KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for mo [...]
A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDas [...]
curl disclosed a bug submitted by jmanojlovich: https://hackerone.com/reports/3148937 [...]
Intigriti, a global crowdsourced security provider, is delighted to announce that it is now CREST accredited. Who is CREST? CREST, a globally recognised not-for-profit authority in cyber security, rigorously assesses organisations against stringent standards for quality, technical proficiency, and operational integrity. This accreditation acknowledges that Intigriti meets CREST… [...]
Cloudflare Public Bug Bounty disclosed a bug submitted by jai-kandepu: https://hackerone.com/reports/2802817 [...]
In response to a FOIA request, the NSA released “Fifty Years of Mathematical Cryptanalysis (1937-1987),” by Glenn F. Stahly, with a lot of redactions. Weirdly, this is the second time the NSA has declassified the document. John Young got a copy in 2019. This one has a few less redactions. And nothing that was provided in 2019 was redacted here. If you find anything interesting in the d [...]
CORS misconfiguration vulnerabilities are a highly underestimated vulnerability class. With an impact ranging from sensitive information disclosure to facilitating SSRF attacks, this client-side security vulnerability should always be part of your security testing. In this article, we will explore the identification and exploitation of advanced CORS misconfiguration vulnerabili… [...]
From Hackaday.com, this is a neural network simulation of a pet squid. Autonomous Behavior: The squid moves autonomously, making decisions based on his current state (hunger, sleepiness, etc.). Implements a vision cone for food detection, simulating realistic foraging behavior. Neural network can make decisions and form associations. Weights are analysed, tweaked and trained by Hebbian learning a [...]
This is a weird story: U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said. […] Over the past nine months, undocumented communication devices, including cellular radios, have also been found in [...]
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. “Pompompurin,” is slated for resentencing next month after pleading guilty to [...]
Shopify disclosed a bug submitted by mr_asg: https://hackerone.com/reports/2885269 - Bounty: $3500 [...]
AWS VDP disclosed a bug submitted by nkirk-nrlabs: https://hackerone.com/reports/3056937 [...]
Node.js disclosed a bug submitted by justinnietzel: https://hackerone.com/reports/3083428 [...]
Lichess disclosed a bug submitted by hajjaj-: https://hackerone.com/reports/3085889 [...]
Lichess disclosed a bug submitted by delsec_: https://hackerone.com/reports/3099816 [...]
On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of legislation by up to 70%.” AI would create a “comprehen [...]
In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly two months, is a stark reminder of this disconnect. Such oversights not only jeopardize proprietary technologies but also highlight systemic vulnerabilities in API management. As more organizations integrate AI into their operations, ensurin [...]
Nintendo disclosed a bug submitted by roccodev: https://hackerone.com/reports/3062122 [...]
Nintendo disclosed a bug submitted by roccodev: https://hackerone.com/reports/3052880 [...]
Node.js disclosed a bug submitted by tniessen: https://hackerone.com/reports/2817648 [...]
This is a current list of where and when I am scheduled to speak: I’m speaking (remotely) at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025. The list is maintained on this page. [...]
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available. Microsoft and several security firms [...]
Google has extended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users. Wired article, behind a paywall. [...]
This post will examine the cryptography behind passkeys, the guarantees they do or do not give, and interesting cryptographic things you can do with them, such as generating cryptographic keys and storing certificates. [...]
Over the past year, we’ve been hard at work making Burp Suite Professional faster, smarter, and more powerful than ever before. From the launch of Burp AI to major performance upgrades, there's never [...]
We’re pleased to share a significant new change to our platform for companies. Our goal is to empower our customers with clear, actionable insights into their attack surface. We aim to create a platform where managing your digital footprint is intuitive, collaboration is effective, and understanding impact is straightforward. Today, we’re taking a big step forward: Introducin… [...]
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Android’s intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.Android is always developing new [...]
Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google’s strongest protections against targeted attacks.To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting [...]
