SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

In this article 1. DNS hijacking attack chain: From compromised devices to AiTM and other follow-on activity 2. Mitigation and protection guidance 3. Microsoft Defender detection and hunting guidance Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been...

Exploit for PHP Remote File Inclusion in Synacor Zimbra_Collaboration_Suite

CVE-2025-68645 — Zimbra Classic UI LFI Defender Pack This r...

An AUTOSAR-Aligned Architectural Study of Vulnerabilities in Automotive SoC Software

Cooperative, Connected and Automated Mobility CCAM are complex cyber-physical systems CPS that integrate computation, communication, and control in safety-critical environments. At their core, System-on-Chip SoC platforms consolidate processing units, communication interfaces, AI accelerators, an...

secrets-store-sync-controller discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vau...

Exploit for CVE-2025-54253

CVE-2025-54253 Adobe AEM OGNL Injection Simulated PoC Lab !...

InjectLab: a Tactical Framework for Adversarial Threat Modeling against Large Language Models

Large Language Models LLMs are changing the way people interact with technology. Tools like ChatGPT and Claude AI are now common in business, research, and everyday life. But with that growth comes new risks, especially prompt-based attacks that exploit how these models process language. InjectLa...

NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

The National Security Agency NSA has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting...

VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31)

VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability VUPEN-SR-2010-31 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "RealPlayer is a media player available to play, manage and download all your mp3, flash and video files" from real.com...

VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003)

VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability VUPEN-SR-2010-003 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "RealPlayer is a media player available to play, manage and download all your mp3, flash and video files" from...

VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245)

VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability VUPEN-SR-2010-245 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used...

VUPEN Security Research - Microsoft Office Excel Ghost Record Type Parsing Vulnerability (CVE-2010-3242)

VUPEN Security Research - Microsoft Office Excel Ghost Record Type Parsing Vulnerability CVE-2010-3242 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share...

Adobe to Share Vulnerability Data with Security Vendors

LAS VEGAS — Adobe’s push to beef up its security posture took another leap forward here with the announcement of plans to start sharing details on software vulnerabilities with security vendors ahead of time to help reduce the window of exposure to hacker attacks. In partnership with Microsoft,...