Home
Recommended
Other Links
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
We bet you thought you’d be allowed to sit there, breathe, and savour the few moments of peace you’d earned after a painful week in cyber security.
Obviously, you were horribly wrong, and you need to wake up now - we’re back, it’s all on fire, and Bambi (who seems to appear in our blog posts suspiciously often) is not your pet.
Over the last week, we’ve all been harassed by the rumours of supposed active and in-the-wild exploitation of Oracle EBS, with each and every vendor confidently declari
Welcome back, and what a week! We’re glad that happened for you and/or sorry that happened to you. It will get better and/or worse, and you will likely survive.
Today, we’re walking down the garden path and digging into the archives, publishing our analysis of a vulnerability we discovered and disclosed to Dell in March 2025 within their UnityVSA solution.
As part of our continued enhancement of our Preemptive Exposure Management technology within the watchTowr Platform, we perform zero-day vu
Некоторые уязвимости, связанные с повреждением памяти, невероятно сложны для эксплуатации. Они могут вызывать состояния гонки, приводить к сбоям системы и накладывать разные ограничения, которые усложняют жизнь исследователя. Работа с такими «хрупкими» багами требует значительно больше времени и усилий. CVE-2024-50264 в ядре Linux — как раз одна из таких сложных уязвимостей, которая получила премию Pwnie Award 2025 в категории «Лучшее повышение привилегий» (Best Privilege Escalation). В этой статье я представлю свой проект kernel-hack-drill и покажу, как он помог мне разработать прототип эксплойта для уязвимости CVE-2024-50264.
What could go wrong when MySQL strict SQL mode is off?
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Research by: hasherezade Highlights Introduction Rhadamanthys is a complex, multi-modular malware sold on the underground market since September 2022. It was first advertised by the actor “kingcrete2022.” From the outset, its design showed the hallmarks of experienced developers, and analysis soon revealed that it drew heavily from an earlier project by the same authors, Hidden […]
Learn to debug and fix your CodeQL queries.
Quantum readiness: Hybridizing signatures
Posted by Jann Horn, Google Project Zero Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how...
We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035.
Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible intel that informed this update.
In Part 1 we laid out an odd and worrying picture:
* A vendor advisory that included an “Am I Impacted?” section with what looked like a stack trace from attempted exploitation,
* A vendor that has publicly signed the Secure By Design pledge, committing to transparen
appledb_rs, a research support tool for Apple platforms
Cross-Agent Privilege Escalation: When Agents Free Each Other
403 Forbidden 403...
File transfer used to be simple fun - fire up your favourite FTP client, log in to a glFTPd site, and you were done.
Fast forward to 2025, and the same act requires a procurement team, a web interface, and a vendor proudly waving their Secure by Design pledge.
Ever seen the glFTPd developers on the list of pledge signers? Exactly.
Welcome back to another watchTowr Labs analysis. This time, we are dissecting CVE-2025-10035, a perfect CVSS 10.0 vulnerability in Fortra’s GoAnywhere MFT.
For the
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
The Phantom Extension: Backdooring chrome through uncharted pathways
Nimbus Manticore continuously attacks defense, manufacturing, telecommunications, and aviation targets aligned with the IRGC
Exploring GrapheneOS secure allocator: Hardened Malloc
### Summary
The tested nShield Connect XC HSM appliance (software version 13.6.3) can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or ...
Many testers and tools give up the moment a protocol upgrade to WebSocket occurs, or only perform shallow analysis. This is a huge blind spot, leaving many bugs like Broken Access Controls, Race condi
Research by: Antonis Terefos (@Tera0017) Key Points Introduction The Pure malware family is a suite of malicious tools developed and sold by the author known as PureCoder. This suite includes PureHVNC RAT (a remote administration tool and predecessor to PureRAT), PureCrypter (a malware obfuscator), PureLogs (a stealer/logger), and several other tools. The malicious software is advertised and distributed through underground forums, Telegram channels, and dedicated websites. […]
Last month, Jacob asked me to create a CTF challenge for the Summer Pwnables event. I went with a kernel pwnable since my goal was to teach students some more advanced Linux kernel exploitation techniques - something that wouldn’t get solved in a day (and hopefully not by AI either).
