AI-powered stock filing analysis across 7 global markets. Upload any filing and get instant insights in plain English.

Passkeys solve the authentication problem corporate IT has been fighting for decades. But the more interesting story is what happens when every employee has a hardware-backed key generation and storage facility in their pocket.

Cross-site scripting (XSS) remains one of the most prevalent vulnerabilities on the web. The new standardized Sanitizer API provides a straightforward way for web developers to sanitize untrusted HTML before inserting it into the DOM. Firefox 148 is the first…

Monthly AI threat intelligence report with interactive analysis of attack patterns targeting AI agents and LLMs.

TURN server security guide for any implementation. Hardening checklist, IP range block lists, rate limiting, and deployment patterns for production WebRTC systems.

FAMOUS CHOLLIMA's temporary email usage leaks IP addresses (opsec mistakes part 3)

confusable-vision renders every TR39 confusable pair across 230 macOS system fonts and measures visual similarity with SSIM. 96.5% of confusables.txt is not high-risk, but 82 pairs are pixel-identical in at least one font.

We measure the capabilities of LLMs to deanonymize users online.

AI agents now run 80-90% of attack campaigns autonomously. Active deception exhausts them by flooding context windows, draining budgets, and freezing pipelines.

A 10-dimension scoring matrix for evaluating OpenClaw in enterprise environments. Evidence-based ratings across identity, sandboxing, and compliance.

It’s been a while, but we’re back - in time for story time.

Gather round, strap in, and prepare for another depressing journey of “all we wanted to do was reproduce an N-day, and here we are with 0-days”.

Today, friends, we’re looking at SolarWinds Web…

Diesel Vortex is a Russian phishing-as-a-service group targeting freight and logistics companies across the US and Europe. This report details the group's infrastructure, tactics, and the 1,600+ credentials stolen from DAT Truckstop, Penske, EFS and Timocom.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

We audited 1,620 AI agent skills. The leading security scanner missed 91% of the threats.

Luigi Fragale introduces a custom Ghidra processor and loader for reverse engineering Garmin watch application binaries.

Technical analysis of the Moonrise remote access trojan, including WebSocket C2 architecture, JSON command schema, surveillance features and crypto theft risk.

A systematic evaluation of five frontier models across two encoding schemes, four hint levels, and tool use ablation — 8,308 graded outputs with full statistical analysis