Resources

Blogs, Latest Research, Announcements, and more

Numen Cyber of Singapore Forms Strategic Partnership with SINNET CLOUD HK LIMITED of Hong Kong

Numen Cyber, a leading Singapore-based cybersecurity firm, announced a strategic partnership with BEIJING SINNET TECHNOLOGY CO., LTD. of Hong Kong. This collaboration focuses on enhancing the security of cloud server and cloud service business scenarios. Numen Cyber, dedicated to...

Web3 Security: ledgerhq/connect-kit supply chain attack warning

Affected versions ledgerhq/connect-kit 1.1.5 ledgerhq/connect-kit 1.1.6 ledgerhq/connect-kit 1.1.7 Event Analysis The Numen security team discovered that Ledger’s Ledgerhq/connect-kit module has been implanted with malicious phishing code, and that a large number of dapps integrate this functionality, with no clear...

Use Wasm to Bypass Latest Chrome v8sbx Again

01 – Introduction On November 2, 2023, POC2023 took place as scheduled in South Korea. I was fortunate to attend this conference where YYJB and I presented on the topic of “Modern Chrome Exploit Chain Development.” Given the title...

OctoPrint Remote Code Execution Vulnerability (CVE-2023–41047)

Preface OctoPrint is an open source 3D printer controller application that provides a web interface for connected printers. It displays printer status and key parameters, and supports scheduling print jobs and controlling the printer remotely. Description Numen Security Labs...

Numen Cyber Labs vulnerability researchers have discovered an SSRF vulnerability in Apache ShenYu< version 2.6 (CVE-2023–25753)

Preface Apache ShenYu is a Java native API Gateway for service proxy, protocol conversion and API governance. Description Numen Cyber Labs vulnerability researchers have discovered an SSRF vulnerability in Apache ShenYu< version 2.6. CVE ID CVE-2023–25753 Impacts version <...
Uncategorized

Numen Cyber of Singapore Forms Strategic Partnership with SINNET CLOUD HK LIMITED of Hong Kong

Numen Cyber, a leading Singapore-based cybersecurity firm, announced a strategic partnership with BEIJING SINNET TECHNOLOGY CO., LTD. of Hong Kong. This collaboration focuses on enhancing the security of cloud server …

Research

Web3 Security: ledgerhq/connect-kit supply chain attack warning

Affected versions ledgerhq/connect-kit 1.1.5 ledgerhq/connect-kit 1.1.6 ledgerhq/connect-kit 1.1.7 Event Analysis The Numen security team discovered that Ledger’s Ledgerhq/connect-kit module has been implanted with malicious phishing code, and that a large …

Blog

Use Wasm to Bypass Latest Chrome v8sbx Again

01 – Introduction On November 2, 2023, POC2023 took place as scheduled in South Korea. I was fortunate to attend this conference where YYJB and I presented on the topic …

Blog

OctoPrint Remote Code Execution Vulnerability (CVE-2023–41047)

Preface OctoPrint is an open source 3D printer controller application that provides a web interface for connected printers. It displays printer status and key parameters, and supports scheduling print jobs …

Blog

Numen Cyber Labs vulnerability researchers have discovered an SSRF vulnerability in Apache ShenYu< version 2.6 (CVE-2023–25753)

Preface Apache ShenYu is a Java native API Gateway for service proxy, protocol conversion and API governance. Description Numen Cyber Labs vulnerability researchers have discovered an SSRF vulnerability in Apache …

Blog

Use Native Pointer of Function to Bypass The Latest Chrome v8 Sandbox (exp of issue1378239)

0x00-Preface On July 21, 2023, @5aelo published a new discussion document on v8 sandbox: Function Pointer Wrapping. Given that this bypass will be patched by Chrome’s pointer wrapping mitigation in the future, this …