Explore >> Select a destination
|
You are here 
|
httptoolkit.com | ||
| | | | |
rtx.meta.security
|
|
| | | | | We have discovered a vulnerability in Android that allows an attacker with the WRITE_SECURE_SETTINGS permission, which is held by the ADB shell and certain privileged apps, to execute arbitrary code as any app on a device. By doing so, they can read and write any app's data, make use of per-app secrets and login tokens, change most system configuration, unenroll or bypass Mobile Device Management, and more. Our exploit involves no memory corruption, meaning it works unmodified on virtually any device run... | |
| | | | |
www.thexero.co.uk
|
|
| | | | | Learn how attackers exploit EAP-TLS vulnerabilities in enterprise Wi-Fi networks and how to secure your devices with best practices and real-world examples. | |
| | | | |
positive.security
|
|
| | | | | Chaining a misconfiguration in IE11/Edge Legacy with an argument injection in a Windows 10/11 default URI handler and a bypass for a previous Electron patch, we developed a drive-by RCE exploit for Windows 10. The main vulnerability in the ms-officecmd URI handler has not been patched yet and can also be triggered through other browsers (requires confirmation of an inconspicuous dialog) and desktop applications that allow URI opening. | |
| | | | |
www.nodejs-security.com
|
|
| | | A critical vulnerability in `ggit`, an npm package simplifying Git interactions through Node.js promises, exposes a command injection risk. Learn how this flaw can be exploited and best practices for secure coding. | ||
