**Handala Hack**, also tracked by Check Point Research as Void Manticore, is an Iranian threat actor that is known for multiple destructive wiping attacks combined with “hack and leak” operations. The threat actor operates several online personas, with the most prominent among them being Homeland Justice, maintained from mid-2022 specifically for […]

# Findings Gadgets Like it’s 2026 ## Introduction Java deserialization vulnerabilities have been of interest to me for nearly a decade. In 2016, my team published a blog post titled “What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.” which kicked off a firestorm […]

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft DirectX. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure […]

CVE-2025-68623 A local privilege escalation vulnerability exists during the installation of Microsoft DirectX End-User Runtime. A low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. The versions below were either tested or verified to be vulnerable by Talos or confirmed […]

For years, Iranian intelligence services have operated through deniable criminal intermediaries in the physical world. A similar pattern is now becoming visible in cyber space, where state objectives are increasingly pursued through criminal tools, services, and operational models. Notably, this dynamic appears with growing frequency in activity associated with actors […]

Databases serve as the foundation of the digital world, organizing and storing critical information: from financial transactions and medical records to website content. However, like any complex software product, they are not immune to flaws, and discovered vulnerabilities can turn this repository into a prime target for attacks. This applies […]

Enable JavaScript and cookies to continue

**security-research** Public # Swagger-Parser race condition leads to Cross-Thread Data Contamination ## Package ## Affected versions ## Patched versions ## Description ### Summary The swagger-parser library is not thread safe for OpenAPI 3.1 specifications. When parsing on multiple threads concurrently it is possible for the parsing results for specs on […]

For the last few months, we’ve been using the GitHub Security Lab Taskflow Agent along with a new set of auditing taskflows that specialize in finding web security vulnerabilities. They also turn out to be very successful at finding high-impact vulnerabilities in open source projects. As security researchers, we’re used […]

As shared in my previous blogpost, I reverse-engineered the TP-Link Tapo C260 webcam for the SPIRITCYBER IoT hardware hacking contest. Despite being one of the latest Tapo webcams, I was able to discover some pretty interesting vulnerabilities – local file disclosure (CVE-2026-0651), guest-privilege Remote Code Execution (CVE-2026-0652), and privilege escalation […]