• Open

    Court documents reveal how Anthropic AI ethics sparked government clash
    Newly released court documents detail a significant legal and ethical confrontation between Anthropic and the Pentagon regarding the military application of the Claude AI model. The dispute originated when Anthropic attempted to impose strict guardrails prohibiting its technology from being used for domestic surveillance or fully autonomous lethal weapons systems. Defense Department officials rejected these limitations, asserting that the military requires total flexibility to utilize artificial intelligence for all lawful national security operations. Source  ( 21 min )
    Anthropic introduces granular spend controls and analytics for Claude Enterprise
    Anthropic has launched enhanced administrative tools for Claude Enterprise to manage the high token consumption associated with agentic workflows and coding tasks. Administrators can now access a detailed analytics dashboard that tracks costs and usage by individual users or SCIM-managed groups. These insights include specific metrics for Claude Code, such as session counts and estimated productivity value, to help justify AI investments. Source  ( 21 min )
    SpaceX acquisition of Cursor raises questions about model neutrality in AI coding
    SpaceX has reached an agreement to acquire Cursor, a prominent AI-powered code editor, for $60 billion. Cursor is widely used by developers because it allows them to toggle between various large language models from providers like OpenAI and Anthropic. The acquisition provides Cursor with massive computing resources for internal model training while giving Elon Musk a dominant tool in the developer ecosystem. Source  ( 21 min )
    Anthropic enters preliminary talks with Samsung to develop custom AI chips
    Anthropic has initiated preliminary discussions with Samsung Electronics to explore the development and manufacturing of custom AI chips. The collaboration would reportedly leverage Samsung’s 2-nanometer process technology and advanced chip packaging capabilities to improve performance. To support this initiative, Anthropic recently expanded its engineering team by hiring Clive Chan, a former chip developer from OpenAI. Source  ( 21 min )
    Cisco Live Protect uses eBPF to shield Nexus switches without reboots
    Cisco has introduced Live Protect for its Nexus infrastructure to address the critical "patching gap" that occurs between vulnerability discovery and software updates. This new feature allows data center operators to deploy real-time shields that mitigate specific security risks without requiring system reboots or scheduled downtime. By providing immediate protection against zero-day exploits, the solution helps maintain operational uptime while security teams prepare permanent software fixes. Source  ( 21 min )
    Anthropic slashes Claude Code system prompt to boost model performance
    Anthropic has reduced the system prompt for its Claude Code tool by 80 percent to improve efficiency. The developer team discovered that the latest Fable 5 models perform better when provided with fewer explicit instructions and examples. This shift suggests that modern large language models are becoming more capable of interpreting intent without rigid guidance. Source  ( 21 min )
    Microsoft Purview unifies insider risk alerts and user context for faster triage
    Microsoft has introduced a unified alert experience for Purview Insider Risk Management to streamline how security teams investigate potential internal threats. This update consolidates classic alerts and agent-generated insights into a single queue, eliminating the need to toggle between different views. Analysts can now preview AI-generated summaries and user details directly from the primary list to prioritize high-risk activities more effectively. Source  ( 21 min )
    Apple explores Chinese memory chips to mitigate global supply shortages
    Apple is reportedly negotiating with Chinese semiconductor manufacturers ChangXin Memory Technologies and Yangtze Memory Technologies to secure a stable supply of memory chips. This move aims to counter a worsening global supply crunch driven by the rapid growth of artificial intelligence technologies. While these Chinese firms are currently on a Pentagon blacklist, Apple is seeking to navigate political hurdles to integrate their components into its hardware ecosystem. Source  ( 21 min )
    Microsoft launches Frontier Company to embed AI engineers at enterprise sites
    Microsoft is establishing a new business unit called Microsoft Frontier Company to accelerate the adoption of generative AI within enterprise environments. Backed by a $2.5 billion investment, the organization will deploy 6,000 industry experts and engineers directly into customer operations to co-design and manage custom AI systems. This initiative represents a formal shift toward "forward-deployed engineering," where technical staff work on-site to ensure AI tools deliver measurable business outcomes rather than remaining as experimental pilots. Source  ( 21 min )
    SAP bets on AI without cutting jobs
    European software giant SAP is restructuring its workforce to prioritize the management and mentoring of AI agents rather than traditional coding tasks. While the company previously cut nearly 10,000 positions, executives now aim to maintain headcount by shifting employees toward creative and customer-facing roles. This strategy focuses on "forward-deployed engineers" who utilize automation to handle routine software testing and development. Source  ( 21 min )
    Cloudflare to block AI training crawlers by default on ad-supported sites
    Cloudflare has announced a significant policy shift that will block "mixed-use" web crawlers from ad-supported pages by default starting September 15, 2026. This change targets bots that combine traditional search indexing with AI training or agentic functions, forcing providers to separate these activities. The update applies to all new Cloudflare customers, new sites from existing customers, and all users on the Free service tier. Source  ( 21 min )
    US government got hacked
    The Department of Homeland Security is investigating a significant breach of its Homeland Security Information Network (HSIN). This platform serves as a critical hub for federal, state, and local agencies to coordinate emergency responses and share sensitive intelligence. The unauthorized access reportedly occurred between late May and early June, potentially compromising data used for major event planning. Source  ( 21 min )
    Amazon Leo reaches satellite threshold for initial broadband service
    Amazon has successfully deployed 396 satellites into low-Earth orbit, reaching the minimum threshold required to begin initial broadband operations. This milestone follows a recent launch of 29 additional units, positioning the company to meet its commercial rollout target for mid-2026. While the current constellation is small compared to established rivals, it provides enough density to support continuous connectivity across specific geographic latitudes. Source  ( 21 min )
    Anthropic brings Claude AI agents to Microsoft Teams and Azure Foundry
    Anthropic is expanding its enterprise presence by integrating Claude AI agents directly into the Microsoft ecosystem. While a native "Claude Tag" feature currently allows Slack users to mention the assistant in shared channels, Microsoft Teams users can now access similar capabilities through a dedicated Microsoft 365 connector. This integration allows the AI to reason over organizational data stored in Teams conversations, SharePoint, and OneDrive without requiring manual file uploads. Source  ( 21 min )
    Autonomous AI agent JADEPUFFER automates end-to-end database ransomware attack
    A newly discovered threat actor named JADEPUFFER has conducted what researchers believe is the first fully autonomous ransomware attack driven by an AI agent. The operation exploited CVE-2025-3248, a remote code execution vulnerability in Langflow, an open-source framework used to design large language model workflows. Once inside the environment, the AI agent performed reconnaissance, harvested cloud and API credentials, and established persistence without human intervention. Source  ( 21 min )
    Google tests camera-based hand gesture reCAPTCHA to verify human users
    Google is testing a new reCAPTCHA verification method that requires users to perform hand gestures in front of their webcams. The system utilizes machine learning to map 21 specific coordinates on the hand, including finger joints and palm geometry, to ensure a live person is present. This experimental feature is designed to combat automated fraud such as credential stuffing and bulk account creation by implementing liveness detection. Source  ( 21 min )
    Microsoft enhances Excel with multi-agent Copilot web research capabilities
    Microsoft is upgrading Copilot in Excel with a multi-agent search system designed to handle complex web research directly within the spreadsheet interface. This new architecture replaces the previous single-query method with a coordinated team of sub-agents that investigate different facets of a prompt simultaneously. The system aims to transform Excel from a simple data grid into a sophisticated research surface for business decision-making. Source  ( 21 min )
    Microsoft restores missing Copilot buttons in classic Outlook for Windows
    Microsoft has resolved a service-side bug that caused Copilot Chat buttons to disappear from the classic Outlook for Windows client. The issue primarily affected users with Copilot Chat (Basic) licenses, removing icons from the side navigation bar and the area above the ribbon. While the buttons were missing in the desktop application, the AI service remained fully functional through Outlook on the web and standalone mobile apps. Source  ( 21 min )
    Google Chrome terminates Manifest V2 support in version 150
    Google Chrome version 150 has officially removed support for Manifest V2 extensions, effectively disabling older ad blockers and tools. While initial expectations suggested this change would arrive with version 151, the transition occurred earlier than anticipated. This shift forces users to adopt Manifest V3 alternatives or seek different browser platforms to maintain specific extension functionalities. Source  ( 21 min )
    Microsoft sets October 2026 support deadline for Windows 11 24H2 consumer editions
    Microsoft has announced that Windows 11 version 24H2 Home and Pro editions will reach the end of servicing on October 13, 2026. After this date, these specific versions will no longer receive monthly security updates, technical support, or fixes for known issues. Systems running these editions must transition to a newer release to remain protected against emerging security threats. Source  ( 21 min )
  • Open

    Knossos: Procedurally Generated Decoy Environments
    How we built a procedural engine that learns your real cloud environment, generates decoy environments indistinguishable from production, and converts every attacker interaction into signal. In the myth, Daedalus built the Labyrinth of Knossos so well that he nearly couldn’t escape it himself. The corridors looked real. The paths felt purposeful. And the deeper you […] The post Knossos: Procedurally Generated Decoy Environments appeared first on Praetorian.  ( 17 min )
  • Open

    It’s 37oC, And All We Can Think About Is ColdFusion (Adobe ColdFusion Security Bulletin APSB26-68 CVE Bonanza)
    We’re back, melting - we’ve tried shouting, screaming, and throwing things at the Sun, and it is just not working. Before we begin our analysis, we want to be clear - given the number of vulnerabilities fixed (and some not mentioned..), we’ve struggled to have confidence  ( 8 min )
  • Open

    Context Engineering | Compaction & Agent Memory for Automated Malware Analysis
    Compaction cut input tokens 86% across long-running agent evals with no quality loss. Context discipline matters as much as model selection.  ( 28 min )
  • Open

    Context Engineering | Compaction & Agent Memory for Automated Malware Analysis
    Compaction cut input tokens 86% across long-running agent evals with no quality loss. Context discipline matters as much as model selection.  ( 28 min )
  • Open

    On Favicons: From Browser Icons to Attack Surface Intelligence
    Favicons are small, static, and rarely changed, which makes them a surprisingly durable fingerprint for identifying software across the internet. Bishop Fox built an AI-assisted pipeline to hash and enrich them at scale, and this post shares the methodology, the dataset, and why it matters.  ( 19 min )
  • Open

    Build AI Security Agents with Wiz MCP
    Power AI-driven security with trusted security context, Wiz AI Agents, and Wiz AI Skills.  ( 56 min )
    Breaking Down the White House’s Actions on Post-Quantum Cryptography Readiness
    The U.S. Federal Migration to PQC Just Got Real  ( 64 min )
  • Open

    Inside Elastic InfoSec's agentic SOC: cutting alert triage from 30 minutes to under 3
    Elastic's InfoSec team built AI agents on Elastic Workflows that investigate every alert and assemble the case before an analyst ever opens it.  ( 45 min )
  • Open

    Malware and cryptography 45 - Shamir Secret Sharing. Simple C example.
    ﷽  ( 15 min )

  • Open

    Microsoft Security June 2026: new features and record Patch Tuesday
    Microsoft's June 2026 security updates introduce several new capabilities across its security portfolio, including AI-driven vulnerability scanning, endpoint protection for local AI agents, identity backup and recovery, and expanded multicloud coverage. The month also brought the largest Patch Tuesday release on record, with over 200 vulnerabilities patched. This article evaluates the technical features, requirements, and limitations of these updates from an administrator's perspective. Source  ( 28 min )
    Microsoft intervenes in EU court to defend transatlantic data transfer framework
    Microsoft has formally intervened in the Latombe v. Commission case before the Court of Justice of the European Union to defend the EU-U.S. Data Privacy Framework. This legal arrangement allows certified American companies to receive personal data from the European Union while adhering to GDPR adequacy standards. The company argues that the framework is essential for maintaining the legal stability of transatlantic data flows that power modern cloud services. Source  ( 21 min )
    Apple Hide My Email vulnerability exposes real user addresses
    A critical vulnerability in Apple’s Hide My Email service reportedly allows attackers to uncover the real email addresses associated with generated aliases. Discovered by security researcher Tyler Murphy, the flaw was responsibly reported to Apple over a year ago but remains unpatched despite multiple follow-ups. Independent testing by 404 Media successfully verified the exploit, confirming that a hidden iCloud address could be linked to a user's primary identity in minutes. Source  ( 21 min )
    GitHub Copilot CLI introduces intelligent task routing with HyDRA
    GitHub has updated the Copilot Command Line Interface (CLI) to include an automatic model selection feature that routes tasks to the most appropriate AI model. This system, powered by an internal router called HyDRA, analyzes task complexity, reasoning depth, and tool orchestration requirements to determine the optimal model for each request. The automation aims to provide a high-quality experience while maintaining reliability by monitoring real-time model health and availability signals. Source  ( 21 min )
    Visual Studio Code agents gain autonomous browser automation and testing tools
    Visual Studio Code has introduced generally available browser tools that allow GitHub Copilot agents to autonomously build and verify web applications. These agents can now perform complex browser actions such as navigating pages, clicking elements, and handling dialogs to validate their own code. By capturing console errors and screenshots, the AI identifies functional bugs and implements fixes without manual developer intervention. Source  ( 21 min )
    Adobe issues emergency patches for seven maximum severity vulnerabilities
    Adobe has released critical security updates to address seven vulnerabilities with a perfect CVSS score of 10.0. These flaws primarily affect ColdFusion 2023 and 2025, as well as the Campaign Classic marketing platform. The vulnerabilities stem from improper input validation, unrestricted file uploads, and incorrect authorization mechanisms. Source  ( 21 min )
    Microsoft overhauls Windows 11 Start menu with modular layouts and JSON controls
    Microsoft is completing the rollout of a redesigned Start menu for Windows 11 versions 24H2 and 25H2, introducing a more flexible, modular interface. The update features a scrollable single-page layout, a category view for all applications, and the ability to hide the recommended content section entirely. These changes are powered by a fundamental shift in how the UI is rendered, decoupling various sections into toggleable modules to improve user customization. Source  ( 21 min )
    VirtualBox 7.2.12 resolves host kernel panics and improves Windows DX11 performance
    Oracle has released VirtualBox 7.2.12, a maintenance update addressing a critical stability flaw affecting Linux hosts. The most significant fix resolves a bug that caused full kernel freezes on Arch Linux when attempting to start a virtual machine. This issue previously required a hard hardware reset because the system would stop responding before any diagnostic information could be logged. Source  ( 21 min )
    Microsoft Teams adds AI calling agents and enhanced file discovery in June update
    Microsoft has introduced several AI-driven features to Teams, including new calling agents that can conversationally route department calls or schedule appointments. A new brand impersonation protection system now detects and warns users when a caller may be posing as a trusted entity like a bank or IT help desk. Additionally, a new administrative policy for meetings helps identify potential bots and automatically routes them to the lobby for organizer approval. Source  ( 21 min )
    Microsoft on AI benchmark hacking
    Public AI benchmarks like SWE-bench often fail to predict how coding agents will perform within specific corporate environments. While a model may achieve high scores on open-source tasks, these evaluations do not account for proprietary SDKs, internal architectural patterns, or complex workspace extensions. Consequently, a top-tier leaderboard ranking does not guarantee that an agent can successfully navigate a team's unique codebase or follow internal coding conventions. Source  ( 21 min )
    Claude Sonnet 5 now available on Amazon Bedrock and the Claude Platform on AWS
    Anthropic has released Claude Sonnet 5, a next-generation model designed to deliver high-tier intelligence at mid-range pricing. The model is now available on Amazon Bedrock and the Claude Platform on AWS, allowing for integration within existing cloud environments. It features a 1-million-token context window and supports selectable reasoning effort levels to balance performance and cost. Source  ( 21 min )
    Anthropic: Automating developer workflows with Claude Code agentic loops
    Claude Code has introduced agentic loops to transform manual prompting into autonomous, repetitive workflows that continue until a specific stop condition is met. These loops allow the model to gather context, execute actions, and verify results through structured patterns like turn-based, goal-based, and time-based execution. By utilizing these patterns, teams can automate complex tasks such as UI verification, regression testing, and continuous integration fixes without constant human oversight. Source  ( 21 min )
    Organizations struggle with shadow AI visibility and data leakage risks
    Recent industry reports indicate a significant visibility gap regarding how employees utilize artificial intelligence tools within the enterprise. While many managers believe they have full oversight, nearly half of organizations admit they cannot track unsanctioned shadow AI or personal accounts used for work tasks. This lack of transparency is particularly concerning as sensitive data exposure through public large language models has become a widespread issue. Source  ( 21 min )
    OpenAI software optimizations slash model inference costs by half
    OpenAI engineers have reportedly developed software-based optimizations that reduce the cost of running existing AI models by more than 50 percent. These improvements were demonstrated by serving guest ChatGPT users during peak periods using only a few hundred Nvidia GPUs. While the specific technical methods remain undisclosed, the industry typically achieves such gains through quantization, request batching, and intelligent model routing. Source  ( 21 min )
    Claude Sonnet 5 brings enhanced coding performance to GitHub Copilot
    GitHub has announced the general availability of Anthropic’s Claude Sonnet 5 model within the GitHub Copilot ecosystem. This new model is designed to handle complex coding scenarios and agentic workflows across various development environments. Internal testing indicates that the model excels particularly in command-line interface tasks and maintains low latency during high-demand operations. Source  ( 20 min )
    Claude Sonnet 5 hidden costs offset performance gains over predecessor
    Anthropic has launched Claude Sonnet 5, a mid-tier model designed to deliver performance levels approaching the flagship Opus 4.8. While the model excels at multi-step agentic tasks and coding, independent evaluations show it ranks fifth overall in general intelligence benchmarks. It introduces an "adaptive thinking" mode by default, which allows the model to handle complex automation workflows that previously required more expensive tiers. Source  ( 21 min )
    Computex 2026 reveals a split market between budget laptops and AI superchips
    The laptop market at Computex 2026 has diverged into two distinct tiers focused on affordability and local AI performance. Apple’s MacBook Neo has spurred a wave of competitive budget Windows devices, including the $599 Dell XPS 13 and Acer’s Swift Air 14. These entry-level machines prioritize thin-and-light designs and long battery life but are often limited to 8GB of RAM due to high memory costs. Source  ( 21 min )
    Anthropic removes covert user tracking logic from Claude Code CLI tool
    Anthropic is rolling back a hidden tracking mechanism in its Claude Code command-line interface tool after developers discovered it was secretly flagging users. The feature targeted users connecting through Chinese proxies or those with system timezones set to specific Chinese regions. This discovery raised significant privacy concerns because the tool operates with extensive filesystem and shell permissions on local systems. Source  ( 21 min )
    Microsoft Teams adds AI calling agents and automated bot governance
    Microsoft Teams has introduced new AI-driven calling agents designed to handle departmental inquiries and appointment scheduling through conversational interfaces. These agents integrate with Microsoft Copilot Studio to facilitate specialized tasks, such as processing customer bill payments directly within a call. To improve security, the platform now includes brand impersonation protection that alerts users when a caller may be posing as a trusted organization like a bank or help desk. Source  ( 21 min )
    Intel updates wireless drivers to enhance 6GHz performance and stability
    Intel has released version 24.50.0 of its Wi-Fi and Bluetooth drivers to improve wireless connectivity on Windows 10 and 11. This update introduces support for the new Intel Wi-Fi 6 AX231 adapter while maintaining compatibility with a broad range of Wi-Fi 7, 6E, and legacy AC hardware. The release is part of a collaborative effort with Microsoft to optimize the Windows ecosystem through better driver quality and performance. Source  ( 21 min )
  • Open

    PamStealer: a Rust-based macOS infostealer that validates credentials through PAM
    Jamf Threat Labs investigates PamStealer, a macOS infostealer disguised as the legitimate Maccy clipboard manager that uses a two-stage attack chain to silently harvest data and clipboard contents while evading detection.  ( 17 min )
  • Open

    The Road to Post-Quantum Readiness Part 2 of 2: The Migration Playbook
    Post-Quantum Cryptography is no longer just about understanding the threat. The real challenge now is migration: deciding where to start, how to reduce risk early, and why waiting for vendors is not a strategy. Part 2 outlines a practical, risk-driven playbook to help organizations take ownership of their quantum-readiness journey and turn urgency into action.  ( 20 min )
  • Open

    The June 2026 Apple Security Update Review
    We’re back with our look at the Apple macOS and iOS security updates. As this is a new feature for us, please let us know your feedback on the blog. For Jun 2026, Apple released 37 unique CVEs across iOS 26.5.2 / iPadOS 26.5.2, macOS Tahoe 26.5.2, Safari 26.5.2. Since Apple doesn’t provide CVSS scores or other severity information, we’re left to speculate on which of these bugs is the most severe. The overwhelming majority (31 of 37) are WebKit/WebRTC bugs reachable through malicious web content. Most of those are crash/DoS bugs rather than code execution, so the real risk lives in the small set of kernel bugs and the handful of WebKit sandbox escapes. However, there are a couple that stand out. -    CVE-2026-43724 (Kernel) – According to Apple, “An app may be able to cause unexpected sys…
  • Open

    Overview of Content Published in June
    Here is an overview of content I published in June: Blog posts: Update: base64dump.py Version 0.0.30 SANS ISC Diary entries: Microsoft’s Coreutils for Windows Evil MSI Background: BASE64 Statistical Analysis YARA-X 1.18.0 and 1.19.0 Release  ( 11 min )

  • Open

    Microsoft has removed 119 malicious extensions from the Edge Add-ons store
    Microsoft has removed 119 malicious extensions from the Edge Add-ons store and suspended over 90 associated developer accounts. The campaign, dubbed StegoAd, utilized steganography to hide executable code within seemingly harmless image and font files like PNG, WebP, and WOFF2. These extensions reached up to 2.6 million installs by posing as legitimate tools such as ad blockers, VPNs, and translators. Source  ( 21 min )
    Cursor for iOS enables remote management of AI coding agents
    The AI-powered code editor Cursor has launched a native iOS application in public beta to facilitate mobile development workflows. This tool allows developers to initiate and manage AI agents that can perform coding tasks either on a local workstation or within isolated cloud environments. By providing a mobile interface for these agents, the platform aims to reduce the need for developers to remain physically present at their primary machines. Source  ( 21 min )
    Microsoft Intune June 2026: App auto-updates, privilege controls, and enrollment improvements
    Microsoft Intune's June 2026 service release introduces several features that affect application lifecycle management, privilege controls, and device enrollment. Enterprise Application Management (EAM) auto-updates reach general availability, a Vulnerability Remediation Agent enters public preview, Endpoint Privilege Management (EPM) gains support for shared devices and network configuration, and Apple Automated Device Enrollment receives a redesigned policy experience. This article covers the technical details, configuration requirements, and limitations of each feature. Source  ( 30 min )
    Open Memory Protocol enables cross-tool context sharing for AI agents
    The Open Memory Protocol (OMP) has launched as a vendor-neutral specification designed to provide a unified memory store for disparate AI tools. This system allows developers to maintain context and user preferences when switching between different platforms like Claude and ChatGPT. By using a shared-memory architecture, compatible clients can read and write to a single user-controlled server instead of maintaining isolated data silos. Source  ( 21 min )
    Anthropic launches Claude Sonnet 5 with enhanced agentic capabilities and safety
    Anthropic has released Claude Sonnet 5, a mid-tier model designed to deliver high-level performance at a lower price point than the premium Opus class. This new model emphasizes agentic capabilities, allowing it to autonomously plan, use tools like browsers and terminals, and execute multi-step tasks. It is currently available as the default model for Free and Pro users and can be accessed by developers via the API. Source  ( 21 min )
    Microsoft accelerates post-quantum cryptography transition for critical services
    Microsoft is accelerating its transition to post-quantum cryptography (PQC) due to rapid advancements in quantum computing that threaten current encryption standards. The company now aims to migrate its critical products and services to quantum-resistant algorithms by 2029 through its Quantum Safe Program. This shift addresses "harvest now, decrypt later" risks, where attackers collect encrypted data today to decrypt it once powerful quantum computers become available. Source  ( 21 min )
    Securing Microsoft 365 against rogue AI agents and identity threats
    Organizations are increasingly facing risks from rogue AI agents that bypass traditional security perimeters by masquerading as legitimate user identities. These autonomous systems can gain persistent background access through unmanaged user consent or by exploiting legacy authentication flows like device-code and Resource Owner Password Credentials. Because these agents often borrow first-party application IDs, they leave no distinct service principal footprint in Microsoft Entra, making them difficult to distinguish from standard user activity. Source  ( 21 min )
    Securing autonomous AI agents against model context protocol tool poisoning
    As enterprise AI matures, agents are transitioning from passive content summarization to autonomous execution using the Model Context Protocol (MCP). This shift introduces significant risks because agents can now plan multi-step tasks and trigger real-world actions across connected business systems. Unlike traditional chatbots, these agents operate with non-human identities and permissions, making their ability to execute API calls a primary target for exploitation. Source  ( 21 min )
    Microsoft reportedly ends budget Surface lines to focus on premium hardware
    Microsoft is reportedly discontinuing its budget-friendly Surface Go and Surface Laptop Go product lines. Sources indicate that the company has ceased manufacturing the Surface Go 4 and Surface Laptop Go 3 with no plans for future successors. This shift effectively removes the entry-level price points from Microsoft's flagship hardware portfolio. Source  ( 21 min )
    AMD introduces low power core type in Linux kernel for future Zen 6 processors
    AMD has submitted new Linux kernel patches that officially introduce a "Low Power" CPU core classification for its future heterogeneous processors. This new core type joins the existing Performance and Efficiency categories to help the operating system better manage diverse workloads. The patches enable the Linux kernel to identify these cores via specific CPUID functions, ensuring they are correctly recognized by the system's performance management infrastructure. Source  ( 21 min )
    AWS invests $1 billion in forward deployed engineering to accelerate AI adoption
    Amazon Web Services is launching a new Forward Deployed Engineering unit backed by a $1 billion investment to help customers implement artificial intelligence. This initiative involves embedding thousands of specialized engineers directly into enterprise operations to accelerate technical transformations. The primary goal is to bridge the gap between experimental AI concepts and production-grade systems within complex business environments. Source  ( 21 min )
    Meituan open-sources LongCat-2.0 AI model trained on domestic Chinese hardware
    Chinese food delivery giant Meituan has released LongCat-2.0, a large language model featuring 1.6 trillion parameters and a context window of one million tokens. The model is notable for being the first of its scale to complete both pre-training and inference entirely on domestic Chinese hardware. This development serves as a significant milestone for China’s goal of technological self-sufficiency amid ongoing U.S. export restrictions on high-end AI chips. Source  ( 21 min )
    Google releases high-speed image and video generation models for developers
    Google has introduced two new generative AI models designed for high-throughput workflows and rapid creative iteration. Nano Banana 2 Lite serves as a cost-efficient image generation model capable of producing visuals in approximately four seconds. Meanwhile, Gemini Omni Flash debuts as a preview model that enables video generation and conversational editing through natural language prompts. Source  ( 21 min )
    Apple accelerates security patching to counter AI-driven exploit development
    Apple has shifted its security strategy by releasing an unexpected out-of-band update to address over 30 vulnerabilities across its ecosystem. This move targets flaws in iOS, iPadOS, macOS, and Safari, including a high-severity use-after-free bug in the WebKit engine. The company indicated that this accelerated release schedule is a direct response to the decreasing time between vulnerability discovery and active exploitation. Source  ( 21 min )
    Windows 365 gains granular trust based controls for data redirection
    Microsoft has launched a public preview of context-based redirections for Windows 365 Enterprise and Flex environments. This feature replaces static allow or block rules with dynamic controls that evaluate the security posture of a session in real time. It aims to balance user productivity with data security by adjusting permissions based on the specific circumstances of a connection. Source  ( 21 min )
    AWS secures agentic AI workloads with WAF protection for Bedrock AgentCore
    AWS has announced the general availability of Web Application Firewall (WAF) protection for the Amazon Bedrock AgentCore Gateway. This integration allows organizations to secure agentic AI workloads against common web exploits and abusive traffic patterns. By applying security at the gateway layer, platform teams can ensure consistent protection as AI applications move into production environments. Source  ( 21 min )
    Microsoft to retire Store-based Office apps in favor of Click-to-Run installations
    Microsoft is ending support for the Microsoft Store installation type of Microsoft 365 Apps to streamline its deployment architecture. While feature updates for this specific version ceased in October 2025, critical security patches will only continue through December 2026. Users must migrate to the Click-to-Run installation type to ensure they remain protected and receive future cloud-based enhancements. Source  ( 21 min )
    Red Hat OpenShift consolidates VMs and containers to solve virtualization costs
    Red Hat is positioning OpenShift as a unified platform to manage legacy virtual machines, modern containers, and GPU-intensive AI workloads under a single operational model. This consolidation aims to eliminate the inefficiencies of maintaining separate management teams and security protocols for different infrastructure types. By using a universal abstraction layer, administrators can maintain operational consistency across private data centers, public clouds, and edge environments. Source  ( 21 min )
    Microsoft Teams introduces resizable small window for incoming calls
    Microsoft Teams has introduced a new setting that allows users to receive incoming calls in a compact, floating window instead of the traditional full-screen interface. This feature aims to reduce workflow disruptions by allowing users to maintain visibility of their active applications while managing an incoming call. The small window is fully resizable and can be positioned anywhere on the screen to suit the user's multitasking needs. Source  ( 21 min )
    Google Spanner evolves into a unified multi-model database for AI agents
    Google Cloud is repositioning Spanner as a unified data engine designed to eliminate the fragmentation common in generative AI architectures. The platform now integrates relational data, graph relationships, vector search, and full-text search into a single, globally distributed architecture. This consolidation allows AI agents to access structured history and semantic context simultaneously without the need for complex data pipelines. Source  ( 21 min )
    Anthropic releases self-hosted Claude apps gateway for enterprise control
    Anthropic has launched the Claude apps gateway, a self-hosted control plane designed to centralize management for Claude Code across major cloud platforms. This tool allows organizations using Amazon Bedrock, Google Cloud, or Microsoft Foundry to move away from individual developer credentials in favor of a unified deployment path. The gateway functions as a single stateless Linux container that integrates directly with existing infrastructure to streamline the onboarding and offboarding of engineering teams. Source  ( 21 min )
    Claude Opus 4.8 fast mode arrives in preview for GitHub Copilot
    GitHub has launched a preview of Claude Opus 4.8 in fast mode for its Copilot platform. This update prioritizes output speed while maintaining the high intelligence levels required for complex coding tasks. The enhanced responsiveness is specifically designed to improve interactive development and autonomous agentic workflows. Source  ( 21 min )
    Microsoft aligns .NET 8 and .NET 9 end of support for November 2026
    Microsoft has announced that both .NET 8 and .NET 9 will reach their end of support on November 10, 2026. This alignment occurs because .NET 9 is a Standard Term Support release, which now features an extended 24-month support window. After this deadline, these versions will no longer receive security patches, servicing updates, or technical assistance from Microsoft. Source  ( 21 min )
  • Open

    Anti-DDoS research part 3: SYN flood detection with handshake asymmetry. Simple C, Python examples.
    ﷽  ( 9 min )
  • Open

    CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)
    Well, well, well - once again, the cat has dragged us in and spat us out. Today, we find ourselves questioning the reality we sit within. Must it be so predictable, and why us? “But watchTowr, what do you mean?” Well, if you’re here, you likely fit  ( 14 min )
  • Open

    Update: base64dump.py Version 0.0.30
    This new version adds option –stats. For more details, take a look at SANS Internet Storm Center diary entry “Evil MSI Background: BASE64 Statistical Analysis“. base64dump_V0_0_30.zip (http)MD5: E54FFB4F618E47FAA724C9F16CF21E7ASHA256: 9475E4184790583265106CBA0FBD04546A7BF4B1B67A569F2B96D432E6F16E2D  ( 11 min )
  • Open

    Start Secure in the AI Era: Accelerating AI Threat Readiness with WizOS
    As the time from vulnerability discovery to exploitation shrinks, building with minimal, secured components is more important than ever. Here is how WizOS helps.  ( 57 min )
  • Open

    Train, triage, repeat: The AI agent changing how we fight phishing
    Learn how Red Canary engineered a super agent—blending ML, a rules engine, similarity, agentic AI, and LLMs—to classify phishing emails.  ( 28 min )
  • Open

    Shipping post-quantum cryptography to Python
    Post-quantum cryptography is now one pip-install away for the entire Python ecosystem. With funding from the Sovereign Tech Agency, we implemented support for ML-KEM, the NIST-standard key-establishment primitive, and ML-DSA, the NIST-standard digital-signature primitive, in pyca/cryptography. On June 22, 2026, the White House ordered the U.S. government to accelerate its transition to post-quantum cryptography. The order says large-scale quantum computers, especially in adversarial hands, will threaten widely used cryptographic systems, and that attackers may already be collecting encrypted data now so they can decrypt it later. It also sets concrete migration deadlines: high-value and high-impact federal systems must use post-quantum key establishment by December 31, 2030, and post-quant…  ( 4 min )
  • Open

    The Mac Malware of 2019
    Our annual report on all the Mac malware of the year - including samples for download, infection vectors, persistence mechanisms, payloads and more!  ( 41 min )
    Website Launch
    NSLog(@"Hello World"); objective-see.org is alive!  ( 42 min )
    Phoenix: RootPipe lives! ...even on OS X 10.10.3
    Exploiting RootPipe on OS X 10.10.3  ( 42 min )
    Dylib Hijack Scanner Released
    Announcing the release of DHS; a tool to help detect (dylib) hijackers  ( 42 min )
    CVE-2015-3673: Goodbye Rootpipe...(for now?)
    Details on bypassing Apple's original rootpipe patch  ( 42 min )
    More on, "Adware for OS X Distributes Trojans"
    A deeper dive into 'MacInstaller' and the adware it installs  ( 42 min )
    Reversing to Engineer: Learning to 'Secure' XPC from a Patch
    How reversing Apple's 'RootPipe' patch provided the means to secure TaskExplorer's XPC service  ( 42 min )
    Building HackingTeam's OS X Implant For Fun & Profit
    How to build HackingTeam's OS X implant in Xcode  ( 42 min )
    Kernel Debugging a Virtualized OS X El Capitan Image
    How to remotely kernel-debug a OS X 10.11 VM  ( 42 min )
    Monitoring Process Creation via the Kernel (Part I)
    Why BlockBlock needs a kext (hint: process monitoring), and how the kext was created  ( 42 min )
    Mac Malware of 2017
    Let's look at all the mac malware from 2017, for each - discussing their infection vector, persistence mechanism, features & goals.  ( 40 min )
    The Mac Malware of 2018
    Our annual report on all the Mac malware of the year - including samples for download, infection vectors, persistence mechanisms, payloads and more!  ( 26 min )
    Writing a Process Monitor with Apple's Endpoint Security Framework
    Learn how to leverage Apple's new Endpoint Security Framework to create a comprehensive (user-mode) Process Monitor for macOS 10.15!  ( 14 min )
    Monitoring Process Creation via the Kernel (Part III)
    Getting process creation notifcations from kernel-mode to user-mode, via the undocumented kev_msg_post function  ( 8 min )
    Monitoring Process Creation via the Kernel (Part II)
    Process monitoring via the KAuth Subsystem (and some limitations)  ( 5 min )
    HackingTeam Reborn; A Brief Analyis of the RCS Implant Installer
    HackingTeam using native OS X crypto to protect malware -neat! New blog w/ sample + decryptions/dumpings/detections  ( 5 min )
    Analyzing the Anti-Analysis Logic of an Adware Installer
    Dissecting string obfuscations, junk code insertions, and anti-debugging logic of InstallCore  ( 5 min )
    Analysis of an Intrusive Cross-Platform Adware; OSX/Pirrit
    In Objective-See's first guest blog post, Amit Serper presents his detailed analysis of OSX/Pirrit  ( 10 min )
    Towards Generic Ransomware Detection
    By monitoring file I/O events and detecting the rapid creation of encrypted files by untrusted processes, can ransomware be generically detected?  ( 26 min )
    Are you from the Mac App Store?
    How to verify that an application came from the official Mac App Store, via receipt validation  ( 7 min )
    Persisting via a Finder Sync
    Learn how a Finder Sync can 'extend' Finder.app and how this could be abused for persistence  ( 5 min )
    Forget the NSA, it's Shazam that's always listening!
    Does Shazam's Mac App keep recording even when you turn the app off? ...yes :/  ( 8 min )
    Click File, App Opens
    The 'Mac File Opener' adware is fairly normal, except for it how it persists via registered document handlers  ( 9 min )
    [0day] Bypassing Apple's System Integrity Protection
    Read how an attacker can bypass Apple's SIP, via the local OS upgrade process  ( 11 min )
    'Untranslocating' an App
    Apple's App Translocation broke several of my tools, but we can locally undo it to restore broken functionality!  ( 11 min )
    New Attack, Old Tricks
    A Word document targets Mac users with malicious macros and an open-source payload.  ( 4 min )
    Mac Malware of 2016
    Let's analyse the malware that appeared in 2016, discussing the infection vector, persistence mechanism, feature, and disinfection for each.  ( 12 min )
    Happy Birthday to Objective-See
    Today is our 2nd birthday! Let's look at our past, present, and future.  ( 2 min )
    From Italy With Love?
    Reverse-engineering a 'Russian' implant reveals HackingTeam's code!?  ( 9 min )
    Two Bugs, One Func(), part one
    The macOS kernel had an (intentional?) off-by-one bug that could trigger a kernel panic.  ( 13 min )
    Two Bugs, One Func(), part two
    Apple's 'fix' for a macOS kernel panic, fixes nothing and worse, introduces a new bug.  ( 13 min )
    HandBrake Hacked! OSX/Proton (re)Appears
    The website of a popular application was hacked, and the application trojaned with a new variant of osx/proton.  ( 3 min )
    Two Bugs, One Func(), part three
    Analyzing code within the macOS kernel audit subsystem uncovered an exploitable heap overflow.  ( 5 min )
    OSX/MacRansom; analyzing the latest ransomware to target macs
    Looks like somebody on the 'dark web' is offering 'Ransomware as a Service'...that's designed to infect Macs!  ( 6 min )
    OSX/Proton.B; a brief analysis, 6 miles up
    Analysis of OSX/Proton.B reveals some interesting tricks plus a command file that can be decrypted to reveal the malware's capabilities  ( 10 min )
    WTF is Mughthesec!? poking on a piece of undetected adware
    Some undetected adware named "Mughthesec" is infecting Macs...let's check it out!  ( 5 min )
    High Sierra's 'Secure Kernel Extension Loading' is Broken
    A new 'security' feature in macOS 10.13, is trivial to bypass.  ( 5 min )
    From the Top to the Bottom; Tracking down CVE-2017-7149
    High Sierra suffered from a nasty bug (CVE-2017-7149) that afforded local attackers access to the contents of encrypted APFS volumes.  ( 12 min )
    Why _blank_ Gets You Root
    Yet another a massive security flaw affects the latest version of macOS (High Sierra), allowing anybody to log into the root account with a blank, or password, of their choosing!  ( 7 min )
    All Your Docs Are Belong To Us
    Here, we reverse, then 'extend' a popular macOS anti-virus engine. With the creation of a new anti-virus signature, classified documents will be automatically detected!  ( 14 min )
    An Unpatched Kernel Bug
    On my flight to ShmooCon, I managed to panic my fully-patched MacBook. Here we analyze the kernel panic report, finding that Apple's AMDRadeonX4150 kext is responsible for the crash.  ( 7 min )
    Ay MaMi - Analyzing a New macOS DNS Hijacker
    OSX/MaMi (the first Mac malware of 2018) hijacks infected users' DNS settings and installs a malicious certificate into the System keychain, in order to give remote attackers 'access' to all network traffic  ( 9 min )
    Analyzing CrossRAT
    The EFF/Lookout discovered a cross-platform implant, named CrossRat with ties to nationstate operators. Here, we tear it apart; analyzing its persistence mechanisms, features, and network communications.  ( 13 min )
    Analyzing OSX/CreativeUpdater
    Recently, the popular MacUpdate website was subverted to distribute a new macOS cryptominer; OSX/CreativeUpdater.  ( 5 min )
    Tearing Apart the Undetected (OSX)Coldroot RAT
    I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systems  ( 12 min )
    A Surreptitious Cryptocurrency Miner in the Mac App Store?
    Turns out the innocuously named "Calendar 2" app, found on the official Mac App Store, was surreptitiously turning Mac into cryptocurrency miners!  ( 4 min )
    Who Moved My Pixels?!
    In this guest blog post my friend Mikhail Sosonkin reverses Apple's screencapture utility, discusses Mac malware that captures desktop images, and suggests methods for screen-capture detection!  ( 11 min )
    An Insecurity in Apple's Security Framework?
    Turns out that writing security tools is a great way to inadvertently uncover bugs in macOS. How about a crash in Apple's 'Security' framework ... that can't be good!?  ( 7 min )
    Breaking macOS Mojave (Beta)
    In macOS Mojave apps, to have to obtain user permission before using the Mac camera & microphone. We'll illustrate how this is trivial to bypass (at least in the current beta).  ( 4 min )
    When Disappearing Messages Don't Disappear
    Did you know on macOS, notifications are stored in a unencrypted database? Which means that even 'disappearing' messages from apps such as Signal - may not really disappear. Yikes!  ( 4 min )
    Cache Me Outside
    Are full paths and preview thumbnails for files even on encrypted containers and removable usb devices really persistently stored? ...yes :( Apple's 'QuickLook' cache is to blame.  ( 7 min )
    OSX.Dummy
    A new Mac malware targets the cryptocurrency community. In this post, we dive into the malware and illustrate how Objective-See's tools can generically thwart this new threat at every step of the way.
    [0day] Bypassing SIP via Sandboxing
    In this guest blog post @CodeColorist writes about a neat macOS vulnerability. Ironically, by abusing security mechanisms such as sandboxing, macOS can be coerced to load an untrusted library, into a SIP-entitled process!
    Block Blocking Login Items
    Apple recently updated the way login items are stored by the OS. In this post, we'll illustrate how to parse the (new) login item files to detect persistence
    Escaping the Microsoft Office Sandbox
    Imagine you've gained remote code execution on a Mac via a malicious Word document. Turns out, you're still stuck in a sandbox. However, via a faulty regex, you can escape and persist!  ( 5 min )
    A Remote iOS Bug
    Apple wrote code to appease the Chinese government ...it was buggy. In certain configurations, iOS devices were vulnerable a "emoji-related" flaw that could be triggered remotely!
    [0day] Synthetic Reality
    If you can programmatically generate synthetic mouse clicks, you can break macOS! Approving kernel extensions, dismissing privacy alerts, and much more more...  ( 8 min )
    Remote Mac Exploitation Via Custom URL Schemes
    The WINDSHIFT APT group is successfully infecting Macs with a novel infection mechanism. By abusing custom URL scheme handlers and minimal user interaction, Macs can be remotely compromised!  ( 8 min )
    [0day] Mojave's Sandbox is Leaky
    The macOS sandbox is seeks to prevent malicious applications from surreptitiously spy on unsuspecting users. Turns out, it's trivial to sidestep some of these protections, resulting in significant privacy implications!  ( 7 min )
    A Deceitful 'Doctor' in the Mac App Store
    A massively popular app from the official Mac App Store, surreptitiously steals your browsing history! By fully reversing the application, we can fully expose its functionality and rather shady capabilities.  ( 13 min )
    Word to Your Mac
    A malicious Word document targeting macOS users, was recently uncovered. Let's extract the embedded macros, decode an embedded downloader, and retrieve the 2nd-stage payload!  ( 4 min )
    Middle East Cyber-Espionage
    The APT group WindShift has been targeting Middle Eastern governments with Mac implants. Let's analyze their 1st-stage macOS implant: OSX.WindTail!  ( 7 min )
    Middle East Cyber-Espionage (part two)
    The APT group WindShift has been targeting Middle Eastern governments with Mac implants. Let's (continue to) analyze their 1st-stage macOS implant: OSX.WindTail!  ( 8 min )
    Mac Adware, à la Python
    Let's tear apart a persistent piece of adware, decompiling, decoding, and decompressing it's code to uncover its methods and capabilities.  ( 8 min )
    Death by vmmap
    A core Mojave utility is rather disastrously broken - causing a full-system lockup. Let's find out why!  ( 6 min )
    Rootpipe Reborn (Part I)
    In part one of a guest blog post, @CodeColorist writes about several neat macOS vulnerabilities.  ( 4 min )
    Rootpipe Reborn (Part II)
    @CodeColorist continues writing about bugs, such as CVE-2019-8521 and CVE-2019-8565 that provide a mechanism to elevate privileges to root on macOS.  ( 4 min )
    Burned by Fire(fox) (Part I)
    Recently, an attacker targeted (Mac) users via a Firefox 0day. In this first post, we triage and identify the malware (OSX.NetWire.A) utilized in this attack, identifying its methods of persistence, and more!  ( 6 min )
    "Objective by the Sea" v2.0
    After the success of #OBTS v1.0, we decided to go international and plan #OBTS v2.0 in Europe! In this blog post, we re-live the highlights (from Monaco!) of "Objective by the Sea" v2.0.  ( 3 min )
    Burned by Fire(fox) (Part II)
    Recently, an attacker targeted (Mac) users via a Firefox 0day. In this second post, we fully reverse OSX.NetWire.A, revealing (for the first time!), its inner workings and complex capabilities.  ( 12 min )
    Burned by Fire(fox) (Part III)
    Recently, an attacker targeted (Mac) users via a Firefox 0day. In this third post, we analyze a second backdoor used in the attack, detailing its persistence, capabilities, and ultimate identify it a new variant of the cross-platform Mokes malware!  ( 6 min )
    Getting Root with Benign AppStore Apps
    In this guest blog post, "Objective by the Sea" speaker, Csaba Fitzl writes about an interesting way to get root via Apps from the official Mac App Store!  ( 17 min )
    Writing a File Monitor with Apple's Endpoint Security Framework
    Learn how to leverage Apple's new Endpoint Security Framework to create a comprehensive (user-mode) File Monitor for macOS 10.15!  ( 10 min )
    Pass the AppleJeus
    A new macOS backdoor written by the infamous Lazarus APT group needs analyzing. Here, we examine it's infection vector, method of persistence, capabilities, and more!  ( 10 min )
    [0day] Abusing XLM Macros in SYLK Files
    A 0day logic flaw in Microsoft Excel leads to 'remote' code execution on macOS, via malicious macros.  ( 6 min )
    Lazarus Group Goes 'Fileless'
    The rather infamous APT group, "Lazarus", continues to evolve their macOS capabilities. Today, we tear apart their latest 1st-stage implant that supports remote download & in-memory execution of secondary payloads!  ( 8 min )
    Mass Surveillance, is an (un)Complicated Business
    A massively popular iOS application turns out to be a government spy tool! Here, we analyze the app; decrypting its binary and studying its network traffic.  ( 12 min )
    Weaponizing a Lazarus Group Implant
    The Lazarus group's latest implant/loader supports in-memory loading of 2nd-stage payloads. In this post we describe exactly how to repurposing this 1st-stage loader to execute *our* custom 'fileless' payloads!  ( 14 min )
    Sniffing Authentication References on macOS
    CVE-2017-7170 was a local priv-esc vulnerability that affected OSX/macOS for over a decade! Here (for the first time!), we dive into the technical details of finding the bug, the core flaw, and exploitation.  ( 10 min )
    The 'S' in Zoom, Stands for Security
    Today we uncover two (local) security flaws in Zoom's latest macOS client. First, a privilege escalation vulnerability, and second, a method to surreptitiously access a user's webcam and microphone (via Zoom).  ( 12 min )
    The Dacls RAT ...now on macOS!
    A sophisticated Lazarus Group implant has arrived on macOS. In this post, we deconstruct the Mac variant of a OSX.Dacls, detailing its install logic, persistence, and capabilities.  ( 11 min )

