CVE-2022-21686 PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to...

CVE-2021-32840 SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted...

CVE-2022-23967 In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbprot...

CVE-2022-23993 /usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call.

CVE-2021-46385

CVE-2022-22852 A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the de...

CVE-2022-22850 A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the de...

CVE-2021-46114 jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function thro...

CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVE-2021-46561 controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an org...

CVE-2022-0368 Out-of-bounds Read in Conda vim prior to 8.2.

CVE-2021-29846 IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expira...

CVE-2021-29845 IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. ...

CVE-2021-29838 IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly ena...

Re @ddd1ms @AShukuhi @MarcusBazzell @notakrook @briankrebs If @AShukuhi believes these videos jeopardize his (or anyone elses) safety we may upload an...

Re @AShukuhi @MarcusBazzell @notakrook @briankrebs @ddd1ms To clarify: are you suggesting we should remove the video archive from YouTube?

What people think Ransomware group operators look like

Hacking and Securing Cloud Infrastructure 2 Day | At this #BlackHat Spring Training, @notsosecure will cover both the theory a well as a number of mod...

Advanced Infrastructure Hacking 4 Day | At this #BHASIA Training, @notsosecure will cover a wide variety of neat, new and ridiculous techniques to com...

员工被刺！360借条的鸡贼藏不住了这两天，360又卷入了一场巨大的舆论风波中。 不过，这次让360出位的不再是“红衣教主”周鸿祎的出格言论，而是一张照片—— 1月25日，网上流传出一张照片，一名西装革履的男子被警方从360公司扣押带走，周边围了一圈警察，举着警械严阵以待。 360很快给出回应，称此事 ...全文

五年过去。//@tombkeeper:三年过去，现在，发生在个人之间也不行了。上学时候么，就是做题家。上班了么，就是工贼。内卷解释一切。只要认为找到了一个解释，就舒坦了。卷卷卷，一卷解千愁。

听一位宣传口出身的老同志说，前面外宣对国内抗疫成果一直不太高调谈，就是怕刺激别的国家。但是，匹夫无罪，怀璧其罪，这个道理在人与人之间和国与国之间都是一样的。//@来去之间: 转发微博

去年在技术圈内，有不少知名项目被爆出存在严重漏洞，引起了不少开发者热议。有鉴于此，国内一位网络安全人员在 GitHub 开源了一款漏洞监控平台：Monitor。主要用于监测 GitHub、微软、CNNVD 等各大平台发布的最新技术漏洞信息，并将漏洞按不同危险等级进行划分，最后再通过企业微信和邮箱进行消息 ...全文

BlueNoroff APT Cryptocurrency-Focused Attack. The group shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency business...

Re @UK_Daniel_Card @joehelle For me it depends on what you’re actually trying to teach. It makes total sense for beginners, but after a point it beco...

Re @TheKenMunroShow @IoTvillage @cybergibbons Thanks for the heads up.

RT Corsin Camichel: for the next game night @defcon @defconparties @a41con

Ninjasworkout - Vulnerable NodeJS Web Application

顺便说一句，我不建议你在面试中也这样做，除非你真地知道你在做什么。有很多人也像这样干了，但他们没能通过面试。Larry Osterman系列--微软内部面试八卦

Major Discord API outage prevents logins and voice chats

Ninjasworkout - Vulnerable NodeJS Web Application

TrickBot malware now crashes researchers’ devices to evade analysis

Apple fixes new zero-day exploited to hack macOS, iOS devices

RT BLASTY: Slightly revised copy of blasty-vs-pkexec.c available here:

Re @joehelle Almost willing to bet the motivation behind it is to reduce the number of support requests.

If you're an infosec content creator (blogger/YouTuber/streamer etc) and want to earn a bit of extra cash, check out our new affiliate program.

Re @digininja curl works fine for me.  No SSL complaints.

RT [audible]blink: I really like the trend of process-driven blogs over results-driven ones. Especially when they include their failures. Thought I'd ...

RT Hussein Daher: It's finally live - I'm sorry for the time this took! The workshop I gave at @THREAT_CON is now live on Udemy for a discounted price...

Penetration_Testing_POC:- Penetration testing-related POC, EXP, scripts, privilege escalation, gadgets, etc.xss cms php-getshell domainmod-xss penetra...

People Are Still Getting Pwned A Week After A Crypto Hack Was Contained

New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws

Bypassing Little Snitch Firewall with Empty TCP Packets

Google sued over deceptive location tracking

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA

VW fired senior employee after they raised cyber security concerns

CVE-2021-44790: Code Execution on Apache via an Integer Underflow

Cyber-Partisans hackers hit Belarus railroad system with ransomware attack

Dontgo403 - Tool To Bypass 40X Response Codes

Exploit for CVE-2021-4034 that does not leave syslog entries