security

We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU […]

Asher Falcon's personal website - Software engineer and student

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.

Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.

Are you new to security and not sure how to start? This pathway will give you the core skills required to start your cyber security journey.

Metasploit Unleashed (MSFU) is a Free Online Ethical Hacking Course by OffSec, which benefits Hackers for Charity. Learn how to use Metasploit.

Learn about browser extension security and secure your extensions with the help of CodeQL.

Table of Contents on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

Their DDoS malware threatened the entire Internet

Some vulnerabilities are invisible. Rather than inserting logical bugs, adversaries can attack the encoding of source code files to inject vulnerabilities.

How to hash passwords properly using salt. Why hashes should be salted and how to use salt correctly.

Today, the Internet Engineering Task Force (IETF) is releasing the standard for Messaging Layer Security (MLS) protocol, a novel standard of communication

In this multi-part blog series, I will describe some microservice security design patterns to implement micro-segmentation and deep inspection in your Kubernetes cluster

Companies often brag about encryption-at-rest? Is that really worth bragging about?

A Step-by-Step Guide for learning JSON Web Tokens, including signatures, single page web application User Authentication and Session Management.

Firstyear's blog

Written from scratch, DazzleSpy is the latest advanced piece of Mac malware.

An in-depth look at the successor to JSON Web Tokens: PASETO.

Developer Advocate Nate Barbettini breaks down OpenID and OAuth 2.0 in Plain English. NOTE: This video is from 2018 and contains some information that is now...

Realms are an old concept in the JavaScript ecosystem, but with the rise of supply chain types of attacks realms became a powerful tool for attackers to bypass well known browser runtime security tools. In order to address this concern, we first must understand - what is a realm in JavaScript?

OAuth 2.0 and OpenID Connect (OIDC) are internet standards that enable one application to access data from another. Unfortunately, these standards use a lot ...

In this video, we will cover the fundamentals of user authentication in modern web applications and websites. In particular, we will explore stateful (sessio...

Ryan Pickren's personal website to view resume and contact information.

A technical blog