Analysis of XXE 0days in PHPSpreadsheet < 3.4.0
We deep-dive into how it has been possible to find two XXE 0day vulnerabilities in PHPSPreadsheet, bypassing the actual defences and subsequent fixes.
Analysis of CVE-2022-23093 (FreeBSD Ping Stack Overflow)
We are analyzing CVE-2022-23093, step by step, to eventually answer the question: is it possible to get RCE, or not?
How the guests of a hotel were scammed
Unlock Security intervened to look into repeated scams against the guests of a hotel. This is how the scammer stole the reservation details.
Saving a payload in VIM can actually run it
Have you ever used VIM to save an XXE payload found on the web? If yes, the editor may have done an HTTP request without your knowledge.