Busy week! AI, AI, AI and the death of Flash!
🤖 Semgrep's Agent Skills
Semgrep released a set of agent skills worth looking into: Semgrep's Agent Skills. 1
🤿 Shaking the MCP Tree: A Security Deep Dive
You may think "just another MCP bug" but this post is actually worth reading: Shaking the MCP Tree: A Security Deep Dive. 0
🤖 Evaluating and mitigating the growing risk of LLM-discovered 0-days
This section resumes it: "Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models": Evaluating and mitigating the growing risk of LLM-discovered 0-days. 0
♦️ Co -RedTeam: Orchestrated Security Discovery and Exploitation with LLM Agents
If you are working on a "LLM based hacker", you are going to want to read this: Co -RedTeam: Orchestrated Security Discovery and Exploitation with LLM Agents. 0
🚨 An introduction to automated LLM red teaming
Promptfoo is a neat tool to add to your red teaming arsenal: An introduction to automated LLM red teaming. 0
🛠️ Scalable research tooling for agent systems
A great post on how to scale tooling for agent: Scalable research tooling for agent systems. 0
🦝 Discovering Negative-Days with LLM Workflows
That's something I toyed with in 2012 (Monitoring repositories for Fun and Profit - Ruxcon 2012), I used basic rules at the time. Obviously, having LLMs is a game changer for this kind of workload: Discovering Negative-Days with LLM Workflows. 0
⚡️ What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work
The story of the death of Adobe Flash, a must-read for AppSec practitioners. What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work. 0
📬 Never Miss Quality Security Research
Get these curated picks delivered to your inbox every week:
- Hand-picked vulnerability research
- Practical security insights
- CVE deep-dives worth your time
- No fluff, just signal
