Numen Cyber of Singapore Forms Strategic Partnership with SINNET CLOUD HK LIMITED of Hong Kong
Numen Cyber, a leading Singapore-based cybersecurity firm, announced a strategic partnership with BEIJING SINNET TECHNOLOGY CO., LTD. of Hong Kong. This collaboration focuses on enhancing the security of cloud server …
Web3 Security: ledgerhq/connect-kit supply chain attack warning
Affected versions ledgerhq/connect-kit 1.1.5 ledgerhq/connect-kit 1.1.6 ledgerhq/connect-kit 1.1.7 Event Analysis The Numen security team discovered that Ledger’s Ledgerhq/connect-kit module has been implanted with malicious phishing code, and that a large …
Use Wasm to Bypass Latest Chrome v8sbx Again
01 – Introduction On November 2, 2023, POC2023 took place as scheduled in South Korea. I was fortunate to attend this conference where YYJB and I presented on the topic …
OctoPrint Remote Code Execution Vulnerability (CVE-2023–41047)
Preface OctoPrint is an open source 3D printer controller application that provides a web interface for connected printers. It displays printer status and key parameters, and supports scheduling print jobs …
Numen Cyber Labs vulnerability researchers have discovered an SSRF vulnerability in Apache ShenYu< version 2.6 (CVE-2023–25753)
Preface Apache ShenYu is a Java native API Gateway for service proxy, protocol conversion and API governance. Description Numen Cyber Labs vulnerability researchers have discovered an SSRF vulnerability in Apache …
Use Native Pointer of Function to Bypass The Latest Chrome v8 Sandbox (exp of issue1378239)
0x00-Preface On July 21, 2023, @5aelo published a new discussion document on v8 sandbox: Function Pointer Wrapping. Given that this bypass will be patched by Chrome’s pointer wrapping mitigation in the future, this …