Require Google to Remove One-Click Full Logout URLs

Horizon3.ai uncovers FreePBX flaws, including CVE-2025-66039 auth bypass, SQL injection, and file upload RCE—and shows how NodeZero detects them.

Nextcloud - a safe home for all your data

On November 25th, one of our engineers was compromised by the Shai-Hulud npm supply chain worm. Here's what happened, how we responded, and what we've changed.

AI deception platform: Deceive, Detect, Respond. “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.” Bruce Schneier. We turn that hard truth into your tactical advantage. Our AI-based decoys, built using our open-source…

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

Cymulate Research Labs discovered CVE-2025-64669, a local privilege escalation flaw in Windows Admin Center enabling SYSTEM-level compromise.

Makop, a ransomware strain derived from Phobos, continues to exploit exposed RDP systems while adding new components such as local privilege escalation exploits and loader malware to its traditional toolkit.

Real Vulnerabilities. Actionable Results. | AI for Security, Vulnerability Research

CAI integrated with Chrome via MCP delivers AI-assisted web application security assessments, demonstrated on OWASP Juice Shop with 171x faster vulnerability discovery

Pentesting an API revealed an undocumented OFS Field Injection flaw that enables poisoned transactions without proper input validation.

For many of our e-commerce customers the problem of bad bots it's a everyday problem and has evolved a lot in the last few years. A common approach is to "block" automated traffic with a JavaScript challenge, basically a small noscript that the browser must…

Preface

Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF.

TruffleHog now detects JWTs signed with public-key cryptography and verifies them for liveness. This new detector has already found hundreds of live JWTs for our customers.

It was yet another day at the office. Our team was internally discussing moving to a different platform analytics solution. Our team was really leaning more towards Posthog. It’s one of the brilliant -I personally believe it’s the best- products on the market.…