LLMs, WAF Bypass, LLMs...
🤯 On the Coming Industrialisation of Exploit Generation with LLMs
A great article, definitely worth a read. It’s also worth looking through the linked GitHub repository to learn a few tricks: On the Coming Industrialisation of Exploit Generation with LLMs. 1
🚨 Cloudflare Zero-day: Accessing Any Host Globally
It feels like /.well-known/ isn’t that well known by WAFs… What I really like about this post is that it highlights one of the key tricks for finding vulnerabilities: “What routine tasks may open a security hole.”: Cloudflare Zero-day: Accessing Any Host Globally. 0
🤖 Claude Magic String Denial of Service
I initially saw that trick on LinkedIn, but this article gets into much more detail. The magic string that "breaks" Claude: Claude Magic String Denial of Service. 0
🤖 AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
GitHub Security Lab explains how they built an LLM taskflow system to triage CodeQL alerts: small, repeatable tasks, stored intermediate state, MCP tools for deterministic checks, and GitHub Issues as review checkpoints: AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent. 0
📬 Never Miss Quality Security Research
Get these curated picks delivered to your inbox every week:
- Hand-picked vulnerability research
- Practical security insights
- CVE deep-dives worth your time
- No fluff, just signal
