The IPVanish VPN application for macOS contains a critical privilege escalation vulnerability that allows any unprivileged local process to execute arbitrary code as root without user interaction....

Use the Deception Lab to launch practical security utilities, including honeytoken creation, reputation analysis, and guided deception testing workflows.

In recent weeks, a highly organized phishing campaign has surfaced, characterized by its use of legitimate Google infrastructure to bypass standard security filters. I have identified more than 25 …

Learn to exploit complex real-world vulnerabilities with zeropath-ctf, a set of self-contained exploit development exercises based on CVEs from the CISA Known Exploited Vulnerabilities list, powered by ZeroPath's shapeshifter vulnerability generation suite.

Technical deep dive into how we boosted speeds for historical threat hunting and detection backtesting

Posted by ok_bye_now_ - 0 votes and 1 comment

A 7-day intensive program for security professionals shaping how we secure emerging AI systems.

An open-source AI offensive security platform, built by a developer with ties to China's MSS, was used in a campaign that compromised 600+ FortiGate devices across 55 countries. Full technical breakdown.

Test for supercookies, header injection, DNS hijacking, and TLS interception in seconds.

When you open Duolingo to practice Spanish, BeReal to share a photo, or Character.AI to chat with a bot, you probably don't expect your battery level, storage capacity, and internal IP address to be sent to ByteDance, the company behind TikTok.

But that's…

Bulk download normalized Certificate Transparency (CT) log snapshots as deterministic daily JSON.

CodeAnt AI found a critical authentication bypass in pac4j-jwt where an attacker can impersonate any user using only the RSA public key. Full PoC and disclosure.

Build reliable security workflows without code. Visual automation, Temporal-powered execution, and AI assistance.

GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure…

Exposer ce qui devrait l'etre.

Network packet decoder

Kernel-enforced isolation, network filtering, immutable auditing, and atomic rollbacks for AI agents - built into the nono CLI and native SDKs.

This article shares our perspective on the current state of authentication and authorization in enterprise-ready, remote MCP server deployments.

For more than two decades, Firefox has been one of the most scrutinized and security-hardened codebases on the web. Open source means our code is visible,