πΎ GDDRHammer and GeForge: GPU Rowhammer Now Achieves Full System Compromise β’ π€ Assessing Claude Mythos Previewβs cybersecurity capabilities
Articles worth reading discovered last week. This week feels like a giant "how to find your own CVE"... π€ An Evening ...
Android, Request Smuggling and Markdown Sanitizer! πΈ Pixnapping Attack It has been a while since the last vulnerability with its own ...
Busy week: Android, Django and MCP! π€ Runtime Android Object Instrumentation A great write-up on runtime instrumentation for Android using SQLite ...
Passports, WIFI and AI-SAST! π The cryptography behind electronic passports A great write-up on the security of electronic passports using a ...
Another great week! π§ CSP Bypass Search What if there was a place you could copy/paste a CSP policy and instantly ...
Security code review doesn't have to be intimidating. In Go codebases, certain patterns appear repeatedly. These mistakes are easy to spot ...
AI, AI, SSRF-XSLT! π€ Building the Leading Open-Source Pentesting Agent: Architecture Lessons from XBOW Benchmark The latest write-up on how to ...
ADB and JWT, a quiet but interesting week! π Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass Learn how ...
Content worth checking discovered last week: π€ Hacking with AI SASTs A great write-up evaluating the current state of AI-augmented SAST: ...
Tabletop exercises are the secret weapon for building resilient AppSec teams. They're not just training; they're relationship builders, blind spot finders, ...
A good mix of everything to please everyone: CVEs, AI, Integrity Bypass and Unicode π ksmbd - Fuzzing Improvements and Vulnerability ...
Rails relies on signed sessions to keep track of logged-in users. Since Rails 5.2, those sessions use AES GCM for authenticated ...