Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Security Boulevard

Dust Specter APT Targets Government Officials in Iraq

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...
Security Boulevard

Web Single Sign-On: Understanding WS-Federation

Master WS-Federation for enterprise SSO. Learn how Passive Requestor Profiles bridge legacy ASP.NET, SharePoint, and ADFS ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
GitHub

Erixcode/Base64_decode_Salt

Decode BASE64 salted with AES, OpenSSL, PBKDF2, ... Use Case: you find a hash which looks like base64 but hashid identifies it as UNKNOWN. AES: Normal "base64 -d" results in unreadable content. the ...
GitHub

AmneziaVPN Config Decoder & Encoder

This Python script converts AmneziaVPN configurations between Base64-encoded strings and JSON format. vpn://AAAGX..: The Base64-encoded string containing the AmneziaVPN configuration.-o output.json: ...