Note: This post is complemented by a presentation I gave at KazHackStan 2025. The slides (which were prepared fewer than 24 hours before the actual presentation) for that talk can be found here, or in pptx format here.

CISA emergency alert: AI phishing attacks surge 300% targeting US businesses. Expert defense strategies for AI-powered cyber threats in 2025.

Supply chain cyber attacks surge 250%. CISA emergency directive: 15+ Fortune 500 companies compromised. Massachusetts affected. October 2025.

Swap out compiled Node.js addons with your own code and force a legitimate Electron application load your code

Welcome back. We’re excited to yet again publish memes under the guise of research and inevitably receive hate mail. But today, we’ll be doing something slightly different to normal.

“Wow, watchTowr, will you actually be publishing useful information instead…

1 Prologue
A while ago, I took a flight from Canada back to Hong Kong - about 12 hours in total with Air Canada.
Interestingly, the plane actually had WiFi:














However, the WiFi had restrictions. For Aeroplan…

IAmAntimalware employs new red team techniques by cloning services of Antivirus. Allow inject code into processes whitelisted, protected by Antivirus

When you're handed an SDK with no documentation and told "the backend is secure because it's proprietary," grpc-scan helps prove otherwise

AI deception platform: Deceive, Detect, Respond. “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.” Bruce Schneier. We turn that hard truth into your tactical advantage. Our AI-based decoys, built using our open-source…

On August 10, 2025 at DEF CON 33 in Las Vegas, I presented what could possibly be the biggest vulnerability I may ever discover in the automotive industry. Read and watch how I managed to take over a top automaker’s entire dealer ecosystem.

Adobe Experience Manager is one of the most popular CMSes around. Given its widespread use throughout the enterprise, you likely interact with AEM-based sites almost every day. From a security perspective, AEM presents an interesting target. AEM's popularity…

HN Security's Technical Director Marco Ivaldi walks through using idalib's Rust bindings with IDA 9.2 to streamline vulnerability research.

Les Intents Android mal configurés peuvent exposer vos données. Découvrez comment éviter l’intent hijacking et sécuriser vos applications.

Eclypsium researchers have discovered UEFI shells, authorized via Secure Boot, on Framework laptops. The UEFI shells contain capabilities that allow attackers to bypass Secure Boot on roughly 200,000 affected Framework laptops and desktops.

The Model Context Protocol (MCP) has rapidly emerged as the standard for connecting AI agents to external tools and services. However, as the recent GitHub MCP vulnerability demonstrated, the protocol's power comes with significant security challenges. Malicious…

Deep dive into a modern stealth Linux kernel rootkit with advanced evasion and persistence techniques

Note from editor: Before we begin, a big welcome to McCaulay Hudson, the newest member of the watchTowr Labs team with his inaugural blog post! Welcome to the mayhem, McCaulay!

Today is the 8th of November 1996, and we’re thrilled to be exploring this new…

A collection of free,  tools focused on security and convenience, including SSL validation, Base64 encoding, and more.

I recently came across an article detailing a campaign using browser cache smuggling and ClickFix to deliver malware to a system. I found…