Home
Recommended
Other Links
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Nov 26 2025 @ 10:36 AM
Kri Dontje
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Security Vulnerabilities Keep Google's Antigravity Grounded
Welcome to watchTowr vs the Internet, part 68.
That feeling you’re experiencing? Dread. You should be used to it by now.
As is fast becoming an unofficial and, apparently, frowned upon tradition - we identified incredible amounts of publicly exposed passwords, secrets, keys and more for very sensitive environments - and then spent a number of months working out if we could travel back in time to a period in which we just hadn't.
Remember, kids - a problem shared is a problem that isn't just y
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
On blockchains, whoever controls the private key to an address controls the funds in the corresponding account.
In October 2025, the U.S. government announced the seizure of 127,000 BTC from Prince Group. On‑chain tracing reports indicated that these funds were in fact the assets stolen from the LuBian mining pool in December 2020.
A Bitcoin private key is a 256‑bit random number and is, in theory, infeasible to brute‑force. How did the U.S. government obtain LuBian’s wallet private key?
### Impact
The Opto22 Groov Manage maintenance application endpoint is vulnerable to remote code execution. This means an attacker can create a specially crafted request that when executed will ac...
### Impact
The View Users API endpoint returns a list of all users and associated metadata- including the web API tokens. This endpoint requires an Editor role to access and will display API keys ...
HEX ADVENT 2025: Crack the Advent, Conquer the Threat 🐛 WELCOME TO HEX ADVENT 2025, ‘tis the season to Unwrap Your Potential! 🎁
HEX ADVENT 2025 is a Christmas-themed CTF Advent Calendar, designed for women, by women.
What to Expect 12 Days, 12 Challenges: A structured schedule to build mastery across different CTF categories. Focus Areas: Pwn (Binary Exploitation) Cryptography Reverse Engineering Forensics OSINT Web Exploitation Our Mission: To empower women in cybersecurity, create visible role models, and cultivate a robust local talent pool.
### Summary
"astral-tokio-tar", a Rust crate used by the popular tool "uv", has a vulnerability that allows arbitrary file writes when unpacking tar files. In "uv" th...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
The Internet is ablaze, and once again we all have a front-row seat - a bad person, if you can believe it, is doing a bad thing!
The first warning of such behaviour came from the great team at Defused:
As many are now aware, an unnamed (and potentially silently fixed) vulnerability affecting a number of Forti-devices (blast radius is currently unclear) is being actively exploited. For many, this will feel like a normal Tuesday.
For others, it will feel like a Monday.
Moments like this are wh
After yet another workout where my sports watch completely lost GPS, I’d had enough. I decided to dig into its firmware and pinpoint the problem. I couldn’t find it published anywhere. No download section, no public archive, nothing. So, I changed tactics and went in through the Android app instead, hoping I could pull the […]
The Target A few months ago I realized I was overdue for a fun, quirky hardware project. Every so often I like to see what new and interesting electronic children's toys are out there. When looking, I keep in mind the potential attack surface, typically preferring toys with companion mobile apps, w
Ransomware is more fragmented and less centralized, with a record of 85 separate groups acting while victims remain as high as ever.
There’s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It’s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together and see where they might fray.
There’s beauty in that tension - the simultaneous act of breaking and creating, of exposing weakness to make strength possible. It’s a kind of intellectual intimacy, where curiosity meets consequence, and di
HTTP Anomaly Rank If you've ever used Burp Intruder or Turbo Intruder, you'll be familiar with the ritual of manually digging through thousands of responses by repeatedly sorting the table via length,
Information This is a solo CTF event open to women residing in Singapore or Malaysia.
To register and be eligible for the prizes:
Register on CTFd, and select the “eligible” bracket. Confirm your eligibility by filling in the Google Form. The flag format is described by this regex: /^HEX{.*}$/
There are a total of 12 challenges. One challenge will be released each day at 09:00 SGT within the period of 1 December 2025 to 12 December 2025.
Happy Friday, friends and.. others.
We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!
What’re We Doing Today, Mr Fox?
