RSS 238

• When Encryption Isn’t Really Encryption May 28, 2026
• Less panic patching, more precision May 28, 2026
• Adversarial Oracles: LLM-Guided EDR Signature Reduction May 28, 2026
• Grading on a curve: How to assess a pentest May 28, 2026
• Visual Studio Extensions Revisited May 28, 2026
• 2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface May 28, 2026
• DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap May 28, 2026
• From Exploit Code to Production Detection: Building a CVE-2026-31431 (Copy Fail) detection with Agents May 28, 2026
• Out of the Crypt: The Evolving Cyber Extortion Economy May 27, 2026
• MediaArea heap-based buffer overflow vulnerabilities May 27, 2026
• Bad Habits: An ANTISOC Operation May 27, 2026
• Investigating suspicious AI workflows in Microsoft Entra Agent ID: Autonomous agents May 27, 2026
• Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake May 27, 2026
• How to detect HTTP/2 abuse in Apache web server logs May 27, 2026
• Comparing AI Application Security Testing Platforms May 26, 2026
• Module Stomping PIC May 26, 2026
• Intelligence Insights: May 2026 May 26, 2026
• PCI DSS, Telephone Payments, and the Problems With VoIP May 26, 2026
• Exploring Agent based Cloud Review Capabilities May 26, 2026
• Critical vulnerability in Mirasvit Cache Warmer for Magento May 26, 2026
• Breaking Tenant Boundaries, When Path Traversal Isn't About the Filesystem May 25, 2026
• AWS Security Digest #262 - Not private May 25, 2026
• Navigating Lax Load Balancers: When an Intersection Gets You Inside May 24, 2026
• Remove SPNs and Fix Kerberoasting May 24, 2026
• Negative-Days with Vulnerability Spoiler Alert: Three Months Later May 24, 2026
• HTB: MonitorsFour May 23, 2026
• How to Secure Your Enterprise LLM Deployment May 23, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 21 May 22, 2026
• RemotePE: The Lazarus RAT that lives in memory May 22, 2026
• Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns May 22, 2026
• We hardened zizmor's GitHub Actions static analyzer May 22, 2026
• Paved With Intent: ROADtools and Nation-State Tactics in the Cloud May 22, 2026
• Securing AI agents: Why guardrail placement is a key design decision May 22, 2026
• Striga: Lifting x86 to LLVM IR with Python May 21, 2026
• Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem May 21, 2026
• Unpatchable Vulnerabilities of Kubernetes: CVE-2021-25740 May 21, 2026
• Tracking TamperedChef Clusters via Certificate and Code Reuse May 20, 2026
• SVD-2026-0515: Third-Party Package Updates in Splunk User Behavior Analytics - May 2026 May 20, 2026
• SVD-2026-0512: Third-Party Package Updates in Splunk AppDynamics Private Synthetic Agent (PSA) - May 2026 May 20, 2026
• Reduce CVE noise with OpenVEX assessments in Datadog May 20, 2026
• Parallel Intelligence and Cognitive Warfare May 20, 2026
• durabletask: TeamPCP's Latest PyPi Compromise May 19, 2026
• TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities May 19, 2026
• From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat May 19, 2026
• Coverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for Open-Ended Agentic Workflows May 19, 2026
• When Filenames Become Attack Surfaces: Weaponizing NASA's CFITSIO Extended Filename Syntax May 18, 2026
• How OLTs may have exposed entire ISP networks May 18, 2026
• Distinguished paper award for Phoenix! May 18, 2026
• SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain May 18, 2026
• AWS Security Digest #261 - Pretending May 18, 2026
• Pathfinding Labs: Deploy, test, and learn from 100+ intentionally vulnerable AWS environments May 18, 2026
• HTB: Pterodactyl May 16, 2026
• Living Off the Pipeline: Defending Against CI/CD Subversion May 15, 2026
• Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files May 15, 2026
• Design-Based Vulnerabilities on macOS： Oops, Not a One-Shot Fix May 15, 2026
• Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities May 14, 2026
• Finding Your Way on the Passkey Path May 14, 2026
• Critical FunnelKit vulnerability threatens 40,000+ WooCommerce checkouts May 14, 2026
• Backdoored node-ipc npm releases steal developer credentials through DNS queries May 14, 2026
