Security researchers find critical flaws in popular Axis cameras, allowing full remote control over thousands of surveillance systems in enterprises worldwide. The post How a chain of security flaws exposed thousands of enterprise surveillance cameras to remote code execution first appeared on TechTalks.| TechTalks
CVE-2025-32433 allows for remote code execution in sshd for certain versions of Erlang programming language’s OTP. We reproduced this CVE and share our findings. The post Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild appeared first on Unit 42.| Unit 42
Yes, you read this correctly: because the MySQL client is insecure and allows running arbitrary commands, and because mysqldump blindly trusts the server it is dumping from, a hostile MySQL Server on which mysqldump is executed could trigger arbitrary command execution (also known as a remote code execution). This post raises awareness on this vulnerability and shows how a secure MySQL| J-F Gagné's MySQL Blog
Finding deserialization functions accepting user input can be exciting, but what's your plan if well-known gadget chains aren't an option for exploitation? In this post, we explore the process of building a custom gadget chain to exploit deserialization vulnerabilities in Ruby. The post Discovering Deserialization Gadget Chains in Rubyland appeared first on Include Security Research Blog.| Include Security Research Blog
Published on| offsec.almond.consulting