Autonomous AI agents run 24/7 with shell access, network connectivity, and full filesystem permissions. We built Azazel, an eBPF-based…

A technical writeup on a 0day vulnerability I reported inside SpiderMonkey, Firefox's JS engine

There is a silent epidemic of ransomware attacks on commercial operational technology systems, which are mischaracterized as IT incidents even though they impact

VicK Consultoría en Tecnología - Soluciones de ciberseguridad, verificación de firmas, PKI y autenticación biométrica basadas en geometría natural.

A discussion of the recent cyber attacks against a number of targets connected to Polands electric grid.

And as I click publish on this post, the database is still, publicly exposed and has not been patched.

AI-powered stock filing analysis across 7 global markets. Upload any filing and get instant insights in plain English.

Passkeys solve the authentication problem corporate IT has been fighting for decades. But the more interesting story is what happens when every employee has a hardware-backed key generation and storage facility in their pocket.

Cross-site scripting (XSS) remains one of the most prevalent vulnerabilities on the web. The new standardized Sanitizer API provides a straightforward way for web developers to sanitize untrusted HTML before inserting it into the DOM. Firefox 148 is the first…

Monthly AI threat intelligence report with interactive analysis of attack patterns targeting AI agents and LLMs.

TURN server security guide for any implementation. Hardening checklist, IP range block lists, rate limiting, and deployment patterns for production WebRTC systems.

FAMOUS CHOLLIMA's temporary email usage leaks IP addresses (opsec mistakes part 3)

confusable-vision renders every TR39 confusable pair across 230 macOS system fonts and measures visual similarity with SSIM. 96.5% of confusables.txt is not high-risk, but 82 pairs are pixel-identical in at least one font.

We measure the capabilities of LLMs to deanonymize users online.

AI agents now run 80-90% of attack campaigns autonomously. Active deception exhausts them by flooding context windows, draining budgets, and freezing pipelines.

A 10-dimension scoring matrix for evaluating OpenClaw in enterprise environments. Evidence-based ratings across identity, sandboxing, and compliance.