Open ports help applications serve their purpose correctly. However, certain services running on ports exposed to the internet may pose security risks.
In this blog, we will cover the risks of ...
A technical analysis of the two newly released high severity vulnerabilities in OpenSSL, dubbed CVE-2022-3786 and CVE-3602.
Wave 9 of Project Resonance was conducted to determine the security posture of the exposed Kubernetes clusters around the internet. Over 500,000 unsecured Kubernetes instances were discovered during the course ...
Our research shows that secret leakage is still an issue developers must be addressed with secure development practices. We recommend that developers ensure that any cloud computing solutions they integrate ...
Web applications are the cornerstone of anything on the publicly accessible internet. Due to the complexities of the software development life cycle, developers tend to embed secrets within the source ...
Say Hi to Octopii, an AI-powered Personal Identifiable Information scanner that uses Tesseract's Optical Character Recognition (OCR) and a MobileNet Convolutional Neural Network (CNN) model to detect various forms of ...
The Spring4Shell (CVE-2022-22963) is a RCE vulnerability in the Spring framework affecting JDK versions >= 9. We analyse the vulnerability and exploits in detail in this blog.
CVE-2022-0847 dubbed the "Dirty Pipe", is a privilege escalation vulnerability in the Linux Kernel. We demonstrate the vulnerability and analyze it in depth.
Nowadays, securing and managing a company’s digital footprint has become an even more difficult challenge. With so many subdomains, code repositories, and applications, some untracked assets are bound to be ...
At RedHunt Labs, (under Project Resonance), we frequently conduct internet-wide research in different shapes and formats to understand the state of security across the internet. In this iteration, we conducted ...
Studies reveal that a data leak can seriously damage a company's image and brand value. It can harm the goodwill of a brand and cause a loss of client trust.
As ...
What is Log4j Vulnerability? Apache Log4j is an open source logging framework that allows software developers to log various data within their application. This data can also include user input. ...