Analysis of CVE-2025-27736 vulnerability in Power Dependency Coordinator
This article is dedicated to the bug in Power Dependency Coordinator, patched by Microsoft in April of this year.
IT Vulnerabilities: Identification, Prevention, and Mitigation
Common Types of IT Vulnerabilities and How to Address Them
A hole in Cloudflare’s shield: how the attack on Jabber.ru exposed a problem no one has talked about since 2023
Many remember the year-before-last incident with the Man-in-the-Middle attack on the XMPP service jabber.ru. This story caused a lot of noise, but I think the main point…
Overview and market map of ML protection platforms
Security Vision
How we accelerated the solution of our machine learning task by participating in the Big Mathematical Workshop
Hello, tekkix! We at the Security Analysis Department of the "Astra Group" recently had our first experience participating in the Big Mathematical Workshop, and we would…
How incorrect API development can lead to user deletion
Continuing the story about vulnerabilities discovered by UCSB pentesters and formed the basis of cases at the Pentest Award, we publish an analysis of the following real…
Nose to the wind: how our DNS sniffer helps find Blind vulnerabilities
Hello everyone! In the blog of the Solar 4RAYS Cyber Threat Research Center, we continue to share the results of incident investigations, useful tools for information…
Analysis of vulnerability CVE-2024-38227 in Microsoft SharePoint
On September 10, Microsoft released another set of updates, fixing 79 vulnerabilities in various products. Our attention was drawn to patches for Microsoft SharePoint…
Attacks on web caching. Cache poisoning: theory and practice
Caching is an efficient architectural solution that is used at all levels of computing systems today, from processor and hard disk cache to web server cache and reverse…
The most dangerous vulnerabilities of September: Microsoft, VMware, Veeam and others are under threat
Trentechix, hello! I am Alexander Leonov, a leading expert at the PT Expert Security Center laboratory. Every month, my team of analysts at Positive Technologies researches…
IDOR: A Complete Guide to Advanced Exploitation of IDOR Vulnerabilities
IDOR vulnerabilities are among the most common security vulnerabilities in modern web applications and APIs. It is not surprising that they are often recommended to novice…
Adapting fuzzing to find vulnerabilities
Fuzzing is a very popular software testing technique using random input data. There are a huge number of materials on the web about how to find software defects using…
SCA in the language of a security specialist
Recently, within the company, we have had several enthusiasts interested in DevSecOps for completely different reasons. Someone was asked an uncomfortable question by…
Arbitrary File Write
The world of vulnerabilities is quite diverse. Usually, hackers try to achieve their goals using arbitrary code execution vulnerabilities, the very abbreviation RCE.…
Security for Non-Security Experts
Anastasia Vazhinskaya is an information security engineer, not a front-end developer, but her presentation became the most important for the main hall of the FrontendConf…
Top dangerous vulnerabilities of August: Microsoft Windows and WordPress sites are at risk
tekkix, hello! I am Alexander Leonov, leading expert of the PT Expert Security Center laboratory. Every month, my team of analysts at Positive Technologies researches…
