Bridges are an important piece of the blockchain ecosystem. Being able to move assets from one chain to another is a necessary requirement in the modern web3 space. However, doing bridges securely...

The Sonos Era 100 speakers uses UBoot for the basic boot process. UBoot is a common microcontroller boot framework that has a lot of existing functionality but can be crafted for whatever you...

Cookies are a core part of browser mechanics. Understanding how they work is important when escalating existing issues. In this article, the author dives into quirks of various frameworks and...

IppSec is a YouTuber with great hacking videos. This is a search engine for timestamps in their videos. So, if you need a video example of a bug class, this is a great resource.

| Nigel Douglas As a Developer Advocate working on Project Falco, Nigel Douglas plays a key role in driving education for the Open-Source Detection and Response (D&R) segment of cloud-native […]...

DNS rebinding is a fairly well-known attack used in various situations. The idea is to trick the browser on the origin of the website by changing IP address between DNS requests. For instance, if...

Ensure you are staying secure as your organization adopts AI by following these four guiding questions

Chapter I. The origins of the Russian language cybercriminal ecosystem and the current cybercriminal forums landscape. In this series...

This compilation presents all the currently operational Russian language cybercriminal forums I have identified. The list and associated...

On 2023-12-28, a campaign was reported, involving Cyber Toufan, gaining initial access via Supply chain vector, while using TOR anonymization, Email server hijacking, to achieve Data exfiltration,...

The SSH ProxyCommand is used for proxying SSH connections. In particular, custom commands can be used to connect to the server. Within these commands are variables, such as %h for the hostname or...

In the Wildcat protocol, the WildcatMarketControllerFactory is used for deploying a contracts. The function determines if the contract has been deployed to by checking if the codehash is...

When a user is creating a loan, they provide the signature of the opposite party. If the sender of the call is a borrower, then the lender would need to be the other signature. All of these...

In 2023, MiloTruck made the most money on Immunefi at 172K. In this post, he goes through the year and what they learned. I'll be going through some of their takeaways, as these provide the most...

Beanstalk is a stablecoin protocol. In order to peg the price of BEAN, the function convertFacet() is used. When passing in token addresses for the stablecoin pool, there was no validation that...

Authored by Fernando Ruiz McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows... The post Stealth Backdoor...

Wiz cloud security researcher, Scott Piper, suggests measures organizations can adopt to ensure secure defaults on AWS and improve their security posture.

AI-powered security helps organizations improve efficiency and scale their security team, follow this framework to effectively leverage AI in your security org

Authored by Neil Tyagi and Fernando Ruiz In a digitally evolving world, the convenience of banking through mobile applications has... The post Shielding Against Android Phishing in Indian Banking...

Keynoting 0xcon in Johannesburg this year, I had the immense privilege of talking and sharing ideas about something that is dear to my heart. That is, giving back more than you take. And by giving...

Discover how Wiz reinvents its presence at every cybersecurity event, surprising visitors with engaging themes and unique experiences.

What this blog will be about, who is the writer, what will be the editorial style and which topics will be covered in the near future?...

When writing code that needs to be high performance with multithreading, data may need to be read or written across various threads. If you do not do this securely, then you end up with race...

Recently, some researchers found a vulnerability within Atlassian Companion App. The issue was that the program has a blocklist of file types of about 350. The author of the original post found...

Sometimes, security bugs do not come from an individual issue but the combining of technologies together without considering the implications. There are two separate contracts in this story:...

Polkadot is a multi-chain env that uses a lot of crosschain communication. Each specialized blockchain is known as a parachain. Astar, the focus of this post, is a Polkadot parachain which...

This report is about an information leak that was discovered by accident. In some cases, the userland processes on an XNU system could crash with a kernel pointer in the far register. This was a...

Many laptops come with fingerprint sensors that are used with the Windows Hello platform. The sensors use the Secure Device Connection Protocol (SDCP) for usage. This protocol is used in order to...

This research was done in January of 2023 but was published recently. in September of 2023, Nathan Kirkland and I decided to do some auditing of the Gravity Bridge ourselves. So, interesting...

Wormhole is the largest cross-chain bridge. As such, it connects with many, many different blockchains and programming languages. In Aptos, public(friend) functions are practically internal...