CVE-2024-39891 - Exposed Authy Phone Number Lookup — How Twilio’s API Leaked User Data
In June 2024, security researchers spotted a worrying flaw in the Twilio Authy API—used by millions for secure two-factor authentication. This vulnerability, logged as
CVE-2024-37370 - How Attackers Trick Applications with Modified Kerberos GSS krb5 Wrap Tokens
June 2024 brought an important security update for MIT Kerberos 5 (krb5), fixing a subtle but serious flaw tracked as CVE-2024-37370. In this article, we’
CVE-2024-5642 - A Deep Dive into the CPython NPN Protocols Empty List Vulnerability
In June 2024, the security world quietly noted the release of CVE-2024-5642, an unusual but important bug in CPython affecting versions 3.9 and earlier.
CVE-2024-5535 - OpenSSL’s SSL_select_next_proto Buffer Overread — How a Zero-Length Protocol List Can Leak Sensitive Memory
OpenSSL is a staple of modern network cryptography, relied on by millions of servers and clients worldwide. Naturally, any flaw discovered in this library receives
CVE-2024-22232 - Directory Traversal in Salt File Server - How Attackers Can Steal Any File
In early 2024, researchers discovered a dangerous vulnerability — CVE-2024-22232 — that affects the popular SaltStack open-source automation tool. This issue allows an attacker to craft a
Episode
00:00:00
00:00:00