WakaTime disclosed a bug submitted by atasec: https://hackerone.com/reports/3098717 [...]
The case is over: A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I’m sure it’ll be appealed. Everything always is. [...]
Mozilla disclosed a bug submitted by samirsec0x01: https://hackerone.com/reports/2915647 - Bounty: $1500 [...]
A cloud attack targeting Amazon SES and persistence via AWS Lambda, AWS IAM Identity Center and AWS IAM [...]
Mars disclosed a bug submitted by reinhardtthe: https://hackerone.com/reports/3090123 [...]
Mars disclosed a bug submitted by bughunter0x7: https://hackerone.com/reports/2828608 [...]
Mars disclosed a bug submitted by imeng: https://hackerone.com/reports/3063026 [...]
Mars disclosed a bug submitted by thpless: https://hackerone.com/reports/2887506 [...]
Mars disclosed a bug submitted by bughunter0x7: https://hackerone.com/reports/2828693 [...]
In early May 2025, Cisco released software fixes to address a flaw in its IOS XE Software for Wireless LAN Controllers (WLCs). The vulnerability, tracked as CVE-2025-20188, has a CVSS score of 10.0 and could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system – but the real story is that this vulnerability drives home the persistent risks associated with h [...]
A Florida bill requiring encryption backdoors failed to pass. [...]
What defines a security maturity posture? A security maturity posture refers to an organization’s ability to detect, manage, and mitigate security vulnerabilities and risks. It reflects how well the organization applies programs, processes, and controls to protect its assets and data. Generally, a higher security maturity posture indicates a stronger capability to identify an… [...]
curl disclosed a bug submitted by antypanty: https://hackerone.com/reports/3137657 [...]
The video is really amazing. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. [...]
Automattic disclosed a bug submitted by root_geek280: https://hackerone.com/reports/2616045 [...]
XVIDEOS disclosed a bug submitted by samtime: https://hackerone.com/reports/3016540 [...]
Posted by Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. In a tech support scam, the goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infe [...]
HackerOne disclosed a bug submitted by light3r: https://hackerone.com/reports/2965723 [...]
curl disclosed a bug submitted by oblivionsage: https://hackerone.com/reports/3133379 [...]
As businesses rely more on APIs, attackers are quick to turn that trust into opportunity. Among the most dangerous and difficult-to-detect threats are business logic exploits, which let cybercriminals manipulate legitimate functionality to gain unauthorized access, exfiltrate data, or disrupt operations. These attacks often slip past traditional defenses unnoticed, making them a growing concern f [...]
Khan Academy disclosed a bug submitted by firec4t: https://hackerone.com/reports/3080597 [...]
A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals. In an indictment (PDF) unsealed last month, the [...]
IBM disclosed a bug submitted by 0x4bdo: https://hackerone.com/reports/3060373 [...]
LinkedIn disclosed a bug submitted by nagu123: https://hackerone.com/reports/3079966 [...]
Learn how RedisRaider is targeting publicly accecesibly Redis servers to mine crypocurrency. [...]
Dust disclosed a bug submitted by yoyomiski: https://hackerone.com/reports/3112106 [...]
curl disclosed a bug submitted by evilginx: https://hackerone.com/reports/3125832 [...]
RubyGems disclosed a bug submitted by jagat-singh: https://hackerone.com/reports/3097900 [...]
Fastly VDP disclosed a bug submitted by hasn0x: https://hackerone.com/reports/2265413 [...]
IBM disclosed a bug submitted by muhammadwaseem3: https://hackerone.com/reports/3088290 [...]
Dust disclosed a bug submitted by sjalu: https://hackerone.com/reports/3115705 [...]
Datasig generates compact, unique fingerprints for AI/ML datasets that let you compare training data with high accuracy—without needing access to the raw data itself. This critical capability helps AIBOM (AI bill of materials) tools detect data-borne vulnerabilities that traditional security tools completely miss. [...]