The phrase “Bank Grade Security” usually provides little comfort for those of us in the information security world, but nevertheless, buzzword-driven markete...

I recently came across an interesting behaviour on PHP. Apparently, PHP permits the usage of Unicode characters as variable names. There...

Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that…

## Summary
During the parsing of Powerpoint files it seems that it is possible to include XXE payload which will be executed on the Open-XChange server. I was able to identify which files exist on...

Summary
Firefox’s bug in CSP implementation, which will be fixed in Firefox 62, provides us the way to detect the redirection of any given URL when accessed with the victim’s Firefox. Practically, OAuth is one of interesting features which requires redirections.…

In early July, Intel issued security advisories SA-00112 and SA-00118 regarding fixes for vulnerabilities in Intel Management Engine. ...

Contribute to public development by creating an account on GitHub.

A few mongth ago, Google released a new product - Hangouts Chat application, which is surely an answer to Slack . Hangouts Chat might be us...

2 votes and 0 comments so far on Reddit

(Before I begin — this bug was responsibly disclosed and has been fixed in the version 1.0.9 and later of EOSIO software, so I highly…

Hackers working for Russia claimed “hundreds of victims” last year in a long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said.

Herkese Selamlar, Bu post Netsparker ile yapılan bir web uygulama testini simüle edip false positive oranları, optimizasyon ve diğer uy...

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the poisoned package inside their projects.

1 vote and 0 comments so far on Reddit

It's no secret that Cloudflare operates at a huge scale. Cloudflare provides security and performance to over 9 million websites all around the world, from small businesses and WordPress blogs to Fortune 500 companies. That means one in every 10 web requests…

The Bluetooth flaw also opens door to a man-in-the-middle attack.
The IT security researchers at Israel Institute of Technology have discovered a critical s

Anyone who has followed myself or my teammates at SpecterOps for a while knows that we’re fairly big fans of PowerShell. I’ve been involved in offensive PowerShell for about 4 years, @m…

dirhunt - Find web directories without bruteforce

TL;DR Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home…