Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel…

David Kleidermacher, VP Engineering, Android Security & Privacy and DSPA Security & Privacy, and Eugene Liderman, Director, Android Security...

HackerOne has integrated EPSS scoring into Hacktivity for more comprehensive CVE remediation.

What's Changed
Other Changes

Fixed relative path issue for template loading by @tarunKoyalwar in #4284

Full Changelog: v3.0.1...v3.0.2

SOC Analyst Appreciation Day Recordings: https://jh.live/soc // CloudSec 360 Webinar on MOVEit: https://jh.live/wiz360

Free Cybersecurity Education and Ethical Hacking
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon…

a simple discovery noscript that uses popular tools like subfinder, amass, puredns, alterx, massdns and others - foozzi/discoshell

When scanning a target, it’s important that your payloads are all in session otherwise you might not be hitting the attack surface. Tom from the development team demonstrates how Burp Scanner can automatically detect when a request is no longer in session…

David Kleidermacher, VP Engineering, Android Security & Privacy and DSPA Security & Privacy, and Eugene Liderman, Director, Android Security...

Come play the Fetch the Flag CTF that I am co-hosting with Snyk! ONLINE RIGHT NOW https://jh.live/fetchtheflag

PS, I'll be presenting for the CloudSec 360 webinar with Wiz on the MOVEit Transfer exploitation -- tune in on November 8th! https://jh.live/wiz360…

Hi Everyone,

A simple tool for bypassing file upload restrictions. - sAjibuu/Upload_Bypass

Understanding JS Client-Side

Eduardo Vela, Jan Keller and Ryan Rinaldi, Google Engineering  In September, we shared how we are implementing the voluntary AI commitments...

Nuclei v3 is now live and kicking!
We're excited to announce a variety of new features, enhancements, and bug fixes for seamless vulnerability identification!

For an in-depth understanding and...

A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal

Mihai Maruseac, Sarah Meiklejohn, Mark Lodato, Google Open Source Security Team (GOSST) New AI innovations and applications are reaching con...

At HackerOne, we are combining human intelligence with artificial intelligence at scale to improve the efficiency of people and unlock entirely new capabilities.

https://jh.live/snyk || Try Snyk for free and find vulnerabilities in your code and applications! ➡ https://jh.live/snyk
More Fetch the Flag writeups: https://jh.live/ftf-writeups

PS, I'll be presenting for the CloudSec 360 webinar with Wiz on the MOVEit…

NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report on a NetSupport RAT intrus…

📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training

💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://ww…