Temporarily taken down due to a request, will be back at a later date :) In the meantime, you can read another of my write-ups here: 1.4 Billion exposed user records via insecure Firebase instances in top Android apps

Humanity Protocol’s controlled experiment showed that AI can create convincing fake profiles to bypass identity verification, exposing critical weaknesses in traditional KYC systems and highlighting the growing risk of AI-driven fraud online.

Stay informed with the latest insights in our Infostealers weekly report. Explore key findings, trends and data on info-stealing activities.

CLI tool for scanning cryptographic usage and generating quantum-vulnerability risk assessments

deception as a developer tool

This is an early alpha of Coalmine an opensource cloud canary management tool

Discover Kingfisher, MongoDB’s open-source tool for security and DevOps engineers to detect and validate exposed secrets in code and repositories.

PanicLock - Keep Touch ID for daily convenience, get instant password-only security when you need it. Your Mac's escape hatch for border crossings, protests, and high-risk situations.

RecoverIt uses penetration testing techniques to exploit service failure recovery functions to trigger the execution of malicious payloads.

Mitchell Hashimoto got tired of AI PR slop, so he built Vouch: a trust management system that could change how open source handles…

klint is a single-binary, one-shot Linux incident response scanner. Detect hidden kernel modules, rootkits, and compromised system state.

Open Security Architecture - Free, open security patterns and NIST 800-53 control mappings for enterprise security architects.

Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens. (CVE-2026-25916)

A discussion of the recent cyber attacks against a number of targets connected to Polands electric grid.

Deep technical analysis of bypassing eBPF-based security solutions through kernel-level hooks targeting BPF iterators, ringbuffers, and perf events