Security

81 bookmarks

Custom sorting

Agent of Chaos: Hijacking NodeJS’s Jenkins Agents

Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.

·praetorian.com·May 1, 2025

Agent of Chaos: Hijacking NodeJS’s Jenkins Agents

Gavin Howard - replacing CVE

·gavinhoward.com·Apr 17, 2025

Gavin Howard - replacing CVE

microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth

A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https:...

·github.com·Apr 15, 2025

MCP Security Notification: Tool Poisoning Attacks

We have discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for

·invariantlabs.ai·Apr 15, 2025

MCP Security Notification: Tool Poisoning Attacks

Hacking Starbucks via Internet Connected Espresso Machines

By Daniel Heinen

·geospy.medium.com·Feb 1, 2025

Hacking Starbucks via Internet Connected Espresso Machines

TLS Certificates - For The Rest Of Us

How does your browser know a website is legit? This post simplifies TLS, certificate validation, and the trust chain behind secure connections

·tusharf5.com·Mar 7, 2025

TLS Certificates - For The Rest Of Us

Ruby on Rails - OWASP Cheat Sheet Series

Website with the collection of all the cheat sheets of the project.

·cheatsheetseries.owasp.org·May 21, 2024

Ruby on Rails - OWASP Cheat Sheet Series

CWE - 2023 CWE Top 25 Most Dangerous Software Weaknesses

Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.

·cwe.mitre.org·Aug 3, 2024

CWE - 2023 CWE Top 25 Most Dangerous Software Weaknesses

Understanding JSON Web Tokens JWT for Secure Information Sharing

·differ.blog·Jul 30, 2024

Understanding JSON Web Tokens JWT for Secure Information Sharing

Introduction - OWASP Cheat Sheet Series

Website with the collection of all the cheat sheets of the project.

·cheatsheetseries.owasp.org·Jul 17, 2024

Introduction - OWASP Cheat Sheet Series

What is the maximum number of characters an email address can have?

Question : What is the maximum number of characters an email address can have?

·mailpro.com·Jul 9, 2024

What is the maximum number of characters an email address can have?

API Security: Key Protocols - APIDNA

Here we go through some of the essential protocols required for robust API security.

·apidna.ai·Jun 8, 2024

API Security: Key Protocols - APIDNA

Understanding the Fundamentals of API Security - APIDNA

We go through the fundamentals of API security, including best practices and key considerations for developers and businesses.

·apidna.ai·Jun 8, 2024

Understanding the Fundamentals of API Security - APIDNA

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

Researchers uncover a new DoS attack vector targeting UDP-based application protocols, potentially endangering hundreds of thousands of hosts.

·thehackernews.com·Mar 21, 2024

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

Front-end security best practices

·griddynamics.medium.com·Jan 30, 2024

Front-end security best practices

Adversarial Attacks on LLMs

·lilianweng.github.io·Jan 30, 2024

Adversarial Attacks on LLMs

iMessage, explained

·jjtech.dev·Jan 30, 2024

iMessage, explained

Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings

·detect.fyi·Jan 30, 2024

Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings

Platform Tilt - Mozilla

·mozilla.github.io·Jan 30, 2024

Platform Tilt - Mozilla

Simple sabotage for software

·erikbern.com·Jan 30, 2024

Simple sabotage for software

EFF Unveils Its New Street Level Surveillance Hub

·eff.org·Jan 30, 2024

EFF Unveils Its New Street Level Surveillance Hub

Big Tech’s role in enabling link fraud

·eligrey.com·Jan 30, 2024

Big Tech’s role in enabling link fraud

Europe agrees on rules to protect smart devices from cyber threats

·reuters.com·Jan 30, 2024

Europe agrees on rules to protect smart devices from cyber threats

A Decade of Have I Been Pwned

·troyhunt.com·Jan 30, 2024

A Decade of Have I Been Pwned

I’m harvesting credit card numbers and passwords from your site. Here’s how. | by David Gilbertson | Medium

The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all.

·david-gilbertson.medium.com·Nov 25, 2023

I’m harvesting credit card numbers and passwords from your site. Here’s how. | by David Gilbertson | Medium

Securing HTML fragments returned by API endpoints

A web application frontend often performs requests to a backend API. Even though this API is only supposed to be used by the frontend, it is usually also accessible with a browser. An attacker can use this to exploit vulnerabilities.

·sjoerdlangkemper.nl·Nov 16, 2023

Securing HTML fragments returned by API endpoints

Secure Code Review Tips to Defend Against Vulnerable Node.js Code

How do you identify vulnerable code patterns? Can you spot insufficient input validation? Enhance your Node.js development security with this guide to secure code review.

·nodejs-security.com·Nov 15, 2023

Secure Code Review Tips to Defend Against Vulnerable Node.js Code

The reckoning on cloud container and serverless security

Ephemeral infrastructure's transient nature has afforded it a 'free pass' on forensic examination in the past, but that window is closing.

·technologydecisions.com.au·Nov 15, 2023

The reckoning on cloud container and serverless security

What the !#@% is a Passkey?

A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.

·eff.org·Nov 15, 2023

What the !#@% is a Passkey?

Serverless Security: Protecting Functions in the Cloud

Serverless computing has revolutionized the way applications are built and deployed in the cloud. By abstracting away servers, serverless…

·medium.com·Nov 15, 2023

Serverless Security: Protecting Functions in the Cloud