많은 기업들이 희망퇴직을 실시하기 시작했습니다. 4050 날아가기 시작하네요. [헤럴드경제] 40대~50대 ‘날벼락’…“9000명 해고합니다” 최악 ‘희망퇴직’ 결국 터졌다 n.news.naver.com/mnews/article/…

Team Atlanta wins the AIxCC Grand Final! 🏆

We did it!!!!!!!!!!!!!!!!!!!!

Here’s the source code of our #AIxCC winning team Team Atlanta, enjoy! github.com/Team-Atlanta/a… More things TBA

🚀 Proud to be part of DARPA #AIxCC Winner - Team Atlanta ! Our sub-team built one of the key components: Multilang LLM Agents for vulnerability detection.

Got a knack for security? We've launched a rewards program for OSV-SCALIBR and want your help! Earn cash 💰 for creating new plugins that detect vulnerabilities, secrets, or extract software inventory. bughunters.google.com/blog/655159064…

First, we use an LLM classifier. We provide the vuln report and relevant source code, requesting a single output token: whether the vulnerability is "likely" or "unlikely" to be real. By inspecting the logprobs of the completion, we can score candidate vulns by likelihood!

This is just the beginning, more technical stuff coming up!

HITCON CTF 2025 Date: UTC 08/22 14:00 ~ 08/24 14:00 ctf2025.hitcon.org Thanks to minaminao from DeFiHackLabs for creating the web3 challenges for HITCON.

⚡ Going beyond the baseline, we forked Jazzer with LibAFL to push Java fuzzing further under AIxCC pressure — lessons learned. 👉 team-atlanta.github.io/blog/post-crs-… #AIxCC #Cybersecurity #CTF #AI #LLM #GenAI #AICyberChallenge #DARPA #DEFCON #Security #Vulnerability

Checkout this open-sourced handy MCP server for JEB decompiler by us: github.com/flankerhqd/jeb… . Contributions and use cases are always welcomed.

a senior engineer at google just dropped a 400-page free book on docs for review: agentic design patterns. the table of contents looks like everything you need to know about agents + code: > advanced prompt techniques > multi-agent patterns > tool use and MCP > you name it

All web3 security researchers should read this 10/10 report on all web3 security incidents in 2024 and stats around them. Great job by ChainLight. Read below👇 drive.google.com/file/d/1G3obul…

[Research] smart contracts auditing 101 for pwners - PART 1 (EN) hackyboiz.github.io/2025/09/07/d4t… Hello, this is d4tura. In this research post, I summarize the core concepts required to solve the smart contract wargame "Damn Vulnerable DeFi." From the perspective of a 'pwner' more

This is a great resource for ZK Auditors! Thanks Trail of Bits zkdocs.com/docs/zkdocs/

blog.asymmetric.re/threat-contain…

1/10 William Cheung Σ: says wait, but I can't. Can't wait. We are builting an Ethereum debugger with 1) true source-level stepping, 2) near-100% local/state variable inspection, and 3) on-the-fly Solidity expression eval at any step. Screenshots below; details in the thread.

New post: Relay’s contracts trusted Ed25519 verification without validating offsets, opening the door to forged allocator signatures and potential double-spends. Felix Wilhelm details the bug, the risks it posed to cross-chain liquidity, and how the issue was addressed.

Every Auditor must know Solana in 2025 Top 3 Resources to learn Solana. 🏴Blueshift Solana 🔗blueshift.gg 🏴 Solana Tutorial by RareSkills 🔗 rareskills.io/solana-tutorial 🏴 Awesome Solana Security 🔗 github.com/0xMacro/awesom…

Every security researcher knows the drill: a new program launches, and before the real work begins, you’re deep in setup: pulling contracts, fixing imports, chasing proxies. Now, that entire process is automated with Instascope. It fetches verified code, resolves proxy and ENS