In Part 2, we shift our focus to the malware campaigns linked to Proton66, where compromised WordPress websites were leveraged to target Android devices.

Изучили популярное хранилище секретов с открытым исходным кодом: проанализировали механизм проверки прав и возможность удаленного выполнения кода

Learn more about triangular workflows, how they work, and how to configure them for your Git workflows. See how you can leverage them on the GitHub CLI.

Critical 0-click flaw in Microsoft Telnet Server allows attackers to bypass authentication & gain admin access. Learn about the MS-TNAP vulnerability & how to mitigate

Another day, another edge device being targeted - it’s a typical Thursday!

In today’s blog post, we’re excited to share our previously private analysis of the now exploited in-the-wild N-day vulnerabilities affecting SonicWall’s SMA100 appliance. Over the…

Free hands-on digital forensics labs for students and faculty - frankwxu/digital-forensics-lab

I was searching for such resource to work as cheat sheet series and guide me through different attack scenarios for API attacks, didn’t…

A gallery that showcases on-device ML/GenAI use cases and allows people to try and use models locally. - google-ai-edge/gallery

GreyNoise uncovers a stealth campaign exploiting ASUS routers, enabling persistent backdoor access via CVE-2023-39780 and unpatched techniques. Learn how attackers evade detection, how GreyNoise discovered it with AI-powered tooling, and what defenders need…

The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.

Oasis Security reveals a OneDrive File Picker flaw allowing full drive read access via OAuth, affecting apps like ChatGPT, Slack, Trello, and ClickUp.

Kaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721.

What is the Blink rendering engine, and how is it used in Chrome?

From rate limits to no limits: How IPv6's massive address space and a crafty botguard bypass left every Google user's phone number vulnerable

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online…

More than 95% of Application Security alerts are just noise - as demonstrated by OX Security research. But CVE-2025-4123 - “The Grafana Ghost”, as we will refer to, is not one of them. This newly discovered vulnerability is a rare case that demands attention…

Binarly uncovers CVE-2025-3052: a Secure Boot bypass affecting most UEFI devices, enabling attackers to run unsigned code before OS load.