Impacted by the F5 data breach? You may be ennoscriptd to legal compensation. My Data Breach Attorney can help protect your rights.

Overview

An undocumented parameter of the "web-auth" command could allow an authenticated attacker to execute commands remotely due to improper input sanitization, potentially resulting in full device compromise.

A vulnerability in the zysh-cgi component of the USG/ATP Series allows a low-privileged, semi-authenticated attacker to access the device’s configuration, bypassing authorization controls. This issue arises due to missing authorization checks and an incomplete…

This is research on detecting attacks on Kerberos using traffic analysis.

Our security agent found a business logic flaw in how Netty handled one of the internet's oldest and most trusted protocols. To understand the vulnerability, we need to take a quick journey back to the humble beginnings of email.

Magento is still one of the most popular e-commerce solutions in use on the internet, estimated to be running on more than 130,000 websites. It is also offered as an enterprise offering by Adobe under the name Adobe Commerce, which receives automatic patching.…

I was recently flying between HKG & LHR via British Airways. I’d done the same flight back in 2023, and remember relying on the in-flight entertainment for the 14 hour journey. However, this time on my way to London, they had an interesting offer: Free WiFi…

ZeroPath's AI-based static analyzer uncovered 170 verified issues in curl, from C footguns to logic and RFC compliance bugs across HTTP/3, SMTP, IMAP, TFTP, Telnet, and SSH/SFTP, with curl maintainer Daniel Stenberg praising the quality -- proof that AI source…

Local LLMs prioritize privacy over security. Our research reveals a 95% backdoor injection success rate.

2 min read

We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.

Join Chris Young's workshop to discover the 9 core principles of infrastructure security. They are proven, repeatable, and often ignored.

AI browsers remain vulnerable to prompt injection attacks via screenshots and hidden content, allowing attackers to exploit users' authenticated sessions.

Walkthrough of how to embed frida noscripts in apps to distribute proper mods. Supports frida 17+.