☁️ Your queues, your responsibility How Plerion scanned for publicly accessible AWS SQS queues at scale 1. Found ~250K raw AWS account IDs from Github repos and other public sources 2. Filtered to only valid account IDs: ~215K account IDs 3. Build a wordlist of common

🐳 Kubernetes Testing Environment for EKS, GKE, AKS New tool by Orca Security designed to help organizations identify and address potential vulnerabilities before production Using KTE, orgs can simulate various attack scenarios, test security patches, and evaluate the effectiveness

🤖 Auto-fixing code vulnerabilities with AI A technical deep dive into how @Semgrep Assistant works. This post walks through the prompt chains and evaluation loops behind Semgrep Assistant’s AI autofix and rule generation features. Assistant leverages: - Project-specific data

🤖 ffufai An AI-powered wrapper for the popular web fuzzer ffuf Automatically suggests file extensions for fuzzing based on the target URL and its headers Using either OpenAI's or Anthropic's models By Joseph Thacker github.com/jthack/ffufai

🔎 State-backed attackers and commercial surveillance vendors repeatedly use the same exploits clem1 of Google’s Threat Analysis Group (TAG) describes watering hole attacks targeting Mongolian government websites, delivering exploits for both iOS and Android devices. The