Not for the certificate: my experience with HTB CWES
I’ll make it clear right away: this is not a walkthrough. There won’t be a step-by-step breakdown of the exam, spoilers about machines, or any secret techniques. I don’t…
I’ll make it clear right away: this is not a walkthrough. There won’t be a step-by-step breakdown of the exam, spoilers about machines, or any secret techniques. I don’t…
Many APIs still expose incremental IDs in URLs - one curl in a loop, and the attacker has the entire table. This is exactly what APCOA fell victim to in April 2025. I…
Researchers from Kaspersky Lab examined the tactics of malware distribution through the official App Store for Apple devices.
In recent years, hybrid infrastructure has become the de facto standard. Companies are moving critical services to Azure, AWS, Google Cloud, or Yandex.Cloud while leaving…
Are your logs filled with login attempts on .env, .git, and wp-login.php? While the bot is knocking on Nginx, your server is already wasting precious resources. I decided…
On April 8, 2026, WireSock Secure Connect 3.4.4 - the first official release of the 3.x branch - was released.
The history of biometric dermatoglyphics on the human fingertip has been studied in detail and published hundreds, if not thousands, of times in both brief and detailed…
What is junk? Junk is what you keep for years and throw away just before you need it.
Here is the PT Cyber Analytics team. In this article, we will talk about the work of analysts in cybersecurity projects, show what makes this profession attractive, and…
The client carefully selected the system but forgot to prepare the infrastructure in the organization. We will analyze the mistake, the consequences, and how to avoid…
A serious incident in the JavaScript ecosystem highlights the growing danger of open source and supply chain attacks. StepSecurity researchers reported the compromise…
Last week's major news was the hack of the LiteLLM library, used as an intermediary for communication with a large number of language models. Through another malicious…
Today, I read about future AI hackers and realized that the problem is much bigger than "more cyberattacks." It no longer seems like fantasy. OpenAI states that it is…
Recently, Microsoft announced a seven-point plan to fix Windows 11, which the tech press received as an act of redemption. Windows President Pavan Davuluri admitted in…
In corporate infrastructure, entry points are often more numerous than desired. Email, VPN, internal portals, development systems, cloud services—each resource has its…
Many developers have recently been using cloud-based LLMs for generating code, including with the help of agents. However, this raises at least two issues.
Imagine a situation: you carefully prepared for multi-accounting, set up the environment, assigned a unique residential proxy for each stream, and trusted your IP addresses…
In August 2019, just weeks before the Moscow City Duma elections, Pierrick Godri from the INRIA research institute published the results of an analysis of the code of…