The List-Unsubscribe SMTP header is standardized but often overlooked during security assessments. It allows email clients to provide an easy way for end-users to unsubscribe from mailing lists.
This post discusses how this header can be abused to perform…

Deep dive into MacSync Stealer (UserSyncWorker variant), a MaaS infostealer featuring Gatekeeper bypass via notarized Swift dropper, code signature validation, and multi-layer payload obfuscation

Docket for United States v. LICHTENSTEIN, 1:23-cr-00239 — Brought to you by Free Law Project, a non-profit dedicated to creating high quality open legal information.

This paper presents a groundbreaking cryptanalytic framework for the SHA-256 hash function. By mapping the 2^32 modular addition space into a fractional domain [0, 1), I demonstrate that the non-linear "noise" generated by modular overflows is not random…

Explore our extensive archive of in-depth tech reviews, scientific breakthroughs, and cybersecurity analysis. Find the specs, facts, and expert insig

Posted by JDBHub - 4 votes and 0 comments

An unauthenticated local WebSocket server in the CurseForge launcher allowed any website to trigger remote code execution via attacker-controlled JVM arguments.

A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot, and I thought it was a fantastic idea.When I set off to do this…

A critical CVE in LangChain shows why credential isolation matters more than perfect code.

Infosec news that doesn’t make you want to quit tech. Click to read Threat Road, by Alex from Threat Road, a Substack publication. Launched a month ago.

Zero-day and every day protection for your cloud applications with a complete explainable & traceable runtime security story.

Somebody from Elastic Security decided to post an exploit for CVE-2025–14847 on Christmas Day.

Posted by AviMitz_ - 0 votes and 0 comments

This paper introduces authority separation as a foundational architectural principle for AI systems in which language models propose actions but do not authorize execution. We demonstrate that separating generation from execution authority provides structural…

How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active for…