VMWare Tools provides a rich set of drivers and services that enhance manageability of virtual machines and enable guest-host communication. While the host-to-guest RPC mechanisms have long been...

Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

Exploits allow hackers to bypass 2FA and commandeer vulnerable devices.

This blogpost is about a minor discovery I made regarding a writeable file inside the Windows folder that is present on Lenovo machines. Initially when I found it I thought it was only a handful of…

Chinese hackers exploited Ivanti CSA zero-days, targeting French government, media, and telecom sectors in September 2024.

The Canadian government has ordered Hikvision's subsidiary in the country to cease all operations following a review that determined them to pose a national security risk.

Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass...

Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some...

CISA warns CVE-2023-0386 is being actively exploited, impacting Linux systems via OverlayFS. Patching is urgent.

Apple patched zero-day flaws exploited to deploy Paragon’s Graphite spyware targeting journalists and civil society, raising global spyware concerns.

In October 2024, RET2 participated in the “Small Office / Home Office” (SOHO) flavor of Pwn2Own, a competition which challenges top security researchers to c...

The publicly available exploits provide a near-universal way to bypass key protections.

A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed.

Reverse engineering binaries often resembles digital archaeology: excavating layers of compiled code, interpreting obscured logic, and…

​A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code...

New ChoiceJacking attack allows malicious chargers to steal data from phones.

In this post, we explore how to bypass AMSI’s scanning logic by hijacking the RPC layer it depends on — specifically the NdrClientCall3…

ARMO shows io_uring-based rootkits evade Falco, Tetragon, and Defender, risking Linux runtime security.