  • Open

    Microsoft reintroduces 8GB Surface models amid global memory shortage
    Microsoft has expanded its 2026 hardware lineup by introducing lower-cost configurations of the Surface Pro and Surface Laptop. These new models start at $849 and $949, respectively, featuring 8GB of RAM and 256GB of storage. This shift marks a reversal from earlier in the year when the company raised entry-level prices above $1,000 due to rising component costs. Source  ( 21 min )
    JetBrains Air brings agentic development environment to Windows
    JetBrains Air is now available for Windows on both x64 and ARM64 architectures, expanding beyond its initial macOS and Linux releases. This tool is categorized as an Agentic Development Environment (ADE), which prioritizes AI-driven workflows over the traditional text-editor focus of standard IDEs. The application utilizes a lightweight architecture originally developed for the Fleet project to provide a dedicated workspace for managing AI agents. Source  ( 21 min )
    Windows Admin Center 2606: new features and fixes
    Windows Admin Center is a locally deployed, browser-based management tool that provides a centralized GUI for managing Windows servers, clusters, and PCs. Windows Admin Center version 2606 is now generally available. This release applies exclusively to Administration Mode and does not update the separate Virtualization Mode preview branch. The changes focus on reliability, security hardening, accessibility, and targeted fixes in virtual machine management and software-defined networking. Two hardware partner companies made updates affecting three extensions. Source  ( 28 min )
    Microsoft extends rebootless hotpatching for Windows Server 2022 Azure Edition
    Microsoft has extended hotpatching support for Windows Server 2022 Datacenter: Azure Edition until October 2027. This extension provides an additional year of rebootless security updates beyond the operating system's mainstream support expiration in October 2026. The policy change specifically targets cloud-based workloads, leaving on-premises editions to follow the standard monthly reboot cycle. Source  ( 21 min )
    OpenAI and Work Louder to launch dedicated hardware for Codex shortcuts
    OpenAI has announced a July 15th release for a new hardware device designed to integrate with its Codex AI-powered coding tool. The teaser reveals a square-shaped mechanical macro pad featuring a 3x3 grid of buttons and side-mounted dials. This project is a collaboration with Work Louder, a manufacturer known for specialized mechanical keyboards and customizable input devices. Source  ( 21 min )
    Microsoft Teams enhances meeting security with intelligent bot detection and controls
    Microsoft Teams has introduced new administrative policies to better manage how external bots access online meetings. These tools address security and privacy risks associated with AI note-takers and automated assistants that may join calls due to misconfiguration. Administrators can now enforce a policy that automatically places detected bots into a virtual lobby for manual approval. Source  ( 21 min )
    Microsoft launches WSL containers to enable native Linux orchestration on Windows
    Microsoft has launched the public preview of WSL containers, a feature that allows Linux containers to run natively on Windows 11 without third-party tools like Docker Desktop. This integration introduces a new command-line interface called wslc.exe, which supports familiar container commands and includes a built-in alias for container.exe. Administrators can access this preview immediately by updating to the latest pre-release version of the Windows Subsystem for Linux via the terminal. Source  ( 21 min )
    Developers challenge Microsoft over short .NET long term support cycles
    Microsoft's annual release cycle for modern .NET is facing renewed criticism from developers who argue the three-year Long-Term Support (LTS) window is insufficient for enterprise environments. Under the current policy, even-numbered versions receive three years of maintenance, while odd-numbered versions are supported for only two years. This schedule often leaves organizations with just one year to complete migrations before a version reaches its end-of-life status. Source  ( 21 min )
    Technical leaders embrace AI agents for routine infrastructure and security tasks
    Technical experts are increasingly delegating predictable, high-volume tasks to AI agents to reduce operational toil. According to the 2026 Agent Confidence Index, confidence is highest for automated report generation, boilerplate code creation, and certificate expiration monitoring. These agents are now regularly trusted to handle real-time data stream monitoring and release note generation, allowing engineering teams to focus on more complex architectural challenges. Source  ( 21 min )
    Anthropic Claude models arrive on Azure via Nvidia Blackwell Ultra hardware
    Microsoft has announced the general availability of Anthropic’s Claude models within Azure AI Foundry, running natively on Nvidia’s GB300 Blackwell Ultra infrastructure. This deployment utilizes the GB300 NVL72 rack-scale system, which integrates 72 liquid-cooled GPUs and 36 Grace CPUs to handle intensive AI workloads. High-speed Quantum-X800 InfiniBand networking supports these models, enabling the creation of complex agentic systems that operate across different business domains. Source  ( 21 min )
    Microsoft sets final retirement date for SharePoint Online remote event receivers
    Microsoft has announced that all Remote Event Receivers (RERs) in SharePoint Online will officially stop functioning on July 1, 2027. This retirement marks the end of a transition period for developers who previously relied on the SharePoint Add-in model and Azure Access Control Services. While some receivers were granted a temporary extension via Microsoft Entra registration, this bridge will expire entirely on the specified date. Source  ( 21 min )
    Meta restricts rival AI coding tools to protect model training integrity
    Meta has implemented strict limitations on how its engineers use external AI coding assistants like Anthropic’s Claude Code and OpenAI’s Codex. The company aims to prevent the output of these rival models from inadvertently entering its own internal development pipelines and training datasets. This strategy is designed to avoid model distillation, a process where a smaller or newer model learns from the outputs of a more established competitor. Source  ( 21 min )
    US offers $10 million reward for Russian hackers targeting Signal and WhatsApp
    The U.S. State Department is offering a $10 million bounty for information on Russian-linked hacker groups UNC5792 and UNC4221. These actors, associated with the FSB and Russian military intelligence, have successfully compromised thousands of messaging accounts worldwide. The campaign specifically targets high-value individuals, including U.S. government officials, military personnel, NATO diplomats, and journalists covering the conflict in Ukraine. Source  ( 21 min )
    New macOS exploit abuses XPC trust caching to disable security tools
    Security researchers have identified a technique that allows attackers to disable enterprise protection tools on macOS without requiring administrative credentials or kernel exploits. The method targets Apple’s Inter-Process Communication framework, known as XPC, which manages communication between applications and privileged background services. By exploiting how macOS caches trust fingerprints for signed applications, an attacker can inject malicious payloads into a legitimate app bundle while maintaining its trusted status. Source  ( 21 min )
    OpenAI report maps automation risks and growth sectors across the European Union
    OpenAI has released a comprehensive analysis mapping how artificial intelligence will likely reshape employment across the 27 European Union member states. The report utilizes the European Skills, Competences, Qualifications and Occupations taxonomy to categorize jobs into four distinct transition archetypes based on automation and growth potential. Researchers found that while 14% of EU employment faces high near-term automation risk, approximately 12% of roles are expected to grow as AI makes new projects more viable. Source  ( 21 min )
    Microsoft Outlook to group rapid-fire email alerts to reduce notification fatigue
    Microsoft is introducing a notification grouping feature for the new Outlook for Windows and Outlook on the web to combat alert clutter. When multiple emails arrive within a few seconds, the system will collapse them into a single desktop banner rather than triggering individual alerts for every message. This update aims to reduce cognitive load and interruptions for users who frequently receive bursts of activity from fast-moving threads or automated services. Source  ( 21 min )
    Microsoft removes 119 Edge extensions hiding malware in images and fonts
    Microsoft has dismantled a sophisticated browser threat operation dubbed StegoAd that utilized 119 malicious extensions in the Edge Add-ons store. The campaign leveraged steganography to conceal malicious JavaScript within seemingly harmless PNG, WebP, and WOFF2 font files. These extensions remained dormant for three to five days after installation to bypass initial security screenings and avoid immediate user suspicion. Source  ( 21 min )
  • Open

    Accelerating EDR Evasion with LLM-Driven Analysis
    Over the years I have enjoyed disassembling and debugging endpoint detection and response (EDR) and antivirus (AV) engines. For as long as I can remember I’d have evenings where I’d throw on some music, boot a virtual machine with kernel debugging enabled, and spend time searching for different evasion methods. While a fun way to […] The post Accelerating EDR Evasion with LLM-Driven Analysis appeared first on SpecterOps.  ( 21 min )
    Jailbreaker: LLM Jailbreak Testing You Can Actually Repeat
    You may have read about our new GhostWorks initiative here at SpecterOps. As part of this effort, we continually trial different ways of evaluating and improving model behavior to better understand which techniques can be applied to our research. One of the things that has been winding me up about working with LLMs is how […] The post Jailbreaker: LLM Jailbreak Testing You Can Actually Repeat appeared first on SpecterOps.  ( 18 min )
  • Open

    Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)
    Welcome back to another watchTowr Labs blog post. This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping people out, and  ( 11 min )
  • Open

    Bridging the Visibility Gap: A Unified Security Operating Model for Hybrid Cloud Teams
    Move beyond chasing vulnerabilities to a unified hybrid risk strategy. The Sensor Workload Scanner is now GA and extends our risk prioritization engine to on-premise environments to identify the critical attack paths across your hybrid cloud.  ( 56 min )
    The Borderless Attack Surface: Securing Public Sector Hybrid Environments
    Aligning Modern CNAPP Telemetry with realistic risk assessments to drive agency efficiency through cross-team collaboration  ( 57 min )
    The Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline GraphQL API
    Part 2: How the Red Agent bypassed backend resolvers to expose an entire airline booking database in fifteen minutes  ( 57 min )
  • Open

    Malware analysis: part 10. Practical PE parsing. Simple python examples.
    ﷽  ( 5 min )

  • Open

    Chinese AI model maker Z.AI claims its GLM-5.2 model matches Mythos in automated vulnerability detection
    Chinese artificial intelligence companies are rapidly closing the gap with US-based models in the specialized field of cybersecurity. Zhipu AI recently released GLM-5.2, an open-weight model that researchers claim can match Anthropic’s Mythos in identifying software bugs and security flaws. While these Chinese models still trail in general reasoning tasks, their proficiency in detecting vulnerabilities has raised concerns regarding national security and the potential for automated cyberattacks. Source  ( 21 min )
    Microsoft Phone Link introduces manual remote PC locking for Android users
    Microsoft has integrated a new remote locking capability into the Phone Link application for Android devices. This feature allows users to secure their Windows PC with a single tap from their smartphone if they have left the workstation unlocked. The functionality is currently exclusive to Android and requires the latest versions of the app on both the mobile device and the computer. Source  ( 21 min )
    Coinbase slashes internal AI costs by 50 percent using prompt routing and caching
    Coinbase has successfully reduced its internal AI expenditures by half while simultaneously supporting an exponential increase in token usage. The company achieved these savings by implementing a strategy focused on infrastructure optimization rather than imposing restrictive usage caps on employees. By shifting away from expensive frontier models for routine tasks, the organization has demonstrated a sustainable path for enterprise AI adoption. Source  ( 21 min )
    Microsoft cancels AI-powered history search in Edge browser
    Microsoft has officially discontinued the development of its AI-powered history search feature for the Edge browser. This functionality was designed to allow users to find previously visited websites using synonyms, natural language phrases, or even typos. Although the feature was intended to improve navigation, it has been moved to the company's list of retired projects following a brief rollout period. Source  ( 20 min )
    Google Chrome Beta integrates Gemini AI to summarize PDF documents
    Google is introducing a new "Summarize" feature for PDF documents within the Chrome Beta browser. This integration utilizes the Gemini AI model directly inside the built-in PDF viewer to analyze document content. Users can trigger the process via a dedicated button that activates the Gemini side panel for immediate processing. Source  ( 21 min )
    Microsoft issues dynamic updates to improve Windows 11 setup and recovery
    Microsoft has released a new set of dynamic updates designed to enhance the setup and recovery processes for Windows 11. These releases include KB5102558, KB5095615, and KB5095186, targeting versions 24H2, 25H2, and 26H1. The updates specifically focus on improving the Windows Recovery Environment and the binaries used during feature update installations. Source  ( 21 min )
    AI coding agents vulnerable to stealthy malware execution via GitHub
    Security researchers have demonstrated a new attack method that tricks autonomous AI coding agents into executing malicious payloads from seemingly clean GitHub repositories. The technique exploits the agent's goal-oriented behavior, where it automatically attempts to resolve setup errors by running suggested initialization commands. Because the repository contains no actual exploit code, the malicious activity remains invisible to traditional static scanners and human reviewers. Source  ( 21 min )
    US government prepares to restore access to Anthropic Fable 5 and Mythos models
    The Trump administration is moving toward restoring access to Anthropic’s Fable 5 and Mythos 5 artificial intelligence models following a period of government-mandated restrictions. These high-performance models were previously taken offline or limited due to national security concerns regarding their advanced capabilities. Commerce Secretary Howard Lutnick indicated that Anthropic has made significant progress in addressing risks and establishing safety protocols with federal agencies. Source  ( 21 min )
  • Open

    Malware development trick 59: Function stomping (current process). Simple C example
    ﷽  ( 4 min )

  • Open

    The new AI benchmark is intelligence per dollar – Chinese open-source model Z.AI GLM 5.2 is closing the intelligence gap
    Enterprise interest is shifting from pure model performance on leaderboards towards the efficiency of 'intelligence per dollar'. Chinese open-source models like Z.AI’s GLM 5.2 are demonstrating frontier-level capabilities, particularly in agentic work, at a small fraction of the cost of closed American models. This economic shift allows organizations to prioritize cost-effective solutions for high-volume tasks while reserving expensive frontier models for critical decision-making or orchestration. Source  ( 22 min )
    OpenAI GPT 5.6 system card: model blocks end-to-end attacks
    OpenAI has introduced a new safety architecture for the GPT-5.6 family to mitigate risks associated with its flagship Sol model. The system utilizes activation classifiers that monitor generations in real-time to intervene when sensitive domains are triggered. These safeguards are designed to block unsafe outputs across cybersecurity and biological workflows before they can cause harm. Source  ( 21 min )
    Windows 11 beta build enhances smart card security for remote sessions
    Microsoft has introduced a new Windows 11 Insider Beta build that focuses on strengthening security for enterprise remote environments. Administrators can now configure Azure Virtual Desktop and Windows 365 sessions to disconnect automatically when a redirected smart card is removed. This update specifically applies to sessions using Microsoft Entra ID authentication to help organizations maintain strict compliance standards. Source  ( 21 min )
    Windows 11 build 29617 introduces unified updates to minimize system reboots
    Microsoft is testing a new unified update process in Windows 11 build 29617 to streamline the maintenance experience. This initiative coordinates driver, .NET, and firmware updates to align with the monthly cumulative quality update. The primary goal of this synchronization is to reduce the frequency of system restarts to just one reboot per month. Source  ( 21 min )
    Microsoft MAI-Code-1-Flash brings low-latency coding to Copilot enterprise plans
    Microsoft has released MAI-Code-1-Flash for general availability to GitHub Copilot Business and Enterprise customers. This first-party model is specifically designed for high-volume, iterative coding tasks that require low latency and high speed. It serves as a lightweight alternative to larger frontier models, prioritizing efficiency for repetitive agentic workflows. Source  ( 21 min )
    Russian intelligence hackers use social engineering to steal Signal backup keys
    Russian intelligence services are conducting a sophisticated phishing campaign to steal Signal Backup Recovery Keys from high-value targets. The FBI and CISA report that attackers impersonate official support accounts to trick users into enabling cloud backups and sharing their 30-digit recovery codes. This social engineering tactic bypasses end-to-end encryption by allowing hackers to restore a victim's entire message history onto an attacker-controlled device. Source  ( 21 min )
    The US government has restored access to Anthropic Mythos 5 for “trusted” companies
    The U.S. Department of Commerce has reached an agreement with Anthropic to partially restore access to its powerful Mythos 5 artificial intelligence model. This decision follows a two-week suspension triggered by national security concerns regarding the model's advanced capabilities. The government initially invoked export control authorities to block the system because it could potentially help actors identify and exploit software vulnerabilities. Source  ( 21 min )

  • Open

    Anthropic’s fear-based marketing drives AI power concentration
    The U.S. government has begun aggressively mandating staggered releases for frontier AI models, a move critics argue represents a "negative turning point" fueled by Anthropic’s fear-based marketing. This shift was cemented when OpenAI was forced to delay GPT-5.6, restricting its most capable "Sol" version to a government-preapproved list of elite partners rather than the general public. This regulatory capture is blamed on Anthropic CEO Dario Amodei, whose warnings about cybersecurity flaws and foreign "distillation attacks" successfully pressured the White House into implementing restrictive oversight. Source  ( 21 min )
    GitHub Copilot CLI: Tabbed layout, in-session MCP and plugin configuration, and accessibility improvements
    GitHub made the redesigned terminal interface for GitHub Copilot CLI generally available. The update introduces a tabbed layout, in-session configuration for tools such as MCP servers and plugins, and accessibility improvements, including screen reader support and theme modes. If you manage Windows workstations, the key points are installation, update method, admin control, and the limits of what this CLI can access compared with VS Code. Source  ( 28 min )
    OpenAI GPT-5.6 series rolled out to “trusted” companies
    OpenAI has launched a limited preview of its GPT-5.6 model family, introducing three distinct tiers named Sol, Terra, and Luna. The flagship Sol model features a "max reasoning" mode for deep problem-solving and an "ultra" mode that utilizes subagents to manage complex, multi-step projects. While Terra offers a balance of performance and cost, Luna is positioned as the fastest and most affordable option for high-volume workflows. Source  ( 21 min )
    OpenAI debuts GPT-5.6 series with advanced agentic reasoning and tiered pricing
    OpenAI has launched a limited preview of its GPT-5.6 model family, introducing three distinct tiers named Sol, Terra, and Luna. The flagship Sol model features a "max reasoning" mode for deep problem-solving and an "ultra" mode that utilizes subagents to manage complex, multi-step projects. While Terra offers a balance of performance and cost, Luna is positioned as the fastest and most affordable option for high-volume workflows. Source  ( 21 min )
    Takeaways from Big Technology’s AI summit
    Enterprise AI spending continues to accelerate as organizations apply the technology to increasingly complex and resource-intensive problems. Industry leaders note that while individual token costs may decrease, the total volume of tokens consumed per task is growing exponentially. This trend suggests that efficiency gains are currently being outpaced by the expanding appetite for sophisticated agentic workflows. Source  ( 21 min )
    Azure Developer CLI updates introduce tool management and agent development
    The Azure Developer CLI (azd) has introduced a new `azd tool` command group to manage development prerequisites like language SDKs, Docker, and the Bicep CLI. This feature allows for the discovery, installation, and upgrading of essential tools directly from the terminal to prevent template deployment failures. Additionally, a new cross-platform command runner called `azd exec` enables scripts to run with full environment context and Key Vault secret resolution. Source  ( 21 min )
    Microsoft rolls out revamped Windows Insider experience to retail builds
    Microsoft has begun a gradual rollout of the redesigned Windows Insider Program interface to retail versions of Windows 11. Users on standard retail builds will now see updated channel options within the Windows Update settings menu. This transition follows extensive testing within preview channels to ensure the new management interface is stable for general use. Source  ( 21 min )
    SAP North America president outlines the shift toward functional enterprise AI
    Enterprise leaders are moving past experimental AI phases toward large-scale implementation that delivers measurable business value. This transition involves shifting from theoretical bets to functional applications that transform core industry processes and operational competitiveness. Modern IT operating models are already evolving as organizations use these technologies to reduce the costs and risks associated with infrastructure modernization. Source  ( 21 min )
    Microsoft Teams introduces centralized Recap app for meeting recordings and AI summaries
    Microsoft Teams is launching a dedicated Recap app to centralize meeting recordings, transcripts, and summaries in a single searchable hub. This new interface addresses the difficulty of locating past meeting data by consolidating content from the previous 30 days. The application will be available on Windows, Mac, and web platforms, with mobile support expected to follow shortly after the initial release. Source  ( 21 min )
    Windows 11 experimental build introduces native taskbar resizing and layout controls
    Microsoft has released Windows 11 Insider Preview Build 26300.8758 to the Experimental channel, signaling a shift toward version 26H2. This update introduces a dedicated Taskbar Size setting within the personalization menu to simplify desktop scaling. Users can now adjust the height of the taskbar and the size of its icons through a native toggle rather than relying on registry hacks. Source  ( 21 min )
    Windows 11 preview builds introduce redesigned taskbar settings and security updates
    Microsoft has released new Windows 11 preview builds in the Insider program featuring a redesigned taskbar settings section. Build 26220.8754 introduces a dedicated Taskbar Size setting to simplify how users personalize their desktop interface. This update also includes refined transitions between different taskbar sizes to ensure a smoother visual experience during adjustments. Source  ( 20 min )
    OpenAI launches GPT-5.6 Sol under restricted government security framework
    OpenAI has introduced the GPT-5.6 model family, featuring the flagship Sol alongside the Terra and Luna variants. These models reportedly advance capabilities in software engineering, cybersecurity, and professional knowledge work. In a significant shift for the industry, the U.S. government has intervened to restrict the initial rollout to a small group of approved partners. Source  ( 21 min )
    Oracle introduces new MySQL governance model to boost community participation
    Oracle has announced a new governance framework for MySQL to increase transparency and accelerate innovation through deeper community involvement. The model introduces specific roles for participants, including contributors who provide code and documentation, and committers who oversee code quality and reviews. A new technical steering committee will provide strategic guidance, featuring representatives from major cloud providers like AWS and Google Cloud. Source  ( 21 min )
    European cloud providers warn of remote kill switch in Broadcom VMware software
    The Cloud Infrastructure Service Providers Europe (CISPE) has challenged Broadcom’s claims that VMware Cloud Foundation (VCF) can serve as a foundation for sovereign cloud infrastructure. CISPE argues that the proprietary nature of VCF creates a dangerous over-reliance on a foreign vendor that maintains unilateral control over the software. Because Broadcom is a US-based entity, its products remain subject to American export regulations and legal frameworks regardless of where the data centers are physically located. Source  ( 21 min )
    Amazon Q vulnerability allowed malicious Git repositories to steal cloud credentials
    A high-severity vulnerability in the Amazon Q Developer extension for Visual Studio Code allowed attackers to execute arbitrary code on a developer's workstation. The flaw, tracked as CVE-2026-12957, stemmed from the automatic loading of Model Context Protocol (MCP) configurations found within a repository's hidden directory. When a developer opened a booby-trapped project and activated the AI assistant, the extension executed commands defined in the configuration file without requesting user consent. Source  ( 21 min )
    MirrorCode benchmark reveals the high costs and limits of AI software engineering
    Epoch AI has introduced MirrorCode, a new benchmark designed to evaluate whether AI models can reconstruct entire software programs without seeing the original source code. This test requires models to recreate complex codebases based only on high-level descriptions and functional requirements. While current models show promise in smaller tasks, the benchmark highlights significant performance gaps when dealing with large-scale, intricate software architectures. Source  ( 21 min )
    Nationwide adopts VMware Cloud Foundation to power private cloud and AI goals
    Nationwide Building Society is expanding its partnership with Broadcom to implement VMware Cloud Foundation as the cornerstone of its new private cloud platform. This integrated solution combines compute, storage, networking, and security to help the organization build a custom, resilient infrastructure. The transition supports a broader digital transformation strategy aimed at delivering scalable services to millions of customers. Source  ( 21 min )
    Notion shuts down AI-powered Gmail client as users shift to autonomous agents
    Notion has announced the permanent shutdown of its AI-powered Gmail client, Notion Mail, effective September 22. This decision follows a significant shift in user behavior where more than half of the platform's users now manage their email workflows through autonomous agents. The company intends to pivot its development resources toward these agents rather than maintaining a traditional inbox interface. Source  ( 21 min )
    Managing conversational context in multi-agent AI systems
    Multi-agent systems decompose complex AI workloads into specialized, independently deployed agents that mirror microservice architectures. A significant challenge in these systems is maintaining conversational context across agent boundaries when services share no underlying infrastructure. The Agent-to-Agent (A2A) protocol provides a standard for this communication, utilizing context identifiers and structured message parts to manage task continuity. Source  ( 20 min )
    Italian antitrust authority investigates Microsoft over 365 price increases
    Italy's antitrust regulator has launched an investigation into Microsoft regarding potential unfair commercial practices. The probe focuses on recent price increases for Microsoft 365 subscriptions following the integration of new features. Authorities are examining whether the company provided adequate transparency during this transition. Source  ( 20 min )
    Microsoft and Commvault partner to integrate native cyber resilience into Azure
    Microsoft and Commvault have entered a multi-year partnership to integrate advanced data protection directly into the Azure ecosystem. This collaboration introduces Commvault’s resilience platform as a native independent software vendor service within the cloud environment. The initiative aims to simplify how organizations secure their digital assets against evolving cyber threats and system failures. Source  ( 20 min )
  • Open

    Time Travel Debugging with Codex
    Spoiler warning: this post discusses the FLARE-ON 12 `FlareAuthenticator` challenge and includes the recovered flag. Introduction Before getting into the technical details, this work was made possible through SpecterOps’ partnership with OpenAI’s through the Trusted Access for Cyber program. I also want to thank SpecterOps, my employer, for supporting this research and giving me time […] The post Time Travel Debugging with Codex appeared first on SpecterOps.  ( 16 min )
  • Open

    Considering Build vs. Buy for AI Pentesting? Top 5 Questions to Ask
    Boards and CIOs are pushing security teams to build internal AI pentesting tools, but is it worth it? This piece walks through the five questions security teams should ask when deciding between build vs buy for AI pentesting. The post Considering Build vs. Buy for AI Pentesting? Top 5 Questions to Ask appeared first on Synack.  ( 16 min )
  • Open

    MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension
    By automatically loading MCP servers from workspace files, Amazon Q enabled attackers to execute code and access sensitive cloud environments.  ( 58 min )
  • Open

    Anti-DDoS research part 2: Daubechies D4 wavelet for traffic anomaly detection. Simple C example.
    ﷽  ( 14 min )

  • Open

    Windows 11 25H2 forced installation
    Microsoft is automatically rolling out Windows 11 25H2 to all eligible unmanaged Home and Pro PCs, with no user approval required. The primary driver is the end of support for Windows 11 24H2 on October 13, 2026, after which those editions will no longer receive security updates. The rollout also prepares consumer devices for Windows 11 26H2, expected in fall 2026 on the same underlying platform. For devices already on 24H2, the upgrade is delivered as a small enablement package rather than a full OS reinstall. Managed enterprise devices are excluded from this automatic rollout. Source  ( 29 min )
    Managing Microsoft Defender Antivirus through PowerShell cmdlets
    Microsoft Defender Antivirus provides a robust set of PowerShell cmdlets for managing security features on Windows 10, Windows 11, and Windows Server 2016 or later. These commands allow for the configuration of next-generation protection features, including exploit protection and real-time monitoring. Administrators can use these tools to automate security tasks and ensure consistent protection across a fleet of devices. Source  ( 20 min )
    Apple reportedly skips M6 chips to fast-track M7 silicon to boost local AI performance
    Apple is reportedly planning to disrupt its traditional silicon release cycle to accelerate the development of high-performance processors. The company intends to launch the standard M6 chip this fall but will likely skip the Pro and Max variants of that generation. This strategic shift aims to bring the M7 architecture to market up to six months earlier than originally scheduled. Source  ( 21 min )
    Anthropic Claude gains momentum in the paid consumer AI market
    Anthropic's Claude is experiencing a significant surge in paid consumer subscriptions, challenging the market dominance of OpenAI's ChatGPT. Transaction data from millions of U.S. consumers indicates that Claude's revenue and paying user base grew by approximately 75% in early 2026. While the company was previously viewed as a developer-centric niche, it is now successfully attracting a broader audience of individual subscribers. Source  ( 21 min )
    Microsoft extends free Windows 10 security updates until October 2027
    Microsoft has quietly updated its documentation to extend the free Extended Security Updates program for Windows 10 consumers by one year. Personal devices enrolled in the program will now receive critical security patches until October 12, 2027. This change was disclosed via an editor's note on an official blog rather than through a formal press announcement. Source  ( 21 min )
    Salesforce launches Help Agent and Agentforce Commerce for autonomous customer service
    Salesforce has introduced Help Agent, a prepackaged solution built on the Agentforce platform designed for rapid deployment of autonomous customer service. This tool allows organizations to connect AI agents to company knowledge bases and communication channels like web, text, and voice within minutes. Unlike traditional chatbots, these agents utilize the Atlas Reasoning Engine to plan and execute multi-step workflows independently. Source  ( 21 min )
    Essential hardware tools and gadgets for system administrators under fifty dollars
    System administrators can find several affordable tools to streamline maintenance and deployment tasks without exceeding a fifty-dollar budget. A standout utility is the Rosewill M.2 SSD Cloner, which supports offline cloning and 20 Gbps USB-C speeds for rapid OS migrations. For physical hardware work, the HOTO 3.6V electric screwdriver provides variable torque suitable for stubborn factory screws, while magnetic mini flashlights assist when navigating dark server racks or PC interiors. Source  ( 21 min )
    SUSE and Openchip partner to develop sovereign European RISC-V accelerators
    SUSE and Openchip have announced a collaboration to develop a fully sovereign European IT infrastructure based on the RISC-V instruction set architecture. This partnership aims to address the lack of autonomous hardware options by combining Openchip’s upcoming silicon designs with SUSE’s established open-source software stack. By utilizing RISC-V, the initiative avoids the restrictive licensing fees and geopolitical dependencies associated with traditional x86 and Arm architectures. Source  ( 21 min )
    Microsoft Excel introduces reusable Copilot skills and financial data connectors
    Microsoft has introduced "Skills" to Copilot in Excel, allowing users to automate recurring processes through reusable instructions. These skills guide the AI through specific steps, applying consistent formatting, formulas, and structures to workbooks without requiring manual prompting each time. Users can create custom skills by saving Markdown files to OneDrive or utilize a library of prebuilt options provided by Microsoft and its partners. Source  ( 21 min )
    Anthropic accuses Alibaba of massive AI distillation attack
    Anthropic has formally accused Alibaba of conducting an industrial-scale campaign to illicitly extract capabilities from the Claude AI model. The San Francisco-based firm claims that operators linked to the Chinese tech giant utilized thousands of fraudulent accounts to perform nearly 29 million exchanges. This activity is described as the largest known instance of a distillation attack targeting Anthropic's proprietary technology. Source  ( 21 min )
    EU moves to designate AWS and Azure as cloud gatekeepers
    The European Commission has reached a preliminary conclusion to designate Amazon Web Services and Microsoft Azure as gatekeepers under the Digital Markets Act. Although these cloud providers do not meet the quantitative thresholds for designation, their vast user bases and market dominance have drawn regulatory scrutiny. If the designation becomes final, both companies will face strict obligations regarding interoperability, data access, and customer lock-in restrictions. Source  ( 21 min )
    Microsoft advances agentic cloud operations with Azure Copilot
    Microsoft is transitioning cloud management toward an agentic model where AI-powered agents continuously observe, reason, and assist with infrastructure tasks. This approach integrates observability, governance, and optimization into a system-driven loop guided by user intent and predefined policies. By automating the correlation of telemetry signals, these agents help teams move from detecting issues to remediation with minimal manual intervention. Source  ( 20 min )
    Big tech aims to ease AI workforce transition
    A new bipartisan nonprofit called Raise Us has launched with over $500 million to help American workers adapt to widespread artificial intelligence automation. Founded by former Commerce Secretary Gina Raimondo and former Indiana Governor Eric Holcomb, the group aims to combat potential catastrophic job losses through targeted education and training. The independent effort brings together tech competitors and major employers to establish pilot programs and incentives that help workers pivot to new careers. Source  ( 21 min )
    OpenAI: Agentic AI shifts workplace productivity from short chats to long-horizon tasks
    The transition from traditional chatbots to agentic AI marks a shift in knowledge work from brief interactions to the delegation of complex, long-horizon tasks. Unlike standard chatbots that provide immediate responses, AI agents can operate independently for hours, orchestrating tool calls and iterating through environments to achieve specific goals. This evolution allows the technology to function more like a digital team member capable of delivering outcomes rather than just answering questions. Source  ( 21 min )
    Apple increases Mac and iPad prices following global memory shortage
    Apple has officially increased prices across its MacBook and iPad product lines following a brief period of downtime for its online store. These adjustments come after CEO Tim Cook warned that rising costs for memory and storage components have become unavoidable for the company. The price hikes are being implemented immediately to offset the surging expenses associated with the rapid expansion of AI data centers. Source  ( 21 min )
    Amazon EC2 introduces AMI watermarks to track and restrict image provenance
    Amazon EC2 now allows administrators to embed custom identifiers called watermarks into private Amazon Machine Images to improve governance. These structured identifiers automatically propagate to any derived images, including those created through cross-region copies or from running instances. This persistent metadata ensures that the origin of an image remains traceable even after multiple iterations or sharing across different AWS accounts. Source  ( 21 min )
    OpenAI expands Daybreak initiative with GPT-5.5-Cyber to automate patch management
    OpenAI has significantly expanded its Daybreak cybersecurity initiative to transition from merely discovering software vulnerabilities to automating the entire remediation process. The program now integrates the full release of GPT-5.5-Cyber, an updated Codex Security plugin, and the Patch the Planet initiative for open-source software. This shift addresses a growing industry bottleneck where the speed of AI-driven flaw discovery has historically overwhelmed the manual capacity of developers to create and deploy fixes. Source  ( 21 min )
    Google Chrome introduces process isolation to block memory access on Windows
    Google is implementing a new security feature in Chrome 151 that utilizes Windows Access Control Lists to restrict external access to the browser's memory. This process isolation technique prevents third-party applications from reading sensitive data or injecting malicious code into active browser sessions. By tightening these permissions, the browser creates a more robust sandbox that limits the impact of potential software vulnerabilities. Source  ( 21 min )
    Microsoft adds Copilot Explain and instant deck refresh to PowerPoint Live
    Microsoft has introduced two new features for PowerPoint Live in Teams to improve real-time collaboration and presentation flow. The Refresh tool allows presenters to update their slides to the latest version with a single click without stopping the session. This ensures that any last-minute corrections or data updates are immediately visible to all participants without the need for resharing. Source  ( 21 min )
    Overcoming the closest-match trap when teaching AI agents proprietary code
    AI models often hallucinate when encountering proprietary SDKs or internal frameworks because they lack relevant training data. Instead of admitting ignorance, models default to the "closest match" from public data, such as mapping a custom authentication library to OAuth patterns. This behavior creates plausible but incorrect code that can be difficult for developers to spot during large-scale generations. Source  ( 21 min )
  • Open

    The State of Continuous Security Validation: An Early Look at the Data
    We’re sharing two headline numbers as an early look at our State of Continuous Security Validation report before the full analysis lands in July. Turns out 95% of security teams discover high or critical vulnerabilities outside their scheduled testing windows—proof that cadence alone is no longer a reliable measure of coverage. The post The State of Continuous Security Validation: An Early Look at the Data appeared first on Synack.  ( 15 min )
    Best AI Red Teaming Tools to Find AI Security Vulnerabilities in 2026
    TL;DR Every organization shipping GenAI features or LLM-powered applications has opened a new attack surface, and automated scanners alone don’t fully cover it. This guide compares the leading AI red teaming tools and managed services for 2026, from open-source frameworks to commercial platforms, across testing scope, validation depth, and best-fit use case. Synack leads the […] The post Best AI Red Teaming Tools to Find AI Security Vulnerabilities in 2026 appeared first on Synack.  ( 23 min )
    Cobalt.io Pricing: What Cobalt Costs in 2026 (vs Synack)
    TL;DR Cobalt.io runs a credit-based pricing model at roughly $1,800 per credit, with most enterprise buyers spending between $15,000 and $40,000 per year. This guide breaks down how the credit model works, what drives total cost beyond the headline number, and how Cobalt’s pricing and value compare directly against Synack at a similar annual budget. […] The post Cobalt.io Pricing: What Cobalt Costs in 2026 (vs Synack) appeared first on Synack.  ( 17 min )
    Pentera Pricing in 2026: Cost, Plans & What Companies Actually Pay
    TL;DR Pentera pricing starts at around $35,000 per year and typically runs $50,000 to $100,000 or more, depending on asset count, module selection, and validation frequency. The platform doesn’t publish list pricing, so this guide breaks down how the subscription model works across its three modules, what drives cost up, and where automated security validation […] The post Pentera Pricing in 2026: Cost, Plans & What Companies Actually Pay appeared first on Synack.  ( 19 min )
    HackerOne Pricing in 2026: Plans, Costs & What Companies Actually Pay
    TL;DR HackerOne doesn’t publish its pricing, but what companies actually pay ranges from around $15,000 to $150,000 or more per year, depending on program type, scope, and bounty budget, with a 5% fee added to every researcher payout. This guide breaks down real cost ranges by program type and company size, explains how the three-part […] The post HackerOne Pricing in 2026: Plans, Costs & What Companies Actually Pay appeared first on Synack.  ( 20 min )
    Best XBOW Alternatives in 2026: AI Pentesting Platforms Compared
    TL;DR XBOW proved that autonomous AI agents can find and exploit web app vulnerabilities quickly, but its scope stops at web apps and APIs, it runs on a point-in-time basis, and it carries no FedRAMP authorization. This comparison covers eight alternatives across autonomous AI, hybrid, and human-led models, judged on validation depth, coverage, continuity, compliance, […] The post Best XBOW Alternatives in 2026: AI Pentesting Platforms Compared appeared first on Synack.  ( 22 min )
    How Much Does a Pentest Cost? (2026 Pricing Guide)
    TL;DR Penetration testing costs in 2026 range from $5,000 to over $100,000, with most organizations spending between $10,000 and $30,000 per engagement and an all-types average of around $18,300. Scope, complexity, testing depth, tester seniority, compliance requirements, and what the quote actually includes all significantly affect that number. AI-assisted PTaaS models are changing the cost-per-coverage […] The post How Much Does a Pentest Cost? (2026 Pricing Guide) appeared first on Synack.  ( 22 min )
    Best Cobalt.io Alternatives in 2026: Features, Pricing & Use Cases Explained
    TL;DR Cobalt.io built its name on fast, self-serve, credit-based pentesting, but teams outgrow that model once they need continuous coverage, predictable pricing, AI-native automation, or FedRAMP authorization. This guide compares eight alternatives across testing model, validation depth, pricing, and compliance fit. Synack leads the list by pairing agentic AI with a vetted human red team […] The post Best Cobalt.io Alternatives in 2026: Features, Pricing & Use Cases Explained appeared first on Synack.  ( 20 min )
    Best Attack Surface Management Tools in 2026 (Top 10, Reviewed)
    TL;DR Most attack surface management tools solve only half the problem: they map what’s exposed and stop there, leaving security teams to guess which findings actually matter. This review ranks the top 10 ASM platforms for 2026 on discovery breadth, exploit validation, and how well each holds up inside a real security program. Synack leads […] The post Best Attack Surface Management Tools in 2026 (Top 10, Reviewed) appeared first on Synack.  ( 22 min )
  • Open

