SSD Advisory - Kerio Control Authentication Bypass and RCE - SSD Secure Disclosure

Summary An analysis primarily of Kerio Control revealed a design flaw in the implementation of the communication with GFI AppManager, leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause the execution of arbitrary code and commands. Credit An independent security researcher, z3er01 of … SSD Advisory – Kerio Control Authentication Bypass and RCE Read More »

Vite + React

Introducing FileFix – A New Alternative to ClickFix Attacks

A new browser attack vectors just dropped, and it’s called FileFix — an alternative to the well-known ClickFix attack. This method, discovered and shared by mrd0x, shows how attackers can to execute commands right from browser, without requesting target to open cmd dialog. Quick Recap: What’s the ClickFix Attack? First, let's quickly recap ClickFix, the

Remote code execution in CentOS Web Panel - CVE-2025-48703

Iran's Internet: A Censys Perspective

Remote Code Execution on 40,000 WiFi alarm clocks

While looking for an API to use with Home Assistant, I found a remote code execution vulnerability in a popular WiFi-connected alarm clock.

Threat Hunting Introduction: Cobalt Strike | Artem Golubin

An introduction to Threat Hunting and Cobalt Strike

haveibeenpwned.watch

MCP Authorization in 5 easy OAuth specs — WorkOS

Behind every secure MCP integration is a stack of OAuth standards working in harmony. Learn how they combine to deliver seamless authorization for LLMs.