Finding #Java gadgets chains has never been so easy with the help of #CodeQL. Checkout our latest article, in which Hugow demonstrates a new technique to leverage the power of CodeQL to find new gadgets: synacktiv.com/en/publication… QLinspector: github.com/synacktiv/QLin…

I don't think I Understand!

D3JS is underrated for security tooling visualizations! Especially if you like to have your dynamic results off cool tools like IDA/Ghidra or an IDE with CFG. Bonus if you ask your favorite LLM to use it for visualization of your SAST results.

I’ve been ignoring Joern’s C# support for a long time since the initial added support stage, as it was still unreliable. Today I picked it up again to play with, and I’m glad I did! Things have improved! FYI Joern sits rights between Semgrep & CodeQL. 🧵

🚨🚨 NEW pod alert! Hamid Kashfi joins the buddies to talk Israel-Iran cyberwar, Predatory Sparrow, disappearing crypto, destructive bank attacks Hamid Kashfi Costin Raiu J. A. Guerrero-Saade Available on all platforms episodes.fm/aHR0cHM6Ly9mZW…

حملات سایبری به ایران، در خلال و پیش از جنگ ایران و اسراییل x.com/i/spaces/1DXxy…

اپلیکیشن اندروید "مطمئن باش" منتشر شد. ‌ 🛡 ابزاری برای محافظت در برابر پیامک‌های فیشینگ، لینک‌های کلاهبرداری و اپلیکیشن‌های مشکوک و مخرب ✅ رایگان و اوپن‌سورس ‌ نصب از گوگل‌پلی و کافه بازار: play.google.com/store/apps/det… و cafebazaar.ir/app/nu.milad.m… اطلاعات بیشتر: motmaenbash.ir

🚨 1- CVE-2025-53770 is a variant of CVE-2025-49704 - a critical auth bypass in SharePoint's ToolPane.aspx endpoint. It lets attackers reach a page that can parse webparts without valid credentials, and with a chained deserialization bug, they can achieve RCE entirely in memory

As promised, our #SharePoint adventure with CVE-2025-53770 and CVE-2025-53771, including payloads and vulnerability checker! blog.leakix.net/2025/07/using-…

I have launched YSoNet (ysonet.net) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe

Over the last 2 yrs LLMs have vastly improved their ability to write syntactically correct code, but they haven’t improved in ability to write code without vulnerabilities which is steady at 45% coding tasks with vulns.

Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient.py. Storytime from Aurelien (Aurélien Chalot), including instructions for reproducing the test environment yourself. (link below)

You can't bug hunt your way to security. AI doesn't change that.

I’m a web guy, so I usually don’t work on non-web applications since my mind doesn’t do binary. With the help of my friend for reverse engineering, I managed to uncover some CVEs. It was very challenging for me, hope you like it: blog.voorivex.team/hacking-veeam-…

At Black Hat USA 2025, Tal and his colleague revealed 14 previously unknown vulnerabilities in two leading secret managers: HashiCorp Vault and CyberArk Conjur. Some of these issues were lying in wait for years. They enabled authentication bypass, root access, remote code