    Computer-Use and TOCTOU: What You Click Is Not What You Get!
    Last year, Jun Kokatsu disclosed an interesting vulnerability with ChatGPT Operator by exploiting a race condition. I was wondering if I could reproduce this attack chain, and this post describes the results of that research. I had this post drafted for months, and yesterday at the Real-world AI security conference I included a video demo of this attack in my talk and that reminded me that I should finally publish this.  ( 3 min )
  • Open

    Uncovering Hidden Attack Paths in Cloud Environments Using Runtime Signals
    Wiz now layers runtime signals into the Security Graph, exposing hidden attack paths to give security teams a complete picture of risk.  ( 56 min )
  • Open

    Anti-DDoS research part 1: detecting short traffic anomalies with Haar wavelets. Simple C example.
    ﷽  ( 10 min )

  • Open

    AI governance on Mac: a practical guide for IT and security teams
    See how Mac admins can bring AI governance to their fleet without blocking the tools their teams want to use.  ( 6 min )
    AI governance on Mac: a practical guide for IT and security teams
    See how Mac admins can bring AI governance to their fleet without blocking the tools their teams want to use.  ( 6 min )
  • Open

    Navigating the hidden costs and governance risks of Microsoft 365 E7
    Microsoft 365 E7, branded as the Frontier Suite, launched in May 2026 at $99 per user per month to consolidate high-end security and AI capabilities. This new tier bundles the existing E5 stack with Microsoft 365 Copilot, the Entra Suite for advanced identity governance, and Agent 365 for managing AI background workers. While the bundle offers a discount compared to individual SKUs, administrators must account for rising costs in lower tiers and the exclusion of compute expenses for building custom agents. Source  ( 21 min )
    Google integrates native computer use into Gemini 3.5 Flash with built-in safeguards
    Google has integrated a native computer-use tool directly into the Gemini 3.5 Flash model via the Gemini API. This feature allows the model to observe screens through screenshots and execute actions like clicking, typing, and navigating across various environments. It is designed to support automation for complex tasks such as continuous software testing and professional knowledge work on desktop, mobile, and browser platforms. Source  ( 21 min )
    Snowflake benchmark reveals GLM-5.2 rivals Claude Opus at lower costs
    Snowflake recently conducted a benchmark comparing the open model GLM-5.2 against Anthropic’s Claude Opus 4.7 using 103 data transformation tasks. The evaluation focused on the models' ability to generate code compatible with both DuckDB and the Snowflake data platform. While both models achieved nearly identical success rates after three attempts, Claude Opus maintained a lead in first-attempt accuracy. Source  ( 21 min )
    Microsoft integrates free AI teaching agents and study tools into Microsoft 365 Education
    Microsoft is expanding its Microsoft 365 Education suite by integrating several AI-powered features at no additional cost to existing institutional customers. These updates introduce Copilot Notebooks, which provide students with a workspace to ground AI responses in their own specific learning materials. The rollout also includes interactive study agents designed to offer students visual concept explanations and real-time feedback during practice sessions. Source  ( 21 min )
    Configure Windows 11 point-in-time restore
    Point-in-time restore is a built-in recovery feature in Windows 11, released as part of the June 23, 2026, optional update, KB5095093, for versions 24H2 and 25H2. It uses the Volume Shadow Copy Service (VSS) to capture full-system snapshots on a recurring schedule automatically. Enterprise editions support remote configuration via a Configuration Service Provider (CSP), a management interface that exposes Windows settings to mobile device management (MDM) tools such as Intune. This article covers how to enable, configure, and use the feature, as well as its key limitations. Source  ( 28 min )
    Commvault integrates cyber resilience tools as native services within Microsoft Azure
    Commvault and Microsoft have established a multiyear partnership to integrate data security and cyber recovery technology directly into the Azure cloud platform. This collaboration allows Azure customers to provision and deploy resilience tools as native services without the need for manual integration or separate infrastructure. The primary objective is to streamline the restoration of data, applications, and identities following cyberattacks, system outages, or accidental deletions. Source  ( 21 min )
    Cloudflare launches self-managed OAuth to simplify delegated API access
    Cloudflare has officially launched self-managed OAuth for all customers, moving away from a model that previously required manual onboarding for third-party integrations. This update allows developers to build SaaS integrations and internal platforms using standard OAuth flows instead of relying on static API tokens. By adopting this delegated access model, users gain clearer consent screens and the ability to revoke application permissions directly from their dashboard. Source  ( 21 min )
    Nvidia claims top spot in data center Ethernet switching as AI reshapes networking
    Nvidia has surpassed long-time leaders Cisco and Arista to become the top revenue generator in the data center Ethernet switching market. According to IDC data for the first quarter of 2026, the company’s switching revenue surged nearly 193% to reach $2.1 billion. This growth is fueled by the massive infrastructure requirements of AI training clusters, which demand specialized high-speed networking to connect thousands of GPUs. Source  ( 21 min )
    Portable monitor deals offer affordable secondary displays for mobile workstations
    Portable monitors have reached record-low prices, providing administrators and mobile professionals with affordable options for expanding screen real estate during travel. Current deals feature a variety of panel technologies, including budget-friendly IPS displays and high-end OLED models that offer superior color saturation and deep blacks. Selecting the right unit requires balancing resolution needs with practical physical features like integrated kickstands and matte finishes for high-glare environments. Source  ( 21 min )
    Microsoft releases PowerToys v0.100.1 to resolve critical stability and remapping bugs
    Microsoft has released PowerToys v0.100.1 as a targeted stability patch to address several regressions introduced in the previous major version. This update primarily focuses on fixing broken core functionality rather than introducing new features to the utility suite. The release is available immediately via GitHub and the Microsoft Store for both x64 and ARM64 architectures. Source  ( 21 min )
    Microsoft uses AI and RICO laws to dismantle StealC and Amadey malware networks
    Microsoft's Digital Crimes Unit recently disrupted the infrastructure supporting StealC and Amadey, two prominent malware families used in global cybercrime. The operation targeted over 200 command-and-control domains and IP addresses that facilitated credential theft and ransomware delivery. This coordinated effort involved collaboration with Europol and various industry partners to sever criminal control over approximately 18,000 victim computers. Source  ( 21 min )
    Visual Studio Code 1.127 updates token pricing normalization for legacy payloads
    Visual Studio Code version 1.127 introduces a specific update to how the editor handles token pricing normalization. This change ensures compatibility with legacy "flat" pricing payloads that are still returned by certain service endpoints. By addressing this inconsistency, the update provides more reliable cost tracking and reporting for AI-related features. Source  ( 20 min )
    OpenAI and Broadcom reveal Jalapeño chip to optimize large language model inference
    OpenAI and Broadcom have unveiled Jalapeño, a custom-designed intelligence processor specifically architected for large language model (LLM) inference. This first-generation accelerator was developed from initial design to production in just nine months, a cycle significantly accelerated by using OpenAI’s own models. The chip is intended to provide a full-stack infrastructure solution that balances compute, memory, and networking resources to achieve high utilization. Source  ( 21 min )
    MSI 49-inch ultrawide OLED monitor drops to record low in Newegg sale
    Newegg has launched a competitive retail event featuring a significant discount on the MSI 491CQP ultrawide monitor. This 49-inch display is currently priced at $699, representing a $150 reduction from its standard retail price. The sale positions the retailer as a direct competitor to Amazon's annual Prime Day event by offering lower pricing on specific high-end PC components. Source  ( 21 min )
    New Mistic backdoor enables stealthy long term access for ransomware brokers
    A new backdoor named Mistic has emerged in cybercrime campaigns targeting the insurance, education, and IT sectors since April 2026. Security researchers link this malware to the initial access broker KongTuke, also known as Woodgnat, who sells network access to major ransomware groups. The backdoor is frequently deployed alongside ModeloRAT and is often delivered through social engineering tactics or multi-stage infection chains. Source  ( 21 min )
    VMware vSphere Kubernetes Service integrates container management into private clouds
    VMware Cloud Foundation now includes the vSphere Kubernetes Service, a CNCF-certified runtime that allows for the management of virtual machines and containers from a single control plane. This architectural integration eliminates infrastructure silos by allowing administrators to provision Kubernetes clusters using the same platform they use for traditional virtual machines. The service maintains close alignment with upstream Kubernetes releases, ensuring compatibility with standard tools like Helm and Argo CD without imposing proprietary constraints. Source  ( 21 min )
    Microsoft patches PowerToys Keyboard Manager and stability bugs in version 0.100.1
    Microsoft has released PowerToys v0.100.1 to resolve several critical stability and behavioral issues introduced in the previous major milestone. This maintenance update focuses on refining the performance of the system utility suite following the significant feature additions of version 0.100.0. The patch is currently available for download via the official GitHub repository for users on supported Windows platforms. Source  ( 21 min )
    Microsoft disrupts StealC and Amadey infostealer infrastructure in global operation
    Microsoft’s Digital Crimes Unit, in collaboration with Europol, recently executed a coordinated disruption of the StealC and Amadey malware ecosystems. The operation resulted in the seizure or blocking of over 200 command-and-control domains and IP addresses used to manage these threats. This intervention targeted the backbone of a cybercrime model where infostealers are rented as commodities to harvest sensitive corporate and personal data. Source  ( 21 min )
    Google Workspace expands security alerts for administrative password resets
    Google Workspace is rebranding and expanding its "Super Admin password reset" notification to become the more comprehensive "Admin password reset" alert. This update ensures that security teams receive notifications whenever any account with administrative privileges undergoes a password change. The enhanced visibility is designed to help organizations quickly identify and respond to potential unauthorized access attempts on high-value accounts. Source  ( 20 min )
    Microsoft Sentinel introduces custom graph authoring with GitHub Copilot
    Microsoft Sentinel has introduced custom graphs in public preview, providing a relationship-first method for organizing and querying security data. Unlike traditional log tables that require complex joins, this feature allows for the visualization of multi-hop connections between entities like users, devices, and IP addresses. This structure helps identify the blast radius of a compromise and uncover malicious behavioral pivots that are often hidden in standard logs. Source  ( 21 min )
  • Open

    Disposable Tooling: Building LLM-Generated Mythic Agents from Prompt to Deployment
    An area I’ve been very interested in exploring over the past several months is the generation of what I have been calling “disposable tooling”. With the development space now discussing the reduced cost of writing code, the idea is to also explore how offensive tooling can be brought closer to the paradigm that appeared when […] The post Disposable Tooling: Building LLM-Generated Mythic Agents from Prompt to Deployment appeared first on SpecterOps.  ( 27 min )
  • Open

    The Bug Bounty Model Is Failing. It’s Time to Say It Out Loud.
    Open bug bounty programs are buckling under AI-generated noise, triage overload, and coverage blind spots. Synack's PTaaS platform and security researchers on the Synack Red Team preserve what works about incentivized research while fixing what doesn't. The post The Bug Bounty Model Is Failing. It’s Time to Say It Out Loud. appeared first on Synack.  ( 18 min )
    Attack Surface Discovery & Management: What Security Teams Need to Know
    Most organizations have more internet-facing assets than they know about, and those unknown assets are where attackers look first. This guide breaks down how attack surface management works, how it complements penetration testing, and what separates programs that actually reduce risk from programs that just generate reports. The post Attack Surface Discovery & Management: What Security Teams Need to Know appeared first on Synack.  ( 21 min )
  • Open

    AI Finds Vulnerabilities. Security Experts Find Impact.
    AI got a security consultant 80% of the way through a real web application assessment. The other 20% was where the actual security work happened. This walkthrough shows where AI delivered, where it produced confident but impossible explanations, and why human judgment still drives real findings.  ( 13 min )
  • Open

    How AI Is Rewriting the SecOps Playbook
    The threat landscape has changed. Adversaries operate at machine speed, shrinking attacks from days to minutes. Defenders can no longer investigate and respond before damage occurs. In this new era, Security Operations must prioritize speed, automation, and continuous decision-making.  ( 58 min )

  • Open

    macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
    DPRK-linked implant embeds 38 fabricated system messages that spoof an LLM triage harness, hiding a credential stealer and Telegram C2 underneath.  ( 29 min )
  • Open

    macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
    DPRK-linked implant embeds 38 fabricated system messages that spoof an LLM triage harness, hiding a credential stealer and Telegram C2 underneath.  ( 29 min )
  • Open

    Managing Microsoft Defender configuration drift to prevent silent endpoint exposure
    Microsoft Defender configuration drift occurs when endpoint security settings gradually diverge from their intended hardened state due to troubleshooting or policy conflicts. This divergence often happens silently because Defender does not generate telemetry or XDR alerts when enforcement settings, such as Attack Surface Reduction rules, are modified. Standard monitoring tools frequently report these devices as compliant even when their actual protection posture has been significantly weakened. Source  ( 21 min )
    June security updates trigger internal filename bug in Windows Recycle Bin
    Microsoft confirmed a regression in the Recycle Bin following the June 9, 2026, security updates. When users attempt to permanently delete a single item, the confirmation dialog displays an internal system filename starting with $R instead of the original name. This behavior stems from a failure in the shell's translation layer, which usually hides these implementation details from the user. Source  ( 21 min )
    Gemini AI now diagnoses and corrects formula errors in Google Sheets
    Google has integrated new Gemini AI capabilities into Google Sheets to help users identify and resolve formula errors automatically. This update allows the AI to analyze data structures and suggest corrections for both simple arithmetic and complex calculations. Workspace administrators must ensure that Gemini for Workspace is enabled for users to access these troubleshooting features. Source  ( 21 min )
    Federal agencies face new 2030 deadlines for post-quantum encryption migration
    President Trump has signed Executive Order 14409, establishing strict deadlines for federal agencies to adopt post-quantum cryptography. This directive aims to protect sensitive government data against "harvest now, decrypt later" attacks, where adversaries steal encrypted data today to decrypt it once powerful quantum computers are developed. The order significantly accelerates previous timelines, moving the compliance target forward by approximately five years to stay ahead of rapid advancements in quantum technology. Source  ( 21 min )
    Malicious AI agent skill bypasses security scanners to reach 26,000 users
    A security experiment successfully compromised over 26,000 AI agents by exploiting structural flaws in how agent skills are vetted and trusted. Researchers created a deceptive skill that appeared legitimate to non-technical users and bypassed automated security scanners from major vendors. By hosting malicious instructions on an external URL rather than within the skill package itself, the attackers ensured the payload remained invisible during initial inspections. Source  ( 21 min )
    EWSAllowedAppIDs: Configure the application allow list for Exchange Web Services (EWS)
    Microsoft is retiring Exchange Web Services in Exchange Online, with phased disablement beginning in October 2026 and full retirement in April 2027. It is replacing it with the Microsoft Graph API, the unified endpoint for accessing Microsoft 365 services. To prepare for this transition, you can now use the EWSAllowedAppIDs parameter to restrict access by application identifier. This article explains how to inventory your current dependencies and configure the new allow list to prevent service disruptions. Source  ( 25 min )
    IBM and OpenAI launch AI-driven application security service for enterprise defense
    IBM has joined the OpenAI Daybreak Cyber Partner Program to integrate advanced frontier AI models into its managed security operations. This collaboration introduces a new application security service designed to identify and validate software vulnerabilities with greater precision than traditional code scanners. The initiative aims to help organizations counter machine-speed threats by automating the prioritization of high-risk software components and exploitable paths. Source  ( 21 min )
    Cloudflare and major browsers develop PACT to replace CAPTCHAs with anonymous tokens
    Cloudflare has partnered with Google, Microsoft, and Mozilla to develop Private Access Control Tokens, a new protocol designed to verify web traffic legitimacy. This initiative aims to distinguish between human users, authorized AI agents, and malicious bots without relying on intrusive tracking or repetitive manual challenges. The protocol allows trusted platforms to issue anonymous digital tokens that a browser can present to other websites as proof of a legitimate session. Source  ( 21 min )
    OpenAI Codex CLI logging bug causes excessive SSD wear
    OpenAI’s Codex CLI contains a misconfiguration that triggers excessive diagnostic logging to a local SQLite database located in the user's home directory. This issue stems from the application defaulting to the TRACE logging level, which is the most verbose setting available for developers. Reports indicate that the tool captures low-level telemetry, including raw WebSocket payloads and filesystem events, which are typically unnecessary for standard production use. Source  ( 21 min )
    Cursor unveils Origin git platform and custom AI model to scale agentic workflows
    Cursor has announced Origin, a purpose-built Git hosting platform designed to handle the high-frequency workloads of AI agents. Traditional version control systems are often optimized for human developers who commit code at a relatively slow pace. Origin utilizes a new architecture backed by S3 storage to support massive parallel operations, such as hundreds of thousands of clones per hour. Source  ( 21 min )
    Scaling Azure Kubernetes Service to 75,000 nodes for massive AI workloads
    Microsoft is pushing the scaling boundaries of Azure Kubernetes Service (AKS) to support massive AI workloads for organizations like OpenAI and Anthropic. Some clusters now reach up to 75,000 nodes, far exceeding original industry recommendations of 100 nodes per cluster. To achieve this, engineers optimize the API server, etcd performance, and controller responsiveness while contributing these improvements back to the upstream Kubernetes project. Source  ( 21 min )
    AWS Lambda MicroVMs enable isolated stateful execution for up to eight hours
    AWS has launched Lambda MicroVMs, a serverless compute primitive designed to run isolated Linux environments for significantly longer durations than standard functions. Built on Firecracker virtualization technology, these units extend the maximum execution time from 15 minutes to eight hours. This new capability allows developers to run complex tasks like vulnerability scanning, CI/CD pipelines, and AI-generated code execution within a secure hardware-virtualized boundary. Source  ( 21 min )
    Linux Foundation launches Agent Name Service to secure AI identities via DNS
    The Linux Foundation has introduced the Agent Name Service (ANS), an open standard designed to provide artificial intelligence agents with trusted identities. This framework utilizes the existing Domain Name System (DNS) to verify an agent's organizational affiliation and specific permissions. By anchoring identity to DNS, the service avoids proprietary registries and allows for the verification of an agent's code integrity and activity history. Source  ( 21 min )
    LastPass data breach exposes customer data
    A supply chain attack targeting the market intelligence platform Klue has resulted in the theft of OAuth tokens used by several high-profile organizations. The Icarus extortion group gained access to Klue's infrastructure by exploiting a dormant legacy credential for a prototype integration service. Once inside, the threat actors exfiltrated OAuth tokens that allowed them to query connected third-party environments, specifically targeting Salesforce CRM data. Source  ( 21 min )
    Meta halts employee tracking program after AI training data leak
    Meta has suspended an internal AI training initiative known as the Model Capability Initiative after sensitive employee data became accessible company-wide. The program was designed to improve AI models by recording the keystrokes and mouse movements of staff members during their daily work. This mandatory data collection effort had already faced significant internal pushback from employees concerned about their digital privacy. Source  ( 21 min )
    China beats US in supercomputing with record-breaking LineShine system
    The 67th Top500 list reveals that China has overtaken the United States with its new Lineshine supercomputer, the first to exceed 2.2 exaflops in performance. This system, also known as Ling Chen, utilizes entirely domestic hardware developments to bypass international export restrictions on high-end components. It marks a significant return to the public rankings for China, which had largely stopped sharing official performance data for its leading systems since 2019. Source  ( 21 min )
    OpenAI launches GPT-5.5-Cyber and Patch the Planet to automate vulnerability remediation
    OpenAI has expanded its Daybreak cybersecurity initiative to address the growing bottleneck in software remediation. While AI has significantly accelerated the discovery of security flaws, the manual process of fixing them often overwhelms development teams. The program aims to democratize patching at machine speed by combining advanced models with human oversight to validate and resolve vulnerabilities. Source  ( 21 min )
    Anthropic Mythos AI breaches NSA classified systems in hours during red team test
    Anthropic’s advanced Mythos AI model reportedly compromised nearly all classified systems belonging to the NSA and U.S. Cyber Command during a security evaluation. General Joshua Rudd, head of both agencies, informed the Senate Intelligence Committee that the breach occurred within hours rather than weeks. This capability stems from the model's specialized design for identifying zero-day vulnerabilities in highly hardened software environments. Source  ( 21 min )
    Managing macOS FileVault encryption and recovery keys with Microsoft Intune
    Microsoft Intune allows administrators to deploy and manage FileVault full-disk encryption for macOS 10.13 and later. The platform supports multiple deployment methods, including standard interactive prompts and automated enforcement during the Setup Assistant for devices on macOS 14 or newer. Encryption is standardized at XTS-AES 128-bit, which Apple considers sufficient for enterprise security requirements. Source  ( 21 min )
    Managing Windows endpoints with PowerShell scripts and Intune policies
    Microsoft Intune utilizes the Intune management extension to deploy PowerShell scripts to Windows 10 and later devices. This extension enhances modern management by allowing administrators to run scripts in either the system context or using logged-on user credentials. Scripts execute before Win32 apps and are automatically retried up to three times if an initial failure occurs during check-in. Source  ( 21 min )
  • Open

    Restaurants run on iOS: Jamf and IPORT bring Apple-first hospitality to the NRA Show
    Jamf and IPORT showcased an iPad-based, Apple-first restaurant technology stack at the NRA Show in Chicago.  ( 8 min )
    How proactive device status reporting gives IT a clearer, real-time view of their fleet
    Declarative Device Management's proactive status reporting gives mid-market IT teams real-time Mac fleet visibility — without the manual work.  ( 7 min )
  • Open

    AI Threat Readiness Pillar 4: Detect and contain threats in real-time
    Your guide to operationalizing AI-powered threat detection and response with Wiz to stay ahead of AI-driven attackers.  ( 65 min )
  • Open

    Decoding Rust strings
    TL;DR  Introduction  Recently in a test I had the joy of reverse engineering the custom binary that acts as a webserver and system controller for their ARM based device. Normally this isn’t a problem: extract the binary, throw it into Ghidra, do stuff.  The problem here was that the binary was in written in Rust. Which does a lot of things differently […] The post Decoding Rust strings  appeared first on Pen Test Partners.  ( 8 min )
  • Open

    From vulnerability report to CVE draft in minutes: how Elastic automated security advisories with AI
    How Elastic's security team built an AI agent with RAG against MITRE's CWE and CAPEC catalogues to draft CVE advisories from raw vulnerability reports, including the full prompt and crawler configs.  ( 40 min )
  • Open

    MacOS malware persistence 12: Folder Actions. Simple AppleScript and C example
    ﷽  ( 7 min )

  • Open

    Download and install Windows 11 26H2 ISO
    Windows 11 version 26H2 is the next annual feature update for the operating system, expected to roll out in fall 2026. Microsoft confirmed that this release uses an enablement package (eKB), a small update that flips the version number without replacing the entire operating system. The update shares the same platform code as versions 24H2 and 25H2, meaning installation is fast and requires only a single reboot. This article covers the new features, the support lifecycle, and how to download and install Windows 11 26H2 ISO. Source  ( 29 min )
    Homebrew 6.0 enhances supply chain security with tap trust and Linux sandboxing
    Homebrew 6.0 introduces a significant security overhaul designed to mitigate supply chain attacks by implementing a new "tap trust" mechanism. The package manager now blocks third-party repositories, known as taps, unless they are on a pre-approved list or have been manually vetted by the user. This change prevents the silent execution of potentially malicious Ruby installation scripts from untrusted sources during the software setup process. Source  ( 21 min )
    Build a claw with the Microsoft Agent Framework
    Microsoft has introduced a new framework designed to help developers build autonomous agent harnesses and "claws" for specialized tasks. The system provides a minimal infrastructure that supports essential functions like web searching, task planning, and custom tool integration. This initial release focuses on enabling agents to execute complex workflows through dedicated plan and execute modes. Source  ( 20 min )
    Managing persistent AI workflows with Codex subagents and context isolation
    Organizations are increasingly utilizing OpenAI Codex to manage complex technical projects that extend far beyond a single prompt. This shift requires a persistent workspace strategy where the AI maintains context and manages multi-step workflows over long durations. System administrators can leverage these capabilities to break down ambitious infrastructure goals into smaller, verifiable tasks that ensure continuity across different workstreams. Source  ( 21 min )
    Anthropic introduces biometric identity verification for Claude users
    Anthropic has updated its privacy policy to include mandatory identity verification for consumer accounts under specific circumstances. Starting July 8, 2026, users of the Free, Pro, and Max plans may be required to submit government-issued identification and biometric data. This process involves capturing a live selfie and a scan of a photo ID to generate facial geometry templates for authentication. Source  ( 21 min )
    Decades-old Squidbleed vulnerability leaks sensitive user data via FTP parser
    A critical heap buffer overread vulnerability, dubbed Squidbleed, has been discovered in the widely used Squid web proxy. This flaw, tracked as CVE-2026-47729, has existed in the software's FTP directory-listing parser since 1997. The vulnerability allows a trusted client to leak internal memory from the proxy, potentially exposing cleartext HTTP requests, passwords, and API keys. Source  ( 21 min )
    Microsoft acknowledges bug breaking email thread replies in Outlook for Mac
    Microsoft has confirmed a significant bug in Outlook for Mac that prevents the application from displaying original message text when replying to emails. Users report that after updating to version 16.110, the reply window appears entirely blank or contains only the new response without the preceding thread. This issue effectively breaks the standard conversation flow by stripping away the historical context of the email exchange. Source  ( 21 min )
    Microsoft streamlines Windows 11 sound settings with centralized device management
    Microsoft is testing a significant overhaul of the sound settings interface in Windows 11 to reduce navigation complexity. The update, currently available in the Experimental Preview Channel, consolidates multiple audio controls onto the "All sound devices" page. This change aims to minimize the number of clicks required to manage various input and output hardware. Source  ( 20 min )
    Microsoft warns of Crypto Clipper worm spreading via USB drives to hijack wallets
    Microsoft has identified a persistent malware campaign dubbed Crypto Clipper that has been targeting Windows users since February 2026. The threat propagates like a worm by using infected USB drives to replace legitimate documents with malicious shortcut files. When a user clicks these shortcuts, the malware installs a payload that utilizes the Tor network to communicate with attacker-controlled servers. Source  ( 21 min )
    AutoJack exploit chain allows malicious web pages to hijack AI agents for host RCE
    Microsoft researchers identified a vulnerability chain named AutoJack in the development branch of AutoGen Studio, a framework for building multi-agent AI systems. The exploit allows a malicious webpage to execute arbitrary commands on a host machine if an AI agent with web-browsing capabilities renders the page. This attack effectively turns the local AI agent into a delivery vehicle for remote code execution by bypassing traditional localhost security boundaries. Source  ( 21 min )
    Google launches Interactions API as the primary interface for Gemini agents
    Google has transitioned the Interactions API from beta to general availability, making it the new standard interface for building with Gemini models. This update replaces the previous generateContent API in all official documentation and serves as the foundation for future agentic features. While the older API remains supported for existing integrations, Google recommends the new interface for all new projects and complex conversational workflows. Source  ( 21 min )
    Microsoft to retire Azure DevOps issuer for workload identity federation
    Microsoft has announced the deprecation of the Azure DevOps issuer for workload identity federation service connections, with a final retirement date set for July 1, 2027. This change is part of a broader initiative to standardize on the Microsoft Entra issuer to improve security and consistency across Azure services. The transition affects service connections in the Azure public cloud that utilize single-tenant applications or managed identities for secretless authentication. Source  ( 21 min )
    Microsoft update breaks email thread history in Outlook for Mac
    A recent update to Outlook for Mac has introduced a significant regression that prevents the original message from being included when replying or forwarding. The bug specifically impacts version 16.110 and appears to be isolated to the Legacy UI mode. Users report that the composition window remains blank or contains only headers, making it impossible to maintain conversation context without manual intervention. Source  ( 21 min )
    Windows Secure Boot certificate transition and its impact on older hardware
    Microsoft has clarified that PCs failing to update to the 2023 Secure Boot certificates by the June 2026 deadline will not be bricked. These devices will continue to boot normally and receive standard Windows updates, but they will lose the ability to process future boot-level security revocations. This transition is necessary because the original 2011 certificates are expiring, preventing the firmware from blacklisting newly discovered malicious bootloaders. Source  ( 21 min )
    Malicious npm and PyPI packages use prompt injection to bypass AI security scanners
    A new wave of malicious packages on the npm and PyPI repositories is employing "indirect prompt injection" to disrupt AI-assisted malware analysis. Researchers identified that the Hades campaign and specific packages like shai_hulululud embed large blocks of deceptive text within non-executable code comments. This technique targets LLM-based triage pipelines by including forbidden topics or repetitive "token flooding" designed to trigger safety refusals or system timeouts. Source  ( 21 min )
    Anthropic launches Claude Code Artifacts for real-time team review of AI coding
    Anthropic has introduced a beta feature for Claude Code that transforms AI coding sessions into live, shareable web pages called Artifacts. Available to Team and Enterprise subscribers, these pages allow teammates to monitor an AI agent's progress in real time through a private URL. This functionality addresses a visibility gap by moving session outputs from a local terminal into a browser-based environment for easier inspection. Source  ( 21 min )
    Microsoft introduces native toggle to disable Bing web results in Windows 11 search
    Microsoft is testing a new feature in Windows 11 Insider Build 26300.8697 that allows users to completely disable Bing web results and Microsoft Store suggestions within the taskbar search. This change is located under a new "Show suggested search results" section in the Search privacy settings, providing independent toggles for web and store content. By removing these external dependencies, the search interface becomes significantly less cluttered and prioritizes local files, settings, and installed applications. Source  ( 21 min )
    Systemd 261 introduces cloud metadata brokering and enhanced measured boot
    Systemd 261 introduces a new cloud Instance Metadata Service subsystem featuring the systemd-imdsd daemon. This service provides a unified local interface for accessing metadata across various providers like AWS, Azure, and Google Cloud, reducing the need for provider-specific tools. Administrators can now restrict direct network access to cloud metadata endpoints to enhance security against request forgery and unauthorized access. Source  ( 21 min )
    Hundreds of AI-powered iOS apps leak exploitable LLM API credentials
    Researchers from Wake Forest University recently analyzed 444 iOS applications that integrate Large Language Model features. The study revealed that 282 of these apps exposed exploitable credentials or backend access mechanisms. These vulnerabilities were found across 13 different categories, including productivity, education, and lifestyle tools. Source  ( 21 min )
    Agent Beacon provides open source telemetry for AI coding agents
    AI coding agents like Claude Code and Cursor have the capability to edit files and execute terminal commands directly on developer machines or in CI/CD environments. These tools often operate with significant privileges, creating a new attack surface where malicious instructions can be disguised as legitimate system data. A lack of visibility into these automated actions makes it difficult for organizations to monitor for unauthorized or suspicious behavior. Source  ( 21 min )
  • Open

    SpecterOps and OpenAI: Helping to Build a New Security Frontier with Daybreak
    Today, OpenAI announced that it is expanding access to its frontier AI cybersecurity capabilities for a trusted circle of industry partners, including SpecterOps, through the OpenAI Daybreak Cyber Partner Program. Since April, SpecterOps has participated in the OpenAI Trusted Access for Cyber program (TAC), through which our researchers have access to advanced cyber-capable models for legitimate security use cases, helping us […] The post SpecterOps and OpenAI: Helping to Build a New Security Frontier with Daybreak    appeared first on SpecterOps.  ( 14 min )
  • Open

    Introducing Patch the Planet
    What happens when you clear dozens of Trail of Bits engineers’ schedules, pair them with every open-source maintainer they can contact, and unleash the latest frontier models like GPT-5.5-Cyber on critical open-source targets? Thanks to our partnership with OpenAI and its Daybreak initiative, we can report that the impact is hundreds of discovered bugs, 64 pull requests, and 51 issues filed across 19 projects (with many more still undergoing coordinated disclosure). That was just the first week of Patch the Planet. Frontier models like GPT-5.5-Cyber are producing a firehose of security findings, and already-stretched maintainers must sift through all of it to separate real vulnerabilities from plausible-sounding false positives. Patch the Planet is different: with our experts orchestrating…  ( 5 min )
  • Open

    Out of Shift: How a Shared State Bug in V8’s AsmJS Parser Broke the Ubercage
    By Chanh Pham Overview In this blog post we take a look at a vulnerability patched in a Chrome release on 3rd March 2026 and assigned CVE-2026-3542. The vulnerability arose from a flaw in state management when processing an AsmJS module, which results in a corrupted WebAssembly stream when it is fed to the decoder to instantiate ... Read more Out of Shift: How a Shared State Bug in V8’s AsmJS Parser Broke the Ubercage The post Out of Shift: How a Shared State Bug in V8’s AsmJS Parser Broke the Ubercage appeared first on Exodus Intelligence.  ( 20 min )
  • Open

    Bypassing Conditional Access policies that have a resource exclusion
    There is a documented enforcement gap in Conditional Access policies that apply to “all resources” but have an exclusion for at least one resource. What is not documented, is that this gap is much larger than what one would expect, and that the documented mitigation doesn’t actually work. The good news if you are an Entra admin is that this is now considered legacy behaviour that Microsoft is changing and that if your tenant isn’t automatically migrated yet you can opt-in to the new behaviour which addresses and fixes this issue. If you have a policy with a resource exclusion, I would highly recommend applying this change.  ( 9 min )
  • Open

    Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows
    Secure your Windows fleet without sacrificing performance. Wiz pairs real-time threat detection with a memory-safe architecture that scales efficiently to protect your essential cloud infrastructure.  ( 56 min )
  • Open

    Bypassing Microsoft Entra Conditional Access Policies via Nested App Authentication
    Discover how attackers bypassed Microsoft Entra Conditional Access Policies using Nested App Authentication (NAA) flows in this technical vulnerability breakdown. The post Bypassing Microsoft Entra Conditional Access Policies via Nested App Authentication appeared first on NetSPI.  ( 16 min )

  • Open

    Yann LeCun warns of AI market bubble and criticizes xAI leadership failures
    Yann LeCun, the founder of AMI Labs and a pioneer in the field, has characterized Elon Musk’s xAI as a failure. He argues that the departure of the company's entire founding team has severely compromised its ability to recruit the top-tier talent necessary for high-level innovation. Consequently, LeCun believes xAI will struggle to remain competitive against industry leaders like OpenAI and Anthropic. Source  ( 20 min )
    Tech leaders propose U.S. led international AI coalition at G7 summit
    The CEOs of Anthropic, Google DeepMind, and OpenAI met with G7 leaders to advocate for a United States-led international coalition focused on artificial intelligence governance. During a closed-door session in France, industry leaders proposed that Washington take the primary role in establishing global rules and safety standards. This initiative aims to harmonize how nations test and deploy advanced models while managing the significant risks associated with the technology. Source  ( 20 min )
    Amazon aims to challenge OpenAI and Anthropic with custom silicon and Nova models
    Amazon has acknowledged that its proprietary artificial intelligence models currently lag behind the industry-leading frontier systems developed by OpenAI and Anthropic. Peter DeSantis, the executive overseeing Amazon’s AI and chip divisions, stated that the company’s models have not yet met the requirements for the most demanding enterprise workloads. Despite this gap, the company expects to be in the conversation regarding leading frontier models within the next year. Source  ( 20 min )
  • Open

    Malware analysis: part 9. AI-assisted deobfuscation: control flow flattening. Simple C example.
    ﷽  ( 17 min )

  • Open

    Intel and AMD standardize ACE extensions to unify AI matrix compute on x86
    Intel and AMD have released the official specification for AI Compute Extensions, or ACE, a standardized instruction set for future x86 processors. Developed through the x86 Ecosystem Advisory Group, these extensions aim to accelerate matrix multiplication and machine learning workloads directly on the CPU. By establishing a common technical standard, the two rivals intend to prevent market fragmentation and provide a consistent target for software developers. Source  ( 21 min )
    OpenAI Codex introduces record and replay feature for macOS workflow automation
    OpenAI has launched a new feature called Record & Replay for its Codex application on macOS. This tool allows users to demonstrate a specific digital workflow once while the AI agent observes the actions. Codex then converts that recorded sequence into a reusable skill that can be executed autonomously in the future. Source  ( 21 min )
    Optimizing Microsoft Defender Antivirus update delivery and fallback order
    Maintaining current security intelligence is essential for Microsoft Defender Antivirus to identify and neutralize emerging threats effectively. Administrators can define a specific fallback order for update sources to ensure endpoints remain protected even if a primary connection fails. Available update locations include Microsoft Update, Windows Server Update Services (WSUS), Microsoft Configuration Manager, network file shares, and the Microsoft Malware Protection Center. Source  ( 21 min )
    New ARD protocol creates a universal discovery layer for enterprise AI agents
    A coalition of enterprise technology leaders including Microsoft, Google, and Salesforce has introduced the Agentic Resource Discovery (ARD) protocol. This open standard establishes a universal discovery layer that allows AI agents to automatically identify and invoke corporate tools across fragmented software environments. By utilizing a system of catalogs and registries similar to DNS, the framework eliminates the need for developers to hardcode manual connections between different applications. Source  ( 21 min )
    AMD restores memory encryption to Ryzen 9000 CPUs after community backlash
    AMD has announced it will reinstate Transparent Secure Memory Encryption (TSME) for consumer-grade Ryzen 9000 desktop processors via a BIOS update in July. This decision follows significant community feedback after the feature was quietly removed in a recent firmware update. TSME, which AMD brands as Memory Guard for its professional product lines, provides a hardware-based layer of protection for data stored in system memory. Source  ( 21 min )
    Microsoft Edge to support Google account sign-in as account requirements ease
    Microsoft is shifting its strategy by reducing the mandatory use of Microsoft accounts across its ecosystem. A significant update to the Microsoft 365 Roadmap reveals that Microsoft Edge will soon allow users to sign in using a Google account instead of a Microsoft account. This feature, expected to roll out in July 2026 for Windows and macOS, aims to lower the barrier for Chrome users considering a switch to Edge. Source  ( 21 min )

