Privilege escalation on SCCM undetected by antiviruses
Vulnerability CVE-2025-47179 allows for full control over SCCM
Purpleshift
New NTLM audit events help to detect coercing attacks
A chain of events 4023 and 4021 from the same IP address means an attack
LLM for pentesting: speed isn't everything
We found out which local LLMs are better at finding vulnerabilities
CopyFail: Decade-old kernel flaw in all Linux distributions
Severe vulnerability allows an unprivileged user to gain root
PhantomRPC: A new method for privilege escalation
Fake RPC server can impersonate the security context of the calling client, up to SYSTEM
How to make OpenClaw execute malicious commands
We found a vulnerabilty in a popular LLM agent
Privilege escalation on SCCM with WebClient
An attacker can take over the domain if automatic client push installation is enabled on the server
Bruteforcing WPA 802.11r: a new module for HashCat
Previously, pentesting tools did not work with 802.11r hashes
Incidents 2025: MDR and IR Report
Combining MDR and IR statistics provides a better understanding of current and emerging threats
Yes, we can RCE via your AI agent OpenClaw
Overly autonomous LLM executes commands not requested by the user
Attribution by Slang: Exposing Horabot
How our MDR team investigated a Brazilian hacker attack on Mexico
Incidents 2020-2025: Industry Statistics
What types of attacks are leading in different sectors in different years?
Bypassing authentication in Fortinet products via SSO
An attacker with a FortiCloud account can log in to other users’ FortiOS
Implementation of TCP transport for the Mythic agent
If Mythic agents communicate over HTTP(S), they are easy to detect
Cognitive Biases in SOC Analysts' Work
Anchoring effect, reasoning by analogy, and other logical errors
Top-10 posts of PurpleShift in 2025
We selected posts that got the most likes
Attacking Security Researchers via Visual Studio
A new technique to exploit VS IDE using SUO files