• Backdoored Cemu release linked to TanStack and Mistral supply chain campaign May 14, 2026
• The Convergence of Cloud Secrets & AI Risk May 13, 2026
• Your Login Page Is Lying: What AI Agents Find When They Read Your Frontend May 13, 2026
• How to Identify and Exploit New Vulnerabilities May 13, 2026
• Investigating server compromises with cgroups: A Linux DFIR primer May 13, 2026
• A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens May 13, 2026
• Microsoft Patch Tuesday – May 2026 May 13, 2026
• Shai-Hulud Goes Open Source May 13, 2026
• Disclosure: Teachable's CDN Is Stealing From Teachers May 13, 2026
• Composer vulnerability leaks GitHub tokens, threatens PHP supply chain May 13, 2026
• Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities May 12, 2026
• The beast needs a cage: What's next for AppSec post-Mythos May 12, 2026
• Keys to the Kingdom Live Stripe Credentials Exposed via Unauthenticated OAuth Endpoint May 12, 2026
• Nuclei Templates - April 2026 May 12, 2026
• Go fuzzing was missing half the toolkit. We forked the toolchain to fix it. May 12, 2026
• State-sponsored actors, better known as the friends you don’t want May 12, 2026
• Slamming the Door on Quick Assist Tech Support Scams and Abuse May 12, 2026
• Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised May 12, 2026
• Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools May 11, 2026
• Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware May 11, 2026
• AWS Security Digest #260 - May 11, 2026
• Malicious Coding Agent Skills and the Risk of Dynamic Context May 11, 2026
• Personal Software and BaremetalVMM May 10, 2026
• The Accidental C2 - Exploring Dev Tunnels for Remote Access May 9, 2026
• HTB: Overwatch May 9, 2026
• Hunting ClickFix Win + X Variants May 8, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 19 May 8, 2026
• Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC May 8, 2026
• Oh MyAudi! May 8, 2026
• Claude Code Cost Tracking: AWS Bedrock vs Pro Max (Part 2) — Tag Propagation, Sydney Migration, Bug Fixes May 8, 2026
• Remote Code Execution Vulnerability in Fooocus May 8, 2026
• Kubernetes security fundamentals: Secrets May 8, 2026
• The New Reality in Cybersecurity: AI Agents, Acceleration, and Asymmetry May 7, 2026
• Spring cleaning your browser May 7, 2026
• GRC in an AI World - Staying in the Fast Lane Without Losing the Race! May 7, 2026
• Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution May 7, 2026
• Gibbon v30.0.00: Authenticated SQL Injection and RCE May 6, 2026
• The IGVM File Format May 6, 2026
• Open-Sourcing 140+ Weaponisable File Type Samples: Test What Your Defences Actually Block May 6, 2026
• Swapper – A Pure Regex Match/Replace Burp Extension May 6, 2026
• Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild May 6, 2026
• Insights into the clustering and reuse of phone numbers in scam emails May 6, 2026
• Breaking SameSite=Strict in Chrome May 6, 2026
• Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years May 5, 2026
• [Deprecated] Break LLM Workflows with Claude's Refusal Magic String May 5, 2026
• C/C++ checklist challenges, solved May 5, 2026
• UAT-8302 and its box full of malware May 5, 2026
• CloudZ RAT potentially steals OTP messages using Pheno plugin May 5, 2026
• pyghidra-mcp Meets Ghidra GUI: Drive Project-Wide RE with Local AI May 5, 2026
• The Defensive Stack is Exposed: LLMs, Reverse Engineering, and the End of Opaque Defense May 5, 2026
• The Danger of Multi-SSO AWS Cognito User Pools May 4, 2026
• Paramiko Security Audit May 4, 2026
• Redis array type: short story of a long development May 4, 2026
• AWS Security Digest #259 - Better late May 4, 2026
• Evaluating our Threat Hunting Detection Rules (+ KQL Query Evaluation) May 4, 2026
• Chaining ISC DHCP Server Features for Unauthenticated Root Remote Code Execution May 2, 2026
• Tuned by Design: Why Detection Engineering Needs Its Own Development Lifecycle May 2, 2026
• Essential Data Sources for Detection Beyond the Endpoint May 1, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 18 May 1, 2026
• The Life-Dinner Principle in Detection May 1, 2026
• 3 ways custom scan checks turn practitioner knowledge into scalable automation May 1, 2026
