Hiding payloads in Java source code strings
In this post we'll show you how Java handles unicode escapes in source code strings in a way you might find surprising - and how you can abuse them to concea...
Aggregating 6632 articles from trusted cybersecurity sources
In this post we'll show you how Java handles unicode escapes in source code strings in a way you might find surprising - and how you can abuse them to concea...
Update: The results are in!
Security research involves a lot of failure.
To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that ...
This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works.
The single-packet attack is a new technique for triggering web race conditions.
In this post, I'll share my approach to developing custom automation to aid research into under-appreciated attack classes and (hopefully) push the boundarie...
Online security is constantly evolving, and thus we are excited to announce the publication of MRSP version 2.9, demonstrating that we are committed to keep ...
For too long, web race condition attacks have focused on a tiny handful of scenarios.
The GPG key used to sign the Firefox release manifests is expiring soon, and so we’re going to be switching over to new key shortly. The new GPG fingerprint ...
2.5 million people were affected, in a breach that could spell more trouble down the line.
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
The controversy surfaced when former Huntress analyst Ben Folland alleged that a current employee disclosed law enforcement inquiries to Devman, a ransomware...
A complaint unsealed this week accuses a 19-year-old of participating in incidents including a breach of a "luxury-jewelry retailer" in 2025.
Intruder has announced the launch of its Free plan, providing security, IT, and DevOps teams ongoing access to professional-grade vulnerability management, c...
The Gentlemen ransomware group has emerged in 2026 as a highly adaptive and technically sophisticated ransomware-as-a-service (RaaS) operation targeting larg...
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
Hackers stole data from 4.38 million Aflac Japan customers after accessing its systems for 10 days before the breach was detected.
Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25. The post Aflac Japan Data Breach Impacts 4.
American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary's systems and stole personal and bank account in...
Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in d...
The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and confi...
The breach occurred when threat actors exploited a vulnerability in third-party software used by KDDI.