TARLOGIC's BLOG
Cybersecurity

Cybersecurity articles with security analysis and ethical hacking technics information

BadSuccessor: Escalating Privilege Using dMSA Abuse in Active Directory
BadSuccessor: Escalating Privilege Using dMSA Abuse in Active Directory
S.T.A².R.S Team

The BadSuccessor vulnerability present in Windows Server 2025 allows an attacker to escalate privileges to obtain domain administrator privileges Akamai researchers have discovered[...]

Read more
CVE-2025-32433: Remote Code Execution in Erlang/OTP SSH Server
CVE-2025-32433: Remote Code Execution in Erlang/OTP SSH Server
S.T.A².R.S Team

CVE-2025-32433 allows remote code execution on the Erlang/OTP SSH server without prior authentication CVE-2025-32433, a critical vulnerability affecting the SSH server implemented [...]

Read more
Critical IngressNightmare vulnerability affects the Kubernetes Ingress NGINX Controller
Critical IngressNightmare vulnerability affects the Kubernetes Ingress NGINX Controller
S.T.A².R.S Team

Information has been disclosed about IngressNightmare, a set of five new vulnerabilities affecting the Kubernetes Ingress NGINX Controller. IngressNightmare could allow a remote a[...]

Read more
ESP32 hidden HCI vendor commands, technical details and use cases
ESP32 hidden HCI vendor commands, technical details and use cases
Miguel Tarascó Acuña, Antonio Vázquez Blanco

This article takes an in-depth look at the hidden commands in the ESP32 chip and the use cases that can be exploited[...]

Read more
CVE-2024-58101
CVE-2024-58101

CVSS v4.0 Score: 8.5 / High   Samsung Audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. Vendor: SamsungProducts: Galaxy[...]

Read more
Hacking Bluetooth the Easy way with ESP32 HCI Commands and hidden features
Hacking Bluetooth the Easy way with ESP32 HCI Commands and hidden features
Miguel Tarascó Acuña, Antonio Vázquez Blanco

This article documents the Bluetooth research line driven by Tarlogic Security as well as data on the ESP32 chip[...]

Read more
CVE-2025-1094: High vulnerability affects PostgreSQL
CVE-2025-1094: High vulnerability affects PostgreSQL
S.T.A².R.S Team

In recent days, a critical vulnerability (CVE-2025-1094) has been discovered in PostgreSQL that could compromise the integrity of databases in enterprise and production environment[...]

Read more
Pentesting Liferay Applications
Pentesting Liferay Applications
Víctor Fresco

This Pentesting Liferay Applications guide includes techniques that can be used to identify vulnerabilities and flaws in Liferay environments Liferay is a platform developed in the[...]

Read more
CVE-2024-49138: Risk in CLFS Log Handling on Windows
CVE-2024-49138: Risk in CLFS Log Handling on Windows
S.T.A².R.S Team

A high-severity vulnerability has been discovered affecting the Common Log File System (CLFS) functionality in Windows systems. This vulnerability, identified as CVE-2024-49138, al[...]

Read more
CVE-2024-53677: Critical vulnerability affecting Apache Struts
CVE-2024-53677: Critical vulnerability affecting Apache Struts
S.T.A².R.S Team

Information has been disclosed about a new critical vulnerability affecting the popular Apache Struts framework. The CVE-2024-53677 vulnerability could allow a remote attacker to e[...]

Read more
1 2 3 4 13
Advanced penetration testing services