TARLOGIC's BLOG
Cybersecurity

Cybersecurity articles with security analysis and ethical hacking technics information

CVE-2025-55182: The Critical Remote Code Execution (RCE) Vulnerability in React Server Components
CVE-2025-55182: The Critical Remote Code Execution (RCE) Vulnerability in React Server Components
MxDR Team

The critical vulnerability CVE-2025-55182 allows an unauthenticated attacker to execute arbitrary code on the server and is already being actively exploited[...]

Read more
Reverse Engineering Dahua NVR/XVR Devices and Breaking Their Boot Security
Reverse Engineering Dahua NVR/XVR Devices and Breaking Their Boot Security
Antonio Vázquez Blanco

Reverse engineering of Dahua NVR-XVR devices revealed weaknesses in the implementation of security mechanisms[...]

Read more
BadSuccessor: Escalating Privilege Using dMSA Abuse in Active Directory
BadSuccessor: Escalating Privilege Using dMSA Abuse in Active Directory
S.T.A².R.S Team

The BadSuccessor vulnerability present in Windows Server 2025 allows an attacker to escalate privileges to obtain domain administrator privileges Akamai researchers have discovered[...]

Read more
CVE-2025-32433: Remote Code Execution in Erlang/OTP SSH Server
CVE-2025-32433: Remote Code Execution in Erlang/OTP SSH Server
S.T.A².R.S Team

CVE-2025-32433 allows remote code execution on the Erlang/OTP SSH server without prior authentication CVE-2025-32433, a critical vulnerability affecting the SSH server implemented [...]

Read more
Critical IngressNightmare vulnerability affects the Kubernetes Ingress NGINX Controller
Critical IngressNightmare vulnerability affects the Kubernetes Ingress NGINX Controller
S.T.A².R.S Team

Information has been disclosed about IngressNightmare, a set of five new vulnerabilities affecting the Kubernetes Ingress NGINX Controller. IngressNightmare could allow a remote a[...]

Read more
ESP32 hidden HCI vendor commands, technical details and use cases
ESP32 hidden HCI vendor commands, technical details and use cases
Miguel Tarascó Acuña, Antonio Vázquez Blanco

This article takes an in-depth look at the hidden commands in the ESP32 chip and the use cases that can be exploited[...]

Read more
CVE-2024-58101
CVE-2024-58101

CVSS v4.0 Score: 8.5 / High   Samsung Audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. Vendor: SamsungProducts: Galaxy[...]

Read more
Hacking Bluetooth the Easy way with ESP32 HCI Commands and hidden features
Hacking Bluetooth the Easy way with ESP32 HCI Commands and hidden features
Miguel Tarascó Acuña, Antonio Vázquez Blanco

This article documents the Bluetooth research line driven by Tarlogic Security as well as data on the ESP32 chip[...]

Read more
CVE-2025-1094: High vulnerability affects PostgreSQL
CVE-2025-1094: High vulnerability affects PostgreSQL
S.T.A².R.S Team

In recent days, a critical vulnerability (CVE-2025-1094) has been discovered in PostgreSQL that could compromise the integrity of databases in enterprise and production environment[...]

Read more
Pentesting Liferay Applications
Pentesting Liferay Applications
Víctor Fresco

This Pentesting Liferay Applications guide includes techniques that can be used to identify vulnerabilities and flaws in Liferay environments Liferay is a platform developed in the[...]

Read more
1 2 3 4 14
Advanced penetration testing services