When you open Duolingo to practice Spanish, BeReal to share a photo, or Character.AI to chat with a bot, you probably don't expect your battery level, storage capacity, and internal IP address to be sent to ByteDance, the company behind TikTok.

But that's…

Bulk download normalized Certificate Transparency (CT) log snapshots as deterministic daily JSON.

CodeAnt AI found a critical authentication bypass in pac4j-jwt where an attacker can impersonate any user using only the RSA public key. Full PoC and disclosure.

Build reliable security workflows without code. Visual automation, Temporal-powered execution, and AI assistance.

GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure…

Exposer ce qui devrait l'etre.

Network packet decoder

Kernel-enforced isolation, network filtering, immutable auditing, and atomic rollbacks for AI agents - built into the nono CLI and native SDKs.

This article shares our perspective on the current state of authentication and authorization in enterprise-ready, remote MCP server deployments.

For more than two decades, Firefox has been one of the most scrutinized and security-hardened codebases on the web. Open source means our code is visible,

A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic.

How Tachyon's autonomous security researcher found an authorization bypass in the open-source MLflow tracking server by reasoning across protocols and surfaces—and why this class of bug is so hard to catch.

We report an exploratory red-teaming study of autonomous language-model-powered agents deployed in a live laboratory environment with persistent memory, email accounts, Discord access, file...

Credential exposure intelligence with fast detection, scoring, and remediation workflows.

Independent technical analysis of a Chrome extension compromise, fake update chain, and Windows-stage malware activity.

Cybersecurity researchers have uncovered a new malware distribution campaign in which attackers impersonate legitimate command-line installation guides for developer tools. The campaign uses a...

A practical, community-maintained security checklist for teams building and deploying Model Context Protocol (MCP) servers and AI agent infrastructure.

An autonomous AI agent found a SQL injection in McKinsey's Lilli AI platform. What it extracted was worse than we expected.

MCP Security Checklist, Sentinel MCP scanner, and Unpinched PinchTab detector. Three open-source tools for securing AI agent pipelines and agentic browser infrastructure.