Search Security

Found 81 bookmarks

Newest

Agent of Chaos: Hijacking NodeJS’s Jenkins Agents

Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.

·praetorian.com·May 1, 2025

Agent of Chaos: Hijacking NodeJS’s Jenkins Agents

Gavin Howard - replacing CVE

·gavinhoward.com·Apr 17, 2025

Gavin Howard - replacing CVE

microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth

A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https:...

·github.com·Apr 15, 2025

MCP Security Notification: Tool Poisoning Attacks

We have discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for

·invariantlabs.ai·Apr 15, 2025

MCP Security Notification: Tool Poisoning Attacks

TLS Certificates - For The Rest Of Us

How does your browser know a website is legit? This post simplifies TLS, certificate validation, and the trust chain behind secure connections

·tusharf5.com·Mar 7, 2025

TLS Certificates - For The Rest Of Us

Hacking Starbucks via Internet Connected Espresso Machines

By Daniel Heinen

·geospy.medium.com·Feb 1, 2025

Hacking Starbucks via Internet Connected Espresso Machines

CWE - 2023 CWE Top 25 Most Dangerous Software Weaknesses

Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.

·cwe.mitre.org·Aug 3, 2024

CWE - 2023 CWE Top 25 Most Dangerous Software Weaknesses

Understanding JSON Web Tokens JWT for Secure Information Sharing

·differ.blog·Jul 30, 2024

Understanding JSON Web Tokens JWT for Secure Information Sharing

Introduction - OWASP Cheat Sheet Series

Website with the collection of all the cheat sheets of the project.

·cheatsheetseries.owasp.org·Jul 17, 2024

Introduction - OWASP Cheat Sheet Series

What is the maximum number of characters an email address can have?

Question : What is the maximum number of characters an email address can have?

·mailpro.com·Jul 9, 2024

What is the maximum number of characters an email address can have?

API Security: Key Protocols - APIDNA

Here we go through some of the essential protocols required for robust API security.

·apidna.ai·Jun 8, 2024

API Security: Key Protocols - APIDNA

Understanding the Fundamentals of API Security - APIDNA

We go through the fundamentals of API security, including best practices and key considerations for developers and businesses.

·apidna.ai·Jun 8, 2024

Understanding the Fundamentals of API Security - APIDNA

Ruby on Rails - OWASP Cheat Sheet Series

Website with the collection of all the cheat sheets of the project.

·cheatsheetseries.owasp.org·May 21, 2024

Ruby on Rails - OWASP Cheat Sheet Series

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

Researchers uncover a new DoS attack vector targeting UDP-based application protocols, potentially endangering hundreds of thousands of hosts.

·thehackernews.com·Mar 21, 2024

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

A Decade of Have I Been Pwned

·troyhunt.com·Jan 30, 2024

A Decade of Have I Been Pwned

Europe agrees on rules to protect smart devices from cyber threats

·reuters.com·Jan 30, 2024

Europe agrees on rules to protect smart devices from cyber threats

Platform Tilt - Mozilla

·mozilla.github.io·Jan 30, 2024

Platform Tilt - Mozilla

Adversarial Attacks on LLMs

·lilianweng.github.io·Jan 30, 2024

Adversarial Attacks on LLMs

iMessage, explained

·jjtech.dev·Jan 30, 2024

iMessage, explained

Front-end security best practices

·griddynamics.medium.com·Jan 30, 2024

Front-end security best practices

Simple sabotage for software

·erikbern.com·Jan 30, 2024

Simple sabotage for software

Big Tech’s role in enabling link fraud

·eligrey.com·Jan 30, 2024

Big Tech’s role in enabling link fraud

EFF Unveils Its New Street Level Surveillance Hub

·eff.org·Jan 30, 2024

EFF Unveils Its New Street Level Surveillance Hub

Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings

·detect.fyi·Jan 30, 2024

Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings

I’m harvesting credit card numbers and passwords from your site. Here’s how. | by David Gilbertson | Medium

The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all.

·david-gilbertson.medium.com·Nov 25, 2023

I’m harvesting credit card numbers and passwords from your site. Here’s how. | by David Gilbertson | Medium

Intro to AI Security Part 1: AI Security 101

For at least two years now I have been complaining about the lack of Artificial Intelligence (AI) Security resources. I complain about many…

·medium.com·Nov 22, 2023

Intro to AI Security Part 1: AI Security 101

The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses

At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for anomalies in responses of HTTP se…

·research.nccgroup.com·Nov 22, 2023

The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses

How to Fortify Your Docker Containers: A Guide to Advanced Security Practices

Introduction DevOps has been rapidly evolving in the software development landscape, and from the cornerstone Docker has emerged. Its ability to package applications into portable, scalable containers has taken deployment strategies to the next level. However, with this power, comes the responsibility of securing the containers. In this blog, we dive deep into advanced techniques and best practices for securing Docker containers, ensuring your deployments are not just efficient but also fortified against a variety of cyber threats.

·blog.coderco.io·Nov 22, 2023

How to Fortify Your Docker Containers: A Guide to Advanced Security Practices

Cybersecurity: What Every CEO and CFO Should Know | Toptal®

This article outlines cybersecurity challenges such as vendor security and the rise of IoT. Solutions include real-time intelligence and cyber-insurance.

·toptal.com·Nov 17, 2023

Cybersecurity: What Every CEO and CFO Should Know | Toptal®

Rego 101: Introduction to Rego | Snyk

Learn how to write your first policy as code rules in Rego. This Rego tutorial for beginners covers the basics of Rego syntax and using OPA.

·snyk.io·Nov 17, 2023

Rego 101: Introduction to Rego | Snyk