RT @yarlob: The curious case of exploiting locally running web app.

RT @watchtowrcyber: The industry is ablaze w speculation around yesterday's publicly disclosed Veeam Software Backup & Replication RCE vuln….

Here is the blog post:

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵

Hyped to speak at @ekoparty in November!.

Just submitted a CFP to @ekoparty where I want to talk about breaking Maven repository managers. This is the one of the craziest and fruitful research projects I've done in my career.

RT @tincho_508: So happy to had the chance to present for second time at #BlackHat USA!. I’m already receiving a lot of messages from peopl….

Kafka UI can be a juicy target for bug hunters, here is why:

RT @sourceincite: Time to retire some content!. JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory: h….

We take pet’s security seriously!.

RT @GHSecurityLab: 🚨 New Blog Alert! 🚨.Can an attacker execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities i….

RT @cfreal_: The first part of the blog series: #Iconv, set the charset to RCE. We'll use #PHP filters and #CVE-2024-2961 to get a very sta….

RT @mmolgtm: In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kerne….

RT @infosec_au: The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved wit….

RT @pwntester: Discover the latest insights from our @GHSecurityLab team’s audit on @home_assistant security! 🛡️.#C….

RT @mmolgtm: In this post I'll use CVE-2023-4069, a type confusion bug in the Maglev JIT compiler of Chrome that I reported in July, to gai….

RT @kevin_backhouse: Video of my PoC for CVE-2023-43641: out-of-bounds array access in libcue. libcue is used by tracker-miners, which auto….

RT @pyn3rd: #CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution

Some ideas on how to attack and protect mTLS and certificate authentication in my recent blogpost.

RT @GHSecurityLab: If you're at #BHUSA, don't miss @artsploit 's presentation mTLS: When Certificate Authentication is Done Wrong at 2:30pm….