A critical vulnerability in Zyxel firewalls, allows remote command execution with root privileges through improper input sanitization in the Dynamic DNS (DDNS) configuration. By injecting shell commands into a user-controlled URL parameter, an authenticated…

Summary A local user under the CentOS 9 operating system can trigger an use-after-free, which in turn can be used to elevate to root privileges. Vendor Response The vendor has been notified more than 90 days ago and has offered the only feedback that: The…

Yara-X + PacketSmith Detection Module A Sneak Peek Introduction Version 5 of PacketSmith, codenamed Pinus strobus, is the result of extensive R&D to add unique, unparalleled features that matter to network detection engineers, SoC analysts, and malware and…

Last week, AI founded a lobster-themed religion, developed a drug trade, and started hiring humans. What now?

How four layers of authentication in a production anti-cheat driver still hand you a complete BYOVD toolkit

Temporarily taken down due to a request, will be back at a later date :) In the meantime, you can read another of my write-ups here: 1.4 Billion exposed user records via insecure Firebase instances in top Android apps

Humanity Protocol’s controlled experiment showed that AI can create convincing fake profiles to bypass identity verification, exposing critical weaknesses in traditional KYC systems and highlighting the growing risk of AI-driven fraud online.

Stay informed with the latest insights in our Infostealers weekly report. Explore key findings, trends and data on info-stealing activities.

CLI tool for scanning cryptographic usage and generating quantum-vulnerability risk assessments

deception as a developer tool

This is an early alpha of Coalmine an opensource cloud canary management tool

Discover Kingfisher, MongoDB’s open-source tool for security and DevOps engineers to detect and validate exposed secrets in code and repositories.

PanicLock - Keep Touch ID for daily convenience, get instant password-only security when you need it. Your Mac's escape hatch for border crossings, protests, and high-risk situations.

RecoverIt uses penetration testing techniques to exploit service failure recovery functions to trigger the execution of malicious payloads.

Mitchell Hashimoto got tired of AI PR slop, so he built Vouch: a trust management system that could change how open source handles…