quick question for the dev/cybersec folks here. dealing with a wave of non-tech dpo/compliance types askin for audit proofs but they literally dont get basic architecture…
🚀 We’ve just published a new article introducing a Russian-language severity classifier, along with improved English and Chinese models for vulnerability descriptions.
We recently made significant improvements to our CNVD severity classifier and the underlying Vulnerability-CNVD dataset, prompted by a thorough independent review from Eric Romang. These changes ship in VulnTrain v3.0.0, released today.
For the last two years, technologists have ominously predicted that AI coding agents will be responsible for a deluge of security vulnerabilities. They were right! Just, not for the reasons they thought.
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
Le Monde revealed that France’s aircraft carrier Charles de Gaulle was tracked in real time through an officer’s activity on the Strava app. A sailor unknowingly shared running data from the ship, exposing its location in the Mediterranean. The French sailor’s public Strava profile, set as “public,” revealed the near real-time location of the aircraft carrier in the Mediterranean, near Cyprus and Turkey.
Rust security maintainers contend Nadim Kobeissi’s vulnerability claims are too much Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he’s been dismissed, ignored, and banned from Rust security channels.…
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
New research shows that behaviors that occur at the very lowest levels of the network stack make encryption—in any form, not just those that have been broken in the past—incapable of providing client isolation, an encryption-enabled protection promised by all router makers, that is intended to block direct communication between two or more connected clients.
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
A Russian-speaking cybercrime group compromised over 600 FortiGate devices across 55 countries between January 11-February 18, 2026, using commercial AI services to automate and scale their attacks[^1]. Rather than exploiting vulnerabilities, the group targeted exposed management ports and weak credentials, using AI tools like DeepSeek and Claude to generate attack plans, develop tools, and orchestrate operations[^6].
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
ETH Zurich researchers have discovered major security flaws in three popular cloud-based password managers - Bitwarden, LastPass, and Dashlane - which together serve 60 million users[^1]. The team demonstrated 25 different attacks that could compromise user passwords, including 12 on Bitwarden, 7 on LastPass, and 6 on Dashlane.
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
A malicious campaign of 30 Chrome extensions masquerading as AI assistants has infected over 300,000 users, stealing credentials, email content, and browsing data[^1]. The extensions, dubbed “AiFrame” by LayerX researchers, share common infrastructure under the domain tapnetic[.]pro and use iframes to load remote content rather than implementing actual AI functionality[^1].
Parrot OS, a Debian-based Linux distribution for ethical hackers and cybersecurity professionals, has released version 7.1 less than two months after the major 7.0 launch. This is the first maintenance update in the 7.x series.
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
The exposed Elasticsearch cluster, which contained over 160 indices, held billions of primarily Chinese records, ranging from national citizen ID numbers to various business records. The massive leak is among the largest single Elasticsearch exposures ever recorded.
The search results reveal an intensifying landscape of state-sponsored cyber espionage campaigns in 2024-2026, with three major threat actors emerging:
A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.
We are glad to announce Vulnerability-Lookup 3.0.0. Our second release of 2026 is a major milestone, featuring GCVE-BCP-07 support.
Now, every Vulnerability-Lookup instance can publish its own KEV catalog while integrating KEV feeds from CISA and ENISA.
Set up a framework to fully man-in-the-middle my own browsers’ networking and see what they’re up to beyond just looking at their DNS queries and encrypted tcp packets. We force the browser to trust our mitmproxy cacert so we can peek inside cleartext traffic and made it conveniently reproducible and extensible.
Nord.pub
Deebster
shellsharks
Kissaki
sv1sjp
Kissaki
not_IO
