.@MalwareTechBlog is a very funny person. Zoom and enhance.

CVE-2022-38161 The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping ...

CVE-2022-25973 All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization o...

CVE-2022-38155 TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, a...

CVE-2022-38150 In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through...

BlueHound combines information about user permissions, network access and unpatched vulnerabilities to reveal the paths attackers would take if they w...

Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

CVE-2022-35741 Apache CloudStack SAML XXE注入

Former Twitter Employee Convicted As Saudi Spy

Hunting webshell with NeoPI

Microsoft 365 outage triggered by Meraki firewall false positive

Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

AWSGoat is a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other mis...

Automotive supplier breached by 3 ransomware gangs in 2 weeks

How Cisco got hacked - insights on what the attackers did

7-Eleven Denmark confirms ransomware attack behind store closures

The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)

Re @Sn3030p Yes, proxychains ffuf or dirsearch

Re @EvaFoxU @WIsitlike @WholeMarsBlog @Kristennetten @99brownKaryl @DriveTeslaca From Real Scam O’Dowd

Re @guardian “The Guardian” swallows scam video hook, line & sinker!

Re @_vivami @_xpn_ Use Secure Enclave completely.

回复@戬凰:我也不清楚。不过我知道如果郑成功活在今天，说了让某些东西不开心的话，那些东西写“今天我们来扒一扒郑成功”的时候，一定会“扒一扒”这些。//@戬凰:我有个问题，啥样的才是典型的中国人

RT DarkReading: The winner of the first ever Black Hat Innovation Spotlight Competition is .... @Phylum_IO! Congratulations! All four finalists (@KeyC...

RT Thorsten Holz: Happy to receive the 2nd place of the @IntelSecurity Hardware Security Academic Award for Nyx (

Finally made it . Can’t wait until tomorrow!! If you want to meet up let me know #DEFCON

RT Juneau in Vegas: Re Airport selfie number two Airport number two Just ready to get to @defcon!!!

The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)

My favorite bug among the vulnerabilities I presented today! 😆 The original intent was to compare the password. However, the developer copy-and-pas...

昨天下午六点发了张上个世纪老照片，接见北京、济南军区部队时的大合影。被系统夹了。删了一批关键字，试一下是不是我想的那样。

坐公交上班，电视里有个亲子活动，深度解析梵高名作。听了两句，有点困惑，不知TA们如何得知梵高作那些画时脑子里想的是啥？

RT LinuxSecurity: The #cyber industry’s eyes are on Vegas this week, where 2 of the biggest conferences of the year are taking place: @BlackHatEvents...

RT Doc, wh0?!?!? is going to DC30: Re @defcon I’m coming

RT g0rd0 - is it August yet? #DEFCON30: #DEFCON30 Unofficial LineCon READY HACKER ONE is now open. Contest area clues will open at 11:59PM PDT tonight...

RT n00bz @ DEFCON: Thursday 8/11 after you get your @defcon badge join for a Welcome to DEF CON 2022 Reception- 5:30pm to 8:30pm at Off The Strip (at ...

#roadtoDEFCON #mojave

Re @Gi7w0rm Update: per @BleepinComputer and @Cisco representatives, this is a real breach. More info here:

Re @Gi7w0rm vx-underground invented the typographical error. Yanluowang ransomware group claims to have RANSOMED* Cisco.

Yanluowang ransomware group claims to have breached Cisco. Intel and images provided via @Gi7w0rm

Re @danmaktub Bahhhhh foi bem isso! Eu ainda rodei pro lado HAHAHAHAHAHAHAHAHAHHAHAHAHAH

CVE-2022-38133 In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

CVE-2022-2756 Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

CVE-2022-38130 The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It ...

CVE-2022-38129 A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sen...

CVE-2022-36923 Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpU...

CVE-2022-36801 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via ...

CVE-2022-36750 Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=.

CVE-2022-36324 A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALA...

CVE-2022-36323 A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W...

CVE-2022-36325 A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W...