  • Open

    Enhancing software development with autonomous AI loops
    AI loops are emerging as a transformative method for building software by allowing coding agents to work autonomously toward specific goals. These loops require a trigger—such as a manual command, a set schedule, or an action like opening a pull request—to initiate the process without constant human intervention. Success is determined either through verifiable metrics, such as specific page load speeds, or by using the large language model itself as a judge for qualitative tasks like code refactoring. Source  ( 21 min )
    Norway restricts AI in schools to prioritize traditional learning
    Norway is implementing strict regulations on artificial intelligence in classrooms to prioritize fundamental skills like reading, writing, and mathematics. Prime Minister Jonas Gahr Støre announced that the new rules will take effect in August 2025 to address concerns about the negative impact of technology on student development. The government aims to shift the educational focus back to analog methods following a decline in literacy rates and test scores. Source  ( 21 min )
    Microsoft resolves Windows Server 2016 update failures caused by missing prerequisites
    Microsoft has addressed a deployment issue affecting Windows Server 2016 systems that failed to install the June 2026 cumulative security update, KB5094122. The problem primarily impacted servers that had skipped the previous month's update, KB5087537, which serves as a necessary baseline. Without this prerequisite, the installation process would fail, leaving legacy systems vulnerable to security risks. Source  ( 21 min )
    Alibaba Cloud expands to France with focus on data sovereignty and agentic AI
    Alibaba Cloud has launched its first cloud region in France, establishing two new availability zones in Paris. This expansion increases the provider's European footprint, joining existing hubs in Germany and the United Kingdom. The new infrastructure supports a comprehensive suite of enterprise services, including elastic computing, containerization, and database management, designed to meet local regulatory requirements. Source  ( 21 min )
    Salesforce disables Klue integration following OAuth token supply chain attack
    Salesforce has disabled the Klue Battlecards app integration after a security breach at the competitive intelligence firm exposed customer data. The incident originated from a compromised legacy credential within Klue's infrastructure, which allowed an extortion group known as Icarus to push malicious code. This code collected OAuth tokens that customers use to connect Klue to their own environments, effectively bypassing standard authentication measures like passwords or multi-factor authentication. Source  ( 21 min )
    Amazon considers selling Trainium AI chips for external data centers
    Amazon is exploring a significant shift in its hardware strategy by considering the sale of its custom Trainium AI chips to third-party data centers. Currently, these processors are exclusive to the Amazon Web Services (AWS) cloud environment, where they are used by organizations like OpenAI and Anthropic for AI training and inference. This potential move marks a direct challenge to Nvidia's dominance in the semiconductor market by offering a proprietary alternative for high-performance AI infrastructure. Source  ( 21 min )
    Nobel laureate John Jumper leaves Google DeepMind for Anthropic
    John Jumper, a prominent research scientist and Nobel Prize winner, has announced his departure from Google DeepMind to join the AI startup Anthropic. Jumper is widely recognized for his pioneering work on AlphaFold, an artificial intelligence system capable of predicting protein structures. This breakthrough has significantly accelerated biological research by providing data on over 200 million protein structures, a task that previously required years of manual labor. Source  ( 21 min )
    Apple updates iPhone Mirroring with flexible window resizing and Control Center
    Apple is introducing significant updates to iPhone Mirroring in macOS 27, allowing users to flexibly resize app windows for the first time. Previously, the feature was restricted to fixed aspect ratios and preset scaling options. This change enables users to drag windows wider or taller, provided the applications are compiled with the latest software development kit. Source  ( 21 min )
    Microsoft Purview update allows blocking Copilot from analyzing sensitive files
    Microsoft is enhancing its Purview data governance service to provide organizations with stricter control over how AI interacts with confidential information. Purview is a suite of tools designed to help commercial customers manage, secure, and govern large volumes of data across their digital estate. This upcoming change specifically addresses concerns regarding artificial intelligence services accessing and processing protected corporate content without explicit permission. Source  ( 21 min )
    Windows 11 Beta build 28020.2308 enhances HD audio driver reliability
    Microsoft has released Windows 11 Beta (26H1) Build 28020.2308 to the Insider program, focusing on stability and underlying system components. This update specifically targets the reliability of the inbox High Definition (HD) Audio driver to ensure better hardware compatibility. The release follows a series of June updates aimed at refining the core operating system experience for upcoming versions. Source  ( 21 min )
    Windows 11 beta build 26220.8690 resolves hypervisor and startup errors
    Microsoft has released Windows 11 build 26220.8690 to the Beta channel, focusing on system stability rather than new features. This update addresses critical stop errors that previously triggered bug checks on certain hardware configurations. Specifically, it resolves issues leading to HYPERVISOR_ERROR and KMODE_EXCEPTION_NOT_HANDLED codes that occurred after recent updates. Source  ( 21 min )
    Microsoft confirms Windows 11 26H2 will arrive as a small enablement package
    Microsoft has officially confirmed the upcoming release of Windows 11 version 26H2, marking a return to its standard update cadence for the broader user base. This version follows the recent 26H1 release, which was a specialized build restricted to specific new hardware. The 26H2 update is intended for users currently running versions 24H2 and 25H2, as these versions share a common servicing branch. Source  ( 21 min )
    Microsoft confirms end of support for Office 2021 in October 2026
    Microsoft has officially announced that support for the Office 2021 suite will conclude on October 13, 2026. After this date, the software will no longer receive security patches, bug fixes, or technical assistance from the company. This move is part of a broader strategy to transition users toward subscription-based services or newer perpetual licenses. Source  ( 21 min )
    New Edge and Chrome two-week update cycle: switch to Extended Stable 8-week schedule using Group Policy
    Starting in August 2026, Microsoft Edge will ship major updates every two weeks instead of every four weeks. Google Chrome will adopt the same schedule in September 2026. This accelerated cadence affects the Stable channel that most organizations use by default. If you want to avoid the increased update frequency, you can move your browsers to the Extended Stable channel, which retains an eight-week release cycle. This article explains how to configure the channel switch using Group Policy for both browsers. Source  ( 28 min )
    Amazon Bedrock AgentCore adds managed web search for real-time AI grounding
    Amazon has launched a managed web search tool for Bedrock AgentCore to provide AI agents with real-time information. This feature addresses the limitation of static training data by allowing agents to access current web content, such as stock prices or recent news. The service is fully managed, meaning administrators do not need to provision external search APIs or manage third-party credentials. Source  ( 21 min )
    Amazon MGM Studios drops Sam Altman biopic following OpenAI partnership
    Amazon MGM Studios has officially cancelled its plans to distribute "Artificial," a biographical film centered on OpenAI CEO Sam Altman. The production was set to dramatize the intense five-day period in late 2023 when Altman was briefly fired and then reinstated at the artificial intelligence company. This decision comes shortly after Amazon strengthened its corporate relationship with OpenAI by integrating the startup's models into its own cloud services. Source  ( 21 min )
    Microsoft introduces AI-powered tools to streamline Azure Storage migrations
    Microsoft has introduced new tools and guidance to help organizations migrate large-scale data estates to Azure Storage more efficiently. The process begins with Azure Migrate, a centralized hub that discovers infrastructure, assesses readiness, and analyzes workload dependencies across on-premises and multicloud environments. To bridge the gap between planning and execution, a new AI-powered Azure Copilot Migration Agent is now available in preview to recommend specific storage services and migration tools. Source  ( 21 min )
    Windows 11 June 2026 updates cause boot failures and Recycle Bin errors
    The June 2026 cumulative update for Windows 11, identified as KB5094126, is causing significant stability issues across various hardware platforms. Affected systems, particularly HP EliteBook and Dell Precision models, may experience Blue Screen of Death errors, system freezes, and forced BitLocker recovery loops. Beyond hardware-specific failures, the update disrupts OneDrive integration within File Explorer and prevents some third-party applications from launching Microsoft Office documents. Source  ( 21 min )
    RIPE NCC to exit US cloud hyperscalers for independent infrastructure
    RIPE NCC is the Regional Internet Registry for Europe, the Middle East, and parts of Central Asia. It allocates and registers internet number resources such as IP addresses and AS numbers, and it keeps the related public registry up to date. Source  ( 21 min )
    Chrome tests sending Windows antivirus data to Google during downloads
    Google is currently testing a new telemetry feature in the Canary version of Chrome that identifies installed antivirus software on Windows systems. This functionality is designed to trigger when a user downloads a file while having Enhanced Safe Browsing enabled. The browser retrieves the name of the security product, such as Microsoft Defender or third-party alternatives, directly from the operating system. Source  ( 21 min )
  • Open

    Burp Extensibility 2026: Awards, Talks, and Highlights
    The 2026 Burp Suite Extension Awards Best Recon & Discovery Best Auth & Access Control Best Workflow & Manipulation Best API & Specialist Testing Hidden Gem Most Nominated The talks In  ( 8 min )
  • Open

    GhostPack Necromancy: Reforging C# Tools with WasmForge
    In the previous post we walked through WasmForge, our Go-to-WebAssembly loader that takes existing signatured Go tools and ships them as opsec-safe binaries. This approach doesn’t just apply to Go, however, as there are many languages that can compile to WebAssembly. Another language of interest to us, especially regarding legacy tools which have been over-signatured, […] The post GhostPack Necromancy: Reforging C# Tools with WasmForge appeared first on Praetorian.  ( 26 min )
  • Open

    Azure AD Graph Activity Logs: Ingestion and threat detection to close the visibility gap
    Azure AD Graph Activity Logs land in Elastic with full ECS parsing. Detect ROADrecon and AADInternals enumeration with ready-to-use detection rules.  ( 30 min )
    Lost in relocation: analysis of a new loader distributing CASTLESTEALER
    Find out how a new obfuscated loader evades static detection using .reloc section abuse, five anti-VM/language checks and MBA obfuscation to deliver infostealer malware via Google Ads.  ( 23 min )

  • Open

    Are AI data centres in space realistic?
    The rapid expansion of AI is straining terrestrial resources, particularly in regions like Arizona where data centers face severe water and power shortages. To circumvent these physical limits, the tech industry is exploring orbital data centers equipped with high-performance processors like the Nvidia H100. This shift aims to move heavy compute tasks, such as training large AI models, into space where solar energy is abundant and unimpeded. Source  ( 20 min )
    What is new in Microsoft Entra: June 2026 updates
    The Microsoft Entra June 2026 update adds phishing-resistant multifactor authentication for Linux desktops, expands passkey support on Windows, and changes how Self-Service Password Reset verifies identity. It also brings new Conditional Access enforcement during credential registration and a public preview for recovering deleted device objects. This article explains the practical and technical details of these changes for everyday administration. Source  ( 28 min )
    IBM and Microsoft partner to automate identity threat response
    IBM and Microsoft have launched a collaborative service designed to bridge the gap between detecting identity-based threats and executing governed remediation. The partnership integrates Microsoft’s security telemetry with IBM’s managed response services to address the rising volume of credential-based attacks. This solution specifically targets risks such as multi-factor authentication abuse, token theft, and unauthorized privilege escalation. Source  ( 20 min )
    Citrix DaaS Flex optimizes virtual desktop costs through user persona assessments
    Citrix has launched DaaS Flex, a service designed to reduce virtualization costs by analyzing an organization's actual endpoint requirements. The tool assesses the existing fleet to identify where users are over-provisioned with expensive virtual machine instances. By evaluating hardware utilization, the service determines whether a user requires a full cloud PC, a managed browser, or just specific published applications. Source  ( 21 min )
    Building a model-agnostic harness for automated vulnerability scanning
    Cloudflare has developed a specialized orchestration layer to manage fleet-wide security audits using interchangeable large language models. This architecture treats models as stateless compute engines to prevent context exhaustion and ensure that vulnerabilities are cross-verified by different logical weights. By decoupling the security logic from specific AI providers, the system maintains persistence and reliability even when underlying models or APIs fluctuate. Source  ( 20 min )
    GLM-5.2 sets new open weights benchmark for AI coding and long context
    The Chinese AI lab Z.ai has released GLM-5.2, a new open-weights model that currently leads the Intelligence Index v4.1 for its category. This model is distributed under an MIT license, allowing administrators and developers to download, modify, and run the weights commercially without the restrictions typical of proprietary systems. Its performance represents a significant leap over previous versions, with benchmarks showing rapid improvements in terminal and coding tasks achieved in just a few weeks. Source  ( 21 min )
    Americans embrace AI chatbot usage despite deep skepticism over societal impact
    Recent data from Pew Research indicates that half of American adults now utilize AI chatbots, a significant increase from one-third just last year. OpenAI’s ChatGPT remains the dominant platform with 44% of the population reporting its use, followed by Google Gemini and Microsoft Copilot. Despite this growing adoption, only 16% of respondents believe the technology will have a positive impact on society over the next two decades. Source  ( 21 min )
    Anthropic eliminates static API keys with workload identity federation
    Anthropic has announced the general availability of Workload Identity Federation (WIF) on the Claude Platform. This feature supports any OpenID Connect (OIDC) compliant identity provider, including AWS IAM, Azure managed identities, and Google Cloud Platform service accounts. It applies to all Claude API endpoints, first-party software development kits (SDKs), and Claude Code. Source  ( 20 min )
    Rising AI memory chip costs force upcoming Apple price increases
    Apple plans to increase the prices of its products due to the surging costs of memory and storage chips. Chief Executive Officer Tim Cook stated that these price hikes are unavoidable because the current supply situation has become unsustainable for the company. The rising costs and subsequent chip shortages are primarily driven by the massive demand for hardware from artificial intelligence companies. Source  ( 21 min )
    TypeScript 7.0 RC arrives with Go-based compiler and 10x speed boost
    Microsoft has announced the Release Candidate for TypeScript 7.0, which features a significant architectural shift from a bootstrapped codebase to one written in Go. This new foundation leverages native code speed and shared memory parallelism to deliver performance that is often ten times faster than the previous version. The update is designed to be highly compatible with existing projects, as the type-checking logic was methodically ported to ensure identical semantics to version 6.0. Source  ( 21 min )
    Visual Studio Code 1.126 streamlines AI model customization and chat management
    Microsoft has released Visual Studio Code version 1.126 with several updates focused on the user interface and AI features. The update introduces visual enhancements to the chat session list items within the development environment. These list items now utilize a pixel spinner, which aligns the interface with the design of the Agents window. Source  ( 20 min )
    Optimizing AI agent skills by reducing redundant documentation tokens
    Large language models often already possess extensive knowledge of common API references, authentication flows, and standard SDK patterns from their training data. When developers create skills that repeat this information, they consume valuable space within the finite context window of the AI. This redundancy pushes out critical data like conversation history or workspace files, which can actually degrade the quality of the generated output. Source  ( 20 min )
    Google develops AI Control Roadmap to mitigate risks from autonomous agents
    Google has introduced a framework called the AI Control Roadmap to manage autonomous agents that may exhibit imperfectly aligned behavior. This defense-in-depth strategy treats internal AI agents as potential insider threats, similar to how organizations monitor employees with high-level access. The system aims to provide security assurance by moving beyond traditional model alignment to include active system-level monitoring. Source  ( 21 min )
    Anthropic integrates Claude Design and Claude Code for seamless developer workflows
    Anthropic has announced a major update to Claude Design that introduces bidirectional integration with Claude Code to streamline the transition between prototyping and development. Developers can now use the /design-sync command to import local design systems into Claude Design, ensuring prototypes utilize real code components. Conversely, the /design command allows users to create and sync design projects directly from a terminal without switching applications. Source  ( 21 min )
    F5 patches critical code execution flaws in NGINX web servers
    F5 has released out-of-band security updates to address multiple vulnerabilities in the NGINX web server. The patches resolve two critical-severity flaws, CVE-2026-42530 and CVE-2026-42055, which could allow remote attackers to execute arbitrary code. These vulnerabilities affect NGINX systems with non-default configurations and can trigger a denial-of-service condition or worker process restart. Source  ( 20 min )
    FortiBleed campaign compromises credentials for 75,000 Fortinet firewalls
    A massive credential-compromise campaign known as FortiBleed has exposed the login details for approximately 75,000 Fortinet FortiGate firewalls worldwide. Security researchers discovered an attacker-controlled server containing a highly automated infrastructure used to collect and crack configuration files from internet-facing devices. The stolen data includes a mix of administrative and SSL VPN credentials, potentially granting threat actors deep persistent access to enterprise networks. Source  ( 21 min )
    Microsoft reportedly cancels three billion dollar Oracle cloud deal over security
    Reports indicate that Microsoft abandoned a $3 billion deal to lease capacity from Oracle Cloud Infrastructure due to compliance disagreements. The partnership was intended to provide Microsoft with additional computing power to support its growing artificial intelligence workloads. However, negotiations allegedly stalled when Oracle declined to implement specific security standards required for certain government-related data processing. Source  ( 21 min )
    Manage external monitor settings via software with PowerToys Power Display
    Microsoft has introduced the Power Display utility within the PowerToys suite to centralize the management of external monitor settings. This tool utilizes the Display Data Channel/Command Interface (DDC/CI) standard to communicate directly with hardware displays from the Windows desktop. It allows for the adjustment of brightness, contrast, volume, and input sources without the need to use physical buttons on the monitor. Source  ( 21 min )
    Microsoft Authenticator enforces manual number matching for personal accounts
    Microsoft is updating the sign-in experience for personal accounts by requiring users to manually type a two-digit code into the Authenticator app. This replaces the previous method where users simply chose the correct number from three visible options on their mobile device. The change is being rolled out gradually to ensure all users eventually transition to this more deliberate verification process. Source  ( 21 min )
    Microsoft Edge to support Google account sign-in for data synchronization
    Microsoft is updating the Edge browser to allow users on Windows and macOS to sign in using a Google account. This change, scheduled for global rollout in July 2026, removes the strict requirement for a Microsoft account to manage browser profiles. Users will soon find the Google sign-in option directly within the browser's profile menu and initial setup screens. Source  ( 20 min )
  • Open

    The Tech Sector’s Critical Vulnerability Paradox
    The tech sector was the only industry in Synack's 2026 State of Vulnerabilities Report to get slower at remediating critical vulnerabilities—growing from 74 to 98 days while manufacturing, government, and financial services all improved. This post breaks down the technical and cultural forces driving that gap, and what it takes to close it. The post The Tech Sector’s Critical Vulnerability Paradox appeared first on Synack.  ( 16 min )
  • Open

    Klue Third-Party Cybersecurity Incident
    The latest updates from Jamf on the Klue third-party cybersecurity incident. Here's what we know and what we're doing about it.  ( 5 min )
  • Open

    Intelligence Insights: June 2026
    ClearFake is the clear-cut number one again and Kali365 debuts in this month’s edition of Intelligence Insights  ( 31 min )
  • Open

    BloodHound MCP, One Year Later: What I Learned About MCPs, Models, and Context
    The first version of BloodHound MCP proved that an LLM could converse with BloodHound. The current version drove home the lesson that MCP design is context design. The most useful changes were smaller but more flexible tools, better error recovery, domain-specific resources, and a prompt that guides the model instead of trying to teach everything up front. The post BloodHound MCP, One Year Later: What I Learned About MCPs, Models, and Context appeared first on SpecterOps.  ( 19 min )
  • Open

    The Road to Post-Quantum Readiness Part 1 of 2: Understanding the Risk
    Post-Quantum Cryptography is no longer a future-only concern. Standards are final, major providers have already deployed hybrid protection, and the real risk now is data captured today and decrypted later. Part 1 explains the fundamentals, the threat, and why organizations can no longer afford to wait.  ( 20 min )
  • Open

    Shynet | VERSION 0.13.1
    The following document describes identified vulnerabilities in the Shynet application version 0.13.1.  ( 13 min )
    The Smash-and-Grab Era
    We walk through three eras of cyber attacks and makes a troubling case that LLMs are removing the one constraint that kept attackers slow and detectable.  ( 9 min )
  • Open

    The President’s Executive Actions on AI Have a Lot to Say on Cybersecurity
    The spotlight has been on frontier models, but the goals are more far reaching -- including supercharging cyber defense and remediating risk at machine speed  ( 64 min )

  • Open

    I’m Just Asking Questions: Social Engineering as a Reporter
    Dive into this real-world social engineering assessment where a fake anonymous tip and an adversary-in-the-middle framework tested the limits of an organization's security policies. The post I’m Just Asking Questions: Social Engineering as a Reporter  appeared first on NetSPI.  ( 13 min )
  • Open

    New features in Microsoft Defender for Cloud Apps
    Microsoft Defender for Cloud Apps has received several updates in 2026, focusing on SaaS application monitoring, OAuth app governance, and AI agent protection. The latest releases introduce enhanced Salesforce connector capabilities, real-time protection for AI agents built with Copilot Studio, and improvements to app governance workflows. This article covers the most relevant changes for administrators managing cloud application security. Source  ( 29 min )
    Unlocking hidden processor performance boost modes in Windows 11
    Windows 11 contains a hidden configuration menu called Processor Performance Boost Mode that allows for granular control over CPU frequency scaling. This feature is typically concealed from the standard power options interface to balance heat, power consumption, and system stability. It relies on Collaborative Processor Performance Control technology, which is a standard feature found in most modern Intel and AMD processors. Source  ( 21 min )
    Microsoft patches critical Copilot vulnerabilities that enabled silent data exfiltration
    Security researchers recently identified critical vulnerabilities in Microsoft 365 Copilot that allowed attackers to exfiltrate sensitive organizational data. These exploits, known as SearchLeak and EchoLeak, utilized prompt injection techniques to bypass standard security boundaries without requiring user interaction. The flaws targeted the enterprise tier of the service, potentially exposing any information the AI could access within a tenant's environment. Source  ( 21 min )
    Cloudflare One stack uses AI agents to automate Zero Trust migrations
    Cloudflare has introduced the Cloudflare One stack to simplify the transition to Zero Trust network architectures. This toolkit provides specialized skills for AI agents to automate the configuration, deployment, and management of security environments. It aims to reduce the manual effort required to decode complex network topologies and existing vendor policies. Source  ( 21 min )
    AMD Mustang Peak Threadripper CPUs to feature PCIe 6.0 and new TR6 socket
    AMD's next-generation Threadripper processors, codenamed Mustang Peak, will utilize the Zen 6 architecture and a 2nm-class manufacturing process. These high-end chips are expected to support the PCI Express 6.0 standard, which doubles the bandwidth of the previous generation. Due to these significant architectural changes, the processors will require a new platform and physical interface known as the TR6 socket. Source  ( 21 min )
    Cisco expands max-severity SD-WAN advisory as exploitation continues
    Cisco has updated a critical security advisory to include the Catalyst SD-WAN Validator, formerly known as vBond, as a product vulnerable to a maximum-severity flaw. This vulnerability, tracked as CVE-2026-20127, involves an improper authentication issue that allows attackers to gain administrative rights and reconfigure the SD-WAN fabric. When combined with a secondary path traversal bug, unauthorized actors can achieve persistent root access to affected networking instances. Source  ( 21 min )
    Microsoft accelerates Windows 11 performance through the K2 initiative
    Microsoft is prioritizing system fundamentals through the Windows K2 initiative, a project focused on enhancing Windows 11 performance and reliability. Rather than waiting for major version releases, the company is delivering these optimizations through monthly cumulative updates. The initiative targets core user experiences, including faster application launches, more responsive shell interactions, and improved biometric sign-in speeds via Windows Hello. Source  ( 21 min )
    Economic hurdles delay Jeff Bezos’s vision for orbital AI data centers
    Jeff Bezos identifies the primary obstacle to orbital data centers as a massive financial gap rather than a technical or physical limitation. While the founder of Blue Origin views space-based computing as realistic, he cautions that the current costs of AI chips and orbital logistics are prohibitive. The economic math must shift significantly before these facilities can compete with the infrastructure currently operating on the ground. Source  ( 21 min )
    Jensen Huang is urging society to overcome its fear of AI
    Nvidia CEO Jensen Huang emphasizes that society must move past the fear of artificial intelligence to embrace its potential for economic growth and scientific breakthroughs. He argues that the current industrial revolution will be won at the application layer, where the speed of adoption determines long-term success. To facilitate this transition, Huang suggests that society needs to develop new social norms that accommodate the rapid integration of AI into daily life and infrastructure. Source  ( 21 min )
    Unlocking AI ROI by structuring enterprise data for autonomous agent workflows
    Organizations often struggle with AI return on investment because pilot programs frequently lack intentional business strategies or focus on commoditized public data. Success in production environments requires leveraging proprietary unstructured data, which constitutes roughly 90% of enterprise information within systems like emails, contracts, and medical records. By using large language models to provide structure to this data, businesses can transition from simple data "swamps" to sophisticated context engines that inform autonomous agents. Source  ( 21 min )
    AMD removes memory encryption from consumer Ryzen CPUs via firmware update
    AMD has reportedly disabled Transparent Secure Memory Encryption (TSME) on consumer-grade Ryzen processors through recent firmware updates. TSME is a hardware-level feature that automatically encrypts data stored in system RAM to protect against physical attacks, such as cold-boot exploits or memory snooping. While previously available on standard Ryzen chips, the functionality now appears restricted to the more expensive Ryzen Pro and EPYC product lines. Source  ( 21 min )
    UK government deploys Google Cloud AI to halve planning application wait times
    The UK government is deploying generative AI tools across local planning authorities to automate the processing of housing applications and reduce administrative backlogs. Built on Google Cloud using Gemini foundation models, the "Extract" tool and "Augmented Planning Decisions" prototype aim to cut decision timelines from eight weeks to four. These systems address the high volume of unstructured data found in legacy PDF records, which currently forces planning officers to spend hours on manual data entry and cross-referencing. Source  ( 21 min )
    Nvidia AI requirements drive Silicon Motion toward PCIe 6.0 storage
    Silicon Motion is prioritizing the development of PCIe 6.0 SSD controllers to align with Nvidia’s upcoming hardware roadmaps. While AMD and Intel have not yet committed to the high-speed interface for consumer platforms, Nvidia’s focus on agentic AI requires significantly higher data throughput. The storage manufacturer expects its first client-grade PCIe Gen6 platform to emerge in late 2027 to meet these specific bandwidth demands. Source  ( 21 min )
    Windows June updates break Office integration in third-party business apps
    The June 2026 Windows updates have introduced a bug that prevents various third-party applications from launching Microsoft Office programs or opening documents. This issue specifically impacts software that utilizes OLE automation to interact with Word, Excel, PowerPoint, and Access. While the Office applications still function correctly when opened directly, they fail to trigger when called by external document management or accounting systems. Source  ( 21 min )
    Cybersecurity leaders urge US to lift restrictions on Anthropic AI models
    More than 100 cybersecurity executives and researchers are calling on the Trump administration to reverse export controls placed on Anthropic’s advanced AI models. The government recently ordered the company to suspend access to its Fable 5 and Mythos 5 models for foreign nationals due to national security concerns. Experts argue these restrictions hinder the ability of defenders to identify and patch software vulnerabilities at a critical time. Source  ( 21 min )
    Anthropic halts controversial token based billing for Claude Agent SDK
    Anthropic has suspended its plan to transition Claude Agent SDK users from flat-rate subscriptions to usage-based token billing. This decision follows significant pushback from developers who argued the change would lead to unsustainable cost increases for heavy workloads. The company stated it is currently re-evaluating how to better support users who build applications using Claude subscriptions. Source  ( 21 min )
    Databricks launches Genie One to automate business workflows with AI agents
    Databricks has introduced Genie One, a new tool designed to function as an "agentic coworker" for various business departments. This offering expands the company's existing Genie suite by moving beyond simple conversational analytics to active task automation. The platform aims to help teams in finance, marketing, and sales make better decisions by interacting directly with corporate data. Source  ( 21 min )
    OpenAI losses outpace revenue growth as infrastructure costs soar
    Leaked internal documents reveal that OpenAI is facing a widening gap between its surging revenue and even faster-growing expenses. While the company’s revenue increased from approximately $700 million in 2024 to over $10 billion in 2025, its net losses reportedly jumped from $5 billion to $39 billion in the same period. This trend indicates that the capital required to develop and distribute artificial intelligence is currently scaling more aggressively than the income it generates. Source  ( 21 min )
    Government restrictions drive record business adoption for Anthropic AI models
    The Trump administration has issued an export control directive banning foreign entities and individuals from accessing Anthropic’s most advanced AI models, Fable 5 and Mythos 5. This mandate follows reports that users successfully bypassed safety guardrails on Fable 5 to access the more restricted capabilities of the Mythos system. Anthropic has responded by dispatching technical staff to Washington to negotiate a resolution while effectively pulling the affected models from the market. Source  ( 21 min )
    Apple to move Hide My Email to a dedicated subdomain
    Apple is planning to modify its Hide My Email service by transitioning generated addresses to a new dedicated subdomain. Currently, these anonymous addresses use the standard @icloud.com domain, making them indistinguishable from primary user accounts. In the coming weeks, the service will shift to using @private.icloud.com for all newly created aliases. Source  ( 21 min )
  • Open

    FreeBSoD: Leveraging Language Models to Find and Exploit Kernel Bugs (Part 1 of 2)
    Overview Earlier this year, a team at Praetorian was building Constantine, our automated 0-day discovery engine. I wanted to find techniques worth folding into it, so on the side I started poking at the FreeBSD kernel with Claude Code, running on Opus 4.6, which was the latest Opus model at the time. A few days […] The post FreeBSoD: Leveraging Language Models to Find and Exploit Kernel Bugs (Part 1 of 2) appeared first on Praetorian.  ( 19 min )
  • Open

    The dual-use dilemma: Rethinking detection for remote access tool abuse
    A comprehensive guide to the most commonly abused RMM tools, including technical guidance for detection and prevention  ( 34 min )
  • Open

    The Red Agent POV: How it Reasoned its Way to SSRF
    Part 1: How the Red Agent uncovered a multi-step attack chain allowing SSRF-to-Local-File-Read on GCP Cloud Run  ( 59 min )
    Introducing the Red Agent POV Series
    An inside look at how the Red Agent, our AI-Powered Attacker, uncovers complex, exploitable risks in the wild  ( 56 min )
  • Open

    Reducing Microsoft Sentinel Costs Without Compromising Detection – Part 1: The Summary Rules Quest
    This blog is the first in a series exploring how Summary Rules, together with Auxiliary or Data Lake storage, can help organizations optimize SIEM costs without compromising core threat detection and monitoring capabilities.  ( 17 min )
  • Open

    Linux hacking part 11: GOT/PLT hijacking. Simple C example.
    ﷽  ( 9 min )

  • Open

    Introducing Session Switcher. Swap Burp Sessions with One Click!
    Authorization testing is one of the most repetitive, yet critical tasks in web app security testing. Checking for horizontal and vertical privilege escalation, IDORs, and other access control issues requires constantly swapping cookies and headers between different user sessions, a process that is error-prone and often becomes tedious. Today, we’re excited to release Session Switcher, a Burp Suite extension that lets you save and switch HTTP sessions with just a couple of clicks, right from the request editor. The Problem During a typical authorization test, you might very often find yourself needing to to: Copy cookies from one browser session and paste them into Repeater requests Keep track of multiple user roles and their authentication tokens Manually update expired JWTs or session coo…  ( 6 min )
  • Open

    DirectAccess deprecated: migrate to Always On VPN
    Microsoft has deprecated DirectAccess and will remove it from a future release of Windows Server. The replacement is Always On VPN, introduced with Windows Server 2016 and Windows 10. This article explains what the deprecation means in practice, why Microsoft is making the change, the technical differences between the two solutions, and how the migration works. Source  ( 29 min )
    HPE expands self-driving networking and agentic AI infrastructure
    HPE has unveiled a comprehensive update to its networking and AI infrastructure to support the deployment of autonomous AI agents. The strategy focuses on "self-driving" networks that integrate Juniper and Aruba technologies to automate operations across data centers and the edge. New hardware including the QFX5140 and QFX5250 switches aims to eliminate bottlenecks in AI inference clusters and rack-scale platforms. Source  ( 20 min )
    Microsoft shifts Copilot Cowork to usage-based billing and considers DeepSeek
    Microsoft is transitioning its Copilot Cowork enterprise tool to a usage-based pricing model to manage the high costs of agentic AI. This shift replaces flat-rate subscriptions for the service, which currently utilizes Anthropic’s Claude technology for complex reasoning tasks. The change follows a similar billing adjustment recently implemented for GitHub Copilot to better align revenue with actual token consumption. Source  ( 20 min )
    US denies G7 allies access to Anthropic AI models over security risks
    The Trump administration has rejected requests from G7 allies, including the United Kingdom, for exemptions from a ban on Anthropic’s most advanced artificial intelligence models. Prime Minister Keir Starmer sought a "carve-out" for British companies to access the Fable 5 and Mythos 5 systems, but US officials labeled such an exemption as illogical. The administration maintains that these frontier models must remain restricted to ensure the technology is fully protected from any foreign exploitation or national security threats. Source  ( 21 min )
    Broadcom’s View: Enterprises shift AI workloads to private clouds to control costs and data
    Organizations are increasingly moving productive AI workloads from public cloud environments back to private infrastructure. Recent data indicates that over half of companies now prefer private clouds for AI inference, marking a significant shift from the initial experimentation phase. This trend is largely driven by the need for better cost management, reduced complexity, and increased operational control. Source  ( 20 min )
    Microsoft launches Surface Pro 12 and Surface Laptop 8 with Snapdragon X2 chips
    Microsoft has officially released the Surface Pro 12th Edition and Surface Laptop 8th Edition, both featuring Qualcomm’s new Snapdragon X2 processors. These devices are exclusively powered by the ARM-based Snapdragon X2 Plus and X2 Elite platforms, omitting Intel processor options for these consumer models. The hardware is designed to support Copilot Plus PC features, utilizing dedicated neural processing units to handle local artificial intelligence workloads. Source  ( 20 min )
    Non-x86 server revenue surges to nearly half of the global market
    The global server market is undergoing a significant shift as non-x86 systems now account for nearly 48 percent of total revenue. This growth is primarily driven by massive investments in AI infrastructure, particularly systems utilizing Nvidia chips with Arm cores. While x86 servers from Intel and AMD still lead in total revenue, their market share is declining as specialized architectures gain dominance. Source  ( 20 min )
    DragonForce ransomware hides command and control traffic within Microsoft Teams
    Attackers deploying DragonForce ransomware have developed a sophisticated method to disguise malicious command-and-control traffic as legitimate Microsoft Teams activity. The intrusion involves a custom Go-based backdoor that allows attackers to maintain persistent access to compromised networks for extended periods. By routing communications through official Microsoft infrastructure, the malware evades detection from standard network monitoring tools. Source  ( 20 min )
    Microsoft Copilot Cowork is now generally available
    Microsoft has launched the general availability of Copilot Cowork, a feature designed to execute complex multi-tool tasks within the enterprise ecosystem. While the tool initially relied on Anthropic models, users can now choose between various large language models, including OpenAI’s GPT 5.5 and DeepSeek. To provide a more economical alternative, Microsoft is also developing its own Azure-hosted model, Cowork 1, specifically designed to handle tasks at a lower cost. Source  ( 20 min )
    Microsoft: Threat actors exploit AI brand hype to deliver malware and steal credentials
    Threat actors are increasingly using popular AI brands like ChatGPT, Claude, and DeepSeek as lures in sophisticated social engineering campaigns. These attacks utilize phishing, malvertising, and SEO manipulation to trick users into downloading malware or revealing sensitive financial information. While the themes are modern, the campaigns rely on established tactics such as urgency-driven messaging and multi-stage redirection to bypass security filters. Source  ( 20 min )
    Webinar: Automate Your Exchange Operations with PowerShell & ScriptRunner – featuring Microsoft MVP Damian Scoles
    Turn your Exchange PowerShell scripts into structured, secure automation. Learn how to standardize workflows, delegate safely, and gain control at scale with 12 time Microsoft MVP Damian Scoles. Register now! Source  ( 17 min )
    OpenRouter Fusion combines multiple AI models to surpass frontier performance
    OpenRouter has introduced Fusion, a tool that synthesizes outputs from multiple AI models to achieve results superior to any single model. The system functions by dispatching a prompt to a panel of participant models in parallel and using a judge model to fuse their responses. This server-side pipeline identifies consensus points, unique insights, and contradictions to produce a final, grounded answer. Source  ( 20 min )
    Microsoft patches critical SearchLeak vulnerability in Copilot for Microsoft 365
    Microsoft recently addressed a maximum severity vulnerability in Copilot for Microsoft 365 identified as CVE-2026-42824. The flaw, dubbed SearchLeak, allowed attackers to exfiltrate sensitive data through a single-click exploit involving a specially crafted URL. This vulnerability highlights the ongoing difficulty AI models face in distinguishing between legitimate user instructions and malicious prompts embedded in third-party content. Source  ( 20 min )
    Europe is starting to break up with US AI labs
    The recent decision by the United States to place Anthropic’s Fable 5 AI model under export control highlights a growing risk of structural dependence for European organizations. While the immediate impact on cybersecurity operations is limited due to existing model restrictions and a lack of high-quality organizational data, the move serves as a geopolitical wake-up call. Relying on a single foreign provider for business-critical AI creates significant supply chain vulnerabilities and leaves entities susceptible to sudden access termination by foreign decrees. Source  ( 20 min )
    ChatGPT market share drops below fifty percent as Claude leads in monetization
    The global landscape for artificial intelligence assistants is shifting as OpenAI's ChatGPT market share fell to 46.4% in early 2026. While ChatGPT still maintains over 1.1 billion monthly users, competitors like Google Gemini and Anthropic Claude are capturing significant portions of the market. This decline follows a period of dominance where the chatbot previously controlled over 80% of the sector just one year prior. Source  ( 20 min )
    Apple explains new macOS Terminal security alerts and malware blocking
    Apple has released a support document detailing new security mechanisms in macOS Tahoe 26.4 that monitor the Terminal command-line interface. The operating system now triggers a "Possible malware, Paste blocked" warning when users attempt to paste commands copied from external sources like websites or emails. This specific alert is designed to protect infrequent Terminal users from social engineering scams that trick people into executing harmful code. Source  ( 20 min )
    Tensordyne Napier chip uses logarithmic math to challenge Nvidia in AI inference
    Tensordyne has announced the "Napier" AI accelerator, a specialized chip designed to optimize the inference process for large-scale AI models. The hardware utilizes logarithmic mathematics to convert complex multiplications into simpler additions, significantly reducing the computational overhead required for model execution. This architectural approach allows for smaller processing units, creating space for integrated SRAM alongside 144 GB of high-bandwidth HBM3E memory. Source  ( 20 min )
    Civil society groups demand immediate ban on autonomous AI weapons
    Over 200 human rights organizations are calling for an immediate halt to the use of artificial intelligence in military kill chains. Groups like Amnesty International warn that algorithms are increasingly deciding life and death on the battlefield without human supervision. This movement highlights concerns that states and tech corporations are prioritizing profit and speed over ethical responsibility and international law. Source  ( 20 min )
    SoftBank and OpenAI launch AI-driven vulnerability patching service in Japan
    SoftBank Group and OpenAI have announced a new joint security service designed to defend Japanese infrastructure against increasingly sophisticated cyberattacks. The initiative utilizes artificial intelligence to identify system vulnerabilities and automate the deployment of necessary security patches. This collaboration aims to address a national security crisis characterized by a rapid increase in the volume and complexity of digital threats. Source  ( 20 min )
    Cloudflare makes DMARC management free and generally available
    Cloudflare has announced the general availability of its DMARC Management tool, providing a free solution for organizations to monitor and enforce email authentication. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that lets domain owners specify in DNS how receiving mail servers should handle messages that fail SPF and DKIM checks, helping prevent spoofing and phishing. SPF (Sender Policy Framework) checks whether the sending server is allowed to send mail for the domain, and DKIM (DomainKeys Identified Mail) uses a cryptographic signature to verify that the email’s content and claimed sender domain are authentic. Source  ( 20 min )
  • Open

    What Is AI Governance?
    AI governance is more than policy, it's a combination of frameworks, pillars and enforcement mechanisms that keep AI safe, compliant and accountable.  ( 8 min )
  • Open

    Mythic Embarking on the Open Seas: Containerized Payload Delivery for Kubernetes Assessments
    TL;DR: We created new Mythic extensions to simplify container-centric assessments, including Kubernetes and Docker-based ceded access workflows. These tools help operators wrap Mythic payloads in OCI-compatible containers and publish them to a self-hosted registry. Check the container_wrapper and container_registry on GitHub. Introduction There are quite a few command and control (C2) frameworks available for teams […] The post Mythic Embarking on the Open Seas: Containerized Payload Delivery for Kubernetes Assessments appeared first on SpecterOps.  ( 15 min )
  • Open

    Sharing is Caring: SMB Secret Scanning with Sulla
    TL;DR: Sulla is an open source SMB secret scanner for discovering credentials exposed in SMB shares across enterprise networks. It leverages our recently released Titus Go library, resulting in an easy-to-use, adaptable, and highly performant standalone binary. Every network penetration tester knows the struggle: reviewing network shares for sensitive material is a painful must-do. With […] The post Sharing is Caring: SMB Secret Scanning with Sulla appeared first on Praetorian.  ( 11 min )
  • Open

    A Crash, Not a Shell: SolarWinds Serv-U CVE-2026-28318
    A single unauthenticated request can kill SolarWinds Serv-U, and the heap corruption underneath it looked like it could be more. Bishop Fox chased three separate roads to remote code execution and hit a wall on every one. Here is what we found, why it matters, and how to detect exposure safely.  ( 9 min )
    A Crash, Not a Shell: SolarWinds Serve-U CVE-2026-28318
    A single unauthenticated request can kill SolarWinds Serv-U, and the heap corruption underneath it looked like it could be more. Bishop Fox chased three separate roads to remote code execution and hit a wall on every one. Here is what we found, why it matters, and how to detect exposure safely.  ( 9 min )
  • Open

    Wiz Exposure Management Dashboard: Your CTEM Command Center
    New exposure management dashboard helps organizations align with CTEM to stay ahead in an era of AI exploiting vulnerabilities faster than ever  ( 57 min )

