This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

**security-research** Public # Token Leak via Open Redirection and CSRF in the Callback Handler of cloudflare/workers-oauth-provider ## Package ## Affected versions ## Patched versions ## Description ### Summary Clients are required in the OAuth spec to prevent CSRF attacks at its Callback handler. The implementation in cloudflare/workers-oauth-provider doesn’t protect against […]

Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images showed that these images were DNG […]

# Designing a Passive LiDAR Detector Device – Firmware # Welcome back! In the last post I described the process of examining the iPhone Pro TrueDepth LiDAR and developing concepts for hardware to detect it. Here I will describe the firmware for this device, the concepts employed in it, and […]

# ActivID administrator account takeover : the story behind HID-PSA-2025-002 In September 2025, we were asked by one of our clients to focus on a specific product: ActivID Appliance by HID. According to the vendor, this product is used worldwide to secure access to critical infrastructure and data. It supports […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

# SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025). Weeeeeeeee. Before then, we want to […]

Throughout 2025, we conducted and published several reports related to our research on the Silver Fox APT. In some of them (for example, here), the threat actor delivered the well-known **ValleyRAT backdoor**, also referred to as **Winos** or **Winos4.0**, as the final stage. Since this malware family is widely used, modular, and often associated with […]

Gerne unterstütze ich Sie als Freelancer bei der Erarbeitung und Durchführung maßgeschneiderter Workshops und Trainings: In einer Zeit, in der durch _Vibe-Coding_ Proof-of-Concept-Anwendungen nur wenige Prompts entfernt sind, ist es essenziell, dass Mitarbeitende in Unternehmen regelmäßig geschult werden, um ein Bewusstsein für IT-Sicherheit zu schaffen und dieses aufrechtzuerhalten. Hierbei biete […]