Home
Recommended
Other Links
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
In the previous post, I highlighted some of the changes made in the Symantec Management Agent, and showed how it affected the retrieval of the Account Connectivity Credentials (ACCs), based on original research by MDSec. Although my initial intent was to implement a check for PrivescCheck, I ended up extending the research on the subject, and eventually found how to extract the credentials offline.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Disclaimer: This article is intended for security professionals conducting authorized testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law.
Introduction Many security researchers are familiar with the frustrating experience of discovering an XSS vulnerability that requires complex actions within an account, effectively making it only reproducible on the attacker’s account and thus losing its practical value.
Learn how Discord's invite links are hijacked and reused to redirect users to harmful servers in place of trusted communities
Nobody cares about the security tools you build. Here’s how to avoid getting sucked into onboarding hell with frictionware, and actually get traction.
### Summary
When Operator actuate on a page, the website can trigger [Fullscreen API](https://developer.mozilla.org/en-US/docs/Web/API/Fullscreen_API). If the page can grab the attention of Operat...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
In October 2024, RET2 participated in the “Small Office / Home Office” (SOHO) flavor of Pwn2Own, a competition which challenges top security researchers to c...
# NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073
For nearly two decades, Windows has been plagued with NTLM reflection vulnerabilities. In this article, we present CVE-2025-33073, a logical vulnerability which bypasses NTLM reflection mitigations and...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
You may have heard or read about Symantec Account Connectivity Credentials (ACCs) thanks to a blog post published by MDSec last December (2024). I wanted to integrate this research as a new check in PrivescCheck, but this turned out to be a bit more challenging than I thought.
Check Point Research uncovers Stealth Falcon's cyber espionage campaign exploiting a Microsoft Zero Day Vulnerability
CVE-2025-47934 allows attackers to spoof arbitrary signatures and encrypted emails that appear as valid in OpenPGP.js. The only requirement is access to a single valid signed message from the target author ("Alice"). Since this undermines the core principle of PGP and impacts integrating applications directly, we strongly recommend updating OpenPGP.js to version v5.11.3, v6.1.1, or newer.
# Exploiting Heroes of Might and Magic V
Heroes of Might and Magic V is a turn-based strategy video game developed by Nival Interactive. A map editor is provided with the video game. Players can create maps that can be played in solo or multiplayer. This is an interesting attack vector. In this...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
During my internship I was tasked to analyze a Mali GPU exploit on Pixel 7/8 devices and adapt it to make it work on another device: the Pixel 6 Pro.
While the exploit process itself is relatively straightforward to reproduce (in theory we just need to find the correct symbol offsets and signatures for our target device), what’s interesting about Pixel 6 Pro is that it uses a different Mali GPU from the Pixel 7/8, which lacked support for a feature that one of the two vulnerabilities within the exploit relied on:
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Hacking Lab Hacking Lab Home People Publications CVEs Contact Light Dark Automatic Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea Taisic Yun , Suhwan Jeong , Yonghwa Lee , Seungjoo Kim , Hyoungshick Kim , Insu Yun , Yongdae Kim (to...
Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills.
DNS rebinding attack without CORS against local network web applications. See how this can be used to exploit vulnerabilities in the real-world.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Dataflow Security blog
From White House staff to battlefield journalists, instant messaging (IM) applications are indispensable communication tools for countless individuals. Whether it’s WhatsApp, Telegram, WeChat, or QQ, they have become the “digital arteries” of modern society, carrying core activities such as social interaction, payments, and office work for billions of users. Their security directly affects personal privacy, financial assets, and even national security.
In fact, security research on IM platforms has been ongoing for years. In 2019, Project Zero disclosed CVE-2019-8641 in iMessage[1], a memory corruption issue. Since iMessage automatically parses rich media content in messages, an attacker could achieve remote code execution by sending a specially crafted file without user interaction, gaining complete control over the target iPhone.
As part of my internship at STAR Labs, I was tasked to conduct N-day analysis of CVE-2023-6241. The original PoC can be found here, along with the accompanying write-up.
In this blog post, I will explain the root cause as well as an alternative exploitation technique used to exploit the page UAF, achieving arbitrary kernel code execution.
