Visual Studio Extensions Revisited
https://ift.tt/n0EBztU
Submitted May 29, 2026 at 12:34AM by gid0rah
via reddit https://ift.tt/yehgrSc
https://ift.tt/n0EBztU
Submitted May 29, 2026 at 12:34AM by gid0rah
via reddit https://ift.tt/yehgrSc
MDSec
Visual Studio Extensions Revisited - MDSec
28/05/2026 Introduction A few years ago we looked at how Visual Studio Code extensions could be used for initial access in red team engagements; at the time, the results were...
CoreEvent GraphQL API – BOLA/IDOR exposing 10k+ records (PII, ticket QR codes) via unauthenticated queries
https://parl0v.github.io/vulnerabilities/writeups/coreevent/
Submitted May 29, 2026 at 06:12AM by Jipp2109
via reddit https://ift.tt/2eqUtzB
https://parl0v.github.io/vulnerabilities/writeups/coreevent/
Submitted May 29, 2026 at 06:12AM by Jipp2109
via reddit https://ift.tt/2eqUtzB
parl0v
CoreEvent GraphQL API – Broken Access Control (IDOR / BOLA)
Broken access control in GraphQL API allowing unauthorized access to orders and event data.
Fooling around with encrypted reasoning blobs
https://ift.tt/YAFbecO
Submitted May 29, 2026 at 09:30AM by feross
via reddit https://ift.tt/BMZLjOE
https://ift.tt/YAFbecO
Submitted May 29, 2026 at 09:30AM by feross
via reddit https://ift.tt/BMZLjOE
A Few Thoughts on Cryptographic Engineering
Fooling around with encrypted reasoning blobs
This is a quick post I wanted to write about a “hobby project” I spent a weekend on. It has little to do with real cryptography, and mostly doesn’t expose a particularly exciting …
CALIF: An AI audit of FreeBSD
https://ift.tt/lPLY2vn
Submitted May 29, 2026 at 09:10AM by maurosoria
via reddit https://ift.tt/BqdHLpw
https://ift.tt/lPLY2vn
Submitted May 29, 2026 at 09:10AM by maurosoria
via reddit https://ift.tt/BqdHLpw
blog.calif.io
An AI audit of FreeBSD
15 kernel bugs, including 3 RCEs, 5 LPEs, and 1 bhyve escape.
I evaluated 5 LLM agents on patching real-world CVEs. Here is what I found.
https://giovannigatti.github.io/cve-bench/
Submitted May 29, 2026 at 01:02PM by Fickle-Box1433
via reddit https://ift.tt/7l3GiOH
https://giovannigatti.github.io/cve-bench/
Submitted May 29, 2026 at 01:02PM by Fickle-Box1433
via reddit https://ift.tt/7l3GiOH
giovannigatti.github.io
I Tested Whether AI Can Fix Security Vulnerabilities. Well, It's Complicated.
Benchmarking LLMs on real-world CVE patching
1,001 IPs, 64 countries, one operation: mapping a botnet by its back end · HoneyLabs blog
https://ift.tt/3qY4NJf
Submitted May 29, 2026 at 02:22PM by Honeylabs
via reddit https://ift.tt/B4MRPzL
https://ift.tt/3qY4NJf
Submitted May 29, 2026 at 02:22PM by Honeylabs
via reddit https://ift.tt/B4MRPzL
HoneyLabs
1,001 IPs, 64 countries, one operation: mapping a botnet by its back end · HoneyLabs blog
A single attacking IP tells you little. The back end it pulls its payload from, and the client fingerprint it presents, are the parts operators reuse. Correlating both across the sensor network collapses internet noise into discrete operations: one cluster…
Introducing Keyhog: The First GPU Accelerated secret scanner
https://ift.tt/7sKhJpD
Submitted May 30, 2026 at 12:30AM by MT_Carnage
via reddit https://ift.tt/nXCWFME
https://ift.tt/7sKhJpD
Submitted May 30, 2026 at 12:30AM by MT_Carnage
via reddit https://ift.tt/nXCWFME
Santh
891 detectors, GPU-accelerated, contract-tested. Meet keyhog.
Open-source secret scanner in Rust. SIMD on the CPU, an Aho-Corasick automaton on the GPU, SARIF + JSON + TUI output, 14,512 adversarial cases per build.
OffensiveCon26 YouTube Playlist released
https://www.youtube.com/playlist?list=PLYvhPWR_XYJkIP2X-uGDsAMIKnhdSauaM
Submitted May 30, 2026 at 12:08AM by maurosoria
via reddit https://ift.tt/HPCVLdw
https://www.youtube.com/playlist?list=PLYvhPWR_XYJkIP2X-uGDsAMIKnhdSauaM
Submitted May 30, 2026 at 12:08AM by maurosoria
via reddit https://ift.tt/HPCVLdw
A practical checklist for evaluating npm packages (supply chain attacks, slopsquatting, etc.)
https://ift.tt/5FfJ1lv
Submitted May 30, 2026 at 02:17AM by OtherwisePush6424
via reddit https://ift.tt/RCmTYbV
https://ift.tt/5FfJ1lv
Submitted May 30, 2026 at 02:17AM by OtherwisePush6424
via reddit https://ift.tt/RCmTYbV
Gaborkoos
How to Evaluate an npm Package - 2026 Edition
Stars and downloads tell you about popularity, not safety. Here's a practical checklist for evaluating an npm package's security, reliability, and long-term maintenance in 2026.
Digital Trap: Iran Uses Selective Internet Restoration to Track and Arrest January Protesters
https://ift.tt/f5heY7J
Submitted May 30, 2026 at 07:14PM by Beginning-Wish-4273
via reddit https://ift.tt/7Q1Ua8x
https://ift.tt/f5heY7J
Submitted May 30, 2026 at 07:14PM by Beginning-Wish-4273
via reddit https://ift.tt/7Q1Ua8x
Iran News Wire
Digital Trap: Iran Uses Selective Internet Restoration to Track and Arrest January Protesters
Digital rights activists say Iran's selective internet restoration is being used to identify, track, and arrest individuals linked to January protests.
LLMReaper - DOM Based AI Conversation Exfiltration via Browser Extensions
https://thewhiteh4t.github.io/blog/ai-chat-llmreaper/
Submitted May 31, 2026 at 09:12AM by thewhiteh4t
via reddit https://ift.tt/ZtGXyRa
https://thewhiteh4t.github.io/blog/ai-chat-llmreaper/
Submitted May 31, 2026 at 09:12AM by thewhiteh4t
via reddit https://ift.tt/ZtGXyRa
Lohitya Pushkar (thewhiteh4t)
LLMReaper - DOM Based AI Conversation Exfiltration via Browser Extensions | Lohitya Pushkar (thewhiteh4t)
LLMReaper is a proof-of-concept Chrome extension (Manifest V3) demonstrating passive DOM-based exfiltration of AI conversations from ChatGPT, Claude, and Gemini using MutationObserver, no special permissions, no network interception. Captured conversations…
ThinkPad firmware reverse-engineering toolchain: archived Lenovo BIOS → named SoC pads, EC analysis, CVE diffs, coreboot/OpenCore port scaffolding
https://ift.tt/ayJm1Wd
Submitted May 31, 2026 at 08:51PM by Intelligent_Bet_4413
via reddit https://ift.tt/g8LExUe
https://ift.tt/ayJm1Wd
Submitted May 31, 2026 at 08:51PM by Intelligent_Bet_4413
via reddit https://ift.tt/g8LExUe