I am back to posting to ADSecurity.org in my free time (which I have again). I plan on adding new content relating to Active Directory & Azure AD (now Entra ID). First up is "Entra & Azure Managed Access Revisited". This article expands on one I wrote years ago about

hashcat v7.1.0 released! This update includes important bug fixes, new features, and support for new hash-modes, including KeePass with Argon2. Read the full write-up here: hashcat.net/forum/thread-1…

🚨 s1ngularity: a supply chain attack hiding in the Nx npm package Malicious versions stole GitHub tokens, SSH keys, wallets, and secrets, even hijacking AI CLI tools to help exfiltrate data. 📂 Thousands of secrets leaked into attacker-created public GitHub repos.

First look at the dynamic hash-mode support in upcoming hashcat, powered by the new Rust Bridge. No coding needed: write your pattern on the command line. Don't want to wait for Release? Try it now via GitHub master or hashcat.net/beta. Feedback welcome on our Discord

What what WHAT?! I thought I knew it all when it came to regex (including all of PCRE) and now I discover this gem? What a time to be alive! I say … -oP plus \K for the ever-lovin’ win!

TERABYTES OF FORENSIC TEST IMAGES HUNDREDS OF CTFs dfir.training/downloads/test… #DFIR #CTF

LLMs are injective and invertible. In our new paper, we show that different prompts always map to different embeddings, and this property can be used to recover input tokens from individual embeddings in latent space. (1/6)

Une bien triste nouvelle. Quelqu'un qui a fait de belles choses pour les Internet du monde, de France et du bout du bout du monde, le Finistère. :'-(

Terrible nouvelle. Bruno était toujours curieux, à l'écoute, il transmettait ses passions, ses connaissances, aidait dès qu'il pouvait. Condoléances à la famille et aux plus proches. Et pour ce QSO qu'on repoussait depuis quelques semaines et qui ne se fera jamais, 73 à toi Bruno

angrop just received the biggest update ever. In some cases, it is even more capable than humans. Check it out! github.com/angr/angrop

36k vulnerable instances #Ni8mare

A decade is an eternity in security. 🛡️ Ten years ago, we released the Clang Hardening Cheat Sheet. Today, the landscape has changed. TRIKKSS & bcreusillet break down the latest mitigations to keep your code secure. 🔗Read the update: blog.quarkslab.com/clang-hardenin…

Bernardo Quintero Using the r2 MCP in combination with r2ghidra, the results are much better 🙂 dan1t0.com/2026/01/02/Usi…

Blog post: On the Coming Industrialisation of Exploit Generation with LLMs sean.heelan.io/2026/01/18/on-… TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code: github.com/SeanHeelan/ana…

“BREAKMEIFYOUCAN!”: Exploiting Keyspace Reduction and Relay Attacks in 3DES and AES-protected NFC Technologies: eprint.iacr.org/2026/100.pdf

"Use a better system prompt" is the new "sanitize your inputs", but when your #AI agent's tools don't check permissions, you've got a problem and no amount of prompting will fix it. Check Kaluche 's post about #AgenticAI & the Confused Deputy issue ⬇️ blog.quarkslab.com/agentic-ai-the…

ℹ️🔴 La CNIL sanctionne FRANCE TRAVAIL (anciennement Pôle Emploi) d’une amende de 5 millions d’euros pour ne pas avoir assuré la sécurité des données des personnes en recherche d’emploi 👉 cnil.fr/fr/violation-d…

Plug in an RTL-SDR (or Airspy), open Chrome, tune FM radio. No drivers. No installs. CyberEther Web talks to the SDR over WebUSB, runs the DSP in WASM, and renders the waterfall on WebGPU. cyberether.org/web?build=nigh…

Between June and December 2025, a “likely Chinese state-sponsored group” compromised the infrastructure used by Notepad++ and served malicious updates to selectively targeted users. notepad-plus-plus.org/news/hijacked-…

Nothing humbles you like telling your OpenClaw “confirm before acting” and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.