The following exploit was tested on a Pixel 8 running the latest version available prior to the patch.
Dataflow Security blog
TL;DR ¶ Go has now standardised iterators. Iterators are powerful. Being functions under the hood, iterators can be closures. The classification of iterators suggested by the documentation is ambiguous. Dividing iterators into two categories, “pure” and “impure”, seems to me preferrable. Whether iterators should be designed as “pure” whenever possible is unclear. The advent of iterators in Go ¶ The iterator pattern was popularised by the classic “Gang of Four” book as
[providing] a way to access the elements of an aggregate object sequentially without exposing its underlying representation.
Posted by Mateusz Jurczyk, Google Project Zero In the previous blog post , we focused on the general security analysis of the registry a...
Introduction We are back with Round 2 of the Off-By-One conference — where bits meet breadboards and bugs are celebrated! 🐛⚡
If you are into hardware and IoT security, you’ll know one thing’s for sure: the STAR Labs SG badge is not your average conference bling bling. This year’s badge isn’t just a collector’s item — it’s a playground for the curious, packed with new challenges inspired by months’s worth of research and hackery.
### Summary
Operator has [several safety checks](https://platform.openai.com/docs/guides/tools-computer-use#acknowledge-safety-checks) through user confirmation to mitigate Indirect Prompt Injecti...
See how we addressed the challenges of securing our SAML implementation with this behind-the-scenes look at building trust in our systems.
A little bit ago I re-installed the racing game Trackmania, and I noticed I got product ads displayed at me in-game alongside the racetrack. Where were those coming from?
See how a vulnerability in the Arm Mali GPU can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
Posted by Mateusz Jurczyk, Google Project Zero In the first three blog posts of this series, I sought to outline what the Windows Regi...
As we envisioned in DARKNAVY INSIGHT | The Most Imaginative New Applications of 2024:
The next generation of AI agents will have excellent reasoning and generalization abilities and be skilled at using a variety of security research tools, inheriting a wealth of human expert knowledge. They will be able to discover more 0-day vulnerabilities in the real world, like top security experts.
Unsurprisingly, as Large Language Models (LLMs) demonstrate increasing proficiency in handling complex tasks, Agent technology is emerging as a new paradigm in the field of vulnerability discovery. Since Google Project Zero released Naptime[1] last year, an increasing number of Agent-based auditing tools are appearing. By providing LLMs with the necessary toolsets and source code for testing, these tools simulate the behaviour of security researchers to perform code audits and vulnerability confirmation.
In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API ̵…
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Discover how an impersonated GenAI Tool led victims to download a fake media file concealing Windows executables
### Intro
This is the official solution post for my Intigriti May 2025 XSS challenge, Confetti. I will try to explain the intended path and some background theory. I must admit that I don’t know the inner workings of Chrome and Firefox well enough to guarantee that all my explanations are...
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
May 20 2025 @ 2:59 AM
William Charles Gibson
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
The built-in “MareBackup” scheduled task is susceptible to a trivial executable search order hijacking, which can be abused by a low-privileged user to gain SYSTEM privileges whenever a vulnerable folder is prepended to the system’s PATH environment variable (instead of being appended).
Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities was announced in a close friend - Ivanti, and their Endpoint Manager Mobile (Ivanti EPMM) solution.
For those out of the loop, don’t worry - as always, we’re here to fill you in.
Ivanti Endpoint Manager Mobile (EPMM) is an MDM solution for s
### Summary
An integer overflow vulnerability exists within the VirtualBox vmsvga3dSurfaceMipBufferSize [[source](https://github.com/mirror/vbox/blob/74117a1cb257c00e2a92cf522e8e930bd1c4d64b/src/V...
In April 2024, I discovered a high-severity vulnerability in Visual Studio Code (VS Code <= 1.89.1) that allows attackers to escalate a Cross-Site Scripting (XSS) bug into full Remote Code Execution (RCE)—even in Restricted Mode.
The desktop version of Visual Studio Code runs on Electron. Renderer processes are sandboxed and communicate with the main process through Electron’s IPC mechanism.
An XSS vulnerability in the newly-introduced minimal error rendering mode for Jupyter notebooks enables arbitrary JavaScript code to be executed within the vscode-app WebView for the notebook renderer.