Researcher **Published:** 10 December 2025 at 12:32 UTC **Updated:** 10 December 2025 at 12:37 UTC This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusion, and a new class of Void Canonicalization attacks. […]

## **Information** 1. This is a solo CTF event open to women residing in Singapore or Malaysia. 2. To register and be eligible for the prizes: – Register on CTFd, and select the **“eligible”** bracket. – Confirm your eligibility by filling in the Google Form. 3. The flag format is […]

# What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299) Happy Friday, friends and.. others. We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend! ### What’re We Doing Today, Mr Fox? Today, in a tale that […]

_By: Dikla Barda, Roaman Zaikin & Oded Vanunu_ On November 3, 2025, Check Point Research’s blockchain monitoring systems detected a sophisticated exploit targeting Balancer V2’s ComposableStablePool contracts. The attacker exploited arithmetic precision loss in pool invariant calculations to drain **$128.64 million** across six blockchain networks in under 30 minutes. The […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

# Site Unseen: Enumerating and Attacking Active Directory Sites Active Directory Sites are a feature allowing to optimize network performance and bandwidth usage in AD internal environments. They are commonly implemented by large, geographically dispersed organizations spanning accross multiple countries or continents. Sites did not receive much attention by the […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

By Andrey Charikov and Oded Vanunu **Key Findings:** Launched in March 2017, Microsoft Teams has become one of the most widely used communication and collaboration platforms in the world. As part of the Microsoft 365 family, Teams provides workplaces with chat, video conferencing, file storage, and application integration to more […]