Abstract: As software applications grow increasingly complex, particularly in their input formats, testing these applications becomes a challenging endeavour. Automated testing techniques, such as ...

This exploit is userland exploit. Don't expect homebrew enabler(HEN) level of access. Run python3 pack_savegame.py to generate save.zip. You can either use updater.py or Apollo Save Tool to apply the ...

Leon Trampert (CISPA Helmholtz Center for Information Security), Daniel Weber (CISPA Helmholtz Center for Information Security), Lukas Gerlach (CISPA Helmholtz Center for Information Security), ...

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July ...

Abstract: Fuzzing is an efficient automated testing technique for discovering vulnerabilities. It generates and feeds random or pseudo-random data to the target system, aiming to trigger potential ...

Attackers trick users into approving access on real Microsoft pages OAuth device code phishing surged sharply since September 2025 Both cybercriminals and state-linked actors reportedly use this ...

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software ...

A zero-day vulnerability in WatchGuard Firebox firewalls is under active exploitation, marking the latest attacks against edge devices this month. WatchGuard disclosed the vulnerability, tracked as ...

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...

WatchGuard has issued an urgent patch alert for its Firebox firewall appliances after discovering a critical-rated vulnerability that is under exploit by threat actors. Tracked as CVE-2025-14733, with ...