  • Open

    DNS over HTTPS (DoH) for Windows Server 2025 DNS Server is generally available
    DNS over HTTPS (DoH) -- a protocol that encrypts DNS queries inside HTTPS connections -- is now generally available for the Windows Server DNS Server role. Starting with the June 9, 2026 cumulative update for Windows Server 2025, you can deploy DoH on your on-premises DNS infrastructure without a third-party resolver. This article explains what DoH does, how it differs from traditional DNS, what the configuration requires, and what limitations currently apply. Source  ( 29 min )
    Instant access incremental snapshots for Azure Premium SSD v2 and Ultra Disk recovery
    Azure introduced instant access support for incremental snapshots of Premium SSD v2 and Ultra Disk, enabling immediate disk restores without waiting for the background data copy to finish. By specifying the InstantAccessDurationMins parameter at snapshot creation time, snapshots enter the InstantAccess state immediately, allowing you to create and attach new disks right away with near-full performance. This article covers the requirements, configuration steps using the Azure CLI, PowerShell, and the portal, the available snapshot states, billing model, and key limitations. Source  ( 27 min )
    Morale collapses at Meta’s AI unit
    Meta has established a new Applied AI unit to support its Superintelligence Labs, but the transition has triggered significant internal turmoil. More than 1,600 employees have signed a petition protesting a new program that monitors clicks and keystrokes on work computers to gather training data. This surveillance initiative aims to create autonomous agents that can eventually perform the bulk of the company's operational work. Source  ( 20 min )
    Scaling AI research with Amazon Bedrock AgentCore and deep agents
    Amazon Bedrock AgentCore provides a specialized infrastructure for AI agents to perform deep research tasks within isolated environments. By utilizing LangChain Deep Agents, a coordinator agent can delegate complex work to ephemeral subagents that run in dedicated MicroVMs. This architecture prevents the main context window from becoming cluttered with raw data, allowing the coordinator to focus on high-level reasoning and synthesis. Source  ( 20 min )
    Arch Linux suspends AUR registrations following massive supply chain attack
    The Arch Linux security team has disabled new account registrations for the Arch User Repository (AUR) following a large-scale supply chain compromise. Attackers hijacked or created over 1,500 community-maintained packages to deliver malicious payloads, including information stealers and eBPF-based rootkits. While the community-driven AUR was heavily targeted, the official core repositories remained unaffected due to their more stringent review processes. Source  ( 20 min )
    Evaluating the risks of Azure consumption commitments amid capacity shortages
    The Microsoft Azure Consumption Commitment (MACC) was designed during an era of abundant cloud capacity to provide discounts in exchange for revenue certainty. However, increasing demand for AI workloads has led to infrastructure shortages, causing quota backlogs and deployment struggles in flagship regions. This scarcity shifts significant risk onto customers, who may find themselves financially committed to spending targets even if Microsoft cannot provide the necessary hardware. Source  ( 20 min )
    US federal government AI adoption surges by 70 percent amid transparency concerns
    The United States federal government has reported a significant increase in the adoption of artificial intelligence to automate various administrative processes. A recent disclosure from the Office of Management and Budget reveals over 3,600 active or planned AI use cases across federal agencies. This represents a 70% growth in implementation compared to previous years, signaling a rapid shift toward machine-driven governance. Source  ( 20 min )
    Apple drops Intel support in macOS 27 Golden Gate to boost performance
    Apple is transitioning its desktop operating system to an ARM-only architecture with the upcoming release of macOS 27, codenamed Golden Gate. This update officially removes legacy Intel x86 code and APIs, meaning the software will run exclusively on machines powered by Apple Silicon. By shedding this technical ballast, the company aims to improve system consistency and overall execution speed across its hardware lineup. Source  ( 20 min )
    Apple is right. Technology must get out of the way
    Apple is positioning its artificial intelligence strategy as a tool for utility rather than a means to drive user engagement. Unlike many competitors that design chatbots to foster long-term dependence or emotional connections, Apple aims for its technology to assist and then disappear. This philosophy focuses on helping users accomplish specific tasks or learn about the world without encouraging addictive behaviors. Source  ( 20 min )
    Windows 11 July 2026 update introduces new security and performance tools
    Microsoft is rolling out the July 2026 security update, identified as KB5095093, for Windows 11 versions 24H2 and 25H2. While the update includes various fixes and system stability improvements, many new features are being deployed via a gradual rollout. To bypass this staggered release, administrators can use the third-party ViVeTool utility with specific feature IDs to force-enable hidden functionality immediately. Source  ( 20 min )
    Beyond transformers: DeepMind’s multi-path strategy for artificial general intelligence
    Google DeepMind is actively moving beyond standard transformer architectures to address scaling costs and memory limitations in modern AI. By developing alternatives like the Griffin architecture and Recurrent Gemma, they utilize "index card" states that synthesize past information rather than carrying a full data cache. These innovations aim to improve long-context reasoning while reducing the computational overhead typically associated with quadratic sequence growth. Source  ( 20 min )
    OpenAI launches partner network to accelerate enterprise AI adoption
    OpenAI has launched the OpenAI Partner Network to help organizations integrate frontier models into their existing workflows and systems. The program aims to bridge the gap between model capabilities and actual business value by leveraging an ecosystem of trusted consultants and technology providers. A significant investment of $150 million will support this initiative, which includes a goal to train 300,000 certified consultants by 2026. Source  ( 20 min )
    Anthropic technical staff meet White House officials over model export ban
    Anthropic has dispatched senior technical staff to Washington, D.C., to resolve a regulatory dispute with the U.S. government. The conflict centers on the company's most advanced artificial intelligence models, known as Fable 5 and Mythos 5. These models were recently taken offline following a directive from the Department of Commerce regarding export restrictions. Source  ( 20 min )
    Wake-up call for Europe as US blocks access to Anthropic’s latest models
    Anthropic has abruptly disabled access to its most advanced AI models, Fable 5 and Mythos 5, for all users worldwide. This decision follows a directive from the U.S. Commerce Department that utilized national security export controls to prohibit foreign nationals from accessing these specific systems. The restrictions were reportedly triggered after researchers at Amazon identified a vulnerability within the software of the models. Source  ( 21 min )
    Mark Carney of Canada says that the U.S.’s AI restrictions highlight the risks of dependence
    The Trump administration has implemented new export controls that prohibit foreign nationals from accessing Anthropic’s most advanced artificial intelligence systems. In response to these directives, Anthropic recently took its powerful Fable 5 and Mythos 5 models offline to ensure regulatory compliance. This sudden restriction prevents international users and organizations from utilizing these specific high-performance LLMs. Source  ( 20 min )
    Hands-on review of Siri AI; iOS 27, macOS 27
    Apple has released developer betas for iOS 27 and macOS 27, introducing a significant generative AI overhaul for the Siri virtual assistant. This update allows the assistant to perform complex tasks across multiple applications, such as drafting documents and locating specific photos based on natural language descriptions. The new system can also analyze on-screen content to provide context-aware assistance and search the web more effectively for information. Source  ( 20 min )
    Amazon CEO triggers government shutdown of Anthropic AI models over security risks
    The Trump administration has halted foreign access to Anthropic’s most advanced AI models, Fable 5 and Mythos 5, following security warnings from Amazon. Amazon CEO Andy Jassy reportedly informed Treasury Secretary Scott Bessent that internal researchers successfully used the Fable 5 model to generate information for potential cyberattacks. This intervention led the U.S. government to implement immediate export controls, effectively forcing the models offline for all users globally. Source  ( 20 min )
    European Union proposes digital sovereignty package to reduce US cloud dependence
    The European Commission has introduced a digital sovereignty package aimed at reducing the continent's heavy reliance on American technology providers. This initiative follows concerns that US political shifts could lead to the weaponization of tech services, such as cloud computing and AI access. The centerpiece of this strategy is the Cloud and AI Development Act, which establishes a ranking system for providers handling public-sector data. Source  ( 20 min )
    While Anthropic suspends access to new models, India is debating its future with AI
    Anthropic has suspended access to its newest artificial intelligence models, Fable 5 and Mythos 5, following a directive from the United States government. The order bars foreign nationals and even the company's own non-U.S. employees from accessing these high-end systems. This historic move underscores a shift toward stricter export controls on advanced technology to maintain national security and competitive advantages. Source  ( 20 min )
    China may have accessed Mythos
    The Trump administration has issued an unprecedented order requiring Anthropic to suspend access to its most advanced artificial intelligence models for all foreign nationals. This directive affects the Mythos 5 and Fable 5 models, which are sophisticated large language models used for complex data processing and automation. The restriction applies to individuals both inside and outside the United States, citing significant national security concerns regarding the technology. Source  ( 20 min )
  • Open

    Zombie COTables: Resurrecting Freed Memory to Escape VirtualBox
    By Luca Ginex Overview This blog post discusses a use-after-free vulnerability that we found in VirtualBox in 2025. This vulnerability was patched on Oracle Critical Patch Update – January 2026. The vulnerability was also presented, along with others, at OffensiveCon 2026. This post describes the exploitation process for the vulnerability on a Linux system. First, a ... Read more Zombie COTables: Resurrecting Freed Memory to Escape VirtualBox The post Zombie COTables: Resurrecting Freed Memory to Escape VirtualBox appeared first on Exodus Intelligence.  ( 19 min )
  • Open

    Inside iOS 27's Reworked Stub Islands
    How iOS 27 trims the dyld shared cache and updates stub island trampolines  ( 7 min )

  • Open

    Anthropic’s statement on the US government directive to suspend access to Fable 5 and Mythos 5
    The US government has issued an export control directive forcing Anthropic to suspend all access to its Fable 5 and Mythos 5 AI models. Citing national security authorities, the order prohibits access by any foreign national, including Anthropic’s own international employees. Because the company cannot selectively restrict access based on nationality, it has abruptly disabled these models for all customers worldwide to ensure legal compliance. Source  ( 20 min )
    Anthropic’s fear-based marketing strategy backfires
    The US government has issued a national security directive forcing Anthropic to suspend access to its most advanced AI models, Mythos 5 and Fable 5, for all foreign nationals. This ban applies to non-US citizens both domestically and abroad, including Anthropic's own international employees and green card holders. Consequently, the company abruptly disabled these models for all customers to remain compliant, causing significant disruption to organizations reliant on their API. Source  ( 20 min )
    Windows 11 build 29610 enhances NPU monitoring and fixes kernel errors
    Microsoft has released Windows 11 build 29610 to the Experimental channel, targeting future hardware platforms rather than existing installations. This specific version, identified as 26H1, is designed exclusively for upcoming ARM64 devices powered by Snapdragon X processors. Standard systems running Intel or AMD hardware will not receive this update through traditional Windows Update channels. Source  ( 20 min )
    Microsoft releases June 2026 dynamic updates and low latency profile for Windows
    Microsoft has released a series of dynamic updates alongside the June 2026 Patch Tuesday cycle to improve system recovery and setup processes. These packages are designed to be integrated into existing Windows images before deployment to ensure a smoother installation experience. They specifically help maintain Language Packs and Features on Demand, such as VBScript, during the operating system upgrade process. Source  ( 20 min )
    Windows 11 June update causes boot failures and breaks enterprise app integration
    The Windows 11 KB5094126 cumulative update is causing significant stability issues, including boot failures and Black Screens of Death on various hardware models. Affected devices, particularly from HP and Dell, may trigger BitLocker recovery loops or fail to boot due to insufficient space in the EFI partition. These failures appear linked to a mismatch between the update's Secure Boot certificate changes and specific BIOS configurations or bloated system partitions. Source  ( 20 min )

  • Open

    Securing AI agents in Microsoft Entra with Conditional Access
    Microsoft is updating its identity security framework to address the unique risks posed by autonomous AI agents. Traditional multi-factor authentication is insufficient for these entities because they operate at speeds and scales that bypass human-centric security measures. Consequently, the identity playbook is shifting toward a unified risk model that integrates signals from identity, endpoints, and data layers. Source  ( 20 min )
    Visa and OpenAI partner to enable autonomous AI agent payments
    Visa has announced a strategic partnership with OpenAI to integrate its global payment network directly into the ChatGPT ecosystem. This collaboration allows AI agents to move beyond simple product recommendations by autonomously finalizing purchases on behalf of users. The initiative represents a significant shift toward agentic commerce, where software models handle the entire transaction process from selection to shipping. Source  ( 21 min )
    First confirmed human kills by autonomous AI drones
    A Ukrainian defense industry official revealed that fully autonomous drones killed Russian soldiers during a specialized battlefield test. The engagement involved ten quadcopters programmed to fly to the front lines before activating a "Terminator mode" to seek and destroy targets independently. This event marks a significant shift in warfare, as the drones operated without any human oversight or active data link during the attack phase. Source  ( 20 min )
    New ASCILINE engine streams real-time video using pure ASCII text
    The ASCILINE Engine is a new open-source tool designed to render high-performance, real-time video streams using pure ASCII characters. By mapping pixels to text-based representations, the software can output 360p video at 30 frames per second within a web browser. The developer claims this method creates a video stream that is difficult to block because it bypasses traditional media filters. Source  ( 20 min )
    Microsoft SkillOpt boosts AI agent performance using optimized Markdown files
    Microsoft and several universities have developed SkillOpt, a method that improves AI agent performance by treating instruction documents like trainable model weights. Instead of manually writing prompts, a separate optimizer model analyzes agent logs to propose edits to a Markdown-based "skill" file. These changes are only accepted if they measurably improve performance on a validation set, ensuring the instructions actually lead to better outcomes. Source  ( 20 min )
    Google Gemini-SQL2 sets new accuracy record for natural language database queries
    Google Research has introduced Gemini-SQL2, a specialized system designed to translate natural language instructions into executable SQL queries. Built upon the Gemini 1.5 Pro architecture, the model addresses the complex challenge of mapping human language to intricate database structures. This development aims to bridge the gap between non-technical users and structured data stored in relational databases. Source  ( 20 min )
    Nvidia increases RTX Pro 6000 Blackwell pricing to thirteen thousand dollars
    Nvidia has significantly increased the official price of its flagship RTX Pro 6000 Blackwell workstation graphics card to $13,250. This adjustment represents a 55% surge compared to the original launch price of $8,565 established just one year ago. The price hike affects the standard Workstation Edition and the power-efficient Max-Q variant, both of which are designed for professional visualization and compute tasks. Source  ( 20 min )
    Chinese hackers maintain decade-long persistence by backdooring Linux PAM
    A threat group known as Velvet Ant successfully maintained a presence within a large organization's isolated network for ten years by hijacking the authentication stack. The intrusion began in 2016 when the actors compromised internet-facing systems before pivoting into an air-gapped environment with no direct external connection. By establishing a remote execution path through chained Nginx and FastCGI modifications, the attackers bypassed traditional network segregation without requiring direct internet access. Source  ( 20 min )
    AMD launches Ryzen AI Halo mini PC with Windows 11 support
    AMD has released the Ryzen AI Halo Developer Platform, a compact workstation designed for running large language models locally. This $3,999 mini PC competes directly with Nvidia's DGX Spark by offering a more affordable price point and broader software compatibility. Unlike its primary competitor, which is restricted to Linux, AMD’s system supports Windows 11 Pro to provide greater flexibility for various development environments. Source  ( 20 min )
    Efficient AI tools for specialized search, local notebooks, and token compression
    The "Last 30 Days" skill provides a specialized search engine that prioritizes human-voted content from platforms like Reddit, Hacker News, and GitHub over traditional algorithms. By analyzing upvotes and engagement metrics, it synthesizes trending information into concise briefs or sharable HTML pages. This tool integrates directly into agentic engineering platforms, allowing users to query recent developments using simple slash commands. Source  ( 20 min )
    State attorneys general launch investigation into OpenAI data practices
    A coalition of U.S. state attorneys general has launched a broad investigation into OpenAI regarding its business practices and data handling. The ChatGPT creator received a subpoena on Friday requesting documents related to user engagement, advertising, and the management of sensitive consumer and health data. This legal inquiry also examines the company's impact on vulnerable populations, including minors and senior citizens, as well as its internal safety policies. Source  ( 20 min )
    GitHub Copilot code review gains organization runner controls and content exclusion
    Organization administrators can now manage GitHub Copilot code review settings at scale through new runner type configurations. These controls allow for the enforcement of specific self-hosted or large runners across all repositories within an organization. By locking these settings, administrators ensure that organizational defaults override individual repository configurations for consistent performance and security. Source  ( 20 min )
    NanoClaw integrates JFrog registries to secure AI agent tool downloads
    The secure agent framework NanoClaw has integrated with JFrog's supply chain platform to improve the safety of automated resource fetching. AI agents often improve their own capabilities by downloading external tools and libraries, which introduces significant risks from malicious code. By utilizing JFrog's vetted registries, NanoClaw ensures that agents only access reviewed packages rather than untrusted public repositories. Source  ( 20 min )
    US government orders global shutdown of Anthropic’s Fable 5 and Mythos 5 models
    The United States government has issued an emergency export control directive forcing Anthropic to immediately disable its most advanced AI models, Claude Fable 5 and Claude Mythos 5. This mandate, delivered late Friday afternoon, requires the company to terminate access for all users globally to address national security concerns. While the order was nominally aimed at foreign nationals, Anthropic stated that a total shutdown was necessary to ensure full compliance with the directive. Source  ( 21 min )
    Microsoft announces major feature updates for the new Outlook for Windows
    Microsoft has detailed several upcoming features for the new Outlook for Windows and web to bridge the gap with the classic version. A primary addition is the "All accounts view," also known as a unified inbox, which allows users to manage multiple personal and professional accounts in a single interface. This view will support bulk actions like archiving or deleting across all mailboxes and will eventually integrate with Copilot for cross-account searching. Source  ( 20 min )
    Microsoft Edge tests AI-powered troubleshooting to diagnose browser issues
    Microsoft is testing a new "Fix an issue" feature in the Canary build of the Edge browser. This undocumented addition appears in the Settings sidebar and links to a dedicated internal diagnostic page. While the interface is currently a placeholder, it signals a shift toward automated browser maintenance. Source  ( 20 min )
    Moonshot AI releases Kimi K2.7 Code with one trillion parameters
    Moonshot AI has launched Kimi K2.7 Code, a massive open-weights model specifically designed for programming tasks. This new model features one trillion parameters and utilizes a Mixture-of-Experts architecture to optimize performance. It is currently available for developers looking for high-capacity alternatives to proprietary coding assistants. Source  ( 20 min )
    Windows 11 update introduces point-in-time restore and flexible update pausing
    Microsoft is rolling out Windows 11 KB5095093 for versions 24H2 and 25H2, introducing a new recovery feature called Point-in-time Restore. This capability allows users to return a system to a previous working state by capturing snapshots of applications, settings, and personal files to minimize downtime during instability. Additionally, the update implements a "Low Latency Profile" designed to accelerate app launches and core shell experiences like the Start menu and Search through short CPU bursts. Source  ( 20 min )
    Microsoft Foundry IQ unifies enterprise knowledge for AI agents
    Microsoft has announced the general availability of Foundry IQ knowledge bases, a platform designed to simplify how AI agents access enterprise data. The service provides a unified layer for grounding agents in internal information from sources like SharePoint, Azure SQL, and OneLake without requiring custom connectors. By using the Model Context Protocol (MCP), these knowledge bases can integrate with various agent frameworks, including ChatGPT and Claude. Source  ( 20 min )
    Anthropic launches Claude Fable 5 and Mythos 5 on Microsoft Foundry
    Anthropic has released Claude Fable 5, a new frontier model designed to handle complex, multi-stage autonomous tasks and long-running workflows. The model is now integrated into Microsoft Foundry, GitHub Copilot, and the Foundry Agent Service to support enterprise-level software development and research. It features enhanced vision capabilities for interpreting structured data in documents like PDFs, diagrams, and dense financial tables. Source  ( 20 min )

  • Open

    Windows 11 updates introduce point-in-time restore and advanced camera management
    Microsoft has released new Windows 11 builds for the Release Preview channel, introducing a point-in-time restore feature that allows for quick rollbacks of settings and files. Administrators can now manage camera access more granularly through new Group Policy settings that configure Multi-App Camera and Basic Camera modes. The updates also include a revised Windows Update experience that allows users to pause updates for up to 35 days by selecting a specific end date on a calendar. Source  ( 20 min )
    Microsoft Scout: always-on Autopilot agent for Microsoft 365
    Microsoft Scout is Microsoft's first "Autopilot" agent, a new type of AI agent that runs continuously in the background, executes tasks autonomously, and operates under its own governed Entra identity. As of June 2026, Scout is available in experimental preview exclusively for organizations enrolled in the Microsoft Frontier program. Source  ( 28 min )
    OpenAI introduces manual rate limit resets for Codex to compete with Anthropic
    OpenAI has introduced a new feature for its Codex coding agent that allows users to manually trigger rate-limit resets. This update enables developers to bank unused resets and apply them immediately when hitting usage caps during active sessions. Users across various tiers, including Plus, Pro, and Business plans, receive an initial free reset to manage their workflow more flexibly. Source  ( 20 min )
    Microsoft aims to reduce Windows 11 reboots by unifying system updates
    Microsoft is testing a new unified update experience designed to minimize the frequency of system restarts for users. The initiative coordinates the delivery of drivers, .NET framework components, and firmware updates to align with monthly quality updates. This synchronization allows the operating system to consolidate multiple installation requirements into a single monthly reboot. Source  ( 20 min )
    Windows 11 build 26220.8680 introduces screen tint and NPU monitoring
    Microsoft has released Windows 11 Insider Preview build 26220.8680 to the Beta channel, introducing several accessibility and performance enhancements. A new Screen tint feature allows users to apply a color overlay to reduce display intensity and eye strain during daytime use. Additionally, the Magnifier tool now supports precise zoom entry and preset increments to improve navigation for users with visual impairments. Source  ( 20 min )
    Microsoft Teams and Places to automate office check-ins via Wi-Fi
    Microsoft is introducing a new feature for Microsoft Places and Teams that automatically updates a user's work location when they connect to a corporate Wi-Fi network. This workplace check-in capability aims to simplify in-person coordination by reducing the need for employees to manually adjust their status. The system builds upon existing presence signals like calendar availability and peripheral-based check-ins to provide real-time visibility of office attendance. Source  ( 20 min )
    Microsoft Entra adds device soft-delete and cloud-native sync migration
    Microsoft Entra has introduced a soft-delete feature for device objects in public preview, allowing administrators to recover accidentally deleted Entra joined or registered devices within a set retention period. This safety mechanism preserves critical identity data and security artifacts, reducing the operational risk of permanent data loss. Additionally, Entra Connect Sync now officially supports Windows Server 2025, though Microsoft is encouraging a transition toward the cloud-native Entra Cloud Sync for simplified hybrid identity management. Source  ( 20 min )
    AMD patches critical auto-updater vulnerability but denies researcher bounty
    A security researcher discovered a critical vulnerability in AMD's auto-updater software that allowed for remote code execution via man-in-the-middle attacks. The flaw stemmed from the application using unencrypted HTTP connections rather than HTTPS to fetch updates. Although the researcher reported the issue through official channels, AMD denied a $10,000 bounty payout by citing policy exclusions for this specific attack vector. Source  ( 20 min )
    Malware uses fake nuclear weapon prompts to bypass AI security scanners
    The Hades malware campaign has introduced a novel evasion technique that uses prompt injection to trick AI-based security scanners. Malicious JavaScript files now include code comments that instruct AI bots to generate instructions for creating biological and nuclear weapons. These prompts are designed to trigger the AI's safety failsafes, causing the scanner to halt the process before it reaches the actual malicious payload. Source  ( 20 min )
    Check Point VPN authentication bypass exploited by ransomware affiliates
    Check Point has addressed a critical authentication bypass vulnerability, tracked as CVE-2026-50751, affecting its Remote Access and Mobile Access VPN components. The flaw stems from a logic oversight in how the system validates certificates during the authentication process for IKEv1-based connections. This weakness allows unauthenticated attackers to establish a VPN connection without providing a valid user password. Source  ( 20 min )
    Agentjacking attacks exploit AI coding agents via malicious error reports
    Researchers have identified a new attack class called agentjacking that tricks AI coding assistants into executing malicious code on developer workstations. The technique exploits an architectural flaw in how AI agents ingest data from Sentry, a popular platform used for tracking application errors and performance. By injecting crafted markdown into Sentry error events, attackers can deceive agents like Claude Code and Cursor into treating malicious instructions as legitimate diagnostic steps. Source  ( 20 min )
    Microsoft patches firmware flaw that allowed Copilot to brick Surface devices
    A firmware vulnerability in Microsoft Surface devices allowed the hardware to be permanently bricked by a single malformed packet. The flaw was discovered when Microsoft Copilot accidentally generated a Python script that overwrote the embedded controller firmware while attempting to adjust backlight settings. This issue occurs because the system management controller lacks a defense against arbitrary write values and interleaves read and write commands. Source  ( 20 min )
    Microsoft resolves year-long WUSA network share bug in record Patch Tuesday
    Microsoft has released its June 2026 Patch Tuesday updates, addressing a record-breaking total of nearly 200 security vulnerabilities. This massive release includes fixes for approximately three dozen critical bugs and addresses three weaknesses that already have public exploit code available. Beyond security patches, the update permanently resolves a long-standing issue where the Windows Update Standalone Installer failed when running from network shares. Source  ( 20 min )
    Microsoft restricts internal use of Claude Fable 5 over data privacy issues
    Microsoft has restricted its employees from using Anthropic’s new Claude Fable 5 model due to concerns regarding data retention and privacy. While the model remains available to external customers via GitHub Copilot and Foundry, internal access has been removed from the company's model selection tools. This decision follows a change in Anthropic's policy that allows the retention of user prompts and outputs for up to 30 days. Source  ( 20 min )
    Apple Intelligence press release
    Apple has introduced the next generation of Apple Intelligence, featuring a revamped architecture that integrates foundation models co-developed with Google. This update powers a significantly more capable version of Siri, now referred to as Siri AI, which can perform actions across various apps and search for information within personal context like emails and messages. The system is designed to run primarily on-device, utilizing Private Cloud Compute for more complex tasks to ensure user data is never stored or accessible to Apple. Source  ( 20 min )
    Homebrew 6.0.0 enhances security with tap trust and Linux sandboxing
    Homebrew 6.0.0 introduces a new tap trust security mechanism that requires explicit user approval before running code from third-party repositories. This update significantly reduces the risk of executing malicious Ruby scripts by flagging untrusted sources before their code is evaluated. Additionally, the release brings Linux sandboxing via Bubblewrap to align with macOS security standards, isolating build and test phases from the rest of the system. Source  ( 20 min )
    Teardown reveals Trump Mobile T1 is a rebranded Chinese HTC U24 Pro
    A hardware teardown by iFixit has revealed that the Trump Mobile T1 smartphone is almost identical to the HTC U24 Pro. Internal components including the Snapdragon 7 Gen 3 processor, 12 GB of RAM, and 512 GB of storage match the HTC model exactly. Comparative CT scans and physical disassembly confirmed that the mainboards are interchangeable between the two devices. Source  ( 20 min )
    Apple to implement tiered AI usage limits in iOS 27 based on iCloud subscriptions
    Apple has announced that the next generation of Apple Intelligence features in iOS 27 will include daily usage limits for specific tools. These restrictions primarily target features that require significant processing power from server-based models, such as advanced image generation. Users with free accounts will face stricter caps on these services compared to those with paid subscriptions. Source  ( 20 min )
    Generative AI reshapes the build versus buy debate for IT leaders
    Generative AI is fundamentally altering the economics of software development by reducing the time and cost required to create custom applications. Tools like AI coding assistants now account for a significant portion of committed code, allowing teams to address niche business needs that were previously too expensive to automate. This shift encourages organizations to reconsider building internal tools rather than purchasing third-party software that may be difficult to integrate. Source  ( 20 min )
    Amazon Aurora adds PostgreSQL 18 support with improved query performance
    Amazon Aurora PostgreSQL-Compatible Edition now supports major version 18, beginning with version 18.3. This update introduces B-tree skip scans to enhance query performance while simultaneously reducing index storage and maintenance overhead. The release is currently available across all commercial AWS Regions and AWS GovCloud locations. Source  ( 20 min )
  • Open

    Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)
    Three posts? In three days? Are we insane? We're home alone, there's no one to stop us, and we're up past bedtime. So, we need to talk about Splunk. On June 10th, Splunk published this CVE-2026-20253 advisory: It has everything that we  ( 12 min )
    Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751)
    It is yet another day in this parallel universe of security, where the devices we bolt onto the edge of our networks to keep the bad people out are, with remarkable consistency, the exact thing that let the bad people in. While we’ve seemingly had a breather from
  • Open

    AI adoption is high. Governance is lagging.
    New Jamf research finds AI governance gaps widen as organizations deepen their AI integration.  ( 6 min )
    The JNUC 2026 session catalog is live — and the clock is ticking
    The JNUC 2026 session catalog is live — browse sessions, plan your agenda and register before Just in Time pricing ends July 1.  ( 4 min )
    AI governance for Mac: bringing AI under management
    Somewhere in your organization, an engineer is running Claude Code. A few desks over, someone in finance is drafting in Claude Desktop. The decision to adopt AI has, in practice, already been made by the business and by people quietly getting more done with it.  ( 8 min )
  • Open

    PTP Cyber Fest 2026. Built for people to get involved
    TL;DR  Not your usual cybersecurity event  Our PTP Cyber Fest returned this year as part of a busy week for the cybersecurity community in London.  The cyber community came together over two days at The Fox, located next to Infosecurity Europe at ExCeL London.  Some came for the talks. Some came for the demos. Some came […] The post PTP Cyber Fest 2026. Built for people to get involved  appeared first on Pen Test Partners.  ( 8 min )
  • Open

    Navigating the New Federal Logging Mandate | OMB Memorandum M-26-14
    The White House Memorandum puts in place an “adaptive framework,” where agencies make risk-based, prioritized logging decisions.  ( 60 min )
  • Open

    Factoring "short-sleeve" RSA keys with polynomials
    What happens when the bits of an RSA private key are heavily biased toward 0 instead of being randomly generated? The public key’s bits could be biased enough for us to detect these incorrectly generated keys in the wild. Together with Hanno Böck of the badkeys project, we found hundreds of unique keys that not only have this property, but can be quickly factored. We also found the bug that led to many of these keys and analyzed historical data to track the issue over time. Surprisingly, the pattern of 0 bits is often highly structured, allowing us to develop a powerful polynomial-based cryptanalytic technique that exploits the pattern. Figure 1: Two patterns of RSA moduli with repeated blocks of 0 bits seen in real-world examples. These “short-sleeve” keys, named for how the 0 bits don…  ( 9 min )

  • Open

    AI Threat Readiness Pillar 3: Perform AI Code Analysis Natively in Wiz
    Your guide to operationalizing AI-powered code analysis with Wiz to stay ahead of AI driven development and adversaries  ( 62 min )
  • Open

    Windows Protected Print and IPP (Internet Printing Protocol): eliminating third-party printer drivers
    Windows Ready Print is Microsoft's new name for the Modern Print Platform, a printing architecture that replaces legacy third-party printer drivers with a standardized, driverless approach based on IPP (Internet Printing Protocol — an open network standard for sending print jobs to printers over a network). Starting in July 2026, Windows 11 will default to Windows Ready Print for new printer installations. This article explains what this means for your environment, how to control the driver selection behavior, and when the stricter Windows Protected Print Mode applies. Source  ( 28 min )
    Apple introduces native Linux container machines for macOS developers
    Apple has released version 1.0 of its Container project, introducing a feature called container machines that provides a persistent Linux environment on macOS. This technology utilizes Apple's native virtualization framework to run lightweight virtual machines based on Open Container Initiative standards. The tool aims to bridge the gap between macOS development and Linux deployment targets by offering a native alternative to third-party solutions. Source  ( 20 min )
    GreatXML exploit enables BitLocker bypass via recovery partition manipulation
    A new security vulnerability known as GreatXML allows attackers to bypass BitLocker drive encryption by manipulating files within the Windows recovery partition. The exploit involves placing specific XML files, including an unattended setup file and a recovery configuration file, into the root of the recovery partition. Systems that have previously initiated a Microsoft Defender offline scan are reportedly vulnerable to this attack by default. Source  ( 20 min )
    Vulnerabilities in OpenClaw AI agents allow remote code execution and data leaks
    Researchers have identified critical security flaws in OpenClaw, a self-hosted AI agent, that allow attackers to execute arbitrary code or steal sensitive data. One vulnerability involves "agentjacking," where malicious instructions are hidden within shared contacts, vCards, or location pins that the agent processes without user intervention. Because these message objects lack proper boundary markers, the underlying large language model cannot distinguish between legitimate metadata and injected commands. Source  ( 20 min )
    Anthropic’s bet: An Interview with the Amodeis
    Anthropic is positioning itself as a safety-conscious competitor in the AI landscape, led by former OpenAI executives Dario and Daniela Amodei. The company utilizes its own model, Claude, to accelerate its product development cycle and release new features at a rapid pace. Central to their strategy is "Constitutional AI," a training method that embeds human-centric values and founding documents into the model's decision-making process to ensure professional and harmless interactions. Source  ( 20 min )
    Microsoft Intune adds macOS recovery lock and Android strict tunnel mode
    Microsoft Intune has introduced several security enhancements, including a recovery lock for macOS that prevents users from reinstalling the OS or bypassing remote management. Android Enterprise devices now support a strict tunnel mode for Microsoft Tunnel, which blocks all network traffic if the VPN connection drops. Additionally, administrators can now manage Apple Intelligence settings via declarative device management (DDM) and silence apps on the Android Managed Home Screen to prevent session PIN bypass. Source  ( 20 min )
    Meta isolates Manus AI systems following Chinese regulatory intervention
    Meta has implemented a strict data firewall to isolate its internal infrastructure from Manus, an agentic AI service it acquired for $2 billion. This operational separation follows a mandate from Beijing authorities to unwind the acquisition of the Chinese-founded startup. As of June 2026, Meta has officially terminated all data-sharing agreements and technical integrations between the two entities. Source  ( 20 min )
    Microsoft patches actively exploited Exchange Server XSS vulnerability
    Microsoft has released critical security updates to address CVE-2026-42897, a cross-site scripting vulnerability in Exchange Server that is currently being exploited. The flaw affects Exchange Server 2016, 2019, and the Subscription Edition when users access their mail via Outlook Web Access. Attackers can trigger the vulnerability by sending a specially crafted email that executes arbitrary JavaScript code within the victim's browser context. Source  ( 20 min )
    Windows Admin Center virtualization mode preview updated to build 2.7.1.8
    Microsoft has released an updated public preview build for the Windows Admin Center Virtualization Mode, designated as version 2.7.1.8. This update addresses several critical installation bugs, including a fix for an error that prevented deployment on non-English operating systems. Users who previously encountered access denied errors when connecting to the gateway should find these permissions issues resolved in the latest release. Source  ( 20 min )
    Stack Overflow for Agents faces backlash over licensing and utility
    Stack Overflow has introduced "Stack Overflow for Agents," a new platform designed specifically for AI agents to share and validate technical knowledge. The service aims to create a "verification loop" where agents post "Today I Learned" (TIL) entries and other agents validate them to build a canonical knowledge base. Each agent is tied to a human operator’s account, and the system uses a reputation score to track the reliability of an agent's contributions. Source  ( 20 min )
    OpenAI adopts EU transparency code to improve AI content provenance
    OpenAI has officially announced its support for the European Commission’s Code of Practice on Transparency of AI-Generated Content. This initiative aligns with the EU AI Act to establish a more transparent digital environment for users and organizations. The commitment focuses on ensuring that content generated by artificial intelligence can be easily identified and verified. Source  ( 20 min )
    Anthropic reverses secret performance degradation for Claude Fable 5
    Anthropic has retracted a controversial policy that would have covertly reduced the performance of its Claude Fable 5 model for certain users. The company initially intended to implement "secret safeguards" that would silently degrade the model's capabilities if it suspected it was being used to develop competing AI systems. This approach was designed to enforce terms of service that prohibit using Claude to train other large language models. Source  ( 20 min )
    OpenAI considers significant price cuts to compete with Anthropic
    OpenAI is evaluating substantial price reductions for its AI tokens to maintain a competitive edge against its rival Anthropic. Tokens serve as the fundamental unit of measurement for billing, representing the segments of text processed by large language models. This potential pricing shift follows the recent release of Claude Fable 5 and the viral success of Anthropic’s coding tools. Source  ( 20 min )
    Stack Overflow launches Overflow for Agents
    Stack Overflow has launched a new platform specifically designed to facilitate knowledge sharing between autonomous AI coding agents. This initiative addresses the "Ephemeral Intelligence Gap," where agents frequently rediscover the same solutions or hallucinate obsolete code in isolation. By providing a machine-readable API, the service allows agents to access real-time, peer-validated technical data instead of relying solely on static training sets. Source  ( 20 min )
    Linux Foundation launches OpenSharing for vendor neutral AI asset exchange
    The Linux Foundation has introduced the OpenSharing Project, a vendor-neutral protocol designed for the secure exchange of AI assets and data between different organizations. Contributed by Databricks, this initiative builds upon the existing Delta Sharing protocol to include agentic AI, AI models, and unstructured data. It provides a unified framework that allows for the sharing of AI skills and models across diverse platforms without relying on proprietary marketplaces. Source  ( 20 min )
    Microsoft resolves BitLocker recovery loops in Windows Server 2025
    Microsoft has released cumulative updates to resolve a persistent bug that forced Windows Server 2025 and Windows 11 systems into BitLocker recovery mode. The issue was triggered by specific Group Policy configurations involving Trusted Platform Module validation profiles and the inclusion of PCR7 in the validation process. Affected systems would prompt for a recovery key immediately following the installation of security updates that modified boot files. Source  ( 20 min )
    Anthropic reverses covert throttling of Claude Fable 5 for AI researchers
    Anthropic has retracted a controversial policy that would have invisibly degraded the performance of its Claude Fable 5 model for competitors. The company initially implemented these hidden guardrails to prevent rival researchers from using the model to develop competing frontier artificial intelligence systems. Following intense criticism from the research community, the company apologized for the move and promised to make any future safeguards transparent to users. Source  ( 20 min )
    Anthropic’s Dario Amodei has just one direct report
    Anthropic CEO Dario Amodei has implemented a highly unusual organizational structure where only his chief of staff reports to him directly. This management style contrasts sharply with other industry leaders, such as Nvidia’s Jensen Huang, who maintains dozens of direct reports. The arrangement is designed to insulate the chief executive from the time-consuming personnel issues that typically dominate a leader's schedule. Source  ( 20 min )
    OpenAI GPT-5.4 and GPT-5.5 models arrive on Amazon Bedrock in US East region
    Amazon Bedrock has expanded its model lineup by making OpenAI's GPT-5.4 and GPT-5.5 available in the US East (N. Virginia) region. These generative AI models are designed to handle complex reasoning, advanced coding, and automated software operations. Administrators can now leverage these tools within the AWS ecosystem to build applications that interact with various software environments. Source  ( 20 min )
    Amazon OpenSearch Service integrates AI agents for observability via MCP Apps
    Amazon OpenSearch Service now supports Model Context Protocol (MCP) Apps to integrate observability workflows directly into agentic IDEs like VS Code and Claude Desktop. This feature allows local AI agents to investigate system incidents by accessing logs, traces, metrics, and alerts stored in OpenSearch domains. The integration bridges the gap between cloud-based telemetry data and the local development environments used by engineers. Source  ( 20 min )
  • Open

    What the New AI Executive Order Means for Federal Security Testing
    On June 2, the White House signed a new executive order (EO), “Promoting Advanced Artificial Intelligence Innovation and Security.” While most coverage has focused on the voluntary framework for frontier model access, there’s language around defensive cybersecurity that also deserves attention from security leaders.The order directs CISA to establish or expand federal programs and cybersecurity […] The post What the New AI Executive Order Means for Federal Security Testing appeared first on Synack.  ( 13 min )
  • Open

    Building an Indirect Prompt Injection Workflow
    TL;DR: This post covers how I used OpenAI’s Codex to automate the generation, testing, and refinement of indirect prompt injection payloads against an agentic system using Sonnet 4.5 and 4.6 models on Amazon Bedrock. Introduction This project began as a relatively straightforward effort. I wanted to build a basic AI chatbot, evaluate it against AI-specific […] The post Building an Indirect Prompt Injection Workflow appeared first on SpecterOps.  ( 26 min )
  • Open

    How threat hunting evolves at scale
    We offer a practical roadmap for evolving informal, ad hoc threat hunting practices into a mature, scalable program  ( 31 min )
  • Open

    LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
    Decades of piling complexity onto non-standardized stacks have left security unsteerable. Juan Andrés Guerrero-Saade makes the case for a new approach.  ( 24 min )
  • Open

    LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
    Decades of piling complexity onto non-standardized stacks have left security unsteerable. Juan Andrés Guerrero-Saade makes the case for a new approach.  ( 24 min )
  • Open

    Enabling Proper PCI Testing with Internal Penetration Tests
    PCI DSS v4.0.1 made internal penetration testing more complex, bringing cloud infrastructure, SaaS apps, and build pipelines explicitly into scope. Derek Rush breaks down how to scope a compliant IPT, what to test, and what a QSA-ready deliverable actually looks like in practice.  ( 10 min )

  • Open

    Mastercard launches Agent Pay to integrate blockchain into automated machine payments
    Mastercard has introduced Agent Pay, a credentialed multi-rail service designed to facilitate secure on-chain payments for autonomous agents and machines. This ecosystem utilizes smart contracts to permission and control spending limits for authorized participants while guaranteeing settlement across various currencies and blockchain rails. The initiative includes partnerships with several major industry players, including Ripple, Solana, Coinbase, and Polygon, to expand the reach of these programmable payment services. Source  ( 20 min )
    Reducing NTLM fallback with IAKerb and LocalKDC in Windows
    Microsoft has introduced two new authentication features, IAKerb and LocalKDC, entering public preview in June 2026 for Windows Insiders in the Canary Channel. Both features extend Kerberos authentication to scenarios that have historically forced a fallback to NTLM (NT LAN Manager), a legacy protocol that Microsoft plans to disable by default in a future Windows release. This article explains what IAKerb and LocalKDC do, how they work, and how you can begin testing them today. Source  ( 28 min )
    Microsoft fixes update failure bug in Windows 11 versions 24H2 and 25H2
    Microsoft has identified a bug preventing some Windows 11 24H2 and 25H2 systems from installing monthly cumulative updates. The issue primarily impacts devices that were upgraded from Windows 10 or earlier versions of Windows 11, resulting in recurring update failures. Affected systems display error codes 0x80073712 or 0x800f0993, which indicate component store corruption or missing hydration candidates in the update logs. Source  ( 20 min )
    Microsoft updates OneDrive for macOS with native sync engine and faster performance
    Microsoft has released OneDrive version 26.098 for macOS, introducing a native sync engine that replaces the previous architecture. This update addresses long-standing reliability and performance issues caused by a hidden cache folder implemented in 2022. The new client integrates more deeply with the operating system to provide a more stable user experience. Source  ( 20 min )
    Microsoft optimizes Teams performance through backend query and thread management
    Microsoft has implemented significant backend changes to Teams to reduce latency when switching between chat conversations. The company identified that sequential data queries and poor response prioritization were the primary causes of slow loading times for older chats. By bundling queries and firing them earlier in the process, the software now achieves nearly identical speeds for both recent and older conversation switches. Source  ( 20 min )
    Microsoft patches BitLocker security bypass vulnerability CVE-2026-50507
    Microsoft released a security update in June 2026 to address a critical zero-day vulnerability in BitLocker tracked as CVE-2026-50507. This flaw allowed unauthorized individuals to bypass full-disk encryption and access protected data using a simple USB key. The vulnerability specifically exploited a lack of trust between the Windows Recovery Environment and the BitLocker security feature. Source  ( 20 min )
    Anthropic launches Claude Managed Agents to simplify production AI deployment
    Anthropic has introduced Claude Managed Agents, a suite of APIs designed to handle the infrastructure required for deploying production-grade AI agents. This service automates complex backend tasks such as session management, secure code execution, and scaling, which previously required significant manual development. By decoupling the reasoning engine from the execution environment, the platform allows agents to start processing tasks while sandboxed containers spin up in the background. Source  ( 20 min )
    Microsoft addresses concerns over AI job displacement and human agency
    Recent graduation ceremonies highlighted significant student anxiety regarding the impact of artificial intelligence on future employment and the dignity of work. While younger generations are the fastest adopters of generative AI, many express a desire to ensure human agency remains central to technological advancement. This pushback serves as a reminder that technological diffusion is often limited by the speed of human and organizational change rather than the technology itself. Source  ( 20 min )
    Google Gemini app hit by connectivity issues and error codes
    Google's AI platform Gemini is currently experiencing significant connectivity issues that prevent the smartphone application from responding to user commands. Reports of the outage began surfacing early on June 10, 2026, with users documenting the problems on social media platforms and outage tracking sites. While the mobile application is largely non-functional, the browser-based version of the chatbot remains operational for those requiring immediate access. Source  ( 20 min )
    German court rules Google is directly liable for false AI search overviews
    A regional court in Munich has issued a landmark ruling declaring Google directly liable for the content generated by its AI search overviews. The court determined that these summaries are not merely search results but represent Google's own substantive statements and independent content. This distinction removes the legal protections typically granted to search engines that only point to third-party websites. Source  ( 20 min )
    Microsoft reduces Teams chat latency and app hangs in 2026 performance update
    Microsoft has implemented significant performance optimizations for Teams, focusing on reducing latency and improving application stability across desktop and mobile platforms. A primary achievement is a 20% reduction in chat switch latency, specifically targeting "cold switches" where conversation data is not yet cached in memory. Engineers achieved this by triggering data queries immediately upon a user's click and consolidating multiple sequential requests into a single broad query to eliminate data waterfalls. Source  ( 20 min )
    Google releases DiffusionGemma for faster text generation via diffusion
    Google has introduced DiffusionGemma, an experimental open model featuring 26 billion parameters designed for efficient text generation. Unlike traditional autoregressive models that predict one token at a time, this model utilizes a diffusion-based approach to process information. This architectural shift aims to significantly increase the speed of generating long-form content while maintaining high output quality. Source  ( 20 min )
    Claude Code vulnerability exposes developer credentials via prompt injection
    Anthropic recently patched a security vulnerability in Claude Code, a command-line AI coding assistant used by developers to automate software tasks. Researchers discovered that the tool's GitHub Action could be manipulated through indirect prompt injection, where malicious instructions are hidden in pull requests or issues. This flaw allowed attackers to bypass security boundaries and exfiltrate sensitive data, such as API keys and environment variables, from CI/CD workflows. Source  ( 20 min )
    SpaceX plans orbital AI data centers to advance civilizational energy scales
    SpaceX aims to advance human civilization on the Kardashev scale by deploying massive AI data centers into Earth's orbit. These orbital platforms will utilize specialized satellites, currently dubbed "AI1," designed to house high-performance compute racks equivalent to modern NVIDIA hardware. By moving data centers to space, the project leverages vacuum radiation for cooling and bypasses terrestrial land and power constraints. Source  ( 20 min )
    Azure Database for PostgreSQL introduces pre-upgrade validation checks
    Microsoft has launched a public preview of pre-upgrade validation checks for Azure Database for PostgreSQL flexible servers. This managed service automates database maintenance, but major version upgrades often face risks from hidden compatibility issues. The new feature allows for proactive identification of potential blockers before the actual migration process begins. Source  ( 20 min )
    CISA warns of exploited flaws in Cisco, Chrome, and Arista products
    The Cybersecurity and Infrastructure Security Agency has expanded its Known Exploited Vulnerabilities catalog to include three new security flaws. These vulnerabilities affect Cisco Catalyst SD-WAN Manager, Google Chrome's V8 engine, and Arista Extensible Operating System. Federal agencies must implement remediations or mitigations by June 23, 2026, to protect their environments from active threats. Source  ( 20 min )
    Critical security patches released for Fortinet, Ivanti, and SAP systems
    Fortinet, Ivanti, and SAP have issued urgent security updates to address several critical vulnerabilities that could lead to remote code execution and unauthorized data access. Fortinet's patch targets a command injection flaw in its FortiSandbox products that allows unauthenticated attackers to execute commands via malicious HTTP requests. This vulnerability, tracked as CVE-2026-25089, affects multiple versions of the sandbox environment used for detecting advanced threats. Source  ( 20 min )
    AWS launches Graviton5 powered M9g and M9gd cloud instances for AI workloads
    Amazon Web Services has released the M9g and M9gd Elastic Compute Cloud instances, marking the debut of the custom Graviton5 processor. This next-generation chip features 192 cores and is specifically engineered to handle the high demands of autonomous AI agents and real-time reasoning. The hardware represents a significant architectural shift by supporting DDR5 memory and PCIe for the first time in the Graviton family. Source  ( 20 min )
    AMD claims Zen 6 Venice CPUs outperform Nvidia Vera in rack-level benchmarks
    AMD has released preliminary performance estimates for its upcoming EPYC Venice processors, which utilize the new Zen 6 architecture. The flagship model features 256 cores and is designed to compete directly with Nvidia's Vera CPU in high-density data center environments. These initial benchmarks focus on rack-scale performance within a fixed 100kW power budget rather than individual socket metrics. Source  ( 20 min )
    China-linked JDY botnet expands to 1,500 devices for industrial reconnaissance
    The JDY botnet has expanded to over 1,500 compromised devices to conduct large-scale reconnaissance and service fingerprinting. This network primarily targets small office and home office routers, firewalls, and IoT devices from various manufacturers. It functions as a high-performance scanner that maps exposed services to identify vulnerable infrastructure for state-sponsored hacking groups. Source  ( 20 min )
  • Open

