Penetration Testing

Intel CPU Vulnerabilities: Analyzing the Latest Branch Privilege Injection Flaw

CVE News

Intel CPU Vulnerabilities: Analyzing the Latest Branch Privilege Injection Flaw

A newly discovered vulnerability in Intel CPUs, dubbed “Branch Privilege Injection,” allows attackers to extract sensitive data...

GPOHound: Open-Source Tool for Active Directory GPO Security Analysis

Red-Team

GPOHound: Open-Source Tool for Active Directory GPO Security Analysis

Security researchers have released GPOHound, an open-source tool designed to analyze Group Policy Objects (GPOs) in Active...

Huntress Labs’ “Hacking Windows” Training at IT Nation: A Deep Dive for Security Professionals

Red-Team

Huntress Labs’ “Hacking Windows” Training at IT Nation: A Deep Dive for Security Professionals

Huntress Labs, known for its focus on managed service providers (MSPs) and small-to-medium business (SMB) security, made...

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Red-Team

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Recent research reveals critical vulnerabilities in generative AI systems, including jailbreak techniques like Inception attacks, unsafe code...

Kali Linux Update Failures: Manual Key Installation Required After Signing Key Loss

News

Kali Linux Update Failures: Manual Key Installation Required After Signing Key Loss

Offensive Security has issued a warning to Kali Linux users regarding potential update failures due to the...

The Evolution of Bug Hunting: How AI is Reshaping Vulnerability Discovery

Bug Bounties & Responsible Disclosure

The Evolution of Bug Hunting: How AI is Reshaping Vulnerability Discovery

Bug hunting has transformed from a niche activity into a professionalized field where security researchers earn substantial...

SberTech Expands Bug Bounty Program on BI.ZONE Platform, Increases Rewards to 200K RUB

Bug Bounties & Responsible Disclosure

SberTech Expands Bug Bounty Program on BI.ZONE Platform, Increases Rewards to 200K RUB

SberTech, a Russian software developer under the Sber ecosystem, has expanded its public bug bounty program on...

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

CVE News

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

A critical vulnerability (CVE-2025-34491) in GFI MailEssentials enables authenticated attackers to execute arbitrary code through .NET deserialization...

Global Surge in Automated Scanning Activity: Threat Landscape Analysis

Threat Intelligence

Global Surge in Automated Scanning Activity: Threat Landscape Analysis

The cybersecurity landscape continues to evolve with increasing automation, as evidenced by a 16.7% year-over-year rise in...

Windows “inetpub” Security Fix Exploited to Block Future Updates: Technical Analysis

CVE News

Windows “inetpub” Security Fix Exploited to Block Future Updates: Technical Analysis

A recent Windows security update designed to mitigate a privilege escalation vulnerability has inadvertently introduced a new...

Metasploit Enhances AD CS Exploitation Capabilities with New PKCS12 Features

Red-Team

Metasploit Enhances AD CS Exploitation Capabilities with New PKCS12 Features

The latest Metasploit Framework update introduces significant improvements for Active Directory Certificate Services (AD CS) exploitation, particularly...

Top 9 Websites for Temporary OTP Verification Numbers: Security Implications and Use Cases

Red-Team

Top 9 Websites for Temporary OTP Verification Numbers: Security Implications and Use Cases

With the rise of online security measures, one-time passwords (OTPs) have become a standard for authentication. However,...

Sonos Era 300 Vulnerability (CVE-2025-1049): Heap-Based Buffer Overflow Enables Remote Code Execution

CVE News

Sonos Era 300 Vulnerability (CVE-2025-1049): Heap-Based Buffer Overflow Enables Remote Code Execution

A critical vulnerability (CVE-2025-1049) affecting Sonos Era 300 speakers has been disclosed, allowing network-adjacent attackers to execute...

pySimReader: A Python-Based SIM Card Management Tool for Security Professionals

Red-Team

pySimReader: A Python-Based SIM Card Management Tool for Security Professionals

pySimReader is a Python-based utility designed for managing GSM SIM cards, offering functionalities like phonebook and SMS...

