Może Ci się spodobać
Very excited to announce our open-sourcing of Access! A centralized portal for Discord employees to transparently discover, request, and manage their access for all internal systems needed to do their jobs discord.com/blog/access-a-…
Incredibly excited to share the Agents Rule of Two, a framework for reasoning about security risks and tradeoffs when developing and deploying AI Agents. ai.meta.com/blog/practical…
Proud to introduce Aardvark, our agentic security researcher powered by GPT-5. Aardvark hunts for vulnerabilities the way a security engineer would: by reading and analyzing code, writing and running tests, and proposing patches. Now in private beta. openai.com/index/introduc…
Now in private beta: Aardvark, an agent that finds and fixes security bugs using GPT-5. openai.com/index/introduc…
Security companies don’t have bad security by accident, they have it by incentive.
my latest investigation for @ConsumerReports is based on months of reporting and 60+ lab tests of leading protein supplements we found that most protein powders and shakes have more lead in one serving than our experts say is safe to have in a day — some by more than 10 times !
💥 Wiz Research has uncovered a critical Redis vulnerability that's been hiding for 13 years We found RediShell (CVE-2025-49844): an RCE bug in Redis that affects every version of Redis out there. It's rated CVSS 10 - the highest severity possible. The vulnerability lets…
Cisco just confirmed that multiple zero-days against ASA/FTD VPN web services were exploited in the wild. CISA followed up with an Emergency Directive ordering federal agencies to inventory, patch, or disconnect affected devices. The last 3 Cisco advisories are directly tied to…
Good CISO / Bad CISO. Explore the characteristics of each and see where your team can improve. Thanks to the collaboration on this post with @michaelaiello philvenables.com/post/good-ciso…
philvenables.com
Good CISO / Bad CISO
In a first for this blog here is a post I worked on with Mike Aiello, a former colleague from Goldman Sachs and Google and someone, like me, who has worked multiple security and engineering roles...
We got @NotionHQ to leak your private Notion pages 💀 On Thursday @NotionHQ announced Notion 3.0 with support for custom agents using MCP (built by @AnthropicAI) — powerful, but dangerous. @simonw calls these MCP related attacks the “lethal trifecta”: the combination of LLMs,…
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems. security.apple.com/blog/memory-in…
A recent security issue announced by Salesloft has impacted many companies, including Cloudflare. This post provides a timeline of the attack, details our response, and offers security recommendations to help other organizations mitigate the effects of this attack.…
Over the years, I've made a conscious effort to always speak to the "why", even when not directly asked. If I'm providing a recommendation on what to do, I need to also say why I think it is right. If I'm explaining what something is, I need to also explain why it is significant.
Sorry cybersecurity mutuals, I really want to engage with your posts, but I have no idea what y’all are talking about half the time, and I just realized that’s because it’s about Windows. And sorry but I’m not learning that.
* a thousand leaked Github tokens * dozens of npm tokens and cloud credentails * 20k files, identified by AI for exfiltration All spread publicly on Github by malware implanted in `nx` check out our blog for details: wiz.io/blog/s1ngulari…
That time when @tehjh was just reviewing a new Linux kernel feature, found a security vuln, then went on a journey to see if he could exploit it from inside the Chrome Linux Desktop renderer sandbox (spoiler: very yes) googleprojectzero.blogspot.com/2025/08/from-c…
we hijacked microsoft's copilot studio agents and got them to spill out their private knowledge, reveal their tools and let us use them to dump full crm records these are autonomous agents.. no human in the loop #DEFCON #BHUSA @tamirishaysh
The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com
We (+@ronenshh) hacked NVIDIA's Triton AI server by abusing a single error message🚨 The result is unauthenticated RCE allowing attackers to compromise the server and steal proprietary AI models🤯 For more details & mitigations check out our blog @wiz_io wiz.io/blog/nvidia-tr…
Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:
Perhaps one of the most badass CVE's I've ever seen from @midwestneil 💪😤 cisa.gov/news-events/ic…
Orange Meets, our open-source video calling web application, now supports end-to-end encryption using the MLS protocol with continuous group key agreement. cfl.re/45Cji79
United States Trendy
- 1. Colts 36.3K posts
- 2. Falcons 22.8K posts
- 3. Daniel Jones 8,628 posts
- 4. Jonathan Taylor 7,212 posts
- 5. Penix 7,866 posts
- 6. Bijan 5,339 posts
- 7. Mooney 3,257 posts
- 8. Drake London 3,818 posts
- 9. Tyler Warren 1,302 posts
- 10. Konate 16.1K posts
- 11. Max B 17.7K posts
- 12. Raheem Morris 1,811 posts
- 13. Liverpool 159K posts
- 14. #ForTheShoe 2,556 posts
- 15. Zac Robinson N/A
- 16. Pitts 3,979 posts
- 17. $LMT $450.50 Lockheed F-35 N/A
- 18. Tyler Allgeier 1,468 posts
- 19. $APDN $0.20 Applied DNA N/A
- 20. $SENS $0.70 Senseonics CGM N/A
Może Ci się spodobać
-
Marco Lancini
@lancinimarco -
David Wong
@cryptodavidw -
Axel Souchet
@0vercl0k -
Dino A. Dai Zovi
@dinodaizovi -
Nick Frichette
@Frichette_n -
Jann Horn - [email protected]
@tehjh -
Steve Eckels
@stevemk14ebr -
Richard Johnson
@richinseattle -
Battle Programmer Yuu
@netspooky -
Halvar Flake
@halvarflake -
Travis McPeak
@travismcpeak -
Dustin Decker
@riverdroid -
Rami McCarthy
@ramimacisabird -
Kaitlyn DeValk-Hammond
@kaitlyn_devalk -
Jevin Sweval
@jevinskie
Something went wrong.
Something went wrong.