Atlas of Surveillance on 17/02/2025
The EFF has released its Atlas of Surveillance, which documents police surveillance technology across the US. [...]
The EFF has released its Atlas of Surveillance, which documents police surveillance technology across the US. [...]
The software industry continues to evolve rapidly, driven by the adoption of cloud services, increasingly complex SaaS ecosystems, and the reliance on open-source components. But with innovation comes risk: vulnerabilities are being exploited at an alarming rate, threatening billions of dollars in operations, data, and trust. In 2024, the software industry was rocked by cybe… [...]
The Vanderbilt University Medical Center has a pediatric care dog named “Squid.” Blog moderation policy. [...]
This is a current list of where and when I am scheduled to speak: I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025. My talk is at 4:00 PM ET on the 15th. I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. The list is maintained on this page. [...]
AI is rapidly gaining traction in virtually every industry. But in AppSec, it's often met with a healthy skepticism, viewed by some as a useless gimmick at best or, at the other end of the scale, a ma [...]
Speed is everything in the modern business world. Our attention spans are shorter than ever, consumers demand short and seamless interactions, and the slightest delay in service delivery can see organizations fall far behind their competitors. This is why real-time APIs are so important; they enable systems to communicate and exchange data with minimal delay, allowing for near-instantaneous updat [...]
Donald Trump and Elon Musk’s chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers are being encouraged to resign, and congressional mandates are being disregarded. The next phase: The Department of Government Efficiency reportedly wants to use AI to cut costs. According to The Washington Post, Musk’s gr [...]
Hey hackers, Each month, we round-up insights, platform updates, new programs, upcoming community events and more to help you master your hacking skills. Check out February’s edit below: BlueSky We’ve landed on BlueSky, follow us to access the latest programme updates, challenges, blogs, event news, hacking tips and more! Win an Intigriti Hoodie Can you spot where the develope… [...]
Introducing Medusa v1, a cutting-edge fuzzing framework designed to enhance smart contract security. [...]
In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company. But nearly a year later, Mozilla is still promoting it to Firefox users. Mozilla of [...]
Hemi VDP disclosed a bug submitted by an_gr_y: https://hackerone.com/reports/2990368 [...]
Our commitment to innovation At PortSwigger, we're always striving to push the boundaries of what's possible in application security, with a world-leading Research team dedicated to pioneering new hac [...]
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound. First, it was reported that people associated with the [...]
TVM Ventures has selected Trail of Bits as its preferred security partner to strengthen the TON developer ecosystem. Through this partnership, we’ll lead the development of DeFi protocol standards and provide comprehensive security services to contest-winning projects deploying on TON. TVM Ventures will host ongoing developer contests where teams can showcase innovative applications that advance [ [...]
Over half a billion websites are powered by WordPress as of today. Unfortunately, not every instance deserves the same security attention as the other. The chances of coming across a bug bounty target that has a vulnerable instance is quite probable. However, some bug bounty hunters get intimidated as WordPress targets are often used as a blogging or documentation platform. For… [...]
U.S. Dept Of Defense disclosed a bug submitted by oxylis: https://hackerone.com/reports/2950536 [...]
U.S. Dept Of Defense disclosed a bug submitted by turbul3nce: https://hackerone.com/reports/2666323 [...]
U.S. Dept Of Defense disclosed a bug submitted by kolcyberdef: https://hackerone.com/reports/2682079 [...]
Autodesk disclosed a bug submitted by karimtantawy: https://hackerone.com/reports/2981756 [...]
Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc. The TL;DR is that this time, we ended up discover [...]
Writing smart contracts requires a higher level of security assurance than most other fields of software engineering. The industry has evolved from simple ERC20 tokens to complex, multi-component DeFi systems that leverage domain-specific algorithms and handle significant monetary value. This evolution has unlocked immense potential but has also introduced an escalating number […] [...]
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a priority for enterprises, [...]
Detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval. [...]
Really good—and detailed—survey of Trusted Execution Environments (TEEs.) [...]
Basecamp disclosed a bug submitted by victim_of_life: https://hackerone.com/reports/2932410 [...]
Top Echelon Software disclosed a bug submitted by genz-1: https://hackerone.com/reports/2964441 [...]
Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. This is how it works: Two people, Person A and Person B, sit in front of the same computer and open [...]
XVIDEOS disclosed a bug submitted by mcblockchamp: https://hackerone.com/reports/2979176 [...]
XVIDEOS disclosed a bug submitted by mcblockchamp: https://hackerone.com/reports/2979153 [...]
RubyGems disclosed a bug submitted by n_ob_o_dy: https://hackerone.com/reports/2627221 [...]
The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and something we in the security community have worried was coming for a while now. The law, known by [...]
curl disclosed a bug submitted by 7mkrooal: https://hackerone.com/reports/2981245 [...]
Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today’s story explores, the DOGE teen is a former denizen of ‘ [...]
Long article on the colossal squid. Blog moderation policy. [...]
Just when CIOs and CISOs thought they were getting a grip on API security, AI came along and shook things up. In the past few years, a huge number of organizations have adopted AI, realizing innumerable productivity, operational, and efficiency benefits. However, they’re also having to deal with unprecedented API security challenges. Wallarm’s Annual 2025 API ThreatStats™ Report reveals a [...]
XVIDEOS disclosed a bug submitted by mcblockchamp: https://hackerone.com/reports/2979148 [...]
Internet Bug Bounty disclosed a bug submitted by scyoon: https://hackerone.com/reports/2882887 [...]
curl disclosed a bug submitted by sherlock2010: https://hackerone.com/reports/2917232 [...]
curl disclosed a bug submitted by ankomcoper: https://hackerone.com/reports/2954286 [...]
What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can. [...]
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — intr [...]
XVIDEOS disclosed a bug submitted by mcblockchamp: https://hackerone.com/reports/2968559 [...]
Internet Bug Bounty disclosed a bug submitted by 0xsaravana: https://hackerone.com/reports/2939077 [...]
Khan Academy disclosed a bug submitted by sikn: https://hackerone.com/reports/2846011 [...]
XVIDEOS disclosed a bug submitted by p_anand1234: https://hackerone.com/reports/2957962 [...]
Internet Bug Bounty disclosed a bug submitted by ryotak: https://hackerone.com/reports/2905532 [...]
Internet Bug Bounty disclosed a bug submitted by taise: https://hackerone.com/reports/2931688 [...]
Internet Bug Bounty disclosed a bug submitted by taise: https://hackerone.com/reports/2931691 [...]
Internet Bug Bounty disclosed a bug submitted by mokusou: https://hackerone.com/reports/2931639 [...]
Internet Bug Bounty disclosed a bug submitted by mokusou: https://hackerone.com/reports/2931636 [...]
Internet Bug Bounty disclosed a bug submitted by mokusou: https://hackerone.com/reports/2931710 [...]
Node.js disclosed a bug submitted by newtmitch: https://hackerone.com/reports/2841362 [...]
curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/2961050 [...]
Internet Bug Bounty disclosed a bug submitted by mprogrammer: https://hackerone.com/reports/2881639 - Bounty: $2162 [...]
IBM disclosed a bug submitted by sweetheart1337_: https://hackerone.com/reports/2954547 [...]
curl disclosed a bug submitted by z2_: https://hackerone.com/reports/2956023 [...]
This blog post highlights key points from our new white paper Preventing Account Takeovers on Centralized Cryptocurrency Exchanges, which documents ATO-related attack vectors and defenses tailored to CEXes. Imagine trying to log in to your centralized cryptocurrency exchange (CEX) account and your password and username just… don’t work. You […] [...]
Pentesting-as-a-Service is your next crucial layer of security For businesses dedicated to their security, they’ll know that truly mature infrastructure doesn’t involve just one kind of protection. Vulnerability scanners, firewalls, periodic penetration tests, and bug bounties are all independent layers of an onion of well-rounded cybersecurity. They each serve different purpos… [...]
The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to [...]
IBM disclosed a bug submitted by youssifs7: https://hackerone.com/reports/2919623 [...]
Ruby on Rails disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/2389565 [...]
What are Hackbots and how are they impacting vulnerability discovery and the researcher community? [...]
Rockstar Games disclosed a bug submitted by osama-hamad: https://hackerone.com/reports/1269332 [...]