Search Security

Found 84 bookmarks

Newest

When your account gets hacked, the attack probably came from a Fortune 500 data center. A report on why cloud providers don't stop attacks they could easily detect.

When your account gets hacked, the attack probably came from a Fortune 500 data center. A report on why cloud providers don't stop attacks they could easily detect. - CERBERUS-REPORT-profitable...

·gist.github.com·Dec 31, 2025

When your account gets hacked, the attack probably came from a Fortune 500 data center. A report on why cloud providers don't stop attacks they could easily detect.

Fia

We found vulnerabilities in the FIA's Driver Categorisation platform, allowing us to access PII and password hashes of any racing driver with a categorisation rating.

·ian.sh·Oct 24, 2025

Fia

Cloud Security Attacks: Protecting Digital Infrastructure

One exposed S3 bucket cost $4.2M discover what makes cloud security attacks so deadly and how to stop them cold.

·ncse.info·Jul 19, 2025

Cloud Security Attacks: Protecting Digital Infrastructure

Agent of Chaos: Hijacking NodeJS’s Jenkins Agents

Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.

·praetorian.com·May 1, 2025

Agent of Chaos: Hijacking NodeJS’s Jenkins Agents

Gavin Howard - replacing CVE

·gavinhoward.com·Apr 17, 2025

Gavin Howard - replacing CVE

microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth

A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https:...

·github.com·Apr 15, 2025

MCP Security Notification: Tool Poisoning Attacks

We have discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for

·invariantlabs.ai·Apr 15, 2025

MCP Security Notification: Tool Poisoning Attacks

TLS Certificates - For The Rest Of Us

How does your browser know a website is legit? This post simplifies TLS, certificate validation, and the trust chain behind secure connections

·tusharf5.com·Mar 7, 2025

TLS Certificates - For The Rest Of Us

Hacking Starbucks via Internet Connected Espresso Machines

By Daniel Heinen

·geospy.medium.com·Feb 1, 2025

Hacking Starbucks via Internet Connected Espresso Machines

CWE - 2023 CWE Top 25 Most Dangerous Software Weaknesses

Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.

·cwe.mitre.org·Aug 3, 2024

CWE - 2023 CWE Top 25 Most Dangerous Software Weaknesses

Understanding JSON Web Tokens JWT for Secure Information Sharing

·differ.blog·Jul 30, 2024

Understanding JSON Web Tokens JWT for Secure Information Sharing

Introduction - OWASP Cheat Sheet Series

Website with the collection of all the cheat sheets of the project.

·cheatsheetseries.owasp.org·Jul 17, 2024

Introduction - OWASP Cheat Sheet Series

What is the maximum number of characters an email address can have?

Question : What is the maximum number of characters an email address can have?

·mailpro.com·Jul 9, 2024

What is the maximum number of characters an email address can have?

API Security: Key Protocols - APIDNA

Here we go through some of the essential protocols required for robust API security.

·apidna.ai·Jun 8, 2024

API Security: Key Protocols - APIDNA

Understanding the Fundamentals of API Security - APIDNA

We go through the fundamentals of API security, including best practices and key considerations for developers and businesses.

·apidna.ai·Jun 8, 2024

Understanding the Fundamentals of API Security - APIDNA

Ruby on Rails - OWASP Cheat Sheet Series

Website with the collection of all the cheat sheets of the project.

·cheatsheetseries.owasp.org·May 21, 2024

Ruby on Rails - OWASP Cheat Sheet Series

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

Researchers uncover a new DoS attack vector targeting UDP-based application protocols, potentially endangering hundreds of thousands of hosts.

·thehackernews.com·Mar 21, 2024

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

A Decade of Have I Been Pwned

·troyhunt.com·Jan 30, 2024

A Decade of Have I Been Pwned

Europe agrees on rules to protect smart devices from cyber threats

·reuters.com·Jan 30, 2024

Europe agrees on rules to protect smart devices from cyber threats

Platform Tilt - Mozilla

·mozilla.github.io·Jan 30, 2024

Platform Tilt - Mozilla

Adversarial Attacks on LLMs

·lilianweng.github.io·Jan 30, 2024

Adversarial Attacks on LLMs

iMessage, explained

·jjtech.dev·Jan 30, 2024

iMessage, explained

Front-end security best practices

·griddynamics.medium.com·Jan 30, 2024

Front-end security best practices

Simple sabotage for software

·erikbern.com·Jan 30, 2024

Simple sabotage for software

Big Tech’s role in enabling link fraud

·eligrey.com·Jan 30, 2024

Big Tech’s role in enabling link fraud

EFF Unveils Its New Street Level Surveillance Hub

·eff.org·Jan 30, 2024

EFF Unveils Its New Street Level Surveillance Hub

Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings

·detect.fyi·Jan 30, 2024

Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings

I’m harvesting credit card numbers and passwords from your site. Here’s how. | by David Gilbertson | Medium

The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all.

·david-gilbertson.medium.com·Nov 25, 2023

I’m harvesting credit card numbers and passwords from your site. Here’s how. | by David Gilbertson | Medium

Intro to AI Security Part 1: AI Security 101

For at least two years now I have been complaining about the lack of Artificial Intelligence (AI) Security resources. I complain about many…

·medium.com·Nov 22, 2023

Intro to AI Security Part 1: AI Security 101

The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses

At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for anomalies in responses of HTTP se…

·research.nccgroup.com·Nov 22, 2023

The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses