ux dictonary

We’ve built an agent skill that approaches Mythos-levels of performance in uncovering complex security issues at a fraction of the cost of running such a model.

North Korean hackers linked to Kimsuky are using AI-generated code and stealth tools to target South Korea's government authentication systems, Kaspersky warns.

MAILDROP-01 Public Disclosure: Apple Maildrop URLs expose unsigned, client-controlled filename, size, and icon parameters — phishing-grade identity spoofing on icloud.com. Apple Security Bounty case OE1950888220.

BlognnQuick caption herennWe write things every now and againnnQuick caption herennFrom emerging technologies to strategic intelligence, this blog

Penetration testing remains a cornerstone of modern cybersecurity practice, yet its adoption is hindered by high cost, scarce expertise, and time-intensive manual workflows. We present PhantomRed, an autonomous penetration testing platform that combines a…

Posted by senyuuri - 3 votes and 2 comments

How TanStack got hit through GitHub Actions, the 8 vulnerabilities we found auditing 20 repos the next day, and the playbook we used to fix them all in 4 days.

A few days ago, I was reading a post by Kabir Acharya on how the CTF scene has died as a result of frontier models killing authentic competition. I couldn't really fault his points, but I started thinking about what could actually fix this. We're not going…

Research shows sounds unheard by human ears can hijack models’ behavior

ShinyHunters breached Canvas — the LMS used by 41% of North American universities. Harvard, Penn, Duke, K-12 schools. Private messages, grades, student records. May 12 ransom deadline. Full breakdown at Hitechies.

Find your nearest Orb and verify your World ID. See all countries where the Orb is available for human verification. Learn more.

Times Are Changing These last few months have been super weird. We've ended up in a situation several times where we have learnt that an exploits life cycle has significantly been reduced due to the introduction of frontier models that are extremely capable…

Leaving something for LLMs to ponder upon — Hacks, AppSec, life and learnings

CVE-2026-27965 and CVE-2026-27969 - Vitess vtbackup trusted restore-time fields from the backup MANIFEST, allowing RCE via ExternalDecompressor and arbitrary path writes via FileEntries[].Name.

Introducing Pathfinding Labs, a collection of intentionally vulnerable AWS environments for red teamers and blue teamers to deploy, exploit, and use for detection validation.

Technical breakdown of the unauthenticated ZTE router DoS published as CVE-2026-34473.

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected.

Varonis Threat Labs discovered a new technique that abuses NTFS junctions to generate infinite file paths, causing EDR products to hang and leave files unscanned.

Web Push userVisibleOnly was unenforced on Chrome, Edge, and pre-26.5 Safari. A showNotification/close race made the Service Worker silently exploitable as a persistent C2 channel via FCM and WNS. Apple shipped a fix on May 11. The Chromium patch (CL 7767797)…