Last week Microsoft disclosed how China-based threat actor Storm-0558 managed to the secret keys for access to OWS and Outlook.com. There were 3 things that lead to the breach.
I first heard about Horizing3.ai through a reddit post on /r/cybersecurity. They are a security vendor that takes an interesting angle on security...
An adversary can abuse these vulnerabilities to leak traffic outside the VPN tunnel. Our tests indicate that every VPN product is vulnerable on at least one device. We found that VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable
I recently worked on a Next.js codebase that had a vulnerability in an API endpoint called update-profile that would allow any authenticated user to modify the details for any other users...
The attackers delivered the payload (a redirect URL to a malware site) via a dynamic TXT record in the DNS records as a way to get around a web application firewall traffic detection system.
Recently, Phylum's risk detection platform flagged a series of malicious npm packages. Ten "test" packages were uploaded that clearly intend to extract source code and confidential data, like environment variables.
Chinese hackers have gained access to a lot of networks hosted on Microsoft Azure. They used stolen signing keys.
Drummers need to eat and this is the perfect solution.
Prompt injection is kind of like SQL injection in that you can trick an AI chatbot into revealing information in it's database it's not supposed to reveal.
Supposedly North Korean nation-state actors have been targeting the supply chain of the NPM ecosystem.
Kevin Mitnick has died. His book, The Art of Deception, was one of books that started me on the path to application security.
Lately I've been digging polyrhythm grooves. Love what Dillan's doing here.