Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990620)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990620 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as...

Explaining Software Vulnerabilities with Large Language Models

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing SAST tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic warning messages do not sufficiently communicate important...

Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

HTTP Request Smuggling Detection Tool This repository contain...

[SECURITY] Fedora 43 Update: python-inline-snapshot-0.30.1-1.fc43

Golden master/snapshot/approval testing library which puts the values right into your source code...

autottp

This is a Python wrapper for the PowerShell Empire API, a framework for penetration testing and red teaming. The wrapper provides a simple interface to interact with the Empire API, allowing users to automate tasks and sequences of actions. The wrapper is feature complete as of Empire 1.5.0 and...

Creating a Linux Application Using VSCodium, Cline, OpenRouter, and Claude

In March I created a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude. This was a program that created square screen captures. The user doesn't need to manually ensure the dimensions are a square. The program makes the window grow and shrink while keeping the length equ...

vulnerable-network-inventory-php

Net Inventory System - Vulnerable Version ⚠️ ADVERTENCIA CR...

xss_test

It is an offensive tool for web application testing. The tool ta...

GHSA-FRHW-MQJ2-WXW2 vulnerabilities

Vulnerabilities for packages: pulumi-language-yaml, terraform-provider-random, aws-signer-notation-plugin, kaf, shfmt, cluster-autoscaler, rancher-machine, vault-secrets-webhook, configmap-reload, metrics-server, vitess, age, mods, litefs, external-secrets-operator, cluster-api, vexctl, flux,...

GHSA-FRHW-MQJ2-WXW2 vulnerabilities

Vulnerabilities for packages: flannel, kyverno-policy-reporter-plugins-trivy, local-path-provisioner, azure-container-networking, mesosphere-vsphere-csi, spiffe-helper, cosign-fips, lvm-driver-fips, thanos-operator-fips, yace-fips, etcd-fips, mountpoint-s3-csi-driver, kubebuilder, k8sgpt-operator...

Exploit for SQL Injection in Exim

CVE-2025-26794: Exim ETRN SQL Injection Exploit !Python Vers...

MAL-2025-191874 Malicious code in speed-testing-nt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dcfc1b92868e7f4eef0f4c0e901418a557089fe5269a1e4ef07725d397cddbb3 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Malicious code in speed-testing-nt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dcfc1b92868e7f4eef0f4c0e901418a557089fe5269a1e4ef07725d397cddbb3 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

EUVD-2025-37106

Malicious code in epic-react-testing npm...

MAL-2025-49187 Malicious code in epic-react-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e97bbfa7002afbed785479629e1f7312a30bf41426bd7eae5ae91d7fb7ffefd The package epic-react-testing was found to contain malicious code...

Malicious code in epic-react-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e97bbfa7002afbed785479629e1f7312a30bf41426bd7eae5ae91d7fb7ffefd The package epic-react-testing was found to contain malicious code...

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

The open-source command-and-control C2 framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing...

The Death of the Security Checkbox: BAS Is the Power Behind Real Defense

Security doesn't fail at the point of breach. It fails at the point of impact. That line set the tone for this year's Picus Breach and Simulation BAS Summit , where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof. When...

A Comprehensive Evaluation and Practice of System Penetration Testing

With the rapid advancement of information technology, the complexity of applications continues to increase, and the cybersecurity challenges we face are also escalating. This paper aims to investigate the methods and practices of system security penetration testing, exploring how to enhance syste...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Web Vulnerability to POC Generator Web Vulnerability to POC G...