Digium Phones Under Attack and how web shells can be really dangerous
Learn about the dangers web shells have on Digium phones.
Vulnerabilities
vSingle is abusing GitHub to communicate with the C2 server
Lazarus' advanced persistent threat (APT) operations use malware specially crafted for attacking financial institutions, espionage, and disruptive purposes.
The most dangerous vulnerabilities exploited in 2022
This article will spotlight some of the most dangerous vulnerabilities that threat actors exploited in the first half of 2022.
Follina — Microsoft Office code execution vulnerability
Microsoft tracked as CVE-2022-30190 a new vulnerability, also called “Follina,” that leverages Microsoft Office to lure victims and execute code without...
Spring4Shell vulnerability details and mitigations
Spring4Shell is a remote code execution vulnerability (CVSS 9.8) published at the end of March 2022 that impacts Spring Framework.
How criminals are taking advantage of Log4shell vulnerability
This article will break down the modus operandi of the Log4shell vulnerability
Microsoft Autodiscover protocol leaking credentials: How it works
Explore how the Autodiscover protocol works and why your environment might be insecure and leak passwords to the internet.
How to write a vulnerability report
Find out how to write a good vulnerability report and why it's important to do well.
How to report a security vulnerability to an organization
Finding a bug is rewarding. But what do you do once you've found one?
PrintNightmare CVE vulnerability walkthrough
We explore the local privilege escalation flaw from the Print Spooler service.