Introducing OpenFirebase - Time to clean up the Firebase mess

We will delve into general satphone SIGINT capabilities, supply chain security, and security aspects of the latest Huawei Mate Tiantong-enabled smartphones.

Built-into all iPhone Air, iPhone 17 and 17 Pro.

File transfer used to be simple fun - fire up your favourite FTP client, log in to a glFTPd site, and you were done.

Fast forward to 2025, and the same act requires a procurement team, a web interface, and a vendor proudly waving their Secure by Design pledge.…

"Even a small key can open a big lock" Azerbaijani Proverb ---[ Index 1 - Introduction 2 - Tradition 2.1 - ReDoS, not the OS 2.2 - REGEXP, RLIKE and others 3 - How insecure, secure implementations are? 4 - Study Case: myBB 4.1 - Identification 4.2 - Perfect…

In one of our recent posts, Dennis shared an interesting case study of C# exploitation that rode on Random-based password-reset tokens. He demonstrated how to use the single-packet attack, or a bit of old-school math, to beat the game. Recently, I performed…

This post analyzes Furbo’s BLE communication, uncovering flaws that expose Wi-Fi credentials, allow device resets, and reveal hidden GATT data.

We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035.

Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible intel that informed this update.

In Part 1 we laid out an…

Recent NPM breaches show how fast supply chain attacks spread. Learn how to lock dependencies and harden workflows to before attackers reach your projects.

The Ultimate guide to Breaking JWT, JWT are primarily used for authentication & authorization almost everywhere in modern web. JWTs can possess security vulnerabilities if configured and implemented improperly, potentially causing havoc. Thus, understanding…

Download phishing domain data targeting Canadian sectors. Updated twice daily. Available in TXT, CSV, and JSON.

TLDR I was unable to find some good writeups/blogposts on Windows user mode heap exploitation which inspired me to write an introductory but practical post on Windows heap internals and exploitati

Discover, monitor, and secure your attack surface. FullHunt delivers the best platform in the market for attack surface security.

Do you think the battle with ULVs is over? Think again.

In late August 2025, Cleafy's Threat Intelligence team discovered Klopatra, a new, highly sophisticated Android malware currently targeting banking users primarily in Spain and Italy. The number of compromised devices has already exceeded 1,000. Read the…

NVISO has identified zero-day exploitation of CVE-2025-41244, a local privilege escalation vulnerability impacting VMware's guest service discovery features.

Join the world's top researchers in a competition to find zero-day vulnerabilities in core open-source software powering the cloud. Over $5M prize pool!