Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
GitHub

Debugger Anti-Detection Benchmark

WubbabooMark is aimed to detect traces of usage of software debuggers or special software designed to hide debugger presence from the debugee by tampering with various aspects of the program ...
GitHub

Werkzeug Debug Console Pin Bypass

Werkzeug has a debug console that requires a pin by default. It's possible to bypass this with an LFI vulnerability or use it as a local privilege escalation vector. The debug console will lock after ...