• Discovering Vulnerabilities in Enterprise Audiovisual Hardware May 1, 2026
• That AI Extension Helping You Write Emails? It’s Reading Them First Apr 30, 2026
• ARP Around and Find Out: Hijacking GPO UNC Paths for Code Execution and NTLM Relay Apr 30, 2026
• Auditing Application Permissions in Microsoft Entra ID: Hidden Risks, Pitfalls, and Quarkslab's QAZPT Tool Apr 29, 2026
• (CVE-2026-41873) Apache Pony Mail CRLF Injection and SSRF Leading to Full Account Takeover Apr 28, 2026
• When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks Apr 23, 2026
• Identifying and containing a data breach Apr 23, 2026
• You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be. Apr 23, 2026
• IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist Apr 23, 2026
• Bad Apples: Weaponizing native macOS primitives for movement and execution Apr 22, 2026
• Phishing and MFA exploitation: Targeting the keys to the kingdom Apr 22, 2026
• 500,000 Vulnerabilities, 14 That Matter: How Exploit Chain Analysis Cuts Through the Noise Apr 22, 2026
• Microsoft Entra ID: Understanding OAuth App Consent and Permissions Apr 22, 2026
• Some notes on the security properties of the pipe_buffer kernel object Apr 22, 2026
• From a Regular Red Team Exercise to Developing a Custom C2 Channel over MS Teams Apr 22, 2026
• From Code to Pipeline: Wiz Code Now Secures Your Build Environment Apr 21, 2026
• Context.ai OAuth Token Compromise Apr 21, 2026
• Fracturing Software Security With Frontier AI Models Apr 21, 2026
• Threat Hunting via InternetMessageId (+ KQL Queries) Apr 21, 2026
• Detection Visibility Metrics Apr 21, 2026
• AWS Security Digest #257 - Myth not Mythos? Apr 21, 2026
• swic: a simple web interface for calibre Apr 21, 2026
• Pickling the Mailbox: A Deep Dive into CVE-2025-20393 Apr 20, 2026
• CFITSIO Fuzzing: Memory Corruptions and a Codex-Assisted Pipeline Apr 20, 2026
• HTB: AirTouch Apr 19, 2026
• SQLite prefixes its temp files with `etilqs_` Apr 19, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 16 Apr 18, 2026
• We beat Google’s zero-knowledge proof of quantum cryptanalysis Apr 18, 2026
• The Mythos Effect: Preparing for AI-Accelerated Exploitation Apr 18, 2026
• Mythos, Memory Loss, and the Part InfoSec Keeps Missing Apr 18, 2026
• Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) Apr 18, 2026
• Beyond the Perimeter How an On-Premises Domain Admin Compromise Unlocked the Cloud Apr 18, 2026
• Anonymous credentials: an illustrated primer (Part 2) Apr 18, 2026
• Spotting CI/CD misconfigurations before the bots do: Securing GitHub Actions with Datadog IaC Security Apr 17, 2026
• Obfuscation vs the Optimizer: An LLVM Middle-End Arms Race Apr 17, 2026
• A Deep Dive Into Attempted Exploitation of CVE-2023-33538 Apr 17, 2026
• The case for dependency cooldowns in a post-axios world Apr 17, 2026
• PowMix botnet targets Czech workforce Apr 17, 2026
• Foxit, LibRaw vulnerabilities Apr 17, 2026
• AI cybersecurity is not proof of work Apr 17, 2026
• Signed, Trusted, and Abused: Proxy Execution via WebView2 Apr 16, 2026
• Identity, browsers, and node.js: Everything you missed in the Threat Detection Report miniseries Apr 16, 2026
• Shadow Admins in Active Directory: Hidden Privilege Paths Attackers Exploit Apr 16, 2026
• LmCompatibilityLevel and the PDC Trap Apr 16, 2026
• SVD-2026-0407: Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app Apr 16, 2026
• SVD-2026-0405: Third-Party Package Updates in Splunk Enterprise - April 2026 Apr 16, 2026
• Business CTF 2022: H2 Request Smuggling and SSTI - Phishtale Apr 16, 2026
• Uni CTF 2022: UNIX socket injection to custom RCE POP chain - Spell Orsterra Apr 16, 2026
• Finding RCE in NodeJS templating engine ‘Eta’ - CVE-2022-25967 Apr 16, 2026
• Business CTF 2022: Chaining Self XSS with Cache Poisoning - Felonious Forums Apr 16, 2026
• Performing Supply-Chain Attack in the NodeJS Ecosystem [hands-on exercise] Apr 16, 2026
• The n8n n8mare: How threat actors are misusing AI workflow automation Apr 15, 2026
• Can a Predicted `window.open` Target Really Be That Impactful? Apr 15, 2026
• Slacker Slash: Bypassing Bun Security Middleware via Normalization Desync Apr 15, 2026
• Chaining service key leakage and path confusion in LangSmith (Resolved) Apr 15, 2026
• Authenticated Arbitrary File Read via Race Condition leads to 0-Click Account Take Over on n8n Apr 15, 2026
• The Dot-Dot-Slash That Frameworks Hand You: CSPT Across Every Major Frontend Framework Apr 15, 2026
• Detect runtime threats in Python Lambda functions with Datadog AAP Apr 15, 2026
• BSIM explained once and for all! Apr 15, 2026
• Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2) Apr 15, 2026
• Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack Apr 15, 2026
• Benchmarking Self-Hosted LLMs for Offensive Security Apr 15, 2026
• State-sponsored threats: Different objectives, similar access paths Apr 15, 2026
• Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities Apr 15, 2026
• Intercepting WCF Traffic with wcfproxy Apr 15, 2026
• Microsoft Patch Tuesday – April 2026 Apr 15, 2026
• Mythos and its impact on security Apr 15, 2026
• Citrix Breakout When Restricted Means Nothing Apr 15, 2026
• Binary Ninja 5.3 (Jotunheim) Apr 14, 2026
• AWS Security Digest #256 - TY Mythos Apr 14, 2026
• JitterDropper Apr 14, 2026
• Fixing ESC8 - Web Enrollment is enabled over HTTP and HTTPS, and Channel Binding is disabled Apr 14, 2026
• LibreNMS < 26.3.0 Authenticated RCE & XSS Apr 14, 2026
• Validating Browser Defences with Push Security and delivr.to Apr 13, 2026
• IrDA Apr 12, 2026
• HTB: Eighteen Apr 12, 2026
• Introducing our open source AI-native SAST Apr 11, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 15 Apr 11, 2026
• Security’s Blind Spot: Physical Keyloggers That Bypass Antivirus Entirely Apr 11, 2026
• Bypassing LLM Supervisor Agents Through Indirect Prompt Injection Apr 11, 2026
• 283 - The Future Apr 11, 2026
• Tearing down a car telematic unit (and finding an accident on Facebook) Apr 10, 2026
• Edge Decay: How a Failing Perimeter Is Fueling Modern Intrusions Apr 10, 2026
• Master C and C++ with our new Testing Handbook chapter Apr 10, 2026
• IAM the Captain Now – Hijacking Azure Identity Access Apr 10, 2026
• Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8562 Apr 10, 2026
• From the field to the report and back again: How incident responders can use the Year in Review Apr 10, 2026
• The threat hunter’s gambit Apr 10, 2026
• How We Cut LLM Costs by 59% With Prompt Caching Apr 10, 2026
• Scanscope: Visualizing Port Scan Results Using Machine Learning Methods Apr 10, 2026
• Crystal Mask Apr 10, 2026
• Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API Apr 9, 2026
• CI/CD security: How to secure your GitHub ecosystem Apr 9, 2026
• CI/CD security: threat modeling using a MITRE-style threat matrix Apr 9, 2026
• Cracks in the Bedrock: Agent God Mode Apr 9, 2026
• New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations Apr 9, 2026
• AI in cybersecurity: The good, the bad, and the FUD Apr 9, 2026
• Scroll trīgintā sextus Apr 9, 2026
• Year in Review: Vulnerabilities old and new and something React2 Apr 8, 2026
• Yandex Services Source Code Leak Apr 8, 2026
• What we learned about TEE security from auditing WhatsApp's Private Inference Apr 8, 2026
• What enables malicious models? Apr 8, 2026
• Using KServe to deploy malicious models Apr 8, 2026
• The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines Apr 8, 2026
• Reversing ELFs on TryHackMe: Crackme8 Apr 8, 2026
• Remote Session Enumeration via Undocumented Windows APIs Apr 8, 2026
• PrivEsc: Abusing the Service Control Manager for Stealthy & Persistent LPE Apr 8, 2026
• Model Confusion - Weaponizing ML models for red teams and bounty hunters Apr 8, 2026
• Kernel Drivers, Process Protection, and ...Bears? Apr 8, 2026
• Introducing the Offsec ML Playbook v0.1 Apr 8, 2026
• Introducing MacNoise! Apr 8, 2026
• Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox Apr 8, 2026
• Building a Detection Foundation: Part 5 - Correlation in Practice Apr 8, 2026
• Adversaries sometimes compute gradients. Other times, they rob you. Apr 8, 2026
• What is LLM Penetration Testing? A Complete Guide Apr 7, 2026
• Understanding Current Threats to Kubernetes Environments Apr 7, 2026
• HTB: DarkZero Apr 5, 2026
• Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign Apr 4, 2026