Today, in a tale that seems all too familar at this point, we begun as innocently as always - to reproduce an N-day in Monsta FTP as part of our emerging threat rapid reaction process we enact across the watchTowr client base.
Yet, somehow, we find ourselves saddled with the reality of discussing another zer
By: Dikla Barda, Roaman Zaikin & Oded Vanunu On November 3, 2025, Check Point Research’s blockchain monitoring systems detected a sophisticated exploit targeting Balancer V2’s ComposableStablePool contracts. The attacker exploited arithmetic precision loss in pool invariant calculations to drain $128.64 million across six blockchain networks in under 30 minutes. The attack leveraged a rounding error […]
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Site Unseen: Enumerating and Attacking Active Directory Sites
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
By Andrey Charikov and Oded Vanunu Key Findings: Launched in March 2017, Microsoft Teams has become one of the most widely used communication and collaboration platforms in the world. As part of the Microsoft 365 family, Teams provides workplaces with chat, video conferencing, file storage, and application integration to more than 320 million monthly active […]
Posted by Seth Jenkins, Project Zero Introduction I've recently been researching Pixel kernel exploitation and as part of this research I ...
Check Point Research succeeded in understanding the infamous malware family, Xloader, by leveraging Generative AI
The Target: Brother MFC-J1010DW Affected Models: Brother Printer MFC-J1010DW Vulnerable Firmware: Version <= 1.18 TL;DR: The Vulnerability Chain We discovered three vulnerabilities that when chained together, allow for complete remote compromise:
Authentication Bypass via SNMP - Retrieve the printer’s serial number without authentication, allowing attackers to derive the default admin password Unauthenticated Firmware Rollback - Downgrade to vulnerable firmware versions over the network, no credentials required Buffer Overflow via Referer Header - Execute arbitrary code by crafting malicious HTTP headers The result?
Background Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in the Patch Tuesday updates in May, July, and August 2025. These are the vulnerabilities: Vulnerability disclosures such as these highlight the need for proactive measures to mitigate potential risks. […]
Dead Domains are an often overlooked, yet impactful bug class that can lead to significant security vulnerabilities, including Cross-Site Scripting, Information Disclosure, and even Remote Code Execution. Attackers can exploit these vulnerabilities by registering expired or unregistered domains that were previously owned by legitimate entities.
But: How can security researchers and penetration testers efficiently identify these dead domains?
Claude's Code Interpreter recently got network access, and the default allow-list enables an interesting novel exploit chain that allows an adversary to exfiltrate large amounts of data by uploading files via the Anthropic API to their own account.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Creating a "Two-Face" Rust binary on Linux
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Paint it blue: Attacking the bluetooth stack
Analysis of Windows under ARM64: exception/privilege model, virtual memory mechanics, and OS behavior under VHE
### Summary
It is possible to craft a zip file that, when parsed by Python's zipfile implementation, returns contents that are different from other common zip implementations. This is achieve...
Research by: Antonis Terefos (@Tera0017) Key Points Introduction In recent years, threat actors have continuously adapted their tactics to discover new and effective methods for malware distribution. While email remains one of the most prominent infection vectors, its effectiveness has diminished due to widespread deployment of security solutions and increased user awareness. Consequently, attackers have sought […]
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Summary Check Point Research (CPR) identified a security vulnerability in January 2025 affecting the new Rust-based kernel component of the Graphics Device Interface (commonly known as GDI) in Windows. We promptly reported this issue to Microsoft and they fixed the vulnerability starting with OS Build 26100.4202 in the KB5058499 update preview released on May 28th 2025. In the following sections, we […]
Note from editor: Before we begin, a big welcome to McCaulay Hudson, the newest member of the watchTowr Labs team with his inaugural blog post! Welcome to the mayhem, McCaulay!
Today is the 8th of November 1996, and we’re thrilled to be exploring this new primitive we call Sack-based Buffer Overflows. It’s a great time to be alive, especially because we don’t have to deal with any of the pain of modern/not-so-modern mitigations.
Oh no, wait, it’s 2025 and we are still seeing Stack-based Buffer
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Quantum readiness: Hybridizing key exchanges
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Oct 15 2025 @ 10:38 AM
Kri Dontje
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...