What's a better platform for building a community of security humans? Slack or Discord? Come share your opinion with us here: discord.gg/2EbHdAR5w7

FYI if you stop seeing as many Mastodon links here, it's because Twitter is now blocking them. bbc.com/news/technolog…

"Cross-Site Request Forgery in OWASP CSRFGuard" got to love the irony CVE-2021-28490

Status update for 2023: Here is a video of chris showing off the new dynamic tracing capabilities that we've been adding to LunaTrace over the past few weeks. You can now see which CVEs are ever executed in production-- a helpful signal for patching! youtube.com/watch?v=B4xoOj…

Your grandma asks you what an XSS is, what do you answer? 👵

>blog post hits HN >check comments >friend already defending post from comment snark

Looks like a vuln in "Control Web Panel" is being actively exploited in the wild. Ars has some more details here -- arstechnica.com/information-te…

We've added environmental adjustment to LunaTrace. Answer a couple of questions about what type of app you're scanning and the severity of your vulnerabilities will be re-calibrated using the environmental CVSS spec, automatically. youtube.com/watch?v=vPd4MS…

So... @YCombinator has invested in 100+ COSS startups since 2008 (80%+ of those over the last 2 years alone!). If this were abstracted out as a distinct fund, it would do extremely well... like a 100X fund, I think, and that's not an exaggeration. 😁 ycombinator.com/companies?quer…

WOW… Nearly 10% of ALL games published on Steam are built with Godot Engine. 🔥 📈 🤖

A "truthy" lie will run 2x round the world faster than a boring truth. The sad fact that a high effort piece from Alex Konrad and Kenrick Cai got overrun by lazy bullshit shows pulling the biggest possible number out of your ass while keeping a straight face is all you need.

Props to Phylum for finding this malware in Pypi! arstechnica.com/information-te…

We could add this functionality into the dependency helper bot we've been building on GitHub. Please leave your thoughts in the comments below! (And if you'd like to try it out.)

Sneak peak of what we are teaching ChatGPT to do. Watch it browse the web like a human. youtube.com/watch?v=XssIIo… Amazing stuff. Not shown, we also have it hooked up to our vulnerability database. Should be available in a discord bot for you next week.

From a DM, just in case anyone else needs to hear this.

Super helpful list of ChatGPT alternatives with a focus on the licensing stuff github.com/nichtdax/aweso…

I’m an instant pass on any startup that just wraps OpenAI. Zero differentiation over time. Building your solution / app on your own models that you control, train and tune yourself? Good.

There's a new Open Source LLM model called "Cerebras-GPT" that hit the internet yesterday. I was curious how it compared in performance to #ChatGPT and #LLaMA so I wrote an article that compares them. If you haven't heard of this yet, it's worth a read! lunasec.io/docs/blog/cere…

arstechnica.com/information-te…

Vector DB intro w/ sample code and links to a few popular ones with free plans - lunabrain.com/blog/riding-th…