A comprehensive report on Ransomware-as-a-Service operations was published by Microsoft describing the inner workings, active threat actors and more. More
Costa Rica was hit by Conti ransomware and the hacker group published over 600 GB of government data. More
SentinelOne discovered 2 10 year old vulnerabilities in Avast/AVG antivirus. The vulnerabilities can be triggered from sandboxes and might be exploitable in contexts other than just local privilege escalation because they are located in kernel drivers. More
CISA released an advisory for a 9.8 Critical vulnerability in F5 BIG-IP. Exploiting the issues leads to an authentication bypass. More
A recent report describes malware that stores shellcode in Windows event logs. More
NCC Group released a report describing social engineering tactics used by Lazarus group when targeting employees. More
Google announced that Chrome & Android users will be able to use Virtual Credit Cards instead of the real credit card number. More
The EU published a proposal that if approved might mean the end of privacy and end-to-end encryption. More
Apple, Google & Microsoft commited to accelerate availability of passwordless authentication (using private keys). More
Crowdstrike published a paper describing the inner workings of an IIS in-memory exploitation framework. More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.
OSCE3, OSEP, OSED, OSWE, OSCP certified. Over 10 years of experience in the IT industry, now working in Product Security and leading a Red Team. Huge Offensive Security and CTF nerd. I enjoy music, teaching and hiking.