The Windows Error Reporting is a feature that is responsible for the collection of information about system and application crashes and reporting this information to Microsoft. Windows are shipped …

Threat actor "888" claims LG Electronics data leak with source code and credentials exposed. Analysis and security recommendations.

This article dives deep into the emerging threat of covert audio‑and‑video exfiltration hidden inside seemingly harmless PDF attachments and lightweight Python noscripts. It explains how attackers embed microphone listeners, webcam recorders, and motion‑triggered…

We hacked our way into Lovable's office by demoing SupaPwn — a chain that could potentially enable region-wide tenant takeover: event-trigger privilege window, DB superuser, host RCE, SUID escalation, exposed configs, orchestration takeover

IP, Prefix, Asn, isp denoscription, BGP Routes, BGP HiJack Search. All data comes from RouteViews and Ripe

Bypassing a PHP stream wrapper blacklist

Lite XL versions 2.1.8 and earlier contain vulnerabilities that allow arbitrary code execution and can lead to Remote Code Execution.

Intro Earlier this year, in January, Oracle Cloud's login service (login.us2.oraclecloud.com) was breached—this led to the compromise of 6M records and over 140k Oracle Cloud tenants. Analysis showed that the threat actor had exploited an older CVE (CVE-2021…

On November 18, 2025, the digital world was shaken by an unexpected incident the Cloudflare outage. Cloudflare, one of the largest Content Delivery Networks (CDNs) in the world, suffered a major service disruption that impacted millions of websites and applications…

We discovered a remote code execution vulnerability in Microsoft's Update Health Tools (KB4023057) through an abandoned Azure Blob. Here’s how we found it, how it worked, and what it means for your Windows environment.

Unquoted paths (CWE-428) remain a hidden threat in today’s software. See how runtime visibility exposes what legacy vulnerability tools overlook

In 2022, a subtle XSS bug slipped into esbuild, one of the most widely used JavaScript bundlers on the planet. Despite billions of downloads, it remained unnoticed, hiding inside a function that appeared to safely escape HTML. But a missing quote escape created…

Summary Sliver is a powerful command and control (C2) framework designed to provide advanced capabilities for covertly managing and controlling remote systems.

I first heard about the word "ASM" (i.e., Attack Surface Management) probably in late 2018, and I thought it must be some complex infrastructure for tr...

The fastest way to explore and analyze JSONL files on your desktop. Perfect for security analysts, SOC teams, and DevOps engineers.

541K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers…

Analysing 3.2M exposed databases with Netlas to reveal global risks, failed controls, and exposure trends across major DB systems