Display Protocol Vulnerabilities: Exploiting EDID, HDMI Side-Channels, and Digital Signage

Red-Team

Display Protocol Vulnerabilities: Exploiting EDID, HDMI Side-Channels, and Digital Signage

Display interfaces like HDMI, DVI, and DisplayPort contain overlooked attack surfaces that security professionals should understand. Research...

Soffid Console Java Deserialization Vulnerability (CVE-2025-32408): Technical Analysis and Mitigation

CVE News

Soffid Console Java Deserialization Vulnerability (CVE-2025-32408): Technical Analysis and Mitigation

A newly disclosed vulnerability in Soffid Console (CVE-2025-32408) exposes systems to remote code execution through insecure Java...

Apache NotFound PluginPass Path Traversal Vulnerability (CVE-2024-54291): Analysis and Mitigation

CVE News

Apache NotFound PluginPass Path Traversal Vulnerability (CVE-2024-54291): Analysis and Mitigation

A newly disclosed path traversal vulnerability (CVE-2024-54291) in Apache’s NotFound PluginPass has been rated with a high...

Active Directory Security Testing with Netexec: A Red Team Perspective

Red-Team

Active Directory Security Testing with Netexec: A Red Team Perspective

Active Directory penetration testing remains a cornerstone of enterprise security assessments, with tools like Netexec providing robust...

GhostPack: Red Team Tactics for Active Directory Exploitation and Defense

Red-Team

GhostPack: Red Team Tactics for Active Directory Exploitation and Defense

Active Directory (AD) remains a prime target for attackers due to its central role in enterprise authentication...

TCP Stream Analysis with Tcpick: A Security Professional’s Guide to PCAP Forensics

Blue-Team

TCP Stream Analysis with Tcpick: A Security Professional’s Guide to PCAP Forensics

Tcpick provides security teams with specialized capabilities for reconstructing and analyzing TCP streams from packet captures. This...

Posts pagination

1 2 Next

Penetration Testing

Intel CPU Vulnerabilities: Analyzing the Latest Branch Privilege Injection Flaw

GPOHound: Open-Source Tool for Active Directory GPO Security Analysis

Huntress Labs’ “Hacking Windows” Training at IT Nation: A Deep Dive for Security Professionals

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Kali Linux Update Failures: Manual Key Installation Required After Signing Key Loss

The Evolution of Bug Hunting: How AI is Reshaping Vulnerability Discovery

SberTech Expands Bug Bounty Program on BI.ZONE Platform, Increases Rewards to 200K RUB

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

Global Surge in Automated Scanning Activity: Threat Landscape Analysis

Windows “inetpub” Security Fix Exploited to Block Future Updates: Technical Analysis

Metasploit Enhances AD CS Exploitation Capabilities with New PKCS12 Features

Top 9 Websites for Temporary OTP Verification Numbers: Security Implications and Use Cases

Sonos Era 300 Vulnerability (CVE-2025-1049): Heap-Based Buffer Overflow Enables Remote Code Execution

pySimReader: A Python-Based SIM Card Management Tool for Security Professionals

Display Protocol Vulnerabilities: Exploiting EDID, HDMI Side-Channels, and Digital Signage

Soffid Console Java Deserialization Vulnerability (CVE-2025-32408): Technical Analysis and Mitigation

Apache NotFound PluginPass Path Traversal Vulnerability (CVE-2024-54291): Analysis and Mitigation

Active Directory Security Testing with Netexec: A Red Team Perspective

GhostPack: Red Team Tactics for Active Directory Exploitation and Defense

TCP Stream Analysis with Tcpick: A Security Professional’s Guide to PCAP Forensics

You may have missed

Procolored Printer Drivers Distributed Malware for Six Months: Technical Analysis and Mitigation

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

Google Chrome’s Security Update: Blocking Admin-Level Launches in Windows

Australian Human Rights Commission Data Breach: Technical Analysis and Impact