Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.

Offload time-intensive work and accelerate security operations with an AI analyst for the CrowdStrike® Falcon platform.

We audited 30 AI agent projects. 93% use unscoped API keys with no per-agent identity, no consent, and no revocation.

An article about malicious repositories on GitHub

Perfex CRM passed the autologin cookie into unserialize() without validation, giving unauthenticated attackers remote code execution.

One of the core philosophies we implement at Guardz is the deep integration of security and intelligence teams with our proprietary AI capabilities. This

Posted by Idov31 - 0 votes and 0 comments

Qihoo 360 shipped the wildcard SSL private key for *.myclaw.360.cn inside its AI assistant installer. The certificate was issued by WoTrus CA, Qihoo 360's own subsidiary, previously distrusted by Chrome, Firefox, and Safari under its former name WoSign for…

The BIGO Ads SDK ships with an encrypted configuration file that maps out a global network of ad-serving domains, backup hosts, and failover infrastructure. The file is AES-encrypted with a hardcoded key, served from Alibaba Cloud, and designed to make the…

Microsoft introduced Credential Guard in Windows 10 (2015) and Windows Server 2016 to prevent credential harvesting from the LSASS process that was abused for years by threat actors. Microsoft used…

Open-source development projects by Anthony Scarola — C64UX and VerdictMail.

Personal blog on cybersecurity, harware hacking and security research.

Exploiting and jailbreaking Xiaomi Home Security Smart Cameras