Delete   Set public   Set private   Add tags   Delete tags
  Add tag   Cancel
  Delete tag   Cancel

Picture Wall - 101 pics

Google Antigravity Exfiltrates Data
The static risk fallacy
I’ve locked myself out of my digital life
Shai-Hulud: The novel self-replicating worm infecting hundreds of NPM packages
What do you call that thing when your vendor gets hacked?
crates.io phishing campaign
The vulnerability might be in the proof-of-concept
Google will block sideloading of unverified Android apps starting next year
Troy Hunt: Everything you wanted to know about SQL injection (but were afraid to ask)
A family of forks
PoC Attack Targeting Atlassian’s MCP
Poison everywhere: No output from your MCP server is safe
How to fix email encryption
GitHub MCP Exploited: Accessing private repositories via MCP
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation – Sean Heelan's Blog
Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
Detecting malicious Unicode
Tech Companies Apparently Do Not Understand Why We Dislike AI - Dhole Moments
The Day Anubis Saved Our Websites From a DDoS Attack
I use Zip Bombs to Protect my Server
A new security fund opens up to help protect the fediverse
How to report a security issue in an open source project - Jacob Kaplan-Moss
Sun Tzu wouldn't like the cybersecurity industry
Trapping misbehaving bots in an AI Labyrinth
Zen and the Art of Microcode Hacking
Stalkerware apps Cocospy and Spyic are exposing phone data of millions of people
Build It Yourself
Time to check if you ran any of these 33 malicious Chrome extensions - Ars Technica
New era of slop security reports for open source
Retrofitting spatial safety to hundreds of millions of lines of C++
Introducing zizmor: now you can have beautiful clean workflows
Should you use uv’s managed Python in production?
The Internet Archive and its 916 billion saved web pages are back online
Attacking UNIX Systems via CUPS, Part I
Hacking Kia: Remotely Controlling Cars With Just a License Plate
Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug | WIRED
Eliminating Memory Safety Vulnerabilities at the Source
Peering Forward: C++'s next decade
OWASP Top 10 for Large Language Model Applications | OWASP Foundation
Bypassing airport security via SQL injection
OpenSSH Backdoors
‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections | WIRED
How a North Korean Fake IT Worker Tried to Infiltrate Us
Give Me the Green Light Part 1: Hacking Traffic Control Systems — Red Threat
Telegram says it has 'about 30 engineers'; security experts say that's a red flag | TechCrunch
Polyfill supply chain attack hits 100K+ sites
Regular JSON – Neil Madden
DDoS attacks can threaten the independent Internet
Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica
Microsoft delays Recall again, won’t debut it with new Copilot+ PCs after all | Ars Technica
Malicious VSCode extensions with millions of installs discovered
New Windows AI feature records everything you’ve done on your PC | Ars Technica
Coverage Guided Fuzzing - Extending Instrumentation to Hunt Down Bugs Faster! - Include Security Research Blog
Bullying in Open Source Software Is a Massive Security Vulnerability
AI bots hallucinate software packages and devs download them • The Register
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds
Anatomy of a whistleblowing system
Why Bloat Is Still Software’s Biggest Vulnerability - IEEE Spectrum
Rust Won't Save Us: An Analysis of 2023's Known Exploited Vulnerabilities – Horizon3.ai
LeftoverLocals: Listening to LLM responses through leaked GPU local memory | Trail of Bits Blog
AI poisoning could turn open models into destructive “sleeper agents,” says Anthropic
The browsers biggest TLS mistake
SMTP Smuggling - Spoofing E-Mails Worldwide - SEC Consult
Google OAuth is broken (sort of) - Truffle Security
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
cohost! - "Paper: You Want My Password or a Dead Patient?"
RFC 9420 – A Messaging Layer Security Overview
Critical vulnerability in Atlassian Confluence server is under “mass exploitation” | Ars Technica
Help Everyone Do Better Security
Salt Labs | Oh-Auth - Abusing OAuth to take over millions of accounts
Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App | 0xcrypto
Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641) - The GitHub Blog
Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica
Google’s Plan To DRM The Web Goes Against Everything Google Once Stood For | Techdirt
The Reluctant Sysadmin's Guide to Securing a Linux Server
Security implications of HTTP response headers | Snyk
[2304.09655] How Secure is Code Generated by ChatGPT?
dns0.eu — The European public DNS that makes your Internet safer
U.S. No Fly List Left on Unprotected Airline Server
Stranger Strings: An exploitable flaw in SQLite | Trail of Bits Blog
How Tor is fighting—and beating—Russian censorship | Ars Technica
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit | Securelist
Symbiote, a nearly-impossible-to-detect Linux malwareSecurity Affairs
CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware
The curious case of the Raspberry Pi in the network closet
No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Windows Loaders - Lumen
Python developers are being targeted with malicious packages on PyPI
Empty npm package '-' has over 700,000 downloads — here's why
From Stolen Laptop to Inside the Company Network — Dolos Group
Identify anything
What are Insecure Direct Object References (IDOR)? | Hacker Noon
A Hacker Got All My Texts for $16
A new Linux Foundation open source signing tool could make secure software supply chains universal
Tesla (TSLA), Cloudfare (NET) Breached in Verkada Security Camera Hack - Bloomberg
Flipper Zero — Multi-tool Device for Hackers. Lite version based on STM32
Common Nginx misconfigurations that leave your web server open to attack | Detectify Blog
Basic Intro to Elliptic Curve Cryptography - Qvault
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies | by Alex Birsan | Feb, 2021 | Medium