Home
Recommended
Other Links
The new framework maintains long-term access to Linux systems while operating reliably in cloud and container environments
Welcome to 2026!
While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada.
In December, we were alerted to a vulnerability in SmarterTools’ SmarterMail solution, accompanied by an advisory from Singapore’s Cyber Security Agency (CSA) - CVE-2025-52691, a pre-auth RCE that obtained full marks (10/10) on the industry’s scale.
Vulnerabilities like these are always exciting, because whe
Eight years ago today, I started STAR Labs by hiring several fresh grads with no working experiences.
Today, I stand here with a different group of faces. Some of you were there from the beginning. Some of you joined along the way. Some of you just started last month.
And some of the people who were here… weren’t anymore.
Not because they failed. Not because we failed them. But because life called them in different directions.
Key takeaways Introduction GoBruteforcer is a botnet that turns compromised Linux servers into scanning and password brute-force nodes. It targets internet-exposed services such as phpMyAdmin web panels, MySQL and PostgreSQL databases, and FTP servers. Infected hosts are incorporated into the botnet and accept remote operator commands. Newly discovered weak credentials are used to steal data, […]
Disclaimer: This article is intended for educational purposes and security specialists conducting authorized testing. The author assumes no responsibility for any misuse of the information provided. Distribution of malicious software, system disruption, and privacy violations are punishable by law.
Introduction I’m sure most of you are already familiar with the concept of Prompt Injection and its various consequences. However, in 2026, any AI model without MCP (Model Context Protocol) servers can’t reach its full potential — that’s why developers are connecting numerous MCP servers to extend their capabilities.
Over the last year, security researchers have shared a huge amount of work with the community through blog posts, presentations, and whitepapers. This is great, but it also means genuinely reusable te
### Summary
A buffer overflow and stack information leak affecting the ARM Ampere Management Mode (MM) Boot Error Record Table (BERT) driver. This code is bundled into the ARM Unified Extensible F...
#### Summary
Multiple arbitrary Out-of-Bounds (OOB) `'\0'` byte write vulnerabilities affecting the ARM Ampere Management Mode (MM) PCIe driver were discovered. This code is bundled into t...
Interrupt discovery and delivery on Windows on ARM
The Tapo C260 is the latest TP-Link camera featuring a whole host of upgrades. As part of the SPIRITCYBER contest where I found several RCEs and other interesting vulnerabilities, I decided to focus on this device and dive deeper into hardware hacking.
39C3 Talk: Agentic ProbLLMs - Exploiting AI Computer-Use And Coding Agents
Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.
Every day, thousands of web services generate PDF (Portable Document Format) files—bills, contracts, reports. This step is often treated as a technical routine, “just convert the HTML,” but in practice it’s exactly where a trust boundary is crossed. The renderer parses HTML, downloads external resources, processes fonts, SVGs, and images, and sometimes has access to […]
Most will talk about the success in their year-end posts. Great. Nobody talks about the failures. Nobody talks about what ACTUALLY happened.
Well, we are going to tell you about OUR STORY - the success AND the failures. The whole thing. Because that’s how we actually learn…from our own mistakes.
So here it is, UNFILTERED. Buckle up.
PWN2OWN 2025 BERLIN & IRELAND We could only bring one of our interns, Gerrard Tai, along with us to Pwn2Own.
Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.
The List-Unsubscribe SMTP header is standardized but often overlooked during security assessments. It allows email clients to provide an easy way for end-users to unsubscribe from mailing lists.
This post discusses how this header can be abused to perform Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks in certain scenarios. Real-world examples involving Horde Webmail (CVE-2025-68673) and Nextcloud Mail App are provided to illustrate the risks.
Livewire: remote command execution through unmarshaling
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
### Impact Vendor
Palo Alto Networks
### Affected Product
PA-54xx All supported versions of PAN-OS.
