Prompt-Visual Injection is the new kid in town! 😈🛡

TODAY IS THE DAY! The Frans Rosen Episode is LIVE. Frans Rosén is pretty much the king of bug bounty and because of all the crazy research and content we had to talk about, this episode ran over 2h. It's one of the best ones we've put out yet. Enjoy. ctbb.show/s1e45

Thanks Microsoft Security Response Center !

Read about a critical #web3 #supplychain vulnerability I reported to Astar Network on Immunefi! And how they handled it… (very poorly). Other web3 companies face similar risks! All the 🌶️ details are in the post ⬇️! adnanthekhan.com/2024/01/19/web…

Cybersecurity and mental health. Are you struggling? You're not alone. Take 45 seconds to watch this 👇 youtube.com/shorts/R5RD8vv…

Zuckerberg przed komisją. Tak ostro jeszcze nigdy nie było. Coś się zmienia.

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE :

Polska na I miejscu w rankingu National Cyber Security Index, który mierzy poziom cyberbezpieczeństwa kraju, jego gotowość do zapobiegania cyberzagrożeniom oraz jego gotowość do zarządzania incydentami #cyber, przestępczością i kryzysami na dużą skalę. ➡️ ncsi.ega.ee/ncsi-index/?or…

Tired of failed phishing attempts? Using the 1337est AI FAFO technology, Evilginx trained on data from thousands of successful login attempts, can now predict valid session cookies, even before the phished user starts to enter their credentials.🔥 The new era of AIshing awaits!

One interesting talk I noticed recently was "LLM4Shell: Discovering and Exploiting RCE Vulnerabilities in Real-World LLM-Integrated Frameworks and Apps" i.blackhat.com/Asia-24/Presen…

My colleague hashkitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on Assetnote's blog: assetnote.io/resources/rese…. Thank you to the Vercel team for a smooth disclosure process.

Half of the success in source code auditing is just having the confidence and faith that you will find something. It doesn't matter what language it is or how many times it's been audited. This has proven true throughout my career. Just. Don't. Give. Up.

I just posted a roadmap on how I learnt C (+ x86-64 Assembly and OS Internals) from scratch. I highly recommend it to anyone planning to take a course at OpenSecurityTraining2 or who is interested in malware development. github.com/theokwebb/C-fr…

No AI, no content automation (besides an RSS reader), 100% human curated cybersecurity content by myself and Alberto. Published weekly to the web with no Javascript, via email, or RSS. It's the blog I wish existed before I started it. Don't sleep on it!

We’re excited to unveil our brand-new HackenProof logo and website! Our new look represents our commitment to innovation and user experience. Check it out and let us know what you think: hackenproof.com Plus, stay tuned for an exciting contest announcement soon!

Pierogi team 🥟🇵🇱 secured 8th place. Thanks Bug Bounty Reports Explained for this opportunity!

Try not to cringe level: IMPOSSIBLE

CZYTAĆ!

Doing a free webinar today at 8PM CEST (i.e. livestream with slides) about "files", as entities on the filesystem, seen through the eyes of a security researcher. hexarcana.ch/lp/files/ ← sign up here if interested

MS updated their MS365 sign-in page in April 2025, breaking the current Evilginx phishlet. Fawaz has done a terrific job reverse engineering the changes. The new phishlet is being worked on in the BREAKDEV RED community. Join here: red.breakdev.org/join