Our new 2024 product scope is now out!. Check out all the latest software and hardware we added and see how much your research is really worth:.

💻 Have you read our recent publications?. ISPConfig Authenticated Remote Code Execution:. Kerio Control Authentication Bypass and RCE:.

🚨 New advisory was just published! 🚨. Kerio Control has a design flaw in the implementation of the communication with GFI AppManager, leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause.

🚨 New advisory was just published! 🚨. ISPConfig contains design flaws in the user creation and editing functionality, which allow a client user to escalate their privileges to superadmin. Additionally, the language modification feature enables arbitrary PHP code injection due.

Submit your pfSense, Sophos & KerioControl vulnerabilities at:

RT @typhooncon: 🌪️ TyphoonCon 2025 has officially wrapped up and it was an incredible experience, all thanks to YOU!. Shoutout to our atten….

RT @typhooncon: 💻 A TyphoonPWN attempt! Another LG WebOS is being targeted.

RT @typhooncon: 💻 A TyphoonPWN attempt! ipTime is being targeted.

🚗 System setup in progress! Tomorrow at @typhooncon we’re unveiling a game-changer: remote access to automotive platforms for security researchers. No physical car needed. Come see the future of car hacking at the SSD Labs display at #TyphoonCon2025.

💻 Have you read our latest publication?. Multiple vulnerabilities were discovered in Foscam X5. These vulnerabilities allow a remote attacker to trigger code execution vulnerabilities in the product:

RT @typhooncon: 🌪️#TyphoonCon25 training starts today. Follow us @typhooncon for all the updates.

🚨 New advisory was just published! 🚨. Multiple vulnerabilities were discovered in Foscam X5. These vulnerabilities allow a remote attacker to trigger code execution vulnerabilities in the product:

💻 Have you read our recent publication?. MagicINFO exposes an endpoint with several flaws that, when combined, allow an unauthenticated attacker to upload a JSP file and execute arbitrary server-side code:.

Found a vulnerability in Chrome browser? Submit your findings today and get the compensation you deserve:

💻 Have you read our recent publication?. Two Use After Free (UAF) vulnerabilities were discovered within Chrome’s Browser process by one of our researchers at SSD Labs:

Submit your Chrome, Safari & Firefox vulnerabilities at:

RT @typhooncon: 🌪️TyphoonCon’s 2025 conference tickets are officially sold out!🌪️. Join our waitlist now for a chance at any openings: http….

🚨 New advisory was just published! 🚨. MagicINFO exposes an endpoint with several flaws that, when combined, allow an unauthenticated attacker to upload a JSP file and execute arbitrary server-side code:.

Check out the list of supported browsers at:

🚨 New advisory was just published! 🚨. Two Use After Free (UAF) vulnerabilities were discovered within Chrome’s Browser process by one of our researchers at SSD Labs:.

🚨 New advisory was just published! 🚨. A vulnerability in PHP's extract() function allows attackers to trigger a double-free in version 5.x or a user-after-free in versions 7.x, 8.x, which in turn allows arbitrary code execution (native code):