Exchanges can be seen as the core of Web 3.0 centralized services, but in recent years, more and more cybersecurity incidents are surrounding exchanges. Therefore, it has become very important to find more scientific ways to choose exchanges instead of relying on own instincts.
It’s very time-consuming for hackers to collect and sort out useful information from the attacks. If they couldn’t turn those data into money, they will probably starve to death. Therefore, this article uses some common examples to illustrate how hackers can take advantage of the data leakage and the corresponding impacts from a profit-making perspective.
Suppose your house is burglarized today, as having superpower, you rewind time to yesterday, but if you didn’t make any changes, the same thing will happen again. You should take the opportunity to change the locks or hide the money somewhere else.
ERPNext is a very popular open-source ERP(Enterprise Resource Planning) software built on Frappe Framework.Last December, we found two vulnerabilities in the latest version of ERPNext: SSRF(Server-Side Request Forgery) and account takeover via XSS. Both vulnerabilities require a low-privileged authenticated user to perform the attack.
Last year, a critical vulnerability in the Java ecosystem named Log4Shell has been found, it is described as a "nuclear bomb-level loophole".Recently, another critical vulnerability has been found in Spring core, because of its similarity to Log4Shell, it's named "Spring4shell".
Amelia is a WordPress plugin for booking systems developed by TNS. With 40,000+ active installations, it has been used for the clinic, hair salon, tutor, and so on.In March, we studied the source code of Amelia and found three vulnerabilities in the end
“Why do you want me to reset my password instead of sending me the old password?”Many people might have the similar doubts like John. Wouldn't it be nice to send me the old password? Why force me to change it?
The break of dawn on a August morning marked the end of my OSCP journey as I waved goodbye to my proctor and finally uploaded the exam report. Half a year ago, I wouldn't have dreamt of obtaining the OSCP, but now with the beast tamed and the struggle over, let me share my (fortunately) fruitful journey with you.