A high‑severity Redis remote command execution vulnerability (CNVD‑2019‑21763) discovered in July 2019 allows unauthenticated attackers to load malicious modules and execute arbitrary code, affecting Redis 2.x‑5.x, with no official patch yet and only temporary mitigation steps available.
The article explains how attackers can exploit file upload functionality by uploading malicious files, crafted filenames, SVG payloads, or symlinks to achieve remote code execution, data theft, or server denial‑of‑service, and provides practical defense measures such as whitelist validation, content‑type checks, and upload rate limiting.
The article analyzes an arbitrary URL redirect flaw caused by unchecked returnUrl parameters, demonstrates how Java's URL.getHost() can be misused through backslash and hash bypasses, and provides a robust validation code snippet that works across JDK versions.
A critical CVE‑2019‑5736 vulnerability in the runc container runtime lets a malicious container overwrite the host’s runc binary, granting attackers root‑level code execution that can compromise other containers, the host system, and the network, with a CVSS 3.0 score of 7.2, affecting runc, Apache Mesos and LXC, and requiring prompt updates.
The article explains the so‑called “jaeden” flaw in the ERC‑20 approve function, illustrates how transaction ordering can lead to double‑spending attacks, and offers two practical mitigation strategies for developers to write safer token contracts.
Oracle's recent advisory reveals multiple high‑severity MySQL vulnerabilities (CVE‑2018‑2562, CVE‑2018‑2591, CVE‑2018‑2696) that allow unauthenticated denial‑of‑service attacks and potential code execution, outlines affected versions, detection steps, and recommends immediate upgrades to patched releases.
A Linux server behind multiple firewalls was compromised by a Struts2 remote code execution flaw (CVE‑2017‑5638), leading to a hidden cron job that repeatedly launched a Bitcoin mining script, illustrating how outdated frameworks can expose systems to stealthy resource‑draining attacks.
The article reviews real‑world Android Binder vulnerabilities—including lock‑screen bypasses, Samsung shutdown eavesdropping, theme escalation, and system DoS—explains the Binder IPC architecture, and demonstrates how the drozer framework can be used for automated fuzzing, AIDL‑based, reflection‑based, and shell‑script exploitation of high‑privilege services.
A critical backdoor was discovered in NetSarang’s Xshell 5 Build 1326, where the nssock2.dll module contains malicious code that contacts a remote domain, affecting multiple NetSarang products; the article details the vulnerability, affected versions, behavior, and provides safe download links.
This article introduces Gixy, a static analysis tool for Nginx configurations, demonstrates how to detect and fix HTTP header splitting and other security issues, explains its handling of included files, lists detectable vulnerabilities, and provides simple installation instructions.
At NodeConfBP, Snyk's Danny Grander demonstrated live attacks on a vulnerable Express 4.x app, exposing directory‑traversal, XSS, and remote memory leaks, then shared practical tips for building safer Node.js applications.
This article explains how vulnerabilities, backdoors, and various Oracle rootkit techniques—ranging from simple package tricks to OS‑level and memory‑level attacks—allow attackers to maintain persistent, hidden access to databases, and it offers concrete detection and mitigation strategies.
This article recounts a recent incident where a Struts2 vulnerability was exploited to run mining malware, detailing the discovery process, forensic analysis of services, processes, network listeners, and the step‑by‑step remediation measures including script‑based scans, permission hardening, and upgrading Struts2.
This article explains how attackers can combine SSRF vulnerabilities with unauthorized Redis access and unsafe serialization in Celery to infiltrate internal networks, illustrating the attack flow, exploitation techniques, and mitigation considerations for operations and security teams.
The article explains Java serialization and deserialization concepts, provides sample code for serializing a string to a file and restoring it, describes how insecure deserialization leads to remote code execution vulnerabilities illustrated by ActiveMQ, JBoss and Jenkins cases, and outlines mitigation techniques such as class whitelisting, encryption, and using transient fields.
Next Wednesday the Node.js team will release security updates for several versions, fixing critical TLS certificate handling flaws and other vulnerabilities, while announcing the end of maintenance for the v0.10.x line and urging users to upgrade to newer releases.
This article explains the unauthenticated SQL injection flaw in Zabbix's JSRPC profileIdx2 parameter, details its high impact on versions 2.2.x and 3.0.0‑3.0.3, provides a step‑by‑step proof‑of‑concept exploit, and recommends upgrading to version 3.0.4 to remediate the issue.
A recent security report reveals that hackers can compromise popular smart doorbells by unscrewing two screws, forcing the device into AP mode, accessing its built‑in web server via a special URL, and extracting the Wi‑Fi SSID and PSK, highlighting the broader vulnerability of IoT home devices.
Security researchers discovered a wormhole‑style flaw in the popular 360 Browser for Android that allows remote code execution through a custom HTTP service, affecting both rooted and non‑rooted devices, and a patch (version 6.9.9.71) was released on November 23 to mitigate the issue.
The article explains how a widespread Java serialization vulnerability lets attackers execute remote commands by deserializing malicious objects, and describes a practical mitigation that overrides ObjectInputStream’s resolveClass method to enforce a whitelist, preventing unauthorized class instantiation without rewriting application code.
This article explains a high‑severity Redis unauthorized‑access vulnerability that can let attackers write SSH keys to the host, highlights the risk of exposing Redis to the Internet without authentication, and provides guidance on remediation and network protection.
A severe Bash vulnerability has been disclosed, and this guide shows how to quickly test your Linux system for exposure, apply an urgent update, and verify the fix, ensuring your SSH environment remains secure.