After building both the challenge and solution, I figured students should be able to crack it within 3-7 days. Turns out I was right about the timeline, but only one person actually solved it.
TL;DR 🚀 We’re turning a simple compression library into a shell delivery service! This writeup exploits a buffer overflow in lz1/lz77 decompression by crafting malicious compressed data that overflows the stack and chains ROP gadgets for code execution. Ever wondered how a simple file compression tool could hand you the keys to a system? Well, buckle up because we’re about to turn andyherbert’s innocent lz1 compressor into our personal shell delivery service!
The latest ransomware group Yurei uses open source malware, Prince Ransomware, and has already claimed victims
During our security research in 2024, we discovered several vulnerabilities in Apache Foundation projects that seem to have gotten ’lost in translation’ between our bug reports and the CVE assignment process. While we’ve been patiently waiting for these findings to officially ‘count,’ they’ve apparently been stuck longer than a software update on a Friday afternoon. Almost a year went by without any CVEs assigned and which we completely forgot about until now.
We’re back - it’s a day, in a month, in a year - and once again, something has happened.
In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherwise”, we present even further evidence that as a species we made a fairly painful mistake when we discovered electricity - and it just got worse and worse.
Today, inside this hellscape we call the Internet, a mean person has discovered a zero-day(s) in FreePBX (now lovingly called CVE-2025-57819).
Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
Sep 8 2025 @ 5:00 PM
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, always-on memory safety protection across our devices — without compromising our best-in-class device performance. We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.
### Summary
ChatGPT's Agent mode can use a browser inside a remote VM (just like Operator). `file:///home/oai/redirect.html` is a file available in the remote VM by default, and it has an XSS ...
### Summary
The vulnerability lies in the Channel Definition cdef atom of JPEG2000 which is used to define the mapping of associated components to channels. If a chroma-subsampled pixel format is ...
Examining the interface by which NT requests the services of SK through the SkBridge project
Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and serve
Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher’s life difficult. Working with such fragile vulnerabilities demands significant time and effort. CVE-2024-50264 in the Linux kernel is one such hard bug, which received the Pwnie Award 2025 as […]
Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher's life difficult. Working with such fragile vulnerabilities demands significant time and effort. CVE-2024-50264 in the Linux kernel is one such hard bug, which received the Pwnie Award 2025 as the Best Privilege Escalation. In this article, I introduce my personal project kernel-hack-drill and show how it helped me to exploit CVE-2024-50264.
# ksmbd - Fuzzing Improvements and Vulnerability Discovery (2/3)
02 Sep 2025 - Posted by Norbert Szetei
## Introduction
This is a follow-up to the article originally published here.
Our initial research uncovered several unauthenticated bugs, but we had only touched the attack surface lightly....
# ATLANTIS: AI-driven Threat Localization, Analysis, and Triage Intelligence System
Taesoo Kim, HyungSeok Han, Soyeon Park, Dae R. Jeong, Dohyeok Kim, Dongkwan Kim, Eunsoo Kim, Jiho Kim, Joshua Wang, Kangsu Kim, Sangwoo Ji, Woosun Song, Hanqing Zhao, Andrew Chin, Gyejin Lee, Kevin Stevens, Mansour...
Wrap Up: The Month of AI Bugs - Full List of Postings
AgentHopper: A proof-of-concept AI Virus
What is the main purpose of a Content Management System (CMS)?
We have to accept that when we ask such existential and philosophical questions, we’re also admitting that we have no idea and that there probably isn’t an easy answer (this is our excuse, and we’re sticking with it).
However, we’d bet that you, the reader, probably would say something like “to create and deploy websites”. One might even believe each CMS comes with Bambi’s phone number.
Delusion aside, the general consensus seems
Windsurf is vulnerable to Prompt Injection and can invoke any MCP tool without human in the loop.
403 Forbidden 403...