Home Assistant: Smartphone apps allow takeover by attackers

The companion apps for Android and iOS create a security vulnerability in Home Assistant. Attackers could take over instances.

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
GitHub

0x04h-Testing-Code-Quality.md

Injection Flaws (MSTG-ARCH-2 and MSTG-PLATFORM-2) An injection flaw describes a class of security vulnerability occurring when user input is inserted into backend queries or commands. By injecting ...