Threat-Intel

• JavaScript is disabled In order to continue, we need to verify that you’re not a robot. • This requires JavaScript. • Enable JavaScript and then reload the page.

• AuraInspector: Auditing Salesforce Aura for Data Exposure Mandiant Written by: Amine Ismail, Anirudha Kanodia Introduction Mandiant is releasing AuraInspector, a new open-source

• JavaScript is disabled In order to continue, we need to verify that you’re not a robot. • This requires JavaScript. • Enable JavaScript and then reload the page.

• Breaking Down the Attack Surface of the Kenwood DNR1007XR - Part One For the upcoming Pwn2Own Automotive contest, a total of 3 head units have been selected. • One of these is th

• JavaScript is disabled In order to continue, we need to verify that you’re not a robot. • This requires JavaScript. • Enable JavaScript and then reload the page.

• JavaScript is disabled In order to continue, we need to verify that you’re not a robot. • This requires JavaScript. • Enable JavaScript and then reload the page.

• Go’s arithmetic operations on standard integer types are silent by default, meaning overflows ‘wrap around’ without panicking. • This behavior has hidden an entire class of secur

• Can chatbots craft correct code? • I recently attended the AI Engineer Code Summit in New York, an invite-only gathering of AI leaders and engineers. • One theme emerged repeated

• Use GWP-ASan to detect exploits in production environments Memory safety bugs like use-after-free and buffer overflows remain among the most exploited vulnerability classes in pr

• While on Project Zero, we aim for our research to be leading-edge, our blog design was ⦠not so much. • We welcome readers to our shiny new blog! • For the occasion, we asked me

• Preface Hello from the future! • This is a blogpost I originally drafted in early 2017. • I wrote what I intended to be the first half of this post (about escaping from the VM to

• This post was originally written in 2016 for the Project Zero blog. • However, in the end it was published separately in the journal PoC||GTFO issue #13 as well as in the second

• Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the threats that matter most. •

• Catching malicious package releases using a transparency log We’re getting Sigstore’s rekor-monitor ready for production use, making it easier for developers to detect tampering

• Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. • Thanks to a lead from Meta, these samples came to the attention of Googl

• Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysis In 2023 GitHub introduced CodeQL multi-repository variant analysis (MRVA). • This functionality

• It’s the final patch Tuesday of 2025, but that doesn’t make it any less exciting. • Put aside your holiday planning for just a moment as we review the latest security offering fr

• You need to enable JavaScript to run this app.

• Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the threats tha

• Introducing constant-time support for LLVM to protect cryptographic code Trail of Bits has developed constant-time coding support for LLVM, providing developers with compiler-lev

• Beyond the Watering Hole: APT24’s Pivot to Multi-Vector Attacks Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the threats that matter most

• We found cryptography bugs in the elliptic library using Wycheproof Trail of Bits is publicly disclosing two vulnerabilities in elliptic, a widely used JavaScript library for ell

• Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem Mandiant Written by: Mohamed El-Banna, Daniel Lee, Mike

• We’re releasingSlither-MCP, a new tool that augments LLMs with Slither’s unmatched static analysis engine. • Slither-MCP benefits virtually every use case for LLMs by exposing Sl

• How we avoided side-channels in our new post-quantum Go cryptography libraries The Trail of Bits cryptography team is releasing our open-source pure Go implementations of ML-DSA

• Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study Mandiant Google Threat Intelligence Visibility and context on the threats t

• Since its original release in 2009,checksechas become widely used in the software security community, proving useful in CTF challenges, security posturing, and general binary ana

• I’ve made it through Pwn2Own Ireland, and while many are celebrated those who served their country in the armed services, patch Tuesday stops for no one. • So affix your poppy ac

• No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 Mandiant Written by: Stallone D’Souza, Praveeth DSouza, Bill Glynn, Kevin O’Flynn,

• Balancer hack analysis and guidance for the DeFi ecosystem TL;DR - The root cause of the hack was a rounding direction issue that had been present in the code for many years. • -

• GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the threats that matter m

• Preparing for Threats to Come: Cybersecurity Forecast 2026 Blog and Content Manager Visibility and context on the threats that matter most. • Every November, we make it our missi

• The cryptography behind electronic passports Did you know that most modern passports are actually embedded devices containing an entire filesystem, access controls, and support f

• Trail of Bits is disclosing vulnerabilities in eight different confidential computing systems that use Linux Unified Key Setup version 2 (LUKS2) for disk encryption. • Using thes

• Keys to the Kingdom: A Defender’s Guide to Privileged Account Monitoring Mandiant Written by: Bhavesh Dhake, Will Silverstone, Matthew Hitchcock, Aaron Fletcher The Criticality o

• Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials Visibility and context on the threats that matter most. • Google Threat I

• Pwn2Own Ireland 2025: Day Three and Master of Pwn Welcome to the third and final day of Pwn2Own Ireland 2025. • So far, we’ve awarded $792,750 for 56 unique 0-day bugs, and we st

• Prompt injection to RCE in AI agents Modern AI agents increasingly execute system commands to automate filesystem operations, code analysis, and development workflows. • While so

• Pwn2Own Ireland 2025: Day One Results Welcome to Day One of Pwn2Own Ireland 2025! • We have 17 attempts today with some exciting research on display. • We’ll be posting results h

• Pwn2Own Ireland 2025: The Full Schedule Welcome to Pwn2Own Ireland 2025! • We have some amazing spooky entries for this year’s contest, and a potential of up to $2,000,000 - incl

• If you just want to read the rules, click here. • Updated as of November 21 to expand the Alpitronic target scope and to clarify the model of the ChargePointHome Flex model numbe

• I’m currently in Cork, Ireland as we prepare for Pwn2Own Ireland, but that doesn’t stop patch Tuesday from coming. • Take a break from your scheduled activities and let’s take a

• In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. • While fuzzing RFA files, he found the following crash (CVE-2025-5037 / ZDI-CAN

• Taming 2,500 compiler warnings with CodeQL, an OpenVPN2 case study Why are implicit integer conversions a problem in C? • During our security review of OpenVPN2, we faced a daunt

• CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin While investigating the security posture of various machine learning (ML) and artificial intelligence (AI) framewor

• Supply chain attacks are exploiting our assumptions Every time you run cargo add or pip install , you are taking a leap of faith. • You trust that the code you are downloading co

• There’s a crispness in the air - at least here in North America - and with it comes the latest security patches from Adobe and Microsoft. • Take a break from your scheduled activ

• You need to enable JavaScript to run this app. • You need to enable JavaScript to run this app.

• AI is accelerating threat sophistication, enabling attackers to craft more convincing phishing campaigns. • Machine‑learning models are used to generate polymorphic malware that

• Identify vendor security posture through comprehensive risk assessment. • Evaluate compliance with industry standards and regulatory requirements. • Assess data protection, acces

• Malware increasingly hides in legitimate app store listings, exploiting user trust for widespread infection. • Supply‑chain attacks target third‑party libraries, enabling attacke

• Commercial software proliferation expands attack surface, increasing vulnerability exposure across enterprises. • Open-source components in commercial stacks introduce hidden bac

• AI accelerates threat detection, enabling faster identification of malicious activity. • Adversarial AI allows attackers to craft evasive malware that bypasses traditional defens

• Universities face rising ransomware attacks targeting research data and student records. • Phishing campaigns exploit faculty credentials to gain network access. • Supply‑chain v

• Ransomware remains the top threat, targeting critical UK business data. • Phishing campaigns exploit remote working, increasing credential theft. • Supply‑chain attacks grow, com

• Sports organisations increasingly targeted by ransomware, phishing, and credential‑stealing attacks. • High‑profile events like the Olympics and World Cup attract sophisticated t

• US sanctions in May 2020 targeted Russian cyber actors and infrastructure. • NCSC identified increased threat actor activity following sanction announcements. • Sanctions disrupt

• UK telecoms face rising cyber threats, including ransomware targeting network infrastructure. • NCSC highlights supply chain risks from overseas vendors in 5G equipment. • Vulner

• BGP is critical for inter-ISP routing, requiring strict policy enforcement to prevent leaks and hijacks. • Implement prefix filtering and route origin validation to ensure only l

• Enterprise connected devices expand attack surface, enabling lateral movement across corporate networks. • Insider threats amplified as employees use personal devices for work, b