Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more.
Vulnerability Research Is Cooked
Thomas Ptacek’s take on the sudden and enormous impact the latest frontier models are having on the field of vulnerability research.
Within the next few months, coding agents will drastically alter both the pract…
On the kernel security list we’ve seen a huge bump of reports. We were between 2 and 3 per week maybe two years ago, then reached probably 10 a week over the last year with the only difference being only AI slop, and now since the beginning of the…
The challenge with AI in open source security has transitioned from an AI slop tsunami into more of a … plain security report tsunami. Less slop but lots of reports. Many of them really good.
I’m spending hours per day on this now. It’s intense….
Months ago, we were getting what we called ‘AI slop,’ AI-generated security reports that were obviously wrong or low quality. It was kind of funny. It didn’t really worry us.
Something happened a month ago, and the world switched. Now we have real…
Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models.
The viral AI agentic tool let attackers silently gain admin unauthenticated access.
Research: Can JavaScript Escape a CSP Meta Tag Inside an Iframe?
In trying to build my own version of Claude Artifacts I got curious about options for applying CSP headers to content in sandboxed iframes without using a separate domain to host…
The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved a sophisticated social engineering campaign targeting one of their maintainers …
If you use the AI-powered note-taking app Granola, you might want to double-check your privacy settings. Though Granola says your notes are “private by default,” it makes them viewable to anyone with a link, and also uses them for internal AI training unless you opt out. Granola describes itself as an “AI notepad for people […]