BlackLock has quickly climbed the ranks in the global ransomware scene, setting new benchmarks for attack frequency and technical complexity. Emerging in March 2024 under the name El Dorado, t…

File transfer used to be simple fun - fire up your favourite FTP client, log in to a glFTPd site, and you were done.

Fast forward to 2025, and the same act requires a procurement team, a web interface, and a vendor proudly waving their Secure by Design pledge.…

Investigate any cyber incident in minutes. Immediate, automated digital forensics for incident response.

In one of our recent posts, Dennis shared an interesting case study of C# exploitation that rode on Random-based password-reset tokens. He demonstrated how to use the single-packet attack, or a bit of old-school math, to beat the game. Recently, I performed…

"Even a small key can open a big lock" Azerbaijani Proverb ---[ Index 1 - Introduction 2 - Tradition 2.1 - ReDoS, not the OS 2.2 - REGEXP, RLIKE and others 3 - How insecure, secure implementations are? 4 - Study Case: myBB 4.1 - Identification 4.2 - Perfect…

This post analyzes Furbo’s BLE communication, uncovering flaws that expose Wi-Fi credentials, allow device resets, and reveal hidden GATT data.

We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035.

Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible intel that informed this update.

In Part 1 we laid out an…

In late August 2025, Cleafy's Threat Intelligence team discovered Klopatra, a new, highly sophisticated Android malware currently targeting banking users primarily in Spain and Italy. The number of compromised devices has already exceeded 1,000. Read the…

NVISO has identified zero-day exploitation of CVE-2025-41244, a local privilege escalation vulnerability impacting VMware's guest service discovery features.

Adobe Experience Manager is one of the most popular CMSes around. Given its widespread use throughout the enterprise, you likely interact with AEM-based sites almost every day. From a security perspective, AEM presents an interesting target. AEM's popularity…

Eclypsium researchers have discovered UEFI shells, authorized via Secure Boot, on Framework laptops. The UEFI shells contain capabilities that allow attackers to bypass Secure Boot on roughly 200,000 affected Framework laptops and desktops.

A vulnerability in the zysh-cgi component of the USG/ATP Series allows a low-privileged, semi-authenticated attacker to access the device’s configuration, bypassing authorization controls. This issue arises due to missing authorization checks and an incomplete…

The Model Context Protocol (MCP) has rapidly emerged as the standard for connecting AI agents to external tools and services.

Deep dive into a modern stealth Linux kernel rootkit with advanced evasion and persistence techniques

As it turns out they don't actually want you to do this (and have some interesting ways to stop you)

Overview The Common Vulnerabilities and Exposures system recently identified an alarming flaw with the ID CVE-2025-8941, affecting the Pluggable Authentication Modules (PAM) in Linux operating systems. This vulnerability has significant implications, particularly…

DefenderWrite tool that helps find programs whitelisted by Antivirus and exploits these programs to write arbitrary files into the Antivirus's folder

Check my other posts & tools MeetC2 & AWS XRayC2..

Overview