CyberArk Labs discovered a new attack vector, dubbed “golden SAML,” which allows an attacker to authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism.

Blog Location changed to here : https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks

Introduction Keytap is my hobby project for acoustic keyboard eavesdropping. In short, it works like this: Train an algorithm with the sounds that a specific keyboard emits when pressing its keys R...

We discovered a Negasteal variant that uses hastebin to filelessly deliver Crysis ransomware to the victim's system.

Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.

Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results.

Hello folks,

Incidents led to murder and sexual assault threats for users

Citrix has confirmed today that an ongoing 'DDoS attack pattern' using DTLS as an amplification vector is affecting Citrix Application Delivery Controller (ADC) networking appliances with EDT enabled.

The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

Learn how to use Burp Suite's Burp Collaborator tool for out-of-band vulnerability testing and exploitation now.

An easy-to-use and lightweight API wrapper for Censys APIs. - censys/censys-python

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能 - zhzyker/vulmap

***

Hackers gained access to the Livecoin portal and modified exchange rates to 10-15 times their normal values.