cybersecurity.

Use the offensive tool WSASS to dump the LSASS memory area by exploiting the vulnerability in WerFaultSecure.exe

Harden Supabase with the following cheat-sheet with clear steps for RLS, schemas, Edge Functions, Storage, CORS and tokens. Built from real audits.

This course provides a comprehensive introduction to Trusted Platform Module (TPM) 2.0 programming using the Python-based tpm2-pytss library.

This course provides a comprehensive introduction to Trusted Platform Module (TPM) 2.0 programming using the Python-based tpm2-pytss library.

In my work analyzing native code in Android applications, I often try different techniques. Some work, others not so much. I’ve realized I…