The Amtrak mobile APIs are affected by vulnerabilities that can directly lead to the exposure of Personally Identifiable Information (PII) and partial payment data for at least 6 million Amtrak guest rewards members. The Amtrak customers’ exposed PII includes…

We found that in all password managers we examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases, exposing up to 60 million users that use the password managers in this study to secrets…

Introduction This is a writeup for a bug I found a few months ago in Facebook’s Capture the Flag Platform (FBCTF). It was a fixed a while ago, so I’ll describe the bug and how I found it. I discovered this bug when participating in Facebook’s 2018 CTF and…

More and more security holes are appearing in cryptocurrency and smart contract platforms, and some are fundamental to the way they were built.

Tweet it Share on Google Pin it Share it Email This is not the first

Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations d...

Combine a bug in Antidote, a popular enterprise spellchecker, and unsafe defaults in Active Directory, and you get more NTLM hashes than you can deal with.

Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations date back to the early...

Research by: Nadav Grossman Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and…

A noscripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. - SolomonSklash/chomp-scan

Users of WP Cost Estimation & Payment Forms Builder and Simple Social Buttons plugins urged to update.

A powerful target reconnaissance framework powered by graph theory. - pownjs/pown-recon

0 votes and 0 comments so far on Reddit

# Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit Today I found an interesting phishing kit targ

0 votes and 1 comment so far on Reddit

If you are working in a digital marketing sphere, most of your work is done online, from managing social media channels to monitoring…

Being a bug bounty hunter, I face a lot of competition. Lots of companies are willing to issue rewards for vulnerabilities in their…

After Jenkins released the [Security Advisory](https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595) and fixed the dynamic routing vulnerability on 2018-12-05, I started to organize my notes in order to write this Hacking Jenkins series. While reviewing…

This article is mainly about a brief security review on Jenkins in the last year. During this review, we found 5 vulnerabilities including: CVE-2018-1999002(Arbitrary file read vulnerability), CVE-2018-1000600(CSRF and missing permission checks in GitHub…