TURN server security guide for any implementation. Hardening checklist, IP range block lists, rate limiting, and deployment patterns for production WebRTC systems.

FAMOUS CHOLLIMA's temporary email usage leaks IP addresses (opsec mistakes part 3)

confusable-vision renders every TR39 confusable pair across 230 macOS system fonts and measures visual similarity with SSIM. 96.5% of confusables.txt is not high-risk, but 82 pairs are pixel-identical in at least one font.

We measure the capabilities of LLMs to deanonymize users online.

AI agents now run 80-90% of attack campaigns autonomously. Active deception exhausts them by flooding context windows, draining budgets, and freezing pipelines.

A 10-dimension scoring matrix for evaluating OpenClaw in enterprise environments. Evidence-based ratings across identity, sandboxing, and compliance.

It’s been a while, but we’re back - in time for story time.

Gather round, strap in, and prepare for another depressing journey of “all we wanted to do was reproduce an N-day, and here we are with 0-days”.

Today, friends, we’re looking at SolarWinds Web…

Diesel Vortex is a Russian phishing-as-a-service group targeting freight and logistics companies across the US and Europe. This report details the group's infrastructure, tactics, and the 1,600+ credentials stolen from DAT Truckstop, Penske, EFS and Timocom.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

We audited 1,620 AI agent skills. The leading security scanner missed 91% of the threats.

Luigi Fragale introduces a custom Ghidra processor and loader for reverse engineering Garmin watch application binaries.

Technical analysis of the Moonrise remote access trojan, including WebSocket C2 architecture, JSON command schema, surveillance features and crypto theft risk.

A systematic evaluation of five frontier models across two encoding schemes, four hint levels, and tool use ablation — 8,308 graded outputs with full statistical analysis

Free scanner for OpenClaw skills and ClawHub packages. 230+ malicious skills blocked. 60+ threat patterns detected in seconds.

Uncovering a Global macOS Malware Campaign

How a one-character configuration mistake turns feature flags into a competitive intelligence feed

The Twitch iOS application initializes the Eppo feature flagging SDK (now a Datadog product) using server-side SDK Keys instead of Client Tokens. This means…