Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and...

Cisco patches CVSS 10.0 FMC RADIUS flaw allowing remote code execution, urging immediate updates.

A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new...

Tuning An Instrument In A Room Full Of Noise Is Not Easy

The Lazarus Group is a highly sophisticated, state-sponsored cyber threat group attributed to the North Korean government. They are also...

Coordinated brute-force attacks hit Fortinet SSL VPNs and FortiManager, involving 780+ malicious IPs from U.S., Canada, Russia, and more.

In depth walkthrough for using nested app authentication (NAA), or BroCI, for offensive engagements to access information and resources.

Discover how attackers can escalate privileges in Entra ID using Azure VMs, PRT theft, and device identity abuse. Learn how the “Evil VM” attack unfolds,…

Modern YouTube downloader with a clean PySide6 interface. Download videos in any quality, extract audio, fetch subtitles, sponserBlock, and view video metadata. Built with yt-dlp for reliable perfo...

A knowledge source about TTPs used to target GenAI-based systems, copilots and agents - mbrg/genai-attacks