Attack Research
Filter Content:
Categories:
Tags:
September 25, 2024 | Attack Blogs, Disclosures
On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code…
September 16, 2024 | Attack Blogs
On September 10, 2024, Ivanti released a security advisory for a command injection vulnerability for it's Cloud Service Appliance (CSA)…
September 13, 2024 | Attack Blogs
Update: 2024-09-16 We initially wrote this post in reference to CVE-2024-29847, however this post actually describes CVE-2023-28324. We had incorrectly…
August 23, 2024 | Attack Blogs, Disclosures
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces…
August 23, 2024 | Attack Blogs, Disclosures
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces…
June 14, 2024 | Attack Blogs, Disclosures
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces…
June 12, 2024 | Attack Blogs
Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an…
June 4, 2024 | Attack Blogs
Introduction Our last blog post on the FortiClient EMS SQL injection vulnerability, CVE-2023-48788, as it turns out only worked on…
May 28, 2024 | Attack Blogs, Disclosures
In November of 2023, preparing for a call for papers, I attempted to investigate the FortiSIEM patch for CVE-2023-34992. I…
May 20, 2024 | Attack Paths
As enterprises continue to transition on-premises infrastructure and information systems to the cloud, hybrid cloud systems have emerged as a…