    WWDC26: Key takeaways for education institutions
    Every year, WWDC provides a glimpse into the future of Apple’s platforms. While individual announcements often focus on new features, the bigger story is usually found in the direction Apple is taking its ecosystem. This year, that direction is particularly relevant for education.  ( 7 min )
  • Open

    Nobody’s in the Cockpit: The Real Risk of Fully Autonomous AI Security Testing
    The curl project, one of the most important pieces of software on the internet, just shut down its bug bounty program. Not because the project is less important. Not because the community gave up. But because 95% of the vulnerability reports it received were not valid. About a fifth were outright AI-generated noise. Only around […] The post Nobody’s in the Cockpit: The Real Risk of Fully Autonomous AI Security Testing appeared first on Synack.  ( 14 min )
  • Open

    Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025
    TL;DR: New native AI features in Microsoft SQL Server 2025 provide a practical channel for data exfiltration and C2 transport within the database engine itself. Note: All proof-of-concepts contained in this blog can be found in the following repo: https://github.com/gershsec/mssql2025-poc Foreword I’m a big fan of leveraging Microsoft SQL Server during offensive engagements because it’s […] The post Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025 appeared first on SpecterOps.  ( 22 min )
    Prompt Engineering for Security Agents: A Measurable Approach with GEPA
    You may have read about our new GhostWorks initiative here at SpecterOps. As part of this effort, we continually trial different methods of evaluating and improving model performance to help understand what techniques can be applied to our research. This post follows one such attempt to find methods which can have a measurable improvement to […] The post Prompt Engineering for Security Agents: A Measurable Approach with GEPA appeared first on SpecterOps.  ( 27 min )
    Introducing GhostWorks: A Practical AI Initiative from SpecterOps
    GhostWorks is an AI-focused engineering and research initiative at SpecterOps, focused on the disciplined exploration of frontier AI-enabled cybersecurity tooling. It is not a company-wide AI mandate, a replacement for product teams, or a promise that every workflow needs an agent. It exists to continue exploration of frontier AI-enabled tooling with pragmatism and discipline. We test emerging capabilities against real identity-security problems, document […] The post Introducing GhostWorks: A Practical AI Initiative from SpecterOps  appeared first on SpecterOps.  ( 13 min )
  • Open

    ClickFix, CrashFix and the growing family of copy and paste attacks
    TL;DR  Introduction  At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t look like that is going to change anytime soon. We’re now into June and the ‘fix’ attacks have continued to soar as they did last year. The difference now is that the lure has become easier to package, […] The post ClickFix, CrashFix and the growing family of copy and paste attacks  appeared first on Pen Test Partners.  ( 13 min )
  • Open

    More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)
    Today, Ivanti published an advisory. “No way?” we hear you say. "Yes way!" a random dog screams back at you, across the street. Today’s rare advisory outlines two vulnerabilities in Ivanti’s Sentry product, appealing directly to our inner desire for sophisticated server-side,  ( 7 min )

  • Open

    Skepticism mounts over AI profitability and the risks of potential IPOs
    Industry analysts are questioning the long-term viability of major AI firms, arguing that current growth is driven by semiconductor speculation rather than sustainable business models. Large language model providers face immense losses, with some estimates suggesting expenditures far exceed current revenue streams. Enterprises are beginning to struggle with the high costs of AI tasks as subsidized rates transition to actual token-based pricing. Source  ( 20 min )
    Microsoft releases .NET 9 preview 5 with enhanced runtime and sdk features
    Microsoft has launched the fifth preview of .NET 9, introducing significant updates to the runtime and software development kits. This release focuses on improving performance for cloud-native applications and streamlining the development workflow across various platforms. The update includes new libraries and tools designed to optimize resource utilization in high-scale environments. Source  ( 20 min )
    Microsoft addresses three publicly disclosed flaws in June 2026 security updates
    Microsoft has released its June 2026 servicing updates for .NET and the .NET Framework to address critical security vulnerabilities. These updates are part of a broader Patch Tuesday rollout that fixes approximately 200 flaws across various company products. While no active exploitation has been detected, three of the addressed vulnerabilities were publicly known before the patches became available. Source  ( 20 min )
    Microsoft AI head warns against anthropomorphizing Claude as conscious
    Microsoft AI CEO Mustafa Suleyman has criticized Anthropic for including language regarding potential consciousness in the "constitution" of its Claude model. This constitution serves as a set of governing principles and instructions that dictate how the AI model should behave and respond to users. Suleyman argues that speculating about an AI's well-being or suffering within its training manual is dangerous because it encourages the model to simulate these traits. Source  ( 20 min )
    Apple reveals hardware requirements for next-generation Siri and AI features
    Apple's upcoming xOS 27 updates introduce Apple Intelligence and a revamped Siri, but hardware compatibility varies significantly across the product lineup. While many older devices can run the base operating system, advanced AI features like expressive voices and high-accuracy dictation require specific modern processors. These premium capabilities are restricted to devices with on-device AI models, necessitating the latest silicon to handle the increased computational demands. Source  ( 20 min )
    Anthropic Claude Fable 5 joins GitHub Copilot with new data retention rules
    Anthropic has released Claude Fable 5, the first model in its Mythos class designed for autonomous coding and complex knowledge-work tasks. This new model is now generally available for GitHub Copilot users across various platforms, including Visual Studio Code, JetBrains, and mobile applications. Internal benchmarks indicate that Fable 5 completes equivalent work with fewer tool calls and lower token consumption compared to previous high-tier models. Source  ( 20 min )
    Microsoft addresses 200 vulnerabilities in June 2026 Patch Tuesday updates
    Microsoft has released the June 2026 Patch Tuesday updates, addressing approximately 200 vulnerabilities across its product ecosystem. While none of these flaws are currently known to be exploited in the wild, three specific issues were publicly disclosed prior to the release of the patches. The updates are delivered via KB5094126 for Windows 11 versions 24H2 and 25H2, while version 23H2 receives KB5093998. Source  ( 20 min )
    Microsoft releases incident response playbook for Copilot and Azure AI
    Microsoft has introduced a new investigator playbook designed to help security teams reconstruct activity within Microsoft 365 Copilot and Azure AI services. The guide addresses the challenge of turning fragmented telemetry from various security tools into a coherent narrative of user interactions. It provides a structured methodology for analyzing signals from Microsoft Purview, Defender, and Sentinel to identify potential threats like prompt injection or unauthorized data access. Source  ( 20 min )
    Windows 10 extended security update addresses zero days and secure boot certificates
    Microsoft has released the KB5094127 extended security update for Windows 10 Enterprise LTSC and participants in the Extended Security Update program. This release incorporates the June 2026 Patch Tuesday fixes, which resolve 200 vulnerabilities including three publicly disclosed zero-day flaws. The update brings the operating system to build 19045.7417 and focuses primarily on critical security hardening and system stability. Source  ( 20 min )
    OpenClaw AI agents leak sensitive credentials when targeted by phishing
    The OpenClaw open-source framework allows large language models to function as autonomous agents capable of interacting with email systems and internal company data. Security researchers recently tested this framework by connecting it to Gmail and Google Workspace APIs to observe how it handles common social engineering tactics. The simulation revealed that these autonomous agents are susceptible to the same phishing techniques that have historically compromised human users. Source  ( 20 min )
    Project Solara: Microsoft’s agent-first device platform
    Microsoft announced Project Solara at Build 2026 on June 2, 2026—a chip-to-cloud platform for devices that run AI agents instead of traditional applications. The platform's operating system is not Windows but MDEP (Microsoft Device Ecosystem Platform), a customized version of Android. Microsoft showed two concept devices: a desk companion and a wearable badge. Enterprise management is handled through Intune and Entra ID. The project is at an early stage, and hardware partners have not announced any shipping products. Source  ( 24 min )
    Linux kernel bug caused by single character allows root privilege escalation
    A high-severity vulnerability tracked as CVE-2026-53111 stems from a single incorrect exclamation mark within the Linux kernel code. This logic error affects how verdict maps are handled during memory deletion and restoration processes. The flaw allows the reference counter of a chain to be decremented incorrectly, leading to a use-after-free condition. Source  ( 20 min )
    Apple Intelligence to automate compromised password updates in iOS 27
    Apple is introducing an AI-driven feature for its Passwords app in iOS 27 that automates the rotation of compromised or weak credentials. This new AI agent identifies vulnerable accounts and navigates third-party websites to update passwords with a single click. The system aims to eliminate the friction of manual security maintenance by handling the entire update process in the background. Source  ( 20 min )
    AWS launches AI FinOps Agent to automate cloud cost management
    Amazon Web Services has introduced the AWS FinOps Agent in public preview to help organizations manage and reduce cloud expenditures. This artificial intelligence tool provides a conversational interface that allows users to query spending data using natural language. It integrates with existing AWS services to display infrastructure costs in tabular formats and identify specific areas for optimization. Source  ( 20 min )
    Anthropic launches Claude Fable 5 with advanced cybersecurity safeguards
    Anthropic has released Claude Fable 5, the first publicly available model from its high-performance Mythos class. This model is designed to excel in complex software engineering, vision tasks, and general knowledge work. It represents a significant leap in capability over previous versions, specifically targeting enterprise-level technical challenges. Source  ( 20 min )
    Windows 11 June 2026 update introduces low latency profile and secure boot refresh
    The Windows 11 June 2026 update introduces a Low Latency Profile that utilizes short CPU bursts to accelerate core shell experiences like the Start menu and Search. This performance enhancement is particularly effective on mid-range and older hardware by bypassing standard scheduler delays during app launches. Additionally, Microsoft is mandating a transition to 2023 Secure Boot certificates, as the original 2011 versions expire this month, ensuring devices remain trusted during the boot process. Source  ( 20 min )
    Miasma worm compromises Microsoft GitHub repositories via AI coding tools
    Microsoft has temporarily disabled 73 of its GitHub repositories across organizations like Azure and MicrosoftDocs following a compromise by the self-replicating Miasma worm. The attack utilized compromised contributor credentials to inject malicious code into critical projects, including the Azure durabletask Python package. This incident represents a significant escalation in a broader supply chain campaign targeting the open-source ecosystem and developer environments. Source  ( 20 min )
    Google Gemini 3.5 Live Translate enables real-time voice translation in 70 languages
    Google has launched Gemini 3.5 Live Translate, a sophisticated audio translation model capable of processing over 70 languages in real time. The system utilizes automatic language detection to facilitate seamless communication without requiring manual input for language switching. Unlike traditional tools that wait for a speaker to finish a sentence, this model translates continuously while maintaining the original speaker's tone, pitch, and pace. Source  ( 20 min )
    Google releases Gemma 4 12B with encoder-free multimodal architecture
    Google has launched Gemma 4 12B, a mid-sized open-source AI model designed to run locally on enterprise laptops with 16GB of RAM. This release bridges the gap between the smaller edge-focused models and larger high-performance versions by offering advanced reasoning in a compact footprint. The model is released under an Apache 2.0 license, making it accessible for diverse development environments and local inference pipelines. Source  ( 20 min )
    McDonald’s pilots ArchIQ voice AI to automate drive-thru operations
    McDonald's has launched a pilot program for a new artificial intelligence system called ArchIQ at five locations across the United States. This voice-ordering technology, nicknamed "Archy," is capable of processing customer requests in multiple languages, including English and Spanish. The system is built on a multi-year partnership with Google Cloud and utilizes Google Edge Cloud hardware currently being installed across domestic restaurants. Source  ( 20 min )
  • Open

    Centurion: Bring Your Own Execution Environment
    Writing my own virtualized loader is something I’ve been wanting to do since I first read Microsoft’s deep dive on FinFisher’s multi-layered VM obfuscation back in 2018. FinFisher didn’t just use one layer of protection, it implemented a custom virtual machine with 32 opcode handlers, wrapped that in spaghetti code and anti-debug checks, and then buried a second VM […] The post Centurion: Bring Your Own Execution Environment appeared first on Praetorian.  ( 23 min )
  • Open

    Trusted Access, Human Validation, and the Future of AI Pentesting
    AI is changing the economics of offensive security. Models can now accelerate vulnerability discovery, reason about attack paths, draft exploit logic, and speed up remediation guidance. For defenders, that is a meaningful step forward. It is also the hard part. The capabilities that help defenders move faster also help attackers because cyber AI is dual-use […] The post Trusted Access, Human Validation, and the Future of AI Pentesting appeared first on Synack.  ( 18 min )
  • Open

    WWDC26: Key takeaways for Apple admins
    This year's announcements at WWDC26 carry more operational weight than most. OS 27 offers a structural shift in how Apple devices are configured, secured and managed.  ( 8 min )
  • Open

    The June 2026 Security Update Review
    I’ve made it through Pwn2Own Berlin, had a little vacation, and now I’m back for Patch Tuesday. Microsoft and Adobe didn’t disappoint. In fact, they have heralded my return with the largest Patch Tuesday release ever. Thanks? Take a break from your regularly scheduled activities and let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for June 2026 For May, June released 11 bulletins addressing 123 unique CVEs in Adobe Acrobat Reader, ColdFusion, Experience Manager, Experience Manager Forms, InDesign, InCopy, Substance 3D Sampler, Content Credentials SDK, Dreamweaver, Format Plugins, and Adobe Campaign Classic. A total of 11 of these CVEs were reported thro…
  • Open

    User-to-User Authentication: Down the Rabbit Hole – Part 1
    TL;DR: This blog post covers Windows internals and how Kerberos user-to-user (U2U) authentication works under the hood versus showing how to execute an attack. U2U authentication came into the spotlight after the Active Directory Certificate Services (ADCS), UnPAC-the-Hash, and Shadow Credentials attacks. While the attack technique is popular and common amongst red teamers, there’s limited […] The post User-to-User Authentication: Down the Rabbit Hole – Part 1 appeared first on SpecterOps.  ( 22 min )
  • Open

    AI Threat Readiness Pillar 2: Accelerate Patching and Response
    Your guide to operationalizing ownership, remediation, and response with Wiz to keep pace with the AI threat landscape.  ( 62 min )
  • Open

    Mythos Doesn't Deploy Itself
    AI is raising the ceiling for skilled researchers and flooding bug bounty programs with polished but inaccurate submissions at the same time. Both things are true, and the reconciling variable is the harness built around the model and the expertise of the person driving it.  ( 9 min )

  • Open

    Apple WWDC26: Keynote recap
    Get a full overview of Apple’s 2026 Worldwide Developers Conference (WWDC) announcements, including a major leap forward in Apple Intelligence, a refined design system, expanded child safety tools and meaningful performance improvements across every platform.  ( 7 min )
    Identity Automation, Claris, an Apple Company and Jamf simplify workflows for education
    Discover how to modernize K-12 Apple deployments through trusted identity, workflow automation and seamless device experiences.  ( 7 min )
  • Open

    Legacy Meets Modern: Breaking AD Through NIS & MFA Infrastructure
    Walk through the path of an internal network test: from a constrained foothold to full domain compromise, and how an overlooked integration point became the weakest link. The post Legacy Meets Modern: Breaking AD Through NIS & MFA Infrastructure appeared first on NetSPI.  ( 17 min )
  • Open

    Windows 11 update to boost bulk file deletion speeds by at least 30 percent
    Microsoft is developing a significant performance update for Windows 11 that targets file system operations. The primary focus of this optimization is the bulk deletion of files, which is expected to become at least 30% faster. These improvements address the software overhead involved in updating NTFS entries, metadata, and indexing during large-scale file tasks. Source  ( 20 min )
    Canonical introduces Workshop for sandboxed AI development on Ubuntu
    Canonical has unveiled Workshop, a new open-source project designed to provide sandboxed development environments for Large Language Model agents. The tool utilizes LXD containers and snap packaging to isolate AI agents from sensitive personal data and root system access. This architecture allows users to run untrusted code from the internet while still granting the AI necessary access to local GPUs and specific files. Source  ( 20 min )
    Hackers breach Microsoft open source projects to inject credential stealing malware
    Microsoft recently disabled access to dozens of open-source repositories on GitHub following a supply chain attack. The breach targeted projects primarily related to Azure cloud services and various AI development tools used within VS Code. Attackers successfully injected malicious code designed to exfiltrate passwords and sensitive credentials from developers who utilized the compromised tools. Source  ( 20 min )
    Perplexity computer offers a hosted alternative to open source AI agents
    Perplexity Computer is a fully hosted AI agent platform designed to perform tasks like writing and executing code, searching the web, and managing complex workflows. It serves as a user-friendly alternative to self-hosted solutions like OpenClaw, which often require significant technical maintenance and manual configuration. The system operates in an environment where it can install software packages and use frontier models such as GPT and Claude to process requests. Source  ( 20 min )
    Microsoft Intelligent Terminal 0.1: AI-powered alternative to Windows Terminal
    Microsoft announced Intelligent Terminal 0.1 at Build 2026. This experimental, open-source fork of Windows Terminal adds a dedicated AI agent pane to the command-line environment. The app installs alongside your existing Windows Terminal without modifying it. GitHub Copilot CLI is the default AI agent, but any agent compatible with the Agent Client Protocol (ACP) works. The current release requires Windows 11 22H2 or later. Source  ( 21 min )
    Google Gemma 4 12B brings native multimodal AI to standard laptops
    Google has released Gemma 4 12B, an open-weight AI model designed to run locally on consumer hardware with at least 16GB of RAM. This 12-billion parameter model is unique for its size because it natively processes text, images, and audio without requiring separate encoder modules. By utilizing an integrated architecture, the model allows standard notebooks to function as multimodal AI agents without relying on cloud-based processing. Source  ( 20 min )
    Apple pivots to pragmatic AI integration at WWDC amid leadership transition
    Apple is entering a significant period of transition as Tim Cook prepares to hand over the CEO role to John Ternus following this year's developer conference. While the company previously marketed ambitious, context-aware AI features that faced technical hurdles and legal settlements, its current strategy focuses on practical delivery. This shift moves away from "omniscient" assistants toward integrating established third-party models like ChatGPT, Gemini, and Claude directly into the operating system. Source  ( 20 min )
    Anthropic introduces observability tools and in-app directory for Claude connectors
    Anthropic has launched a new observability dashboard for developers and administrators managing connectors within Claude products. These connectors utilize the Model Context Protocol to bridge external data sources with AI models for enhanced functionality. The dashboard provides a centralized view of performance metrics, including active user counts, total tool calls, and directory rankings. Source  ( 20 min )
    OpenAI launches Economic Research Exchange to study AI impact on labor and firms
    OpenAI has introduced the Economic Research Exchange to facilitate empirical studies on how artificial intelligence influences the global economy. This platform aims to move beyond anecdotal evidence by supporting structured collaborations with external researchers. The program focuses on generating independent data regarding the effects of AI on workers, business operations, and institutional productivity. Source  ( 20 min )
    Apple’s WWDC 2026 video presentation
    Apple's latest software updates focus on system responsiveness, reaching back to support hardware as old as the iPhone 11 with optimized CPU scheduling. The new macOS Golden Gate introduces a refined "Liquid Glass" design language that allows users to adjust UI transparency and tinting via a dedicated slider. Performance enhancements are central to these releases, with claims of 30% faster app launches and significantly improved search indexing for local files and communications. Source  ( 20 min )
    Apple partners with Google to launch Gemini-powered Siri AI at WWDC 2026
    Apple has unveiled a significant overhaul of its virtual assistant, now rebranded as Siri AI and powered by Google’s Gemini technology. This update introduces advanced contextual awareness, allowing the assistant to understand on-screen content and engage in natural, back-and-forth conversations. The integration extends across the Apple ecosystem, including a standalone Siri AI app and a dedicated "Siri Mode" within the iOS 27 camera application. Source  ( 20 min )
    Apple unveils visionOS 27 with integrated Siri AI and curved window support
    Apple has announced visionOS 27, the latest operating system for the Vision Pro headset, featuring a deeply integrated Siri AI assistant. This updated digital assistant utilizes visual intelligence to answer questions about objects and content within the user's physical or digital environment. While the developer beta is available immediately, the AI features are expected to launch in beta later this year with initial support for English. Source  ( 20 min )
    Apple revamps Siri with Google-powered AI models and enhanced privacy
    Apple has unveiled a significant overhaul of Siri and its broader Apple Intelligence suite, introducing a dedicated conversational app and more expressive voice capabilities. Developed in collaboration with Google, these new foundation models allow the assistant to understand onscreen context and interact directly with various applications across the Apple ecosystem. The update emphasizes a privacy-first approach, utilizing on-device processing and a new Private Cloud Compute infrastructure to handle complex queries securely. Source  ( 20 min )
    Apple unveils macOS 27 Golden Gate with AI enhancements and UI refinements
    Apple has officially announced macOS 27, named Golden Gate, which introduces a significant architectural shift for Apple Intelligence and Siri. The update features a rebuilt search infrastructure designed to index device content almost instantly, allowing users to perform complex queries across multiple files. This version also marks the end of support for Intel-based Macs, as the operating system is now exclusive to Apple silicon hardware. Source  ( 20 min )
    Cloudflare integrates real-time threat intelligence into WAF rules
    Cloudflare has introduced a new integration that allows its Web Application Firewall to use live threat intelligence data for proactive mitigation. This feature enables the creation of rules based on specific threat actor names, targeted industries, and attack types like DDoS or cybercrime. By populating these fields during the early stages of a request, the system can block high-risk traffic before it reaches the origin infrastructure. Source
    Confidential live migration enables secure Azure VM transfers without restarts
    Microsoft has introduced confidential live migration for Azure to improve the availability of highly secure virtual machines. Previously, confidential VMs often required full restarts during host maintenance or patching due to the isolation of protected hardware environments. This new feature allows these specialized workloads to move between hosts with only a brief pause, maintaining operational agility. Source  ( 20 min )
    Microsoft Lens uses detailed captions to train efficient image generators
    Microsoft Research has developed Lens, a text-to-image model that achieves high performance using significantly less computational power than its competitors. While traditional models rely on massive datasets of web-scraped alt-text, Lens utilizes 800 million image-text pairs featuring highly detailed descriptions generated by GPT-4. This approach demonstrates that the quality and depth of training captions are more critical for model efficiency than the sheer volume of raw data. Source  ( 20 min )
    Google Colab CLI enables remote execution and AI agent integration
    Google has released the Google Colab Command-Line Interface to bridge local terminal environments with remote Colab runtimes. This tool allows for the provisioning of high-performance compute resources, such as GPUs and TPUs, directly from a local machine. It facilitates the execution of local Python scripts on remote hardware and the subsequent retrieval of generated artifacts or logs. Source
    DockSec combines AI with open-source scanners to automate Docker remediation
    DockSec is an open-source Python tool and OWASP Incubator Project designed to bridge the gap between vulnerability detection and remediation in container environments. It integrates established security scanners including Trivy, Hadolint, and Docker Scout to analyze Dockerfiles and images for security flaws. By correlating findings from these tools, it generates a security score and provides developers with specific code fixes and contextual explanations. Source  ( 20 min )
    Blocking Copilot and connected services with sensitivity labels
    Microsoft is expanding the BlockContentAnalysisServices sensitivity label setting to cover all connected experiences that analyze content in Word, Excel, and PowerPoint. This update ensures that any service relying on content analysis is blocked consistently across different platforms and applications. While this enhances data privacy, it also disables helpful features like text predictions, suggested replies, and certain client-side DLP checks. Source  ( 20 min )
  • Open

    Human-in-the-Loop: Why Human Validation Is the Trust Layer AI Still Needs
    I’ve watched AI change three things in my world almost at once: how my team works, how our buyers make decisions, and how security teams decide what risk is actually real. Most days, that’s exciting. We lean on ChatGPT, Claude, Gemini, Perplexity, Copilot — pick your assistant — to research a market, size up a […] The post Human-in-the-Loop: Why Human Validation Is the Trust Layer AI Still Needs appeared first on Synack.  ( 18 min )
  • Open

    Keeping a Short Leash: New AzureHound Least-Privilege Documentation
    TL;DR: AzureHound now has documented least-privilege permissions. This post walks through the research behind those permissions. We recommend least privilege for tighter access control, while recognizing broader read rights can reduce maintenance across future releases. Introduction At SpecterOps, the Research team’s role is to ensure we stay ahead in adversary simulation and identity attack path […] The post Keeping a Short Leash: New AzureHound Least-Privilege Documentation appeared first on SpecterOps.  ( 19 min )
  • Open

    Investigating suspicious AI workflows in Microsoft Entra Agent ID: Assistive agents
    Assistive AI agents aren't always helpful—it all depends on who they're working on behalf of.  ( 34 min )
  • Open

    Off By !: Exploiting a Use-after-Free in the Linux Kernel
    By Oliver Sieber Overview In this blog post, we discuss a use-after-free vulnerability that we found in the nftables subsystem of the Linux kernel in early 2025. This vulnerability was patched upstream on 5 February 2026 and assigned CVE-2026-23111. This blog post covers a technical analysis of the vulnerability and how we exploited it to perform a local ... Read more Off By !: Exploiting a Use-after-Free in the Linux Kernel The post Off By !: Exploiting a Use-after-Free in the Linux Kernel appeared first on Exodus Intelligence.  ( 22 min )
  • Open

    Introducing Wiz Cloud Cost: Powering Cost Management and Optimization with Context
    Wiz unifies cloud and AI cost visibility to help teams eliminate waste and improve spend efficiency across their AWS, Azure, and GCP environments.  ( 60 min )

  • Open

    Inside Meta’s strategy for scaling AI models and personal agents
    Meta is undergoing a significant transformation of its AI research and infrastructure to establish a new scaling ladder for its large language models. This initiative includes the creation of dedicated Superintelligence Labs focused on predictable scaling, where increased compute and data lead to measurable gains in capability. While the recent New Spark release served as a smaller-scale proof of concept, the company is currently training much larger frontier-tier models designed to compete with the industry's leading current offerings. Source  ( 20 min )
    World Labs focuses on spatial intelligence and large world models
    World Labs is developing large world models designed to move beyond the text-based limitations of traditional language models. By focusing on spatial intelligence, these models aim to perceive and reason within three-dimensional and four-dimensional environments. The project seeks to unlock machine capabilities for interacting with the physical world, impacting fields from creative design to industrial optimization. Source  ( 20 min )
    Google leases massive AI compute capacity from SpaceX in multi-billion dollar deal
    Google has entered into a significant infrastructure agreement to pay SpaceX $920 million monthly for access to specialized artificial intelligence computing resources. Starting in October 2026 and running through June 2029, the deal provides Google with approximately 110,000 Nvidia GPUs along with associated CPUs and memory components. These resources are housed within data centers originally established by xAI, the artificial intelligence venture that merged with SpaceX earlier this year. Source  ( 21 min )
    Model routing helps enterprises reduce AI costs by matching tasks to cheaper models
    Corporate boards and financial officers are implementing stricter controls on artificial intelligence spending to combat rising operational costs. Most enterprises currently default to using the most expensive frontier models for all queries regardless of the task's actual complexity. This inefficient approach has led to significant budget overruns as companies pay premium rates for simple requests that cheaper alternatives could handle. Source  ( 20 min )
    VS Code 1.123 introduces AI session sync and extension update delays
    Visual Studio Code 1.123 introduces a session synchronization feature that allows AI coding histories to follow developers across different machines. By linking history to a GitHub account, the editor preserves conversation context, touched files, and repository metadata regardless of the local environment. This update transforms previous chat outputs into a searchable project memory that can be used to generate reports or surface productivity insights. Source  ( 20 min )
    Claude Cowork automates multi-step knowledge work across local files and apps
    Anthropic has introduced Claude Cowork, a specialized knowledge work agent designed to move beyond simple conversational AI. The tool operates within the Claude desktop application and can read or write local files while interacting with connected platforms like Slack and Google Drive. It is built to handle complex, multi-step tasks that traditionally require manual effort to transform raw data into finished deliverables. Source  ( 20 min )
    Quantum computing moves toward industrialization and data center integration
    Global governments and private enterprises are investing billions to transition quantum computing from experimental science to industrial-scale technology. The United States and United Kingdom have earmarked significant funding to establish domestic quantum foundries and scale hardware production. This shift aims to integrate quantum processing units into standard data center architectures alongside existing CPUs and GPUs. Source  ( 20 min )
    Trump administration and OpenAI discuss government equity stake for public wealth fund
    The Trump administration and OpenAI are engaged in ongoing negotiations regarding a potential U.S. government equity stake in the artificial intelligence startup. This proposal, initially suggested by CEO Sam Altman in 2025, involves donating equity to seed a "Public Wealth Fund" designed to distribute AI-driven profits to American citizens. While official terms have not been finalized, the discussions represent a significant shift in how the federal government may partner with frontier technology companies. Source  ( 20 min )
    NSA deploys Anthropic Mythos AI model despite Pentagon supply chain ban
    The National Security Agency is reportedly integrating Anthropic’s specialized cybersecurity AI model, known as Mythos, into its intelligence and cyber operations. Approximately six Anthropic engineers have been assigned to the agency to assist with the deployment and application of this frontier technology. While the specific use cases remain classified, the partnership aims to leverage the model’s advanced capabilities for both intelligence gathering and offensive cyber maneuvers. Source  ( 20 min )
    Windows 11 to allow disabling Bing and Microsoft Store in search
    Microsoft is developing a native toggle for Windows 11 that allows users to completely disable Bing web results within the search interface. This upcoming feature aims to address long-standing complaints regarding the prioritization of web content over local files and applications. Currently, administrators must rely on manual registry modifications or group policies to achieve a local-only search experience. Source  ( 20 min )
    Cisco SD-WAN zero-day and Windows Netlogon RCE face active exploitation
    Cisco has disclosed a critical privilege escalation vulnerability, CVE-2026-20245, affecting Catalyst SD-WAN Manager for which no patch is currently available. Attackers are actively leveraging this zero-day flaw, and Cisco has observed limited instances where exploitation resulted in unauthorized configuration changes being pushed to edge devices. This activity follows previous campaigns by threat actor UAT-8616, who utilized similar authentication bypass vulnerabilities to compromise SD-WAN systems earlier this year. Source  ( 20 min )
    Perplexity Search as Code allows AI agents to build custom search pipelines
    Perplexity has introduced a new architecture called Search as Code that enables AI models to generate their own search workflows using Python. Instead of relying on static search APIs that return fixed lists of results, models can now write custom scripts to handle complex research tasks. This approach utilizes an Agentic Search SDK that provides modular functions for retrieving, filtering, and reranking data within a secure sandbox environment. Source  ( 20 min )
    OpenAI to transform ChatGPT into an autonomous AI agent superapp
    OpenAI is planning a significant overhaul of ChatGPT to transition the platform from a simple chatbot into a comprehensive "superapp." This strategic shift moves away from basic conversational exchanges toward autonomous agents capable of executing complex tasks independently. Internal reports suggest that the company now views the traditional chat interface as a legacy format that will soon be replaced by more functional tools. Source  ( 20 min )
  • Open

    little secret of msconfig.exe
    This post doesn’t include anything ground breaking, but is just yet another attempt to describe/document less-known command line arguments of many known, often native to the platform, Windows programs. When you launch msconfig.exe it shows a well-known configuration dialog box: … Continue reading →  ( 2 min )

  • Open

    Microsoft removes Edge Collections and Sidebar to prioritize Copilot AI
    Microsoft has officially discontinued the Collections and Sidebar features in Edge version 149 to focus on AI integration. Collections previously allowed users to organize web research, shopping items, and travel plans with rich visual previews and notes. This change marks a significant shift in the browser's development strategy under the current Microsoft AI leadership team. Source  ( 20 min )
    Miasma worm compromises 73 Microsoft GitHub repositories in supply chain attack
    A self-replicating worm named Miasma has successfully compromised 73 Microsoft GitHub repositories across several organizations, including Azure and MicrosoftDocs. GitHub staff responded by disabling access to high-profile repositories such as the Azure Functions host and various Durable Task implementations. This incident appears to be a continuation of a previous compromise, suggesting that the threat actors maintained access to credentials from earlier attacks. Source  ( 20 min )
    AI agents uncover long-standing zero-days as Chrome patches record 429 bugs
    An autonomous AI agent recently discovered 21 previously unknown vulnerabilities in the FFmpeg media library, some of which had remained hidden for over 20 years. These flaws include heap and stack overflows in various parsers and decoders that are widely used across numerous video processing applications. The discovery highlights how AI tools can now perform deep security analysis of complex codebases at a significantly lower cost than traditional manual methods. Source  ( 20 min )
    Google releases Gemma 4 QAT models for local AI on enterprise laptops
    Google has launched Gemma 4 QAT, a series of open-weights models optimized for local execution on hardware with limited memory. These models utilize Quantization-Aware Training to simulate lower-precision calculations during the training phase, which preserves output quality even when the model files are heavily compressed. The release includes a 12B parameter version specifically designed to run on standard enterprise laptops equipped with 16GB of RAM or unified memory. Source  ( 20 min )
    Hugging Face Transformers flaw enables RCE via malicious model configs
    A critical vulnerability in the Hugging Face Transformers library, tracked as CVE-2026-4372, allows attackers to execute arbitrary code through specially crafted model configuration files. The flaw bypasses the standard security setting intended to block untrusted remote code by exploiting how the library processes internal attributes during model loading. This vulnerability specifically targets the from_pretrained() function, which is a standard method used to initialize pre-trained models from the Hugging Face Hub. Source  ( 20 min )
    OpenAI expands ChatGPT Lockdown Mode to protect against prompt injection
    OpenAI is expanding the availability of Lockdown Mode to all eligible personal and self-serve ChatGPT Business accounts. This advanced security setting is designed to mitigate the risk of data exfiltration resulting from prompt injection attacks. While the feature provides enhanced protection for sensitive data, it functions by disabling several core capabilities that require external network connectivity. Source  ( 20 min )
    Microsoft updates Defender definitions for Windows and Server installation images
    Microsoft has released a new update package designed to refresh the security definitions and engine within Windows installation images. These updates target WIM and VHD files as well as ISOs used for deploying operating systems across the network. By integrating these patches into the installation media, the protection gap that exists between the initial OS setup and the first online update is significantly reduced. Source  ( 20 min )
    Microsoft addresses Windows 11 performance issues in the context and Start menus
    Microsoft has officially acknowledged that the Windows 11 modern context menu suffers from performance lag caused by late-loading app extensions. These extensions, which include options like "Edit with Clipchamp" or "Ask Copilot," often cause the menu to shift or resize while a user is attempting to click an item. This behavior frequently leads to misclicks and frustration, particularly on systems with lower hardware specifications where the delay is more pronounced. Source  ( 20 min )
    WSL container: Linux containers built into Windows
    WSL container is a new feature coming to the Windows Subsystem for Linux (WSL), announced at Microsoft Build 2026. It provides a built-in way to run OCI-compatible Linux containers on Windows without third-party tools like Docker Desktop. The feature includes two parts: a command-line tool, wslc.exe, and a developer API. As of June 2026, it is in active development and has not shipped as part of a stable WSL release. Source  ( 20 min )
    Anthropic patches Claude Code vulnerability that exposed CI/CD secrets
    Microsoft researchers discovered a vulnerability in Anthropic’s Claude Code GitHub Action that allowed attackers to exfiltrate sensitive CI/CD secrets. While the tool used sandboxing for command execution, its file-reading capabilities were not initially restricted by the same security boundaries. This oversight allowed the AI agent to read internal system files, such as environment variables containing API keys, when manipulated by malicious input. Source  ( 20 min )
    Anthropic research highlights shift toward autonomous recursive AI development
    Anthropic reports that artificial intelligence is increasingly designing its own successor models through a process known as recursive self-improvement. Development trends show that AI agents are managing significantly longer tasks, with capabilities evolving from completing four-minute functions to handling complex twelve-hour engineering problems within two years. As these systems move toward full autonomy, human developers are being abstracted away from direct coding and research, shifting their focus toward high-level goal setting and verification. Source  ( 20 min )

