In a first, cryptographic keys protecting SSH connections stolen in new attack

An error as small as a single flipped memory bit is all it takes to expose a private key.

ldd arbitrary code execution

The `ldd` utility is more vulnerable than you think. It's frequently used by programmers and system administrators to determine the dynamic library dependencies of executables. Sounds pretty innocent, right? Wrong! In this article I am going to show you how to create an executable that runs arbitrary code if it's...

Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)

Demonstrating three additional methods for obtaining unpacked malware samples. Using Process Hacker, Pe-sieve, Hxd and Pe-bear.

2023 Microsoft Office XSS

Found by @adm1nkyj and @justlikebono

3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone

Apple patches 3 zero-days after they were used in a sophisticated attack.

Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

Researchers uncovered a new advanced backdoor, 'Deadglyph,' by Stealth Falcon hackers, which combines two languages for cyber espionage.

Bypassing Windows Defender and PPL Protection to dump LSASS without Detection | Adversary Tactics and Tradecraft | Tactical Adversary

Bypassing Windows Defender and PPL Protection with PPLBlade to dump LSASS without Detection.

NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration

On the morning of August 24, Phylum's automated risk detection system identified a suspicious package published to npm called “emails-helper." A deeper investigation revealed that this package was part of an intricate attack involving Base64-encoded and encrypted binaries. The scheme fetches encryption keys from a DNS TXT record hosted on

Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop