Advertisement · 728 × 90

Posts by Puneet Thapliyal

The $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived - The Trail of Bits Blog

blog.trailofbits.com/2025/02/21/t...

1 year ago 0 0 0 0
Raw SQL Queries are Actually Better for Security Than ORMs? Have I gone mad? Do I actually recommend not using an ORM and actually gaining a security advantage? Sort of. It's more nuanced but if we're trying to fix SQL injection and related vulnerabilities the...

While ORMs help in preventing SQL Injections , beware of the Mass Assignment security vulnerabilities in ORMs

www.nodejs-security.com/blog/raw-sql...

1 year ago 2 0 0 0
Preview
Backdoor in Chinese-made healthcare monitoring device leaks patient data Functionality in the device firmware sends patient data to a hardcoded IP address that also downloads and executes binary files without the owner’s knowledge.

Backdoor in Chinese-made healthcare monitoring device leaks patient data (Contec CMS8000 and the Epsimed MN-120)

www.csoonline.com/article/3814...

1 year ago 1 0 0 0
World's First MIDI Shellcode Blog post about a reverse engineering project

World’s First MIDI Shellcode psi3.ru/blog/swl01u/

1 year ago 1 0 0 0
Preview
U.S. Army Soldier Arrested in AT&T, Verizon Extortions Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stol...

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

krebsonsecurity.com/2024/12/u-s-...

1 year ago 1 0 0 0
Preview
China-backed hackers breached US Treasury workstations | CNN Business The US Treasury Department notified lawmakers on Monday that a China state-sponsored actor infiltrated Treasury workstations in what officials are describing as a “major incident.”

China-backed hackers breached US Treasury workstations by compromising a key from BeyondTrust PAM solution.

The cybersecurity tools themselves are leading to major hacks.

www.cnn.com/2024/12/30/i...

1 year ago 1 0 0 0
Preview
Cybersecurity firm's Chrome extension hijacked to steal users' data At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.

Cybersecurity firm Cyberhaven's Chrome extension hijacked to steal users' data.. smh

www.bleepingcomputer.com/news/securit...

1 year ago 0 0 0 0
Preview
From File Upload To LFI: A Journey To Exploitation Recently I had a client that asked for a black-box pentest for a new web app that the company was about to release. The objective of this…

infosecwriteups.com/from-file-up...

1 year ago 0 0 0 0

go.bsky.app/53iqbXu

1 year ago 2 0 0 0
CSDL | IEEE Computer Society

Understanding the Efficacy of Phishing Training in Practice

www.computer.org/csdl/proceed...

1 year ago 1 0 1 0
Advertisement
Results about you

TIL: Google has a special tool to help you monitor and remove your personal information (name, address, email address, phone) should it appear in Google search results.

myactivity.google.com/results-abou...

1 year ago 1 0 0 0