❌ tuşunu fulledik

We recently looked deeper at the authentication bypass vulnerability in Next.js (CVE-2025-29927) and discovered some intelligent and comprehensive ways to check for the vulnerability. Read more in our blog post: slcyber.io/assetnote-secu…

Where other men blindly follow the truth... Remember, nothing is true.

We have just published our AttackerKB Rapid7 Analysis of CVE-2025-22457, an unauth stack buffer overflow in Ivanti Connect Secure. Difficult to exploit due to severe character restrictions, we detail our full RCE technique here: attackerkb.com/topics/0ybGQIk…

🚨 New advisory was just published! 🚨 A vulnerability in PHP's extract() function allows attackers to trigger a double-free in version 5.x or a user-after-free in versions 7.x, 8.x, which in turn allows arbitrary code execution (native code): ssd-disclosure.com/ssd-advisory-e…

🚨 New advisory was just published! 🚨 Two Use After Free (UAF) vulnerabilities were discovered within Chrome’s Browser process by one of our researchers at SSD Labs: ssd-disclosure.com/ssd-advisory-m…

[ZDI-25-291|CVE-2025-4919] (Pwn2Own) Mozilla Firefox IonMonkey JIT Compiler Integer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: Manfred Paul (@[email protected])) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-292|CVE-2025-4919] Mozilla Firefox SpiderMonkey Out-Of-Bounds Write Remote Code Execution Vulnerability (CVSS 8.8; Credit: Edouard Bochin (Edouard Bochin) and Tao Yan (@Ga1ois) from Palo Alto Networks) zerodayinitiative.com/advisories/ZDI…

Check out our latest deep dive into the #Fortinet CVE-2025-32756, a classic buffer overflow! This is being exploited in the wild and was added to the CISA KEV catalog last week. horizon3.ai/attack-researc…

Our team recently used a novel technique to increase the impact of what seemed to be only a blind SSRF. This novel technique involving HTTP redirect loops and incremental status codes led to full HTTP response leakage. Read more on Searchlight Cyber blog here: slcyber.io/assetnote-secu…

Session keys and passwords aplenty, here’s our deep-dive for CVE-2025-5777, aka CitrixBleed 2. Apart from the normal root-cause analysis, we’ve doubled down on actionable steps to investigate Indicators of Compromise. horizon3.ai/attack-researc…

"Umutsuz durumlar yoktur, umutsuz insanlar vardır. Ben hiçbir zaman umudumu yitirmedim." Gazi Mustafa Kemal Atatürk

CVE-2025-4941 - Trend ZDI analyst Hossein Lotfi details the Firefox bug used at #Pwn2Own Berlin by Manfred Paul. Includes root cause analysis and video demo. zerodayinitiative.com/blog/2025/7/14…

Want to learn about Chrome exploitation and the role of WebAssembly in it? In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to remote code execution. Read it here:

CVE-2025-8058: glibc: posix: Double-free after allocation failure in regcomp openwall.com/lists/oss-secu… The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails

Stack overflows, heap overflows, and existential dread - it must be an SSLVPN. labs.watchtowr.com/stack-overflow…

''Full Chain Baseband Exploits, Part 1'' #infosec #pentest #redteam #blueteam labs.taszk.io/articles/post/…