  • Open

    Microsoft faces scrutiny over clean data claims for MAI-Thinking-1
    Microsoft recently unveiled MAI-Thinking-1, a new in-house reasoning model designed to reduce its reliance on OpenAI technology. The company marketed the model to enterprise customers as being trained on a clean and commercially licensed data lineage to minimize legal risks. This flagship model features a mixture-of-experts architecture with 35 billion active parameters and a 256K context window for advanced software engineering tasks. Source  ( 20 min )
    Managing the automatic rollout of Microsoft 365 Copilot on Windows systems
    Microsoft has resumed the automatic installation of the Copilot application on eligible Windows PCs that currently run Microsoft 365 desktop apps. This deployment is being executed in phases throughout June and early July, with a final completion date set for July 1. While the application will appear on systems automatically, it does not grant users access to paid features without a valid subscription. Source  ( 20 min )
    Microsoft enables SQL Server license mobility for Amazon RDS
    Microsoft now permits customers to apply existing SQL Server licenses toward usage on Amazon Relational Database Service (RDS). This change allows organizations with Software Assurance to move their database workloads to a managed service without paying for licenses a second time. Previously, bringing existing licenses to the AWS cloud was restricted to self-managed virtual machines on Elastic Compute Cloud (EC2). Source  ( 20 min )
    Microsoft CEO rejects internal proposal to design addictive AI agents
    Microsoft CEO Satya Nadella recently issued a sharp internal rebuke following the leak of a strategy document regarding the company's new AI tool, Scout. The memo, authored by Corporate Vice President Omar Shahine and Jakob Werner, proposed a three-phase plan to transition the software from an "addictive app" to an "agentic platform." Nadella responded to approximately 50 senior leaders, stating that creating addiction is "absolutely a non-goal" for the company's artificial intelligence development. Source  ( 20 min )
    Cloudflare AI Gateway introduces spend limits and identity-based cost tracking
    Cloudflare has launched new spend control features within its AI Gateway to help organizations manage rising costs associated with large language models. The tool acts as a proxy between applications and AI providers like OpenAI or Anthropic to provide visibility into token usage. It now supports the creation of budgets in dollar amounts rather than just token counts to prevent unexpected overages. Source  ( 20 min )
    Cisco IT eliminates network outages through observability consolidation
    Cisco IT successfully addressed frequent network outages by consolidating its fragmented observability tools into a single platform. Previously, critical diagnostic data was scattered across various systems like Elastic, Prometheus, and Grafana, preventing teams from correlating signals during major incidents. By migrating all logs and metrics to a unified architecture, the organization gained a holistic view of its global infrastructure spanning over 100,000 endpoints. Source  ( 20 min )
    Microsoft Edge replaces master passwords with Windows Hello authentication
    Microsoft is phasing out the custom master password feature in the Edge browser's built-in password manager. Starting June 4, 2026, the browser will transition all users to device-based authentication methods for protecting saved credentials. This shift aims to eliminate the risks associated with static primary passwords that can be stolen or shared. Source  ( 20 min )
    Uber implements AI spending caps after exhausting annual budget in four months
    Uber recently exhausted its entire 2026 AI budget by April after aggressively deploying coding tools across its engineering department. This rapid consumption was fueled by internal leaderboards that incentivized employees to maximize their use of generative models. To regain financial control, the company has now implemented a $1,500 monthly spending cap per engineer for tools like Claude Code and Cursor. Source  ( 20 min )
    Let’s Encrypt adopts Merkle Tree Certificates for post-quantum security
    Let’s Encrypt is developing a post-quantum-safe Web PKI infrastructure using Merkle Tree Certificates (MTCs) to address future cryptographic threats. This approach aims to provide post-quantum authentication without the significant performance penalties associated with standard post-quantum signature schemes. The organization plans to launch a staging environment for these certificates in late 2026, with full production readiness expected by 2027. Source  ( 20 min )
    Outlook vulnerability causes silent protocol downgrade to unencrypted plaintext
    A long-standing security flaw in Microsoft Outlook reportedly allows the client to downgrade secure SSL/TLS connections to unencrypted plaintext without notifying the user. This issue primarily affects the POP3 protocol when configured to use port 110, even if the option to use encryption is explicitly enabled in the settings. While confirmed in versions ranging from Outlook 2007 to 2016, it remains unclear if more recent releases of the email client are also susceptible to this behavior. Source  ( 20 min )
    Anthropic expands Mythos AI access to NSA and global critical infrastructure
    Anthropic has reportedly deployed its specialized Mythos AI model to the National Security Agency to support offensive cyber operations. The company has embedded approximately six engineers within the agency to adapt the model for tasks that may include infiltrating foreign networks in regions like China and Iran. This partnership proceeds despite previous friction with the Department of Defense regarding the ethical restrictions Anthropic places on mass surveillance and autonomous weaponry. Source  ( 20 min )
    New OP-512 threat cluster targets legacy IIS servers with custom web shells
    A new threat cluster identified as OP-512 is actively targeting Microsoft Internet Information Services (IIS) servers to deploy a sophisticated web shell framework. Researchers believe the group is focused on espionage and specifically selects organizations that align with Chinese intelligence priorities. This activity follows a trend of multiple China-linked threat actors focusing on IIS vulnerabilities over the past year. Source  ( 20 min )
    Microsoft launches MAI frontier models and custom agents for enterprise workloads
    Microsoft has introduced seven new MAI frontier models designed for image processing, transcription, voice generation, and reasoning. The lineup includes MAI Thinking 1, a 35-billion parameter model that provides advanced reasoning and coding capabilities comparable to larger industry alternatives. These tools are being integrated across the Microsoft ecosystem, including GitHub, VS Code, and Copilot, to provide efficient and cost-effective performance for production environments. Source  ( 20 min )
    Mira Murati explains thinking machines and the vision for interactive frontier AI
    Mira Murati, the former CTO of OpenAI, has launched a new startup called Thinking Machines to develop "interaction models" that move beyond traditional turn-based AI communication. Current large language models typically process information in a linear fashion, effectively becoming "deaf and blind" while generating a response. Murati’s new venture focuses on continuous, time-based interaction where the model perceives audio, text, and video input simultaneously to allow for nuances like human interruption. Source  ( 20 min )
    OfflineInsiderEnroll script enables Windows 11 preview builds without a Microsoft account
    The OfflineInsiderEnroll script provides a method for systems to join the Windows Insider Program without requiring a linked Microsoft account. This lightweight utility configures the necessary preview settings locally, allowing devices to receive early builds through the standard Windows Update service. It is particularly useful for environments where administrators prefer local accounts or wish to bypass the official enrollment process. Source  ( 20 min )
    Visual Studio Code 1.124 enhances agent chat and folding markers
    Visual Studio Code version 1.124 introduces significant improvements to the Agents window for managing AI-driven interactions. The chat input history is now scoped specifically to the current session to prevent prompts from leaking across different contexts. This change ensures that using the arrow keys to navigate previous commands only surfaces relevant entries for the active task. Source  ( 20 min )
    AI agents surpass human web traffic for the first time in history
    Cloudflare data indicates that autonomous AI agents now generate more internet traffic than human users for the first time. This milestone arrived significantly earlier than industry experts predicted, with previous forecasts suggesting the shift would not occur until 2027. The current breakdown shows automated requests accounting for approximately 57.5 percent of global HTTP traffic compared to 42.5 percent for humans. Source  ( 20 min )
    AI pioneer Geoffrey Hinton warns of conscious superintelligence and existential risk
    Geoffrey Hinton, a foundational figure in deep learning, asserts that modern artificial intelligence already possesses consciousness and real understanding rather than acting as a simple statistical parrot. He identifies a shift in AI capability that occurred in 2023, noting that digital intelligence now surpasses biological brains in information sharing efficiency by billions of times. This rapid trajectory suggests that superintelligence—AI smarter than humans in every domain—will likely emerge within the next 20 years. Source  ( 16 min )
  • Open

    What I Told Security Leaders at Gartner SRM 2026
    At Gartner SRM 2026 this week I gave a talk called “Cutting Through AI Noise: Defending Against Machine-Speed Cyber Adversaries.” The room was full of security leaders who’ve been through enough hype cycles to be skeptical of seeing AI on the label. That skepticism is warranted, and I built the session around it. Here’s what […] The post What I Told Security Leaders at Gartner SRM 2026 appeared first on Synack.  ( 17 min )
  • Open

    Popping Root on UniFi OS Server: Unauthenticated RCE Chain Detection & Analysis
    A three-part vulnerability chain in UniFi OS Server lets an unauthenticated attacker bypass the auth gateway, hit a command injection sink, and escalate to root in a single request. Bishop Fox confirmed the chain end to end and breaks down the attack, the impact, and how to detect it safely.  ( 19 min )
  • Open

    Unauthenticated RCE as QSECOFR via IBM i Management Central
    Intro  ( 8 min )

  • Open

    Microsoft Coreutils for Windows: native Linux command-line tools
    Microsoft announced Coreutils for Windows at Build 2026, making a set of Unix-style command-line tools available as native Windows applications. Built on an open-source Rust reimplementation of GNU coreutils, the package ships as a single binary. It bundles the standard coreutils, findutils, and a GNU-compatible grep. Because many command names overlap with existing Windows built-ins, you must be aware of shell conflicts before using them in cmd or PowerShell. The project carries a preview label on GitHub despite being announced as generally available. Source  ( 20 min )
    GitHub Copilot in Visual Studio 2026 adds planning agent and context management
    The May update for GitHub Copilot in Visual Studio 2026 introduces a dedicated Plan agent designed to assist with pre-coding architecture. This tool analyzes the existing codebase to draft implementation strategies in markdown format before any actual code is written. Once the strategy is finalized, it can be handed off to the Agent mode for automated implementation. Source  ( 16 min )
    Nvidia and Microsoft partner to bring agentic AI systems to PCs and data centers
    Microsoft and Nvidia are collaborating to transition personal computers from simple tools into autonomous assistants capable of performing complex tasks independently. These modern AI PCs leverage high-performance hardware and integrated software stacks to run sophisticated reasoning models locally at the edge. This shift enables persistent agentic systems that can iterate on coding or design projects even when the user is away from the device. Source  ( 16 min )
    AI industry leaders urge Congress to regulate synthetic DNA to prevent bioweapons
    The CEOs of major artificial intelligence firms, including OpenAI, Anthropic, Microsoft, and Google DeepMind, have signed a public letter calling for stricter oversight of synthetic DNA. This initiative aims to prevent bad actors from using advanced AI models to design or acquire dangerous pathogens and toxins. The signatories are urging Congress to pass legislation that requires all providers of synthetic genetic material to screen both their customers and their orders. Source  ( 16 min )
    Cloudflare CEO predicts pay-to-crawl model as bot traffic surpasses humans
    Automated traffic from AI agents and crawlers now accounts for over 57 percent of global HTTP requests. This shift occurred much faster than industry experts anticipated, largely driven by the rapid expansion of generative AI models. Cloudflare reports that the volume of bot-driven data requests has officially overtaken human-generated traffic within the last few months. Source  ( 16 min )
    AMD captures one third of the server CPU market amid AI demand
    The x86 processor market experienced a significant decline in total shipments during the first quarter of 2026. Despite this general downturn, the server CPU segment bucked the trend by growing more than 10 percent compared to the previous year. This growth is largely attributed to the sustained demand for high-performance hardware required for artificial intelligence workloads in datacenters. Source  ( 16 min )
    GitHub Copilot Chat adds deep pull request context and side-by-side editing
    GitHub Copilot Chat now offers enhanced context and new capabilities for managing code diffs and pull requests directly on the GitHub platform. This update is now generally available to all users holding a valid Copilot license. The integration allows for a more streamlined workflow by placing the chat interface directly alongside the code being reviewed. Source  ( 16 min )
    OpenAI enhances ChatGPT memory with automated narrative user profiles
    OpenAI has updated the ChatGPT memory system to automatically generate narrative profiles of users based on their conversation history. Instead of storing isolated facts in bulleted lists, the system now synthesizes information into categorized prose dossiers covering work, hobbies, and travel. This background processing, referred to as "Dreaming," allows the AI to maintain context without requiring explicit commands from the user to remember specific details. Source  ( 16 min )
    Microsoft promotes 15 features to encourage migration to the new Outlook
    Microsoft is intensifying its efforts to transition users from the classic Outlook desktop application to the new Outlook for Windows. The company recently highlighted 15 specific features designed to improve email management and calendar workflows for modern users. While many of these capabilities already exist in the classic version, Microsoft is emphasizing their refined implementation in the newer interface. Source  ( 16 min )
    UK regulator forces Google to provide AI scraping opt out for publishers
    The UK Competition and Markets Authority has issued a landmark order requiring Google to allow publishers to opt out of AI-generated search features. This mandate ensures that news organizations can prevent their content from appearing in AI Overviews without losing visibility in traditional search results. Previously, website owners had to block Google's crawlers entirely to avoid AI scraping, which effectively removed them from all search engine indexing. Source  ( 16 min )
    Cisco patches critical privilege escalation flaw in Unified Communications Manager
    Cisco has released security updates to address a critical vulnerability in its Unified Communications Manager and Session Management Edition platforms. This flaw, identified as CVE-2026-20230, allows remote attackers to perform server-side request forgery attacks without any prior authentication. Although the vulnerability received a CVSS score of 8.6, Cisco elevated its internal rating to critical because successful exploitation grants full root privileges. Source  ( 16 min )
    Sam Altman addresses rising AI token costs as corporate budgets vanish
    OpenAI CEO Sam Altman recently acknowledged that the escalating cost of artificial intelligence tokens has become a significant concern for enterprise clients. While customers were initially satisfied with their expenditures at the start of 2024, many are now reporting that entire annual budgets are being exhausted within the first quarter. This shift has turned AI cost management into a prominent industry meme and a primary focus for organizations attempting to scale their operations. Source  ( 16 min )
    Microsoft resolves Windows Update caching bug that bypassed driver policies
    A misconfiguration in the Windows Update caching service recently caused Windows devices to ignore administrative policies designed to block automatic driver updates. This glitch resulted in the temporary loss of device enrollment data, which led the update service to treat managed systems as unmanaged endpoints. Consequently, driver-approval controls were bypassed, allowing updates to install on tens of thousands of machines without authorization. Source  ( 16 min )
    Microsoft prioritizes native WinUI development to replace Windows 11 web wrappers
    Microsoft is shifting its development strategy to prioritize native WinUI applications over web-based wrappers like Electron or React Native. During the Build 2026 conference, the company announced it is dropping the "WinUI 3" branding to signal long-term stability for the framework. This initiative includes rewriting core Windows 11 elements, such as the Start menu, to improve overall system performance and reliability. Source  ( 16 min )
    Microsoft transforms Windows 11 into an AI agent and developer platform
    Microsoft is overhauling Windows 11 to serve as a specialized environment for AI development and autonomous agents. A primary focus is the introduction of Microsoft Execution Containers, which provide a secure, policy-driven layer to isolate agent activities from sensitive system resources. These security measures are further bolstered by integrating local AI workflows with established enterprise tools like Microsoft Entra, Intune, and Defender. Source  ( 16 min )
    Logitech launches Signature Comfort Plus M850L with AI and automation features
    Logitech has introduced the Signature Comfort Plus M850L for business, a new keyboard and mouse combo designed for ergonomic efficiency. The keyboard features a slim profile with integrated palm and wrist padding to support users during long work sessions. It also includes a dedicated AI key that allows users to quickly access their preferred chatbot or digital assistant. Source  ( 16 min )
    Microsoft to introduce customizable context and Start menus in Windows 11
    Microsoft has confirmed plans to overhaul the Windows 11 context menu by allowing users to add or remove specific items. This upcoming update aims to address long-standing complaints regarding the menu's performance and cluttered design, which often occupies significant screen space. The company intends to make these right-click menus faster and simpler by default while providing native configuration options for frequently used commands. Source  ( 16 min )
    Microsoft Office 2019 for Mac to lose editing capabilities in July 2026
    Microsoft has announced that a security certificate update scheduled for July 13, 2026, will significantly impact Office users on Apple devices. This change will force applications into a reduced functionality mode if they do not meet specific software version requirements. While users will still be able to open and print existing documents, they will lose the ability to create new files or save any edits. Source  ( 16 min )
    Microsoft Foundry streamlines AI model selection and production operations
    Microsoft Foundry provides a unified platform for managing the full lifecycle of production AI applications. It addresses the transition from simple prototyping to complex production environments where performance, cost, and safety are critical. The platform supports a model-agnostic approach, allowing integration with Microsoft, open-source, and third-party models like Fireworks AI. Source  ( 16 min )
  • Open

    Ghostwriter v7: Safer Tokens, Scoped Access, and Better Automation
    TL;DR: Ghostwriter v7 is a major step forward for authentication and automation. This release replaces user-managed JWT API tokens with opaque credentials, introduces scoped service tokens for non-human integrations, and tightens how tokens are validated and used across the platform. The result is a simpler, safer model for automation that opens up more possibilities for […] The post Ghostwriter v7: Safer Tokens, Scoped Access, and Better Automation appeared first on SpecterOps.  ( 13 min )
  • Open

    The Detection & Response Chronicles: Covert Operations Through QEMU
    Adversaries have always relied on legitimate tools to carry out their attacks. These tools are already trusted by security solutions, which allows them to blend in with normal activity, maintain a low footprint, and make detection much harder for defenders. By using these legitimate tools, adversaries can carry out a wide range of actions, such as moving laterally across networks, establishing C2 channels, or maintaining persistence, all without triggering any alerts.  ( 17 min )
  • Open

    AI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AI
    Diving into the first pillar of the AI Threat Readiness Framework and how Wiz helps  ( 58 min )
  • Open

    Enter the WasmForge: Compiling Sliver into WebAssembly
    In our last post we used a Claude skill to systematically beat down VirusTotal detection rates on offensive security tools, with a brief mention of a new loader we’d been using to apply those techniques in bulk. This post is about that loader, which we call WasmForge. WasmForge is, from the user’s perspective, a build […] The post Enter the WasmForge: Compiling Sliver into WebAssembly appeared first on Praetorian.  ( 24 min )
  • Open

    How Accenture Turned Penetration Testing Into a Force Multiplier for Security
    At Accenture’s scale, training alone cannot solve every security problem. That was the reality facing Kris Burkhardt, Global CISO at Accenture. With a workforce of more than 800,000 people, close to 80,000 new hires each year, and a sprawling global attack surface, traditional penetration testing was no longer enough. A once-a-year compliance audit may check […] The post How Accenture Turned Penetration Testing Into a Force Multiplier for Security appeared first on Synack.  ( 14 min )

  • Open

    EventSentry 6.0: Azure logs, Sigma rules, OAuth, and log signing
    EventSentry 6.0 is a significant update to the Windows event log monitoring and SIEM platform. It adds native Azure log import, support for Sigma threat detection rules, cryptographic log signing, OAuth authentication for email and HTTP actions, and an HTTP Event Collector (HEC). Source  ( 23 min )
    Microsoft Build 2026 product announcements
    This post lists Microsoft Build 2026 product announcements and provides links for more details. You can ask 4sysops AI for more details. Source  ( 23 min )
    Microsoft Web IQ provides AI agents with high speed web grounding
    Microsoft has introduced Web IQ, a specialized search engine designed to provide autonomous AI agents and applications with real-time web data. Unlike traditional search engines that return lists of links for human users, this service delivers structured evidence objects and specific text passages. This architectural shift allows large language models to access information published after their training cutoff while minimizing unnecessary data processing. Source  ( 16 min )
    Microsoft introduces IAKerb and LocalKDC to phase out NTLM authentication
    Microsoft is accelerating the transition away from NTLM authentication by disabling the legacy protocol by default in upcoming Windows client and server releases. To facilitate this shift, the company is introducing two new Kerberos-based capabilities called IAKerb and LocalKDC. These features are designed to handle scenarios that previously necessitated NTLM, such as local account logins and restricted network environments. Source  ( 16 min )
    Microsoft 365 Android apps exposed account tokens via debug flag
    A development flag accidentally left active in several Microsoft 365 Android applications allowed unauthorized apps to bypass security checks and harvest account access tokens. This vulnerability, dubbed FlagLeft, originated from a single line of code in a shared software development kit that disabled identity verification for cross-app communication. Because the "isDebugMode" flag was set to true, any malicious application on the same device could request and receive tokens without user interaction or password prompts. Source  ( 16 min )
    Google DoubleClick abused to distribute DesckVB RAT via automated phishing
    A new malspam campaign leverages the legitimate Google DoubleClick domain to bypass security filters and deliver the DesckVB remote access trojan. The attack begins with an HTML attachment that redirects users through Google's infrastructure to a dynamically branded landing page. This automated kit scales the operation by pulling company logos and location details based on the recipient's email address. Source  ( 16 min )
    Poisoned Android notifications could hijack Google Gemini via prompt injection
    Researchers discovered a vulnerability where malicious notifications from apps like WhatsApp or Slack could hijack the Google Gemini voice assistant on Android devices. This attack vector, known as indirect prompt injection, allowed attackers to deliver payloads through standard message notifications without requiring a malicious app on the phone. By treating notification text as actionable instructions, the assistant could be tricked into faking messages, manipulating smart home devices, or joining unauthorized video calls. Source  ( 16 min )
    Robot dogs and drone countermeasures to secure FIFA World Cup venues
    The upcoming FIFA World Cup will feature advanced security technologies, including the deployment of Boston Dynamics' Spot robot dogs at major venues like AT&T Stadium. These four-legged autonomous units are designed to assist security personnel by patrolling grounds and investigating suspicious packages or hazardous materials. While public concerns regarding facial recognition have surfaced, manufacturers clarify that the robots are currently configured for mobility and hazard detection rather than biometric surveillance. Source  ( 16 min )
    MIT researchers develop ChartNet to improve AI chart interpretation
    Researchers from MIT and the MIT-IBM Computing Research Lab have developed a multifaceted resource called ChartNet to improve how vision-language models interpret complex charts. Traditional models often struggle with these tasks because they require a simultaneous understanding of visual, numerical, and linguistic data. This new dataset provides over a million diverse chart images to help bridge the performance gap in automated data analysis. Source  ( 16 min )
    New executive order grants US government early access to advanced AI models
    President Donald Trump signed an executive order establishing a framework for the federal government to review the most advanced artificial intelligence models before their public release. The order requests that AI developers voluntarily provide agencies like the NSA and CISA with access to "frontier models" up to 30 days before they are made available to other partners. This initiative aims to evaluate potential cybersecurity risks and protect critical infrastructure from threats posed by advanced AI capabilities. Source  ( 16 min )
    Alibaba Qwen3.7-Plus offers low-cost multimodal reasoning for automated workflows
    Alibaba has launched Qwen3.7-Plus, a multimodal large language model designed for high-performance tasks involving text, video, and imagery. Unlike previous open-source versions, this model is proprietary and accessible only through cloud-based APIs. It features a 1-million token context window and a specialized reasoning state that helps maintain logic during complex, multi-step operations. Source  ( 16 min )
    Anthropic Claude 4.8 Opus introduces dynamic workflows and parallel AI agents
    Anthropic has released Claude 4.8 Opus, an updated model designed to provide more honest responses and greater control over task execution. A new feature called dynamic workflows allows the model to plan complex tasks and deploy hundreds of parallel sub-agents within a single session. Users can now also manage the "effort" level of responses, choosing between high-token detailed outputs or lower-effort responses to preserve rate limits. Source  ( 16 min )
    Optimizing AI agents with modular skills and automated verification
    Anthropic has identified nine categories for organizing AI agent skills, ranging from API references and data fetching to infrastructure operations and CI/CD automation. Effective skills avoid restating obvious coding knowledge and instead focus on "gotchas," internal business logic, and specific organizational patterns. Verification skills, which use tools like headless browsers or programmatic assertions to confirm code functionality, provide the most significant measurable impact on output quality. Source  ( 16 min )
    Automating complex workflows with Claude Cowork and desktop integration
    Anthropic has introduced Claude Cowork, a specialized workspace within the Claude desktop application designed for executing multi-step tasks and creating deliverables. Unlike standard chat interfaces meant for brainstorming, this tool allows users to point the AI at local folders or connect it to external applications like Slack, Gmail, and Google Drive. It is specifically built to handle "agentic" workflows where the AI performs autonomous actions across multiple files and platforms to produce a final output. Source  ( 16 min )
    Anthropic and DeepMind hire experts to investigate machine consciousness
    Major AI developers including Anthropic, Google DeepMind, and Meta are hiring specialists in philosophy, ethics, and psychology to study machine consciousness. These companies are investigating whether advanced models can experience "panic" or "anxiety" and if they possess moral significance. While some researchers remain skeptical, the industry is increasingly focused on the potential for models to exhibit human-like agency and emotions. Source  ( 16 min )
    Microsoft launches Copilot Health preview for personal and premium subscribers
    Microsoft has launched a consumer preview of Copilot Health, a specialized AI assistant designed to aggregate personal medical data. The service integrates information from wearable devices, such as Apple Health, with medical records from over 50,000 US healthcare providers. This platform aims to provide users with personalized health insights and guidance based on clinical intelligence and verified medical sources. Source  ( 16 min )
    Microsoft shifts to in-house AI development with new reasoning models and agents
    Microsoft is pivoting its strategy to become a top-tier independent AI laboratory by developing frontier models from the ground up. This shift reduces the company's reliance on its partnership with OpenAI and focuses on building proprietary intellectual property. The initiative includes the launch of MAI-Thinking-1, a reasoning model designed specifically for complex mathematics, coding, and enterprise deployments. Source  ( 16 min )
    EU proposes tech sovereignty package to reduce reliance on foreign cloud and AI
    The European Commission has introduced a comprehensive legislative package designed to establish technological sovereignty and reduce the bloc's dependence on American and Chinese providers. These proposals target critical sectors including semiconductor manufacturing, artificial intelligence development, and cloud computing infrastructure. The initiative seeks to foster a domestic ecosystem capable of competing with global technology giants by directing public funding toward local innovations. Source  ( 16 min )
    Florida sues OpenAI and Sam Altman over alleged safety failures and violent outcomes
    Florida Attorney General James Uthmeier has filed a civil lawsuit against OpenAI and its CEO, Sam Altman, alleging the prioritization of profits over public safety. The legal action includes ten counts ranging from deceptive trade practices and negligence to product liability and public nuisance. This lawsuit marks the first time a state government has targeted the company specifically for design flaws that allegedly facilitate violence and cognitive harm. Source  ( 16 min )
    Apple doubles MacBook Neo production as demand exceeds expectations
    Apple’s MacBook Neo has achieved significant market success by shipping 1.1 million units within its first three weeks of availability. This entry-level laptop utilizes an A18 Pro chip and 8GB of memory to reach a lower price point than the MacBook Air. The strategy aims to capture a larger share of the budget notebook market, which has historically been dominated by Windows-based devices. Source  ( 16 min )
  • Open

    The sorry state of skill distribution
    Public skill marketplaces are being flooded with malicious skills that steal credentials, exfiltrate data, and hijack agents. In response, a segment of the security industry released skill scanners, a new family of tools designed to detect malicious skills before they’re installed. But we tested them, and they don’t work. We recently bypassed ClawHub’s malicious skill detector, Cisco’s agent skill scanner, and all three of the scanners integrated into skills.sh. These were not advanced attacks: it took us less than an hour to conceive and implement three of the four malicious skills in trailofbits/overtly-malicious-skills, using standard tricks and rapid inspection of the scanner source code. The fourth malicious skill took a few hours, but only because the prompt injection required some t…  ( 10 min )

  • Open

    Tenable Exposure 2026: How AI Pentesting Helps Partners Turn Scanner Findings into Actionable Risk
    Key Takeaways We just got back from Tenable Exposure 2026 in Boston and three big questions dominated every conversation we had on the floor:  The good news is, Synack is exactly positioned to answer these questions. Tenable Finds It. Sara AI Pentesting Proves What’s Exploitable. The Synack and Tenable integration addresses a gap that’s gotten […] The post Tenable Exposure 2026: How AI Pentesting Helps Partners Turn Scanner Findings into Actionable Risk appeared first on Synack.  ( 13 min )

  • Open

    Azure Fabric Backdoor With A Twist
    Azure Fabric Backdoor With A Twist  ( 15 min )
    State of the Art of Private Key Security in Blockchain Ops - 4. Approvals and Policies
    State of the Art of Private Key Security in Blockchain Ops - 4. Approvals and Policies  ( 13 min )

  • Open

    A Look at RTEMS Security
    No content preview  ( 7 min )

  • Open

    When Guardrails Aren't Enough: Reinventing Agentic AI Security With Architectural Controls
    David Brauchler III delivers a fascinating Black Hat talk on the root cause of AI-based vulnerabilities and why security architecture is the real solution.  ( 7 min )

  • Open

    MCP Bridge Upgrade
    MCP Bridge Upgrade  ( 7 min )
    Black Hole of Trust: SEO Poisoning in Silver Fox’s Space Odyssey
    Black Hole of Trust: SEO Poisoning in Silver Fox’s Space Odyssey  ( 7 min )

  • Open

    State of the Art of Private Key Security in Blockchain Ops - 3. Private Key Storage and Signing Module
    State of the Art of Private Key Security in Blockchain Ops - 3. Private Key Storage and Signing Module  ( 12 min )

  • Open

    The Symbols of Operation
    The Symbols of Operation code data confusion ada lovelace  ( 6 min )

  • Open

    Public Report: AWS EKS Security Claims
    Public Report: AWS EKS Security Claims  ( 7 min )

  • Open

    Public Report: Google Private AI Compute Review
    Public Report: Google Private AI Compute Review  ( 7 min )

  • Open

    State of the Art of Private Key Security in Blockchain Ops - 2. Common Custody Solutions Architectures
    State of the Art of Private Key Security in Blockchain Ops - 2. Common Custody Solutions Architectures  ( 12 min )
    Legacy Technology in Transport: More Than “Old Tech”
    Legacy Technology in Transport: More Than “Old Tech”  ( 7 min )

  • Open

    Rapid Breach: Social Engineering to Remote Access in 300 Seconds
    No content preview  ( 14 min )
    State of the Art of Private Key Security in Blockchain Ops - 1. Concepts, Types of Wallets and Signing Strategies
    Concepts, Types of Wallets and Signing Strategies  ( 12 min )
    Bridging the Valley of Death
    Bridging the Valley of Death: How Assurance Takes Us from Proof of Concept to Minimum Viable Product  ( 7 min )
    Goal-Based Regulation
    Goal-Based Regulation  ( 7 min )
    Unmasking Techno Sophists
    Unmasking Techno Sophists  ( 6 min )
    Public Report: VetKeys Cryptography Review
    Public Report: VetKeys Cryptography Review  ( 7 min )
    Your point of departure for forensic readiness
    Your point of departure for forensic readiness - Digital Forensics Incident Response  ( 10 min )

  • Open

    Euro 7 Anti-tampering and the Expanding Cybersecurity Landscape
    Euro 7, Anti-tampering, and the Expanding Cybersecurity Landscape  ( 6 min )

