Usually we don't do blog posts about CTF challenges but we recently stumbled across a challenge that was a good opportunity to talk about several macOS/iOS internals, security mechanisms and exploit m

JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability…

JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability…

tl;dr A pull request for Nuclei template of CVE-2021–26084 turned out to be a leak of our Pre-Auth RCE exploit payload for Atlassian…

Automated malware analysis tools, such as analysis sandboxes, save time and help with triage during incident response and forensic investigations. They provide an overview of the specimen's capa

Lilith >_> of Cisco Talos discovered this vulnerability.

Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution.

The dxflib library is a C++ library utilized…

Paving the way for 0days Dedicated to: Zix , who spent precious-time guiding me within the last two-months . Mohammed , Jalil , Zakariae ...

Fuzzing or Fuzz Testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program then observe how the program processes it. In one of our recent projects, we were interested…

Hey, Today I will showcase how I found a file upload vulnerability which I bypassed and popped a reverse shell .

RCE 0-day for GhostScript 9.50 - Payload generator - duc-nt/RCE-0-day-for-GhostScript-9.50

Proof-of-concept exploit code was published online over the weekend for an unpatched Ghostscript vulnerability that puts all servers that rely on the component at risk of attacks.

We're sharing technical information about the vulnerability tracked as CVE-2021-35211, which was used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks.

Research by Dikla Barda & Gal Elbaz As of 2021, WhatsApp is the most popular global mobile messenger app worldwide with approximately two billion monthly active users. It allows users to send text and voice messages, make voice and video calls, and share…

In April 2021 we went through the anatomy of a Cobalt Strike stager and how some of its signature evasion techniques ended up being ineffective against detection technologies. In this blog post we …

Secret-Chats in Telegram use end-to-end encryption, which is meant for people who are concerned about the security and privacy of their chat history. The messages can be read only by sender and receiver, and not even Telegram administrators have the encryption…

Learn essential techniques for iOS application security testing, exploring architecture, jailbreaking, SSL pinning, and more in this comprehensive pentesting guide.

Summary:
The blog provides a comprehensive guide to iOS application security testing, covering…

Hello all, I’m Surendiran and it's my 1st write-up.