Tested: PAN-OS 10.x - 10.2.16-h1 PAN-OS 11x - 11.2.1
### Important Dates
The report wa...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Check Point Research exposes GachiLoader, a Node.js loader in the YouTube Ghost Network, and shows how API tracing defeats its obfuscation.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Key Findings Introduction Check Point Research tracks a sustained, highly capable espionage cluster, which we refer to as Ink Dragon, and is referenced in other reports as CL-STA-0049, Earth Alux, or REF7707. This cluster is assessed by several vendors to be PRC-aligned. Since at least early 2023, Ink Dragon has repeatedly targeted government, telecom, and […]
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
### Summary
Clients are required in the [OAuth spec](https://datatracker.ietf.org/doc/html/rfc6749#section-10.12) to prevent CSRF attacks at its Callback handler. The implementation in [cloudflare...
Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were ...
Welcome back! In the last post I described the process of examining the iPhone Pro TrueDepth LiDAR and developing concepts for hardware to detect it. Here I will describe the firmware for this device, the concepts employed in it, and the approaches taken to implementing these concepts on the tiny
ActivID administrator account takeover : the story behind
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025).
Weeeeeeeee. Before then, we want to clear the decks and see how much research we can publish.
This year at Black Hat Europe, Piotr Bazydlo presented “SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL”. This research ultimately led to the identification of new primitives in the .NET Framework that, while Mi
Highlights: Introduction Throughout 2025, we conducted and published several reports related to our research on the Silver Fox APT. In some of them (for example, here), the threat actor delivered the well-known ValleyRAT backdoor, also referred to as Winos or Winos4.0, as the final stage. Since this malware family is widely used, modular, and often associated with Chinese threat actors […]
Gerne unterstütze ich Sie als Freelancer bei der Erarbeitung und Durchführung maßgeschneiderter Workshops und Trainings:
Email training@lauritz-holtmann.de LinkedIn Connect on LinkedIn English Version below
In einer Zeit, in der durch Vibe-Coding Proof-of-Concept-Anwendungen nur wenige Prompts entfernt sind, ist es essenziell, dass Mitarbeitende in Unternehmen regelmäßig geschult werden, um ein Bewusstsein für IT-Sicherheit zu schaffen und dieses aufrechtzuerhalten. Hierbei biete ich maßgeschneiderte Workshops und Trainings zu verschiedenen Themen rund um IT-Sicherheit an. Diese können sowohl remote als auch vor Ort in Ihrem Unternehmen durchgeführt werden.
At DEF CON 32, Samy Kamkar gave a talk about laser microphones. That was the only talk I made a point to watch live that year. Kamkar never disappoints and I have fond memories of trying to use a laser pointer and photodiode to hear through windows as a kid. During that talk Kamkar mentioned notic
The gradual and systemic over-reliance on LLM outputs, especially with agentic systems, leads to a normalization of deviance.
Hacking Lab Hacking Lab Home People Publications CVEs Contact Light Dark Automatic RTCon: Context-Adaptive Function-Level Fuzzing for RTOS Kernels (to appear) Eunkyu Lee , JunYoung Park , Insu Yun February 2026 Cite Publication Proceedings of the 2026 Annual Network and Distributed System Security...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
By: Dikla Barda, Roman Zaikin, and Oded Vanunu On November 30, 2025, Check Point Research detected a critical exploit targeting Yearn Finance’s yETH pool on Ethereum. Within hours, approximately $9 million was stolen from the protocol. The attacker achieved this by minting an astronomical number of tokens—235 septillion yETH (a 41-digit number)—while depositing only 16 […]
### The challenge
https://www.turb0.one/pages/Challenge\_Two:\_Stranger\_XSS.html
We are given a frameable target page on this address `https://www.turb0.one/files/9187cc52-fd4d-49c6-a336-0ce8b5139394/xsschal2minimal/inner.html`.
The page loads three scripts
```
<script src="lodash.min.js">...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
# InQL v6.1.0 Just Landed with New Features and Contribution Swag! 🚀
02 Dec 2025 - Posted by Bartek Górkiewicz
## Introduction
We are excited to announce a new release of our Burp Suite Extension - InQL v6.1.0! The complete re-write from Jython to Kotlin in our previous update (v6.0.0) laid...
Codex CLI automatically loads and execute MCP entries withoug
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
2025 Winter Challenge: Quinindrome
How to debug CodeQL database creation failures, identify the root cause from build-tracer logs, and create minimal reproducers using cvise.
