Since the early 2000s, attacks based on browser vulnerabilities have remained a mainstream, effective, and versatile attack method. The following is the second article from the “DARKNAVY INSIGHT | 2024 Annual Security Report”.

According to the latest report…

In the “DARKNAVY INSIGHT | 2023 Annual Security Report”, we noted: “As we stand on the precipice of the next decade, 2023 will undoubtedly be a year of profound transformation. The deployment of new defense mechanisms and the rise of novel attack technologies…

Use CSS injection to bypass CSP, exfiltrate OAuth tokens through unique chaining techniques. Discover vulnerability and exploit details

I’ve been hacking since 2014 and more recently focusing on bounty hunting in the blockchain space. For example, I found a critical bug in…

Can GitHub Issues Hijack Your AI? This post explores how ChatGPT Operator can be hijacked through prompt injection exploits on web pages, leading to unauthorized data leakage of personal information.

Does open source guarantee that there are no backdoors?
At the 1983 Turing Award ceremony, Ken Thompson raised this question. As one of only three legends to win the Turing Award before the age of 40, he demonstrated how to hack Unix systems compiled from…

At the beginning of 2025, the five-year “Siri Eavesdropping Scandal” finally came to an end. Apple settled a class-action lawsuit with the plaintiffs for $95 million.
This well-known privacy case started when users accused Siri of accidentally capturing and…

Under the collective efforts of security researchers and increasingly stringent security mitigations, most memory vulnerabilities have been nipped in the bud.
Is it time to declare memory vulnerabilities a thing of the past?
In July 2024, a “nuclear bomb”…

2023 was the dawn of generative AI and large language models, which output content in unprecedented ways.
In 2024, a large number of AI agents emerged, expanding the capabilities of LLM, driving more widespread tool usage, and extending their application…

A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (

In the increasingly intense offense and defense confrontation of 2024, security software has always been regarded as an important cornerstone of the corporate security defense line. However, these security softwares themselves may also have vulnerabilities…

In recent years, the evolution of vulnerabilities and defense techniques has been continuous. From the days when a simple stack overflow could compromise a system, to the present day, where sophisticated techniques are necessary to bypass multiple layers…

### Summary

A vulnerability in PAN-OS OpenConfig allows an authenticated user to run arbitrary commands on the underlying OS. The commands are run as device administrator.

### Details
Palo A...

### Summary
In this report, we describe multiple vulnerabilities we discovered in Rsync.

The first pair of vulnerabilities are a [Heap Buffer Overflow](https://nvd.nist.gov/vuln/detail/cve-202...

In the field of cybersecurity, vulnerability disclosure has long been regarded as a crucial step in safeguarding users. However, in practice, this process is fraught with controversy and contradictions. What truly constitutes “responsible disclosure”? When…

Have you ever wondered how many vulnerabilities you've missed by a hair's breadth, due to a single flawed choice? We've just released Shadow Repeater, which enhances your manual testing with AI-powere

Executive Summary Why We Care about Sandbox Emulation As a discipline, information security involves a vast web of entry vectors, mitigations, and counter-mitigations. Among these, one of the most impactful points of conflict between attackers and defenders…

Research by Dikla Barda, Roman Ziakin and Oded Vanunu On February 21st, Check Point Blockchain Threat Intel System alerted on a critical attack log on the  Ethereum blockchain network. The log indicated that the AI engine identify anomality change with this…