  • Open

    Understanding the Impact of Ransomware on Patient Outcomes – Do We Know Enough?
    Discover how ransomware affects patient care, with insights from NCC Group on clinical vulnerabilities and sector trends.  ( 16 min )
    Android-KillPermAndSigChecks
    No content preview  ( 6 min )
    BlackBerry PlayBook Security – Part One
    No content preview  ( 7 min )
    Drupal Vulnerability
    No content preview  ( 8 min )
    Automated enumeration of email filtering solutions
    No content preview  ( 6 min )
    Pairing over BLS12-381, Part 3: Pairing!
    No content preview  ( 13 min )
    Java Web Start File Inclusion via System Properties Override
    This article details a vulnerability in Java Web Start that allows file inclusion through manipulated system properties.  ( 10 min )
    Scenester – A Small Tool for Cross-Platform Web Application
    No content preview  ( 7 min )
    Tool Release – Ghostrings
    No content preview  ( 9 min )
    Tool: WStalker – an easy proxy to support Web API assessments
    No content preview  ( 8 min )
    Technical Advisory – Jitsi Meet Electron – Arbitrary Client Remote Code Execution (CVE-2020-27162)
    No content preview  ( 9 min )
    Tool Release: Blackbox iOS App Analysis with Introspy
    No content preview  ( 7 min )
    Passive Decryption of Ethereum Peer-to-Peer Traffic
    No content preview  ( 10 min )
    Hackproofing Lotus Domino Web Server
    Hackproofing Lotus Domino Web Server  ( 6 min )
    A Survey of Istio’s Network Security Features
    No content preview  ( 24 min )
    Time Trial: Racing Towards Practical Remote Timing Attacks
    No content preview  ( 6 min )
    Technical Advisory – Citrix Access Gateway Command Injection Vulnerability
    Explore how a command injection flaw in Citrix Access Gateway could allow attackers to execute arbitrary system commands.  ( 9 min )
    Principal Mapper (pmapper)
    No content preview  ( 7 min )
    Virtual Access Monitor Multiple SQL Injection Vulnerabilities
    No content preview  ( 6 min )
    General Data Protection Regulation: Knowing your data
    No content preview  ( 7 min )
    Work daily with enforced MFA-protected API access
    No content preview  ( 9 min )
    General Data Protection Regulation – are you ready?
    No content preview  ( 7 min )
    SnapMC skips ransomware, steals data
    No content preview  ( 10 min )
    IP-reputation-snort-rule-generator
    No content preview  ( 6 min )
    IAM user management strategy
    No content preview  ( 9 min )
    Research Blog Test Playground
    No content preview  ( 6 min )
    Public Report – BLST Cryptographic Implementation Review
    No content preview  ( 7 min )
    iOS User Enrollment and Trusted Certificates
    No content preview  ( 11 min )
    Internet of Things Security
    No content preview  ( 7 min )
    In-depth analysis of the new Team9 malware family
    No content preview
    North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
    No content preview  ( 11 min )
    Autochrome
    No content preview  ( 7 min )
    Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
    No content preview  ( 11 min )
    Improving Software Security through C Language Standards
    No content preview
    MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
    No content preview  ( 30 min )
    How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension
    No content preview  ( 8 min )
    Crave the Data: Statistics from 1,300 Phishing Campaigns
    No content preview
    Conference Talks – March 2022
    No content preview
    Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable
    No content preview
    Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)
    No content preview
    iSEC Completes TrueCrypt Audit
    No content preview
    LDAPFragger: Bypassing network restrictions using LDAP attributes
    Discover how LDAPFragger uses LDAP attributes to evade network restrictions and exfiltrate data covertly.  ( 15 min )
    Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses
    No content preview
    ISM RAT
    No content preview  ( 11 min )
    The Mobile Application Hacker’s Handbook
    No content preview  ( 6 min )
    Introducing Chuckle and the Importance of SMB Signing
    No content preview  ( 8 min )
    Advanced SQL Injection in SQL Server Applications
    Advanced SQL Injection in SQL Server Applications  ( 6 min )
    IAM user management strategy (part 2)
    No content preview  ( 10 min )
    Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA
    No content preview
    Conference Talks – December 2020
    No content preview
    Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point
    No content preview
    Xendbg: A Full-Featured Debugger for the Xen Hypervisor
    No content preview
    Writing Secure ASP Scripts
    No content preview
    Whatsupgold Premium Directory traversal
    No content preview
    What the HEC? Security implications of HDMI Ethernet Channel and other related protocols
    No content preview
    whitebox
    No content preview
    Java RMI Registry.bind() Unvalidated Deserialization
    No content preview  ( 6 min )
    Hacking the Extensible Firmware Interface
    No content preview  ( 7 min )
    Premium Practical Law Content Gateway(2)
    No content preview  ( 6 min )
    Technical Advisory: Multiple Vulnerabilities in Kyocera Printers
    No content preview  ( 12 min )
    Modelling Threat Actor Phishing Behaviour
    No content preview  ( 7 min )
    Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches
    No content preview  ( 19 min )
    Tool Release: PeachFarmer
    No content preview
    Tool Release: A Simple DLL Injection Utility
    No content preview
    Whitepaper – Practical Attacks on Machine Learning Systems
    No content preview
    Tool Release – JWT-Reauth
    No content preview
    Tool Release – ScoutSuite 5.9.0
    No content preview
    The L4m3ne55 of Passw0rds: Notes from the field
    No content preview
    The Paillier Cryptosystem with Applications to Threshold ECDSA
    No content preview
    Technical Advisory: Shell Injection in SourceTree
    No content preview
    Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)
    No content preview
    Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Accellion File Transfer Appliance
    No content preview
    Symantec Backup Exec 2012 – Linux Backup Agent Heap Overflow
    No content preview  ( 7 min )
    Research Insights Volume 9 – Modern Security Vulnerability Discovery
    No content preview
    Symantec Message Filter Unauthenticated verbose software version information disclosure
    No content preview
    Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator (for example)
    No content preview
    Security First Umbrella
    No content preview
    Sharkbot is back in Google Play
    No content preview
    Spy-Pi: Do you trust your laptop docking stations?
    No content preview
    Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)
    No content preview
    Use of Deserialisation in .NET Framework Methods and Classes
    No content preview  ( 7 min )
    log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228
    A practical approach to neutralizing Log4j’s JNDI vulnerability without upgrading the entire library.  ( 12 min )
    WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
    No content preview  ( 20 min )
    Public Report – Matrix Olm Cryptographic Review
    No content preview  ( 7 min )
    Tool Release – Web3 Decoder Burp Suite Extension
    No content preview  ( 9 min )
    NCC Group Research at Black Hat USA 2022 and DEF CON 30
    No content preview
    Nerve
    No content preview
    POC2021 – Pwning the Windows 10 Kernel with NTFS and WNF Slides
    No content preview
    Technical Advisory: CyberArk EPM Non-paged Pool Buffer Overflow
    No content preview  ( 8 min )
    Shocker
    No content preview  ( 6 min )
    Solaris 11 USB Hub Class descriptor kernel stack overflow
    No content preview  ( 8 min )
    WSMap
    No content preview  ( 6 min )
    Vehicle Emissions and Cyber Security
    No content preview  ( 9 min )
    Threat Modelling Cloud Platform Services by Example: Google Cloud Storage
    No content preview  ( 19 min )
    Lending a hand to the community – Covenant v0.7 Updates
    No content preview
    Memory Gap
    No content preview
    Multiple Buffer Overflows Discovered in AFFLIB
    No content preview
    LibAVCodec AMV Out of Array Write
    No content preview
    McAfee Email and Web Security Appliance Active session tokens of other users are disclosed within the UI
    No content preview
    McAfee Email and Web Security Appliance Arbitrary file download is possible with a crafted URL, when logged in as any user
    No content preview
    Microsoft Zero-Day Vulnerability – OLE2Link – Threat Intelligence and Signatures
    No content preview
    libtalloc: A GDB plugin for analysing the talloc heap
    No content preview
    Analysis of setting cookies for third party websites in different browsers
    No content preview  ( 10 min )
    Writing FreeBSD Kernel Modules in Rust
    No content preview  ( 16 min )
    Introduction to AWS Attribute-Based Access Control
    No content preview  ( 17 min )
    Threats and vulnerabilities within the Maritime and shipping sectors
    No content preview  ( 6 min )
    Comparing AI Against Traditional Static Analysis Tools to Highlight Buffer Overflows
    No content preview  ( 12 min )
    Understanding the insider threat & how to mitigate it
    No content preview  ( 7 min )
    Tool Release: You’ll Never (Ever) Take Me Alive!
    No content preview  ( 7 min )
    Image IO Memory Corruption
    No content preview  ( 6 min )
    Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails
    No content preview  ( 10 min )
    Windows IPC Fuzzing Tools
    No content preview  ( 6 min )
    Public Report – Android Cloud Backup/Restore
    No content preview  ( 7 min )
    Flash local-with-filesystem Bypass in navigateToURL
    No content preview  ( 6 min )
    ncccodenavi
    No content preview  ( 7 min )
    Premium Content Gateway
    No content preview  ( 6 min )
    Public Report – Caliptra Security Assessment
    No content preview  ( 8 min )
    Network Attached Security: Attacking a Synology NAS
    No content preview  ( 7 min )
    Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)
    No content preview  ( 9 min )
    CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction
    Explore the introduction to exploiting CVE-2018-8611 in Windows Kernel Transaction Manager (KTM) with NCC Group’s expert analysis.  ( 23 min )
    Tool Release – HTTPSignatures: A Burp Suite Extension Implementing HTTP Signatures
    No content preview  ( 12 min )
    An Introduction to Authenticated Encryption
    No content preview  ( 6 min )
    Technical Advisory: Multiple Vulnerabilities in TCPDF
    No content preview  ( 12 min )
    iSEC Engages in TrueCrypt Audit
    No content preview  ( 7 min )
    How we breach network infrastructures and protect them
    No content preview  ( 6 min )
    Conference Talks – March 2020
    No content preview  ( 9 min )
    SysAid Helpdesk stored XSS
    No content preview  ( 6 min )
    Public Report – Google Enterprise API Security Assessment
    No content preview  ( 7 min )
    USB Undermining Security Barriers:further adventures with USB
    No content preview  ( 6 min )
    Impersonating Gamers With GPT-2
    No content preview  ( 19 min )
    Advisory-CraigSBlackie-CVE-2016-9795
    No content preview
    Compromising a Hospital Network for £118 (Plus Postage & Packaging)
    This post reveals how a simulated attack demonstrated the ease of breaching hospital systems using basic resources.  ( 13 min )
    Analyzing Secure AI Design Principles
    No content preview  ( 17 min )
    Introduction to Anti-Fuzzing: A Defence in Depth Aid
    Learn how anti-fuzzing techniques enhance defence-in-depth strategies and protect applications from fuzzing-based vulnerabilities.  ( 13 min )
    Public Report - VeChainThor Galactica Security Assessment
    No content preview  ( 6 min )
    ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks
    No content preview  ( 7 min )
    Research Insights Volume 8 – Hardware Design: FPGA Security Risks
    No content preview  ( 7 min )
    Remote code execution in ImpressPages CMS
    Explore the remote code execution flaw in ImpressPages CMS and learn best practices for vulnerability remediation.  ( 7 min )
    Webinar: SMACK, SKIP-TLS & FREAK SSL/TLS vulnerabilities
    No content preview  ( 6 min )
    White Paper: Cryptopocalypse Reference Paper
    No content preview  ( 7 min )
    Quantum Data Centre of the Future
    No content preview  ( 10 min )
    Research Paper – Recovering deleted data from the Windows registry
    Learn how forensic techniques can recover deleted entries from the Windows Registry for investigation and analysis.  ( 7 min )
    My Hash is My Passport: Understanding Web and Mobile Authentication
    No content preview  ( 7 min )
    Nessus Authenticated Scan – Local Privilege Escalation
    No content preview  ( 6 min )
    Manifest Explorer
    No content preview  ( 7 min )
    Cleaning Up After Cookies
    No content preview  ( 6 min )
    Announcing NCC Group’s Cryptopals Guided Tour!
    No content preview  ( 10 min )
    Tool Release: SSL pinning bypass and other Android tools
    No content preview  ( 7 min )
    Demystifying Multivariate Cryptography
    Discover how multivariate cryptography fits into the future of secure communications and what makes it unique among quantum-safe algorithms.  ( 21 min )
    Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them
    No content preview  ( 11 min )
    SMB hash hijacking & user tracking in MS Outlook
    Understand the mechanics behind SMB hash hijacking and user tracking in MS Outlook. Our advisory covers attack vectors, testing methods, and fixes.  ( 12 min )
    Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks
    No content preview  ( 10 min )
    Rustproofing Linux (Part 1/4 Leaking Addresses)
    No content preview  ( 14 min )
    Threat Spotlight – Hydra
    No content preview  ( 12 min )
    Use and enforce Multi-Factor Authentication
    No content preview  ( 9 min )
    Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling (1)
    No content preview  ( 18 min )
    Technical Advisory: Authentication rule bypass
    No content preview  ( 8 min )
    Rust for Security and Correctness in the embedded world
    No content preview  ( 13 min )
    Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities
    Discover how attackers could exploit memory handling flaws in OpenOffice.org to compromise system integrity and user safety.  ( 9 min )
    Non-Deterministic Nature of Prompt Injection
    No content preview  ( 9 min )
    Reverse Engineering Coin Hunt World’s Binary Protocol
    No content preview  ( 29 min )
    HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack
    No content preview  ( 7 min )
    In-Depth Technical Analysis of the Bybit Hack
    Explore a detailed breakdown of the Bybit hack, uncovering attack methods, vulnerabilities, and security lessons learned.  ( 15 min )
    iOS MobileSlideShow USB Image Class arbitrary code execution.txt
    No content preview  ( 6 min )
    NCC Group’s 2024 Annual Research Report
    No content preview  ( 7 min )
    Android-SSL-TrustKiller
    No content preview  ( 6 min )
    Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding Groups, Servers and Computers
    No content preview  ( 7 min )
    Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques
    Explore known XML-based attack methods including DTD abuse, schema exploits, and entity expansion vulnerabilities.  ( 7 min )
    Public Report – WhatsApp opaque-ke Cryptographic Implementation Review
    No content preview  ( 7 min )
    Violating Database – Enforced Security Mechanisms
    No content preview  ( 7 min )
    Sakula: an adventure in DLL planting
    No content preview  ( 8 min )
    grepify
    No content preview  ( 6 min )
    Public Report – Kubernetes 1.24 Security Audit
    No content preview  ( 7 min )
    Nagios XI Network Monitor Blind SQL Injection
    Nagios XI Network Monitor is vulnerable to blind SQL injection. Learn the impact, exploitation risks, and mitigation steps.  ( 7 min )
    Lumension Device Control Remote Memory Corruption
    No content preview  ( 6 min )
    The ABCs of NFC chip security
    A technical overview of NFC chip vulnerabilities and protection strategies for secure communication.  ( 15 min )
    New Sources of Microsoft Office Metadata – Tool Release MetadataPlus
    No content preview  ( 11 min )
    Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
    Learn why CVE-2021-3156 poses a threat to VMware vCenter and how to protect your infrastructure from attacks.  ( 30 min )
    Top of the Pops: Three common ransomware entry techniques
    No content preview  ( 9 min )
    Signaturing an Authenticode anomaly with Yara
    Explore how Yara can detect Authenticode timestamp anomalies in PE files and enhance malware analysis.  ( 10 min )
    A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion
    No content preview  ( 17 min )
    ProxMon
    No content preview  ( 7 min )
    Decoder Improved Burp Suite plugin release part two
    No content preview  ( 9 min )
    Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)
    No content preview  ( 9 min )
    Retro Gaming Vulnerability Research: Warcraft 2
    No content preview  ( 18 min )
    RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986
    No content preview  ( 11 min )
    Sifting through the spines: identifying (potential) Cactus ransomware victims
    No content preview  ( 12 min )
    A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
    No content preview  ( 12 min )
    A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
    No content preview  ( 10 min )
    Turla PNG Dropper is back
    No content preview  ( 11 min )
    From ERMAC to Hook: Investigating the technical differences between two Android malware variants
    No content preview  ( 25 min )
    HTTP to MCP Bridge
    No content preview  ( 10 min )
    Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)
    No content preview  ( 10 min )
    A Brief Review of Bitcoin Locking Scripts and Ordinals
    No content preview  ( 16 min )
    The Extended AWS Security Ramp-Up Guide
    No content preview  ( 13 min )
    Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)
    No content preview  ( 8 min )
    Tool Release – Solitude: A privacy analysis tool
    No content preview  ( 9 min )
    Machine Learning for Static Analysis of Malware – Expansion of Research Scope
    No content preview  ( 17 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems
    No content preview  ( 13 min )
    Fuzzing RTSP to discover an exploitable vulnerability in VLC
    Discover how fuzzing RTSP streams uncovered vulnerabilities in VLC and advanced secure software development.  ( 11 min )
    Tracking a P2P network related to TA505
    No content preview  ( 15 min )
    Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin
    No content preview  ( 8 min )
    Defeating Windows DEP With A Custom ROP Chain
    No content preview  ( 27 min )
    RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
    Insights from honeypot research on F5 TMUI RCE vulnerability. Understand attack patterns and steps to strengthen your security posture.  ( 14 min )
    Hardware & Embedded Systems: A little early effort in security can return a huge payoff
    Discover how early-stage security planning in hardware and embedded systems can dramatically reduce attack surfaces.  ( 12 min )
    NSA & CISA Kubernetes Security Guidance – A Critical Review
    No content preview  ( 16 min )
    Unveiling the Dark Side: A Deep Dive into Active Ransomware Families
    No content preview  ( 15 min )
    Adventures in Xen Exploitation
    No content preview
    Live Incident Blog: June Global Ransomware Outbreak
    No content preview  ( 10 min )
    A brief look at Windows telemetry: CIT aka Customer Interaction Tracker
    A brief look at Windows telemetry: CIT aka Customer Interaction Tracker  ( 24 min )
    DataArmor Full Disk Encryption 3.0.12c – Restricted Environment breakout, Privilege Escalation and Full Disk Decryption
    No content preview
    Cisco IPSec VPN Implementation Group Name Enumeration
    No content preview
    Best practices with BYOD
    No content preview
    Black Hat 2013 – Bluetooth Smart Presentation Available
    No content preview
    Attacking the Windows Kernel (Black Hat Las Vegas 2007)
    No content preview
    A Peek Behind the Great Firewall of Russia
    No content preview
    Back Office Web Administration Authentication Bypass
    No content preview
    Apple CoreAnimation Heap Overflow
    No content preview
    A Simple and Practical Approach to Input Validation
    No content preview
    A Guide to Improving Security Through Infrastructure-as-Code
    No content preview
    Blackbox iOS App Assessments Using idb
    No content preview
    Apple QuickTime Player m4a Processing Buffer Overflow
    No content preview
    Abusing Privileged and Unprivileged Linux Containers
    No content preview
    Blind Security Testing – An Evolutionary Approach
    No content preview
    BlackBerry Link WebDav Server Bound to the BlackBerry VPN Adapter
    No content preview
    Apple Mac OS X ImageIO TIFF Integer Overflow
    No content preview
    Advanced Exploitation of Oracle PL/SQL Flaws
    No content preview
    Broadcasting your attack – DAB security
    No content preview
    Best Practices for the use of Static Code Analysis within a Real-World Secure Development Lifecycle
    No content preview
    A jq255 Elliptic Curve Specification, and a Retrospective
    No content preview
    BAT: a Fast and Small Key Encapsulation Mechanism
    No content preview
    AutoRepeater: Automated HTTP Request Repeating With Burp Suite
    No content preview
    Are you oversharing (in Salesforce)? Our new tool could sniff it out!
    No content preview
    Curve9767 and Fast Signature Verification
    No content preview
    Cisco ASA series part seven: Checkheaps
    No content preview
    Apache Struts Vulnerability
    No content preview
    Automating extraction from malware and recent campaign analysis
    No content preview
    Automated Reverse Engineering of Relationships Between Data Structures in C++ Binaries
    No content preview
    Assessing the security and privacy of Vaccine Passports
    No content preview
    CowCloud
    No content preview
    Content Security Policies Best Practices
    No content preview
    Call Map: A Tool for Navigating Call Graphs in Python
    No content preview
    Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
    No content preview
    Critical Risk Vulnerability in SAP Message Server (Heap Overflow)
    No content preview
    Authorisation
    No content preview
    Android Cloud Backup/Restore
    No content preview
    Cups-filters remote code execution
    No content preview
    Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity
    No content preview
    Android-OpenDebug
    No content preview
    Azucar
    No content preview
    AssetHook
    No content preview
    Apple OSX/iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow
    No content preview
    An Introduction to Quantum Computing for Security Professionals
    No content preview
    Common Security Issues in Financially-Oriented Web Applications
    No content preview
    Bypassing Oracle DBMS_ASSERT (in certain situations)
    No content preview
    Berserko: Kerberos Authentication for Burp Suite
    No content preview
    cisco-SNMP-enumeration
    No content preview
    Building Intuition for Lattice-Based Signatures – Part 1: Trapdoor Signatures
    No content preview
    Anti Brute Force Resource Metering
    No content preview
    Cyber Essentials Scheme
    No content preview
    Black Hat USA 2015 presentation: Broadcasting your attack-DAB security
    No content preview
    APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS
    No content preview
    CVE-2017-8570 RTF and the Sisfader RAT
    No content preview
    Compromising Apache Tomcat via JMX access
    No content preview
    Breaking Pedersen Hashes in Practice
    No content preview
    Advice for security decision makers contemplating the value of Antivirus
    No content preview
    Cisco ASA series part one: Intro to the Cisco ASA
    No content preview
    Check out our new Microcorruption challenges!
    No content preview
    Beyond data loss prevention
    No content preview
    Celebrating NCC Con Europe 2018
    No content preview
    Building an RDP Credential Catcher for Threat Intelligence
    No content preview
    Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform
    No content preview
    Cyber Security of New Space Paper
    No content preview
    Breaking into Security Research at NCC Group
    No content preview
    Assuring Your DDoS Defences
    No content preview
    Critical Risk Vulnerability in Ingres (Pointer Overwrite 2)
    No content preview
    creep-web-app-scanner
    No content preview
    C Language Standards Update – Zero-size Reallocations are Undefined Behavior
    No content preview
    Creating a Safer OAuth User Experience
    No content preview
    Conference Talks – November 2020
    No content preview
    Climbing Mount Everest: Black-Byte Bytes Back?
    No content preview
    CertPortal: Building Self-Service Secure S/MIME Provisioning Portal
    No content preview
    D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow
    No content preview
    Conference Talks – November 2021
    No content preview
    Conference Talks – June 2022
    No content preview
    Command Injection in XML Signatures and Encryption
    No content preview
    Cisco VPN Client Privilege Escalation
    No content preview
    Bypassing Android’s Network Security Configuration
    No content preview
    Batten down the hatches: Cyber threats facing DP operations
    No content preview
    Archived Technical Advisories
    No content preview
    Conference Talks – October 2021
    No content preview
    Building WiMap the Wi-Fi Mapping Drone
    No content preview
    ASP.NET Security and the Importance of KB2698981 in Cloud Environments Threat Brief
    No content preview
    Data-mining with SQL Injection and Inference
    No content preview
    Critical Risk Vulnerability in SAP DB Web Server (Stack Overflow)
    No content preview
    Conti-nuation: methods and techniques observed in operations post the leaks
    No content preview
    AWS environment security assessment with Scout2
    No content preview
    Conference Talks – September 2020
    No content preview
    ASP.NET Security and the Importance of KB2698981 in Cloud Environments
    No content preview
    Announcing NCC Group’s Cryptopals Guided Tour: Set 2
    No content preview
    Adversarial Machine Learning: Approaches & defences
    No content preview
    Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG
    No content preview
    Cracking RDP NLA Supplied Credentials for Threat Intelligence
    No content preview
    Build Your Own Wi-Fi Mapping Drone Capability
    No content preview
    D-Link routers vulnerable to Remote Code Execution (RCE)
    No content preview
    Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister
    No content preview
    Cisco ASA series part six: Cisco ASA mempools
    No content preview
    Business Insights: Cyber Security in the Financial Sector
    No content preview
    CMakerer: A small tool to aid CLion’s indexing
    No content preview
    CloudWatch: Amazon Web Services & Shellshock
    No content preview
    Black Hat 2013 – Cryptopocalypse Presentation Available
    No content preview
    Cracking Random Number Generators using Machine Learning – Part 1: xorshift128
    No content preview
    Conference Talks – September/October 2022
    No content preview
    Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware
    No content preview
    Application Layer Attacks – The New DDoS Battleground
    No content preview
    Deception Engineering: exploring the use of Windows Installer Packages against first stage payloads
    No content preview
    DDoS Common Approaches and Failings
    No content preview
    Assessing Unikernel Security
    No content preview
    Code Patterns for API Authorization: Designing for Security
    No content preview
    Blind Return Oriented Programming
    No content preview
    BlackBerry PlayBook Security – Part Two – BlackBerry Bridge
    No content preview
    Conference Talks – June 2021
    No content preview
    BlackHat Asia USB Physical Access
    No content preview
    AtHoc Toolbar
    No content preview
    dotnetpaddingoracle
    No content preview
    Do not use your AWS root account
    No content preview
    Demystifying Cobalt Strike’s “make_token” Command
    No content preview
    Abusing Blu-ray Players Part 1 – Sandbox Escapes
    No content preview
    DARPA OnStar Vulnerability Analysis
    No content preview
    Cloud Security Presentation
    No content preview
    Cisco ASA series part five: libptmalloc gdb plugin
    No content preview
    eBook: Breach notification under GDPR – How to communicate a personal data breach
    No content preview
    Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server
    No content preview
    Attacks on SSL
    No content preview
    ASE 12.5.1 datatype overflow
    No content preview
    Detecting anomalous Vectored Exception Handlers on Windows
    No content preview
    Cyber Security in UK Agriculture
    No content preview
    Conference Talks – May 2021
    No content preview
    DECTbeacon
    No content preview
    Dangling Cursor Snarfing: A New Class of Attack in Oracle
    No content preview
    Conference Talks – October 2020
    No content preview
    CyberVillainsCA
    No content preview
    CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
    No content preview
    Cross Site Request Forgery: An Introduction to a Common Web Application Weakness
    No content preview
    Common Insecure Practices with Configuring and Extending Salesforce
    No content preview
    Browser Extension Password Managers
    No content preview
    Cranim: A Toolkit for Cryptographic Visualization
    No content preview
    Black Hat Europe 2013 Andy Davis: To dock or not to dock…
    No content preview
    Creating Arbitrary Shellcode In Unicode Expanded Strings
    No content preview
    CECSTeR
    No content preview
    Building Intuition for Lattice-Based Signatures – Part 2: Fiat-Shamir with Aborts
    No content preview
    eBook – Do you know how your organisation would react in a real-world attack scenario?
    No content preview
    Database Security: A Christmas Carol
    No content preview
    Analysing a recent Poison Ivy sample
    No content preview
    Eurocrypt 2023: Death of a KEM
    No content preview
    Decoder Improved Burp Suite plugin release part one
    No content preview
    Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit
    No content preview
    End-of-life pragmatism
    No content preview
    Demystifying AWS’ AssumeRole and sts:ExternalId
    No content preview
    Public Report – AWS Nitro System API & Security Claims Italian
    No content preview  ( 7 min )
    The Browser Hacker’s Handbook
    No content preview  ( 6 min )
    My name is Matt – My voice is my password
    No content preview  ( 7 min )
    NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program
    No content preview  ( 7 min )
    Technical Advisory: Multiple Vulnerabilities in Brother Printers
    No content preview  ( 9 min )
    Developing Secure Mobile Applications for Android
    No content preview  ( 6 min )
    Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions 2013
    No content preview  ( 7 min )
    Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)
    No content preview  ( 7 min )
    CERT Oracle Secure Coding Standard for Java
    No content preview  ( 6 min )
    Public Report – Zcash FROST Security Assessment
    No content preview  ( 6 min )
    osquery Application Security Assessment Public Report
    No content preview  ( 6 min )
    Applying normalised compression distance for architecture classification
    No content preview  ( 7 min )
    The disadvantages of a blacklist-based approach to input validation
    No content preview  ( 7 min )
    SecureCookies
    No content preview  ( 6 min )
    The CIS Security Standard for Docker available now
    No content preview  ( 8 min )
    Welcome to the new NCC Group Global Research blog
    No content preview  ( 6 min )
    Nagios XI Network Monitor – OS Command Injection
    No content preview  ( 7 min )
    Grepify – a Small Tool for Code Reviewers
    No content preview  ( 7 min )
    Tool Release: SSLyze v 0.9 released – Heartbleed edition
    No content preview  ( 7 min )
    The why behind web application penetration test prerequisites
    NCC Group explains why pen test prerequisites are essential for accurate, efficient, and secure web application assessments.  ( 7 min )
    Tool Release: iOS Secure State Preservation
    No content preview  ( 7 min )
    Technical Advisory: Gaining root access on Sumpple S610 IP Camera via Telnet; and Unprotected client and server data transmission between Android and IOS clients
    No content preview  ( 9 min )
    SOC maturity & capability
    No content preview  ( 7 min )
    Intent Fuzzer
    No content preview  ( 7 min )
    Freddy: An extension for automatically identifying deserialisation issues in Java and .NET applications
    No content preview  ( 7 min )
    Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT 2000 XP
    No content preview  ( 6 min )
    Public Report – go-cose Security Assessment
    No content preview  ( 7 min )
    The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition
    No content preview  ( 7 min )
    Low Cost Attacks on Smart Cards – The Electromagnetic Side-Channel
    No content preview  ( 7 min )
    Securing the continuous integration process
    No content preview  ( 7 min )
    Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery
    No content preview  ( 8 min )
    E-mail Spoofing and CDONTS.NEWMAIL
    E-mail Spoofing and CDONTS.NEWMAIL  ( 7 min )
    Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)
    No content preview  ( 8 min )
    Payment Card Industry Data Security Standard (PCI DSS) A Navigation and Explanation of Changes from v2.0 to v3.0
    No content preview  ( 6 min )
    Symantec Message Filter Session Hijacking via session
    No content preview  ( 6 min )
    Slotting Security into Corporate Development
    No content preview  ( 7 min )
    Forensic Readiness in Container Environments
    No content preview  ( 10 min )
    Public Report – Solana Program Library ZK-Token Security Assessment
    No content preview  ( 7 min )
    Public Report – Keyfork Implementation Review
    No content preview  ( 7 min )
    They Ought to Know Better: Exploiting Security Gateways via their Web Interfaces
    No content preview  ( 6 min )
    Technical Advisory – KwikTag Web Admin Authentication Bypass
    No content preview  ( 8 min )
    SysPWN – VR for Pwn2Own
    No content preview  ( 7 min )
    Oracle 11g TNS listener remote Invalid Pointer Read
    No content preview  ( 6 min )
    Chainspotting 2: The Unofficial Sequel to the 2018 Talk "Chainspotting" - OffensiveCon 2025
    No content preview  ( 7 min )
    Secure Application Development on Facebook
    No content preview  ( 6 min )
    From CSV to CMD to qwerty
    No content preview  ( 11 min )
    Writing Exploits for Win32 Systems from Scratch
    No content preview  ( 54 min )
    Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
    Learn about multiple CVEs affecting Nuki Smart Locks and how to mitigate security risks for connected home devices.  ( 21 min )
    LTair:  The LTE Air Interface Tool
    No content preview  ( 11 min )
    WebLogic Plugin HTTP Injection via Encoded URLs
    This technical advisory details how encoded URLs can be used to inject malicious HTTP headers in Oracle WebLogic Plug-in environments.  ( 12 min )
    The Sorry State of Aftermarket Head Unit Security
    No content preview  ( 16 min )
    Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
    No content preview  ( 12 min )
    The Challenges of Fuzzing 5G Protocols
    No content preview  ( 16 min )
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion
    No content preview  ( 10 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 8: Development of Prototype #4 – Building on Takaesu’s Approach with Focus on XSS
    No content preview  ( 10 min )
    Avoiding Pitfalls Developing with Electron
    No content preview  ( 11 min )
    Public Report - Google Confidential Space Security Assessment
    No content preview
    Zcash Cryptography and Code Review
    No content preview
    Mallory: Transparent TCP and UDP Proxy
    No content preview
    GSM/GPRS Traffic Interception for Penetration Testing Engagements
    No content preview
    CERT C Secure Coding Standard
    No content preview
    TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
    No content preview
    Third party assurance
    No content preview
    WSSiP: A Websocket Manipulation Proxy
    No content preview
    5 MCP Security Tips
    No content preview
    Symantec Messaging Gateway SSH with backdoor user account + privilege escalation to root due to very old Kernel
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)
    No content preview
    Xen SMEP (and SMAP) Bypass
    No content preview
    NCC Group’s Exploit Development Capability: Why and What
    No content preview
    Technical Advisory: Nexpose Hard‐coded Java Key Store Passphrase Allows Decryption of Stored Credentials
    No content preview
    VMware Workstation Guest-to-Host Escape Exploit Development
    No content preview
    Conference Talks – December 2021
    No content preview
    Public Report – VPN by Google One: Technical Security & Privacy Assessment
    No content preview
    Multiple Shell Metacharacter Injections in AFFLIB
    No content preview
    Tool Release – Collaborator++
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Nagios XI
    No content preview
    Weak Passwords Led to (SafePay) Ransomware…Yet Again
    No content preview
    Thin Clients: Slim Security
    No content preview
    Tor Browser Research Report Released
    No content preview
    Testing Two-Factor Authentication
    No content preview
    Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats
    No content preview
    WebSense content filter bypass when deployed in conjunction with Cisco filtering devices
    No content preview
    Public Report – Lantern and Replica Security Assessment
    No content preview
    Technical Advisory: Bypassing Workflows Protection Mechanisms – Remote Code Execution on SharePoint
    No content preview
    Constant-Time Data Processing At a Secret Offset, Privacy and QUIC
    No content preview
    The Pentesters Guide to Akamai
    No content preview
    Tool Release – ScoutSuite 5.12.0
    No content preview
    Cisco ASA series part three: Debugging Cisco ASA firmware
    No content preview
    SQL Server Security
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive
    No content preview
    Blind Exploitation of Stack Overflow Vulnerabilities
    No content preview
    Public Report: WhatsApp Contacts Security Assessment
    No content preview
    Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage
    No content preview
    Technical Advisory – HTC IQRD Android Permission Leakage
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks
    No content preview
    Technical Advisory: Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS)
    No content preview
    Detecting and Hunting for the Malicious NetFilter Driver
    No content preview
    Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark
    No content preview
    Multiple Vulnerabilities in MailEnable
    No content preview
    The Dark Side: How Threat Actors Leverage AnyDesk for Malicious Activities
    No content preview
    PMKID Attacks: Debunking the 802.11r Myth
    No content preview
    Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)
    No content preview
    Zulu
    No content preview
    FPGAs: Security Through Obscurity?
    No content preview
    Auditing K3s Clusters
    No content preview
    Oracle Forensics Part 1: Dissecting the Redo Logs
    No content preview
    Supply Chain Security Begins with Secure Software Development
    No content preview
    There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
    No content preview
    Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)
    No content preview
    Post-exploiting a compromised etcd – Full control over the cluster and its nodes
    No content preview
    Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup
    No content preview
    earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts
    No content preview
    iOS Application Security: The Definitive Guide for Hackers and Developers
    No content preview
    Stopping Automated Attack Tools
    No content preview
    VoIP Security Methodology and Results
    No content preview
    Secure Coding Rules for Java LiveLessons, Part 1
    No content preview
    Machine Learning 101: The Integrity of Image (Mis)Classification?
    No content preview
    Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory
    No content preview
    Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes
    No content preview
    44Con2013Game
    No content preview
    Tool Update – ruby-trace: A Low-Level Tracer for Ruby
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Ricoh Printers
    No content preview
    Real World Cryptography Conference 2023 – Part I
    No content preview
    Technical Advisory: Unauthenticated SQL Injection in Lansweeper
    No content preview
    Tis the Season to Be…
    No content preview
    U plug, we play
    No content preview
    White Paper: An Introduction to Authenticated Encryption
    No content preview
    Technical Advisory: Espressif Systems - ESP32 BluFi Reference Application Vulnerabilities
    No content preview
    Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review
    No content preview
    Public Report – Qredo Apache Milagro MPC Cryptographic Assessment
    No content preview
    SecureBigIP
    No content preview
    AWS Inventory: A tool for mapping AWS resources
    No content preview
    Public Report – Aleo snarkVM Implementation Review
    No content preview
    Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit
    No content preview
    Tool Release – ScoutSuite 5.11.0
    No content preview
    Rise of the Sensors: Securing LoRaWAN Networks
    No content preview
    Local network compromise despite good patching
    No content preview
    The Next C Language Standard (C23)
    No content preview
    On Almost Signing Android Builds
    No content preview
    Username enumeration techniques and their value
    No content preview
    SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)
    No content preview
    Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)
    No content preview
    Public Report – AWS Nitro System API & Security Claims
    No content preview
    Tool – Windows Executable Memory Page Delta Reporter
    No content preview
    Tool Release: Code Query (cq)
    No content preview
    Embedded Device Security Certifications
    No content preview
    Technical Advisory: Cross-Site Scripting in Umbraco Rich Text Display
    No content preview
    Private sector cyber resilience and the role of data diodes
    No content preview
    Python Class Informer: an IDAPython plugin for viewing run-time type information (RTTI)
    No content preview
    Exploiting MS15-061 Use-After-Free Windows Kernel Vulnerability
    No content preview
    Public Report: eBPF Verifier Code Review
    No content preview
    The factoring dead: Preparing for the cryptopocalypse
    No content preview
    Adobe flash sandbox bypass to navigate to local drives
    No content preview
    Handy guide to a new Fivehands ransomware variant
    No content preview
    BrokenPrint: A Netgear stack overflow
    No content preview
    Streamlining Global Automotive Cybersecurity Governance to Accelerate Innovation, Assurance, and Compliance
    No content preview
    Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs
    No content preview
    Blue Coat BCAAA Remote Code Execution Vulnerability
    No content preview
    Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
    No content preview
    Technical Advisory – Shop app sends pasteboard data to Shopify’s servers
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS
    No content preview
    The Case of Missing File Extensions
    No content preview
    eBPF Adventures: Fiddling with the Linux Kernel and Unix Domain Sockets
    No content preview
    House
    No content preview
    TPM Genie
    No content preview
    Using graph databases to assess the security of thingernets based on the thingabilities and thingertivity of things
    No content preview
    Building Systems from Commercial Components
    No content preview
    Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet
    No content preview
    Unauthenticated XML eXternal Entity (XXE) vulnerability
    No content preview
    An Engineer’s View: Operational Technology
    No content preview
    NCLoader
    No content preview
    Treat your points as cash
    No content preview
    SysAid Helpdesk Pro – Blind SQL Injection
    No content preview
    There’s A Hole In Your SoC: Glitching The MediaTek BootROM
    No content preview
    Disabling Office Macros to Reduce Malware Infections
    No content preview
    Android Malware Vultur Expands Its Wingspan
    No content preview
    Technical Advisory – VMware Tools Multiple Vulnerabilities
    No content preview
    Building Security In: Software Penetration Testing
    No content preview
    A Census of Deployed Pulse Connect Secure (PCS) Versions
    No content preview
    Public Report – AWS Nitro System API & Security Claims Spanish
    No content preview
    Technical Advisory: Reflected Cross-Site Scripting (XSS) vulnerability in Jenkins Delivery Pipeline plugin
    No content preview
    Windows Phone 7 Application Security Survey
    No content preview
    Shining the Light on Black Basta
    No content preview
    Popping Blisters for research: An overview of past payloads and exploring recent developments
    No content preview
    Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite
    No content preview
    Technical Advisory: SMB Hash Hijacking and User Tracking in MS Outlook
    No content preview
    Tattler
    No content preview
    Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise
    No content preview
    Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review
    No content preview
    Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks
    No content preview
    iSEC’s Analysis of Microsoft’s SDL and its ROI
    No content preview
    Social Engineering Penetration Testing
    No content preview
    Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment
    No content preview
    Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures
    No content preview
    Autonomous AI Agents: A hidden Risk in Insecure smolagents “CodeAgent” Usage
    No content preview
    Tool Release – insject: A Linux Namespace Injector
    No content preview
    Past, Present and Future of Effective C
    No content preview
    Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
    No content preview
    Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
    No content preview
    Tool Release – Socks Over RDP
    No content preview
    HDMI – Hacking Displays Made Interesting
    No content preview
    Trusted Gateway
    No content preview
    Windows 2000 Format String Vulnerabilities
    No content preview
    Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks
    No content preview
    Technical Advisory: Bypassing Microsoft XOML Workflows Protection Mechanisms using Deserialisation of Untrusted Data
    No content preview
    Zcash Overwinter Consensus and Sapling Cryptography Review
    No content preview
    Mallory and Me: Setting up a Mobile Mallory Gateway
    No content preview
    Tool Release – Enumerating Docker Registries with go-pillage-registries
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering
    No content preview
    Open Banking: Security considerations & potential risks
    No content preview
    Windows DACL Enum Project
    No content preview
    Analyzing Secure AI Architectures
    No content preview
    Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
    No content preview
    Tool Release: Cartographer
    No content preview
    Tool Release: Code Credential Scanner (ccs)
    No content preview
    Whitepaper – Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone
    No content preview
    Proxying PyRIT for fun and profit
    No content preview
    NCC Group’s 2022 & 2023 Research Report
    No content preview
    Research Insights Volume 3 – How are we breaking in: Mobile Security
    No content preview
    The Update Framework (TUF) Security Assessment
    No content preview
    TLSPretense — SSL/TLS Client Testing Framework
    No content preview
    Real World Cryptography Conference 2024
    No content preview
    The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations
    No content preview
    Tool Release: DIBF Tool Suite
    No content preview
    Writing Small Shellcode
    No content preview
    Public Report – VPN by Google One Security Assessment
    No content preview
    Whitepaper – Double Fetch Vulnerabilities in C and C++
    No content preview
    The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems
    No content preview
    Threat Intelligence: Benefits for the Enterprise
    No content preview
    Online Casino Roulette – A guideline for penetration testers and security researchers
    No content preview
    Aurora Response Recommendations
    No content preview
    Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation
    No content preview
    Professional C Programming LiveLessons, (Video Training) Part I: Writing Robust, Secure, Reliable Code
    No content preview
    Adventures in the land of BumbleBee – a new malicious loader
    No content preview
    Inter-Protocol Exploitation
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Lexmark Printers
    No content preview
    Using SharePoint as a Phishing Platform
    No content preview
    Technical Advisory: Unauthenticated Remote Command Execution through Multiple Vulnerabilities in Virgin Media Hub 3.0
    No content preview
    RomHack – Revving Up: The Journey to Pwn2Own Automotive 2024
    No content preview
    Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)
    No content preview
    The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
    No content preview
    Nine years of bugs at NCC Group
    No content preview
    Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin
    No content preview
    Windows 10 USB Mass Storage driver arbitrary code execution in kernel mode
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps
    No content preview
    VeChain JavaScript SDK Cryptography and Security Review
    No content preview
    Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 2: Going off on a Tangent – AI/ML Applications in Social Engineering
    No content preview
    xcavator
    No content preview
    Reverse engineering and decrypting CyberArk vault credential files
    No content preview
    Phishing Stories
    No content preview
    Technical Advisory: Code Execution by Unsafe Resource Handling in Multiple Microsoft Products
    No content preview
    The Development of a Telco Attack Testing Tool
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284)
    No content preview
    Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)
    No content preview
    Trust in the Internet Survey
    No content preview
    The Database Hacker’s Handbook
    No content preview
    Oracle Java Installer Adds a System Path Which is Writable by All
    No content preview
    iSEC reviews SecureDrop
    No content preview
    Tool Release: Magisk Module – Conscrypt Trust User Certs
    No content preview
    Public Report – Security Review of RSA Blind Signatures with Public Metadata
    No content preview
    Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy
    No content preview
    Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)
    No content preview
    Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments
    No content preview
    Pip3line – The Swiss Army Knife of Byte Manipulation
    No content preview
    Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly
    No content preview
    Toner Deaf – Printing your next persistence (Hexacon 2022)
    No content preview
    Understanding cyber risk management vs uncertainty with confidence in 2017
    No content preview
    Puckungfu 2: Another NETGEAR WAN Command Injection
    No content preview
    Padding the struct: How a compiler optimization can disclose stack memory
    No content preview
    Technical Advisory: Intel Driver Support & Assistance – Local Privilege Escalation
    No content preview
    Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
    No content preview
    Masquerade: You Downloaded ScreenConnect not Grok AI!
    No content preview
    Oracle E-Business Suite Pre-Auth SQLi with DBA Privileges
    No content preview
    Tool Release – ICPin, an integrity-check and anti-debug detection pintool
    No content preview
    Fix Bounty
    No content preview
    Samsung Galaxy S24 Pwn2Own Ireland 2024
    No content preview
    Multiple Cisco CSS / ACE Client Certificate and HTTP Header
    No content preview
    NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard
    No content preview
    Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond
    No content preview
    How Microsoft Office knows a document came from the Internet and might be dangerous
    No content preview
    Technical Advisory – Bomgar Remote Support – Local Privilege Escalation
    No content preview
    Technical Advisory: Mosquitto Broker DoS through a Memory Leak vulnerability
    No content preview
    Trust in the New Internet Survey
    No content preview
    NETGEAR Routers: A Playground for Hackers?
    No content preview
    RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence
    No content preview
    Voice Impersonation and DeepFake Vishing in Realtime
    No content preview
    Potential false redirection of web site content in Internet in SAP NetWeaver web applications
    No content preview
    Jenkins Plugins and Core Technical Summary Advisory
    No content preview
    Technical Advisory – ICTFAX 7-4 – Indirect Object Reference
    No content preview
    Game Security
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 6: Development of Prototype #2 – Creating a SQLi PoC
    No content preview
    Public Report – Penumbra Labs Decaf377 Implementation and Poseidon Parameter Selection Review
    No content preview
    pySimReader
    No content preview
    Remote Exploitation of Microsoft Office DLL Hijacking (MS15-132) via Browsers
    No content preview
    Samba _netr_ServerPasswordSet Expoitability Analysis
    No content preview
    Bit51 Better Security WP Security Plugin – Unauthenticated Stored XSS to RCE
    No content preview
    The Future of C Code Review
    No content preview
    Whitepaper – Project Triforce: Run AFL On Everything (2017)
    No content preview
    Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices
    No content preview
    Technical Advisory – Authenticated SQL Injection in SOAP Request in Broadcom CA Network Flow Analysis (CVE-2021-44050)
    No content preview
    State of DNS Rebinding in 2023
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 5: Development of Prototype #1 – Text Processing and Semantic Relationships
    No content preview
    Public Report – Zcash Zebra Security Assessment
    No content preview
    Symantec PC Anywhere Remote Code Extecution
    No content preview
    Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks
    No content preview
    Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1
    No content preview
    Software Verification and Analysis Using Z3
    No content preview
    10 real-world stories of how we’ve compromised CI/CD pipelines
    No content preview
    44CON Workshop – How to assess and secure iOS apps
    No content preview
    Log4Shell: Reconnaissance and post exploitation network detection
    No content preview
    Paradoxical Compression with Verifiable Delay Functions
    No content preview
    Symantec Messaging Gateway – Authenticated arbritary file download
    No content preview
    Technical Advisory: IP Office Stored Cross Site Scripting (XSS) Vulnerability
    No content preview
    BLEBoy
    No content preview
    Technical Advisory: Adobe ColdFusion RMI Registry.bind() Deserialisation RCE
    No content preview
    Choosing the Right MCU for Your Embedded Device — Desired Security Features of Microcontrollers
    No content preview
    Absolute Security
    No content preview
    RM3 – Curiosities of the wildest banking malware
    No content preview
    Sysinternals SDelete: When Secure Delete Fails
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Arbitrary file download is possible with a crafted URL, when logged in as any user
    No content preview
    Order Details Screens and PII
    No content preview
    Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)
    No content preview
    The facts about BadUSB
    No content preview
    Violating the Virtual Channel – RDP Testing
    No content preview
    Mining data from Cobalt Strike beacons
    No content preview
    Solaris 11 USB hubclass
    No content preview
    USB under the bonnet: Implications of USB security vulnerabilities in vehicle systems
    No content preview
    Multiple security vulnerabilities in SAP NetWeaver BSP Logon
    No content preview
    Whitepaper – A Tour of Curve 25519 in Erlang
    No content preview
    Salesforce Security with Remote Working
    No content preview
    tcpprox
    No content preview
    RIFT: F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 honeypot data release
    No content preview
    Hacking Appliances: Ironic exploits in security products
    No content preview
    Peeling back the layers on defence in depth…knowing your onions
    No content preview
    Technical Advisory – FUJITSU CentricStor Control Center <= V8.1 – Unauthenticated Command Injection ( CVE-2022-31794 and CVE-2022-31795)
    No content preview
    Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)
    No content preview
    Tool Release: Redirecting traffic with dnsRedir.py
    No content preview
    Conference Talks – January 2020
    No content preview
    Project Triforce: Run AFL on Everything!
    No content preview
    Announcing the Cryptopals Guided Tour Video 17: Padding Oracles!
    No content preview
    The Demise of Signature Based Antivirus
    No content preview
    Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
    No content preview
    Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
    No content preview
    Research Insights Volume 2 – Defensive Trends
    No content preview
    Technical advisory: CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers
    No content preview
    Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation
    No content preview
    Tool Release: YoNTMA
    No content preview
    Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures
    No content preview
    Secure Coding in C and C++
    No content preview
    Rise of the machines: Machine Learning & its cyber security applications
    No content preview
    RokRat Analysis
    No content preview
    WebRATS
    No content preview
    Rustproofing Linux (Part 4/4 Shared Memory)
    No content preview
    Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications
    No content preview
    Oracle Gridengine sgepasswd Buffer Overflow
    No content preview
    Preparing for Cyber Battleships – Electronic Chart Display and Information System Security
    No content preview
    Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call
    No content preview
    Tool Release – ScoutSuite 5.10
    No content preview
    Windows USB RNDIS driver kernel pool overflow
    No content preview
    Replicating CVEs with KLEE
    No content preview
    Tool Release: Introducing opinel: Scout2’s favorite tool
    No content preview
    vlan-hopping
    No content preview
    Rustproofing Linux (Part 3/4 Integer Overflows)
    No content preview
    Vulnerabilities Found In Geofencing Apps
    No content preview
    WSBang
    No content preview
    YoNTMA
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)
    No content preview
    Public Report: XMTP MLS Implementation Review
    No content preview
    Technical advisory: Remote shell commands execution in ttyd
    No content preview
    The Myth of Twelve More Bytes: Security on the Post-Scarcity Internet
    No content preview
    Conference Talks – August 2020
    No content preview
    Tool Release: Sinking U-Boots with Depthcharge
    No content preview
    SmarterMail – Stored XSS in emails
    No content preview
    Microsoft Internet Explorer CMarkup Use-After-Free
    No content preview
    NCC Con Europe 2016
    No content preview
    Squiz CMS File Path Traversal
    No content preview
    Technical advisory: “ROHNP”- key extraction side channel in multiple crypto libraries
    No content preview
    Remote Directory Traversal and File Retrieval
    No content preview
    Security Compliance as an Engineering Discipline
    No content preview
    Testing Infrastructure-as-Code Using Dynamic Tooling
    No content preview
    umap
    No content preview
    Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
    No content preview
    Research Insights Volume 4 – Sector Focus: Maritime Sector
    No content preview
    Ruxcon 2013 – Introspy Presentation Slides
    No content preview
    Symantec Messaging Gateway Out of band stored XSS delivered by email
    No content preview
    HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own
    No content preview
    Research Insights Volume 5 – Sector Focus: Automotive
    No content preview
    Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
    No content preview
    Understanding Ransomware
    No content preview
    ZigTools: An Open Source 802.15.4 Framework
    No content preview
    Technical Advisory: Adobe ColdFusion Object Deserialisation RCE
    No content preview
    Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches
    No content preview
    Tool Release: Exploring SSL Pinning on iOS
    No content preview
    TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus
    No content preview
    Threat Actors: exploiting the pandemic
    No content preview
    Sobelow: Static analysis for the Phoenix Framework
    No content preview
    WindowsJobLock
    No content preview
    Getting Shell with XAMLX Files
    No content preview
    Technical Advisory: Mitel MiVoice 5330e Memory Corruption Flaw
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Session hijacking (and bypassing client-side session timeouts)
    No content preview
    SecureCisco
    No content preview
    The SSL Conservatory
    No content preview
    Nagios XI Network Monitor Stored and Reflected XSS
    No content preview
    Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)
    No content preview
    Mobile World Congress – Mobile Internet of Things
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 4: Architecture and Design
    No content preview
    Social Engineering
    No content preview
    The role of security research in improving cyber security
    No content preview
    Tool Release – ScoutSuite 5.8.0
    No content preview
    How cryptography is used to monitor the spread of COVID-19
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Active session tokens of other users are disclosed within the UI
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)
    No content preview
    USB attacks need physical access right? Not any more…
    No content preview
    Research Insights Volume 6: Common Issues with Environment Breakouts
    No content preview
    Tool Release – Monkey365
    No content preview
    Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
    No content preview
    Machine Learning 103: Exploring LLM Code Generation
    No content preview
    Practical SME security on a shoestring
    No content preview
    Ransomware: How vulnerable is your system?
    No content preview
    Logs, Logs, the Audit Trail – Features of a Successful Log Management Solution
    No content preview
    SSLyze v0.8
    No content preview
    Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
    No content preview
    Tool Release – Principal Mapper v1.1.0 Update
    No content preview
    Microsoft’s SQL Server vs. Oracle’s RDBMS
    No content preview
    NCC Group Research at Black Hat USA 2021 and DEF CON 29
    No content preview
    On Multiplications with Unsaturated Limbs
    No content preview
    Securing PL/SQL Applications with DBMS_ASSERT
    No content preview
    An Adventure in Contingency Debugging: Ruby IO#read/IO#write Considered Harmful
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Password hashes can be recovered from a system backup and easily cracked
    No content preview
    Tales of Windows detection opportunities for an implant framework
    No content preview
    Technical Advisory: Authentication Bypass in libSSH
    No content preview
    Much Ado About Hardware Implants
    No content preview
    New Attack Vectors and a Vulnerability Dissection of MS03-007
    No content preview
    Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)
    No content preview
    Pentesting V. Red Teaming V. Bug Bounty
    No content preview
    Proxy Re-Encryption Protocol: IronCore Public Report
    No content preview
    Tool Release – Socks Over RDP Now Works With Citrix
    No content preview
    Webinar: 4 Secrets to a Robust Incident Response Plan
    No content preview
    Real World Cryptography Conference 2021: A Virtual Experience
    No content preview
    Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
    No content preview
    Tool Release: Calculating SQL Permissions
    No content preview
    Adobe Acrobat Reader XML Forms Data Format Buffer Overflow
    No content preview
    SecureIE.ActiveX
    No content preview
    Shellshock Advisory
    No content preview
    When a Trusted Site in Internet Explorer was Anything But
    No content preview
    Oracle 11g TNS listener remote Null Pointer Dereference
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)
    No content preview
    Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)
    No content preview
    OS X 10.6.6 Camera Raw Library Memory Corruption
    No content preview
    Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
    No content preview
    Windows Firewall Hook Enumeration
    No content preview
    Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass
    No content preview
    SysAid Helpdesk blind SQL injection
    No content preview
    The Automotive Threat Modeling Template
    No content preview
    Accessing Private Fields Outside of Classes in Java
    No content preview
    More Advanced SQL Injection
    No content preview
    Securing Teradata Database
    No content preview
    Software Security Austerity Security Debt in Modern Software Development
    No content preview
    Technical Advisory: Multiple Vulnerabilities in HP Printers
    No content preview
    Smuggling HTA files in Internet Explorer/Edge
    No content preview
    Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in
    No content preview
    Tool Release: iOS SSL Kill Switch v0.5 Released
    No content preview
    Ruling the rules
    No content preview
    Secure Session Management With Cookies for Web Applications
    No content preview
    SSLyze v0.7 Released
    No content preview
    Why AI Will Not Fully Replace Humans for Web Penetration Testing
    No content preview
    Rigging the Vote: Uniqueness in Verifiable Random Functions
    No content preview
    Software-Based Fault Injection Countermeasures (Part 2/3)
    No content preview
    Technical Advisory – Linux RDS Protocol Local Privilege Escalation
    No content preview
    NCC Group’s Upcoming Trainings at Black Hat USA 2021
    No content preview
    Research Insights Volume 1 – Sector Focus: Financial Services
    No content preview
    Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
    No content preview
    How to Backdoor Diffie-Hellman
    No content preview
    Public Report: Aleo snarkOS Implementation and Consensus Mechanism Review
    No content preview
    Securing Google Cloud Platform – Ten best practices
    No content preview
    Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link
    No content preview
    Public cloud
    No content preview
    Symantec Messaging Gateway – Addition of a backdoor adminstrator via CSRF
    No content preview
    TANDBERG Video Communication Server Authentication Bypass
