SRLabs found a flaw in SocialKYC that allowed fake Twitter verifications. A three-line fix shows why blockchain apps must be reviewed as thoroughly as chains.
SRLabs found a flaw in SocialKYC that allowed fake Twitter verifications. A three-line fix shows why blockchain apps must be reviewed as thoroughly as chains.
FluBot malware exploits Android Accessibility to steal banking credentials, spread via SMS, and block removal—making it today’s top mobile threat.
FluBot malware exploits Android Accessibility to steal banking credentials, spread via SMS, and block removal—making it today’s top mobile threat.
SRLabs chained three zero-days in ServiceTonic ITSM—HQL injection, SSO flaw, and path traversal—to gain full remote code execution.
SRLabs chained three zero-days in ServiceTonic ITSM—HQL injection, SSO flaw, and path traversal—to gain full remote code execution.
SRLabs outlines six common bug classes in Substrate-based blockchains, from logic flaws to unsafe arithmetic, and how to mitigate them.
SRLabs outlines six common bug classes in Substrate-based blockchains, from logic flaws to unsafe arithmetic, and how to mitigate them.
SRLabs shares a four-step methodology for auditing Substrate-based blockchains, combining threat modeling, design review, fuzzing, and code audits.
SRLabs shares a four-step methodology for auditing Substrate-based blockchains, combining threat modeling, design review, fuzzing, and code audits.
SRLabs shares best practices for responsible vulnerability disclosure (CVD), guiding researchers and vendors toward secure, collaborative outcomes.
SRLabs shares best practices for responsible vulnerability disclosure (CVD), guiding researchers and vendors toward secure, collaborative outcomes.
Hackers exploit UDP services like Chargen, SSDP, and STUN for DDoS amplification. Misconfigured devices fuel massive attacks—better defenses are vital.
Hackers exploit UDP services like Chargen, SSDP, and STUN for DDoS amplification. Misconfigured devices fuel massive attacks—better defenses are vital.
Optimized exploitation of Telerik UI CVE-2017-9248 turns an “impractical” flaw into remote code execution risk for enterprises.
Optimized exploitation of Telerik UI CVE-2017-9248 turns an “impractical” flaw into remote code execution risk for enterprises.
Incomplete patches leave systems exposed. SRLabs found ZyXEL’s CVE-2020-9054 fix bypassable via FTP, showing how attackers reuse flaws with slight tweaks.
Incomplete patches leave systems exposed. SRLabs found ZyXEL’s CVE-2020-9054 fix bypassable via FTP, showing how attackers reuse flaws with slight tweaks.
SRLabs celebrates 10 years of hacking: from Berlin roots to a global team securing networks, payments, and infrastructure — while growing a culture of curiosity.
SRLabs celebrates 10 years of hacking: from Berlin roots to a global team securing networks, payments, and infrastructure — while growing a culture of curiosity.