Hagana – A novel approach to runtime protection for NodeJS to prevent supply chain attacks
submitted by /u/beckerman_jacob
Playing Docker? Bad Containers and What They Teach Us
submitted by /u/Illustrious_Yard_576
This repo contains information about EDRs that can be useful during red team exercise.
submitted by /u/M_Reza_Bakhtiyari
Miracle – One Vulnerability To Rule Them All
submitted by /u/scopedsecurity
Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190
submitted by /u/canmaplap
ShoMon V2: Shodan Monitoring Integration for TheHive written in Golang
submitted by /u/KaanSK
Container escapes: Detecting abuses of Linux capabilities with Falco + Intro to CAP_SYS_ADMIN
submitted by /u/capitangolo
Intercepting MS Teams Communication
submitted by /u/OwnPreparation3424
Hacking into the worldwide Jacuzzi SmartTub network
submitted by /u/EatonZ
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild
submitted by /u/nykzhang
CSRF leads to account takeover in Yahoo!
submitted by /u/vinay737
Securing OT Network Management Systems: Siemens SINEC NMS
submitted by /u/derp6996
CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
submitted by /u/Gallus
The Android kernel mitigations obstacle race
submitted by /u/0xdea
Pulling MikroTik into the Limelight
submitted by /u/0xdea
Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu
submitted by /u/Gallus
Pwn2Own 2021 Canon ImageCLASS MF644Cdw writeup
submitted by /u/alain_proviste
Hertzbleed – a new family of side-channel attacks
submitted by /u/CyberMasterV
Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware
Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch.
Security researchers have published technical details of a critical Fusion Middleware vulnerability, tracked as CVE-2022–21445, that was reported to...
Multiple malicious packages in PyPI repository found stealing AWS secrets
Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info.
Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment...
The Post-Roe Privacy Nightmare Has Arrived
Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.
How to Move Your WhatsApp Chats Across Devices and Apps
It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.
We’re now truly in the era of ransomware as pure extortion without the encryption
Why screw around with cryptography and keys when just stealing the info is good enough Feature US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing...
