Home
Recommended
Other Links
Over the last year, security researchers have shared a huge amount of work with the community through blog posts, presentations, and whitepapers. This is great, but it also means genuinely reusable te
Interrupt discovery and delivery on Windows on ARM
The Tapo C260 is the latest TP-Link camera featuring a whole host of upgrades. As part of the SPIRITCYBER contest where I found several RCEs and other interesting vulnerabilities, I decided to focus on this device and dive deeper into hardware hacking.
39C3 Talk: Agentic ProbLLMs - Exploiting AI Computer-Use And Coding Agents
Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.
Every day, thousands of web services generate PDF (Portable Document Format) files—bills, contracts, reports. This step is often treated as a technical routine, “just convert the HTML,” but in practice it’s exactly where a trust boundary is crossed. The renderer parses HTML, downloads external resources, processes fonts, SVGs, and images, and sometimes has access to […]
Most will talk about the success in their year-end posts. Great. Nobody talks about the failures. Nobody talks about what ACTUALLY happened.
Well, we are going to tell you about OUR STORY - the success AND the failures. The whole thing. Because that’s how we actually learn…from our own mistakes.
So here it is, UNFILTERED. Buckle up.
PWN2OWN 2025 BERLIN & IRELAND We could only bring one of our interns, Gerrard Tai, along with us to Pwn2Own.
Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.
The List-Unsubscribe SMTP header is standardized but often overlooked during security assessments. It allows email clients to provide an easy way for end-users to unsubscribe from mailing lists.
This post discusses how this header can be abused to perform Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks in certain scenarios. Real-world examples involving Horde Webmail (CVE-2025-68673) and Nextcloud Mail App are provided to illustrate the risks.
Livewire: remote command execution through unmarshaling
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
### Impact Vendor
Palo Alto Networks
### Affected Product
PA-54xx All supported versions of PAN-OS.
Tested: PAN-OS 10.x - 10.2.16-h1 PAN-OS 11x - 11.2.1
### Important Dates
The report wa...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Check Point Research exposes GachiLoader, a Node.js loader in the YouTube Ghost Network, and shows how API tracing defeats its obfuscation.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Key Findings Introduction Check Point Research tracks a sustained, highly capable espionage cluster, which we refer to as Ink Dragon, and is referenced in other reports as CL-STA-0049, Earth Alux, or REF7707. This cluster is assessed by several vendors to be PRC-aligned. Since at least early 2023, Ink Dragon has repeatedly targeted government, telecom, and […]
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
### Summary
Clients are required in the [OAuth spec](https://datatracker.ietf.org/doc/html/rfc6749#section-10.12) to prevent CSRF attacks at its Callback handler. The implementation in [cloudflare...
Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were ...
Welcome back! In the last post I described the process of examining the iPhone Pro TrueDepth LiDAR and developing concepts for hardware to detect it. Here I will describe the firmware for this device, the concepts employed in it, and the approaches taken to implementing these concepts on the tiny
ActivID administrator account takeover : the story behind
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025).
Weeeeeeeee. Before then, we want to clear the decks and see how much research we can publish.
This year at Black Hat Europe, Piotr Bazydlo presented “SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL”. This research ultimately led to the identification of new primitives in the .NET Framework that, while Mi
Highlights: Introduction Throughout 2025, we conducted and published several reports related to our research on the Silver Fox APT. In some of them (for example, here), the threat actor delivered the well-known ValleyRAT backdoor, also referred to as Winos or Winos4.0, as the final stage. Since this malware family is widely used, modular, and often associated with Chinese threat actors […]
Gerne unterstütze ich Sie als Freelancer bei der Erarbeitung und Durchführung maßgeschneiderter Workshops und Trainings:
Email training@lauritz-holtmann.de LinkedIn Connect on LinkedIn English Version below
In einer Zeit, in der durch Vibe-Coding Proof-of-Concept-Anwendungen nur wenige Prompts entfernt sind, ist es essenziell, dass Mitarbeitende in Unternehmen regelmäßig geschult werden, um ein Bewusstsein für IT-Sicherheit zu schaffen und dieses aufrechtzuerhalten. Hierbei biete ich maßgeschneiderte Workshops und Trainings zu verschiedenen Themen rund um IT-Sicherheit an. Diese können sowohl remote als auch vor Ort in Ihrem Unternehmen durchgeführt werden.
At DEF CON 32, Samy Kamkar gave a talk about laser microphones. That was the only talk I made a point to watch live that year. Kamkar never disappoints and I have fond memories of trying to use a laser pointer and photodiode to hear through windows as a kid. During that talk Kamkar mentioned notic
The gradual and systemic over-reliance on LLM outputs, especially with agentic systems, leads to a normalization of deviance.
Hacking Lab Hacking Lab Home People Publications CVEs Contact Light Dark Automatic RTCon: Context-Adaptive Function-Level Fuzzing for RTOS Kernels (to appear) Eunkyu Lee , JunYoung Park , Insu Yun February 2026 Cite Publication Proceedings of the 2026 Annual Network and Distributed System Security...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
By: Dikla Barda, Roman Zaikin, and Oded Vanunu On November 30, 2025, Check Point Research detected a critical exploit targeting Yearn Finance’s yETH pool on Ethereum. Within hours, approximately $9 million was stolen from the protocol. The attacker achieved this by minting an astronomical number of tokens—235 septillion yETH (a 41-digit number)—while depositing only 16 […]
### The challenge
https://www.turb0.one/pages/Challenge\_Two:\_Stranger\_XSS.html
We are given a frameable target page on this address `https://www.turb0.one/files/9187cc52-fd4d-49c6-a336-0ce8b5139394/xsschal2minimal/inner.html`.
The page loads three scripts
```
<script src="lodash.min.js">...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
# InQL v6.1.0 Just Landed with New Features and Contribution Swag! 🚀
02 Dec 2025 - Posted by Bartek Górkiewicz
## Introduction
We are excited to announce a new release of our Burp Suite Extension - InQL v6.1.0! The complete re-write from Jython to Kotlin in our previous update (v6.0.0) laid...
Codex CLI automatically loads and execute MCP entries withoug
2025 Winter Challenge: Quinindrome
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
How to debug CodeQL database creation failures, identify the root cause from build-tracer logs, and create minimal reproducers using cvise.
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Nov 26 2025 @ 10:36 AM
Kri Dontje
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Security Vulnerabilities Keep Google's Antigravity Grounded
Welcome to watchTowr vs the Internet, part 68.
That feeling you’re experiencing? Dread. You should be used to it by now.
As is fast becoming an unofficial and, apparently, frowned upon tradition - we identified incredible amounts of publicly exposed passwords, secrets, keys and more for very sensitive environments - and then spent a number of months working out if we could travel back in time to a period in which we just hadn't.
Remember, kids - a problem shared is a problem that isn't just y
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
On blockchains, whoever controls the private key to an address controls the funds in the corresponding account.
In October 2025, the U.S. government announced the seizure of 127,000 BTC from Prince Group. On‑chain tracing reports indicated that these funds were in fact the assets stolen from the LuBian mining pool in December 2020.
A Bitcoin private key is a 256‑bit random number and is, in theory, infeasible to brute‑force. How did the U.S. government obtain LuBian’s wallet private key?
### Impact
The Opto22 Groov Manage maintenance application endpoint is vulnerable to remote code execution. This means an attacker can create a specially crafted request that when executed will ac...