내가 좋아할 만한 콘텐츠
💥 Wiz Research has uncovered a critical Redis vulnerability that's been hiding for 13 years We found RediShell (CVE-2025-49844): an RCE bug in Redis that affects every version of Redis out there. It's rated CVSS 10 - the highest severity possible. The vulnerability lets…
I'm improving my co-hacking AI system (built on Claude Code). One of the coolest new things I added to it was @browserbase's MCP server. It only took 20 seconds to add, and now it can take UI-based actions on any website. Here Claude used it to make a ChatGPT account: 😝
Lavamoat. It was literally built for supply chain attacks. It would've prevented the malicious code from monkey patching globals (`xmlhttprequest`, `fetch`, `window.ethereum`) at runtime. It's free. Tell your favorite dapp dev. npmjs.com/package/@lavam…
treat your code like bonsai, ai makes it grow faster, you have to prune it from time to time to keep its structure and establish the overall design
appsec engineers be like, "surely noone can bypass ssl pinning on iOS, no one can reverse-engineer iOS binaries, no need to ratelimit the mobile API!" lmeow
Prompt engineering feels like doing science experiments, have a variety of inputs their corresponding intended outputs, and come up with a scoring system to evaluate the accuracy, then we slowly work on our prompt to maximize the accuracy score while balancing time + cost.
Novel jailbreak discovered. Not only does OpenAi putting your name in the system prompt impact the way GPT responds, but it also opens the model up to a prompt INSERTION. Not injection. You can insert a trigger into the actual system prompt, which makes it nigh indefensible.
AI agents that can browse the Web and perform tasks on your behalf have incredible potential but also introduce new security risks. We recently found, and disclosed, a concerning flaw in Perplexity's Comet browser that put users' accounts and other sensitive info in danger.
When you make money, the first thing you have to do is "fix your health issues." All other things can wait.
I recently discovered a critical race condition vulnerability at a multi-million dollar investment firm! The vulnerability allowed attackers to execute a single-packet attack that bypassed financial controls, potentially enabling: ✅ Purchasing stocks worth twice the available…
Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover" You can read the full write-up here: zere.es/posts/cache-de…
🚨 You Forgot, I Remembered: Mass DNS Takeovers and Thousands at Risk Over 40,000 domains on DigitalOcean’s Cloud DNS were taken over using serverless automation & OSINT. Full research 👇 smaranchand.com.np/2025/07/you-fo… #CloudSecurity #DNS #DigitalOcean #AppSec #BugBounty
🕵️♂️ 🎩 The desync endgame has just begun. New expert lab has just dropped. Straight from @albinowax’s #BHUSA talk: Understand the latest request smuggling techniques, sharpen your skills, unlock new bounties, and solidify your organization’s defenses with the new expert lab ⬇️…
🚨 One container in Amazon ECS can now hijack all others’ AWS creds on the same EC2 host. Researchers exposed a stealthy privilege escalation chain called ECScape — no exploit, just abusing AWS internals. Amazon: "Working as designed." Details → thehackernews.com/2025/08/resear…
United States 트렌드
- 1. Yamamoto 48.6K posts
- 2. #DWTS 44.6K posts
- 3. halsey 9,291 posts
- 4. Growth Path 1,678 posts
- 5. #FlyTogether 2,936 posts
- 6. Young Republicans 77.4K posts
- 7. Jared Butler N/A
- 8. #MOST_WANTED_IN_CHICAGO 1,286 posts
- 9. Kreider 1,337 posts
- 10. #TexasHockey 3,439 posts
- 11. Ohtani 14.3K posts
- 12. Cuffem 2,762 posts
- 13. #RHOSLC 4,851 posts
- 14. TOKYO NARITA N/A
- 15. Tami 4,627 posts
- 16. Lucia 63.7K posts
- 17. Will Richard 2,688 posts
- 18. bush 40.8K posts
- 19. Ayton 2,538 posts
- 20. Robert 107K posts
Something went wrong.
Something went wrong.