Welcome to Monday, and what an excitingly fresh start to the week we're all having.

Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling…

TL;DR ¶ jub0bs/cors v0.5.0 now lets you handle CORS-configuration errors programmatically. This feature should be of interest to you if you’re a multi-tenant service provider and you let your tenants configure CORS for their instances. jub0bs/cors’s commitment…

Unicode codepoint truncation - also called a Unicode overflow attack - happens when a server tries to store a Unicode character in a single byte. Because the maximum value of a byte is 255, an overflo

Writeup of a collaborated bug on Bugcrowd where I was able to bypass Akamai WAF to exploit RCE on Spring Boot error page using SpEL

Yeti is a Forensic Intelligence platform and pipeline for DFIR teams. Rhino Security Labs will detail 2 security flaws that, combined, lead to unauthenticated RCE.

Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.   

These vulnerabilities exist in Observium, a network observation and monitoring system;…

Critical vulnerabilities doesn't have to be complex or have a CVE - @deepseek_ai publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data.

No one is safe from security mistakes, follow…

Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy ...

Posted by James Forshaw, Google Project Zero Back in 2021 I wrote a blog post  about various ways you can build a virtual memory acces...

Imagine downloading a game from a third-party app store. You grant it seemingly innocuous permissions, but hidden within the app is a malicious exploit that allows attackers to steal your photos, eavesdrop on your conversations, or even take complete control…

A crazy race condition in the XNU kernel.

Using SourcePoint’s JTAG debugger to investigate the implementation of Intel CET Shadow Stacks in kernel-mode on Windows

### Summary
Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...

Personal blog of Julien (jvoisin) Voisin

Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments…

Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs…

Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world.