All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.

ALL

16

Explore our Knowledge Center for comprehensive data and governance resources. Access articles, guides, and insights to enhance your security practices.

I break down and dissect cyber security related tech news.

zSecurity is a leading provider of ethical hacking and cyber security training, we teach hacking and security to help people become ethical hackers so they can test and secure systems from black-hat hackers.

The Ethernaut is a Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players.

A portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It's fully open-source and customizable, so you can extend it in whatever way you like.

Welcome to Google's Bug Hunting community, learn more about hunting & reporting bugs you’ve found in Google products.

Whether you've just started your hacker journey or you're just looking for some new challenges, the Hacker101 CTF has something for you.

All in One Hacking tool For Hackers

The cybersecurity upskilling platform. Hack The Box gives individuals, businesses and universities the tools they need to continuously improve their cybersecurity capabilities — all in one place.

The world’s first bug bounty platform for AI/ML. huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications, including those powered by Open Source Software (OSS).

Free Cybersecurity Education and Ethical Hacking.

Learn to harness next-gen technologies to build the bridges that will lead us to a better tomorrow.

just a wannabe hacker... making videos about various IT security topics and participating in hacking competitions.

Mr Loi Liang Yang is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker and CompTIA Security+ cybersecurity consultant. Loi advises large enterprises including multiple fortune 500 companies on security strategy to protect against advanced threats.

My name is Brandon Marshall (aka Marsh) I am currently working as an Offensive Security Researcher. A majority of my time is spent developing internal Red Team tooling, reverse engineering, and exploit creation.

Microsoft offers cash awards for finding and reporting certain types of vulnerabilities and exploitation techniques.

Build skills that open doors. See all you can do with documentation, hands-on training, and certifications to help you get the most from Microsoft products.

Welcome to the official MR. ROBOT [mr.rob0t] channel where you can catch all the best moments from the series and join Elliot (Rami Malek) on his mission to bring down the big corporations he's paid to protect.

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

Web Application Security Researcher

The PC Security Channel is your go to place for cybersecurity. We test security products and create some of the best educational content about malware and threat analysis and other infosec topics.

Atomic Red Team™ is library of tests mapped to the MITRE ATT&CK framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.

Penetration Testing and Red Teaming blogs, webcasts, and podcasts created by the pen testers and security analysts of Black Hills Information Security.

Censys helps organizations, individuals, and researchers find and monitor every server on the Internet to reduce exposure and improve security.

Top auditors compete to keep high severity bugs out of production. Start a public or private audit within 48 hours.

Email surveillance violates our fundamental rights and makes free speech risky. This guide will teach you email self-defense in 40 minutes with GnuPG.

exploit.education provides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues.

Next Generation End-To-End Encrypted Cloud Storage.

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub Security Lab researchers find vulnerabilities in key, widely-used open source projects. We then coordinate the disclosure of those vulnerabilities to security teams at those projects. We only publish vulnerabilities here after they’ve been announced by the affected projects' development teams and patches are available. See our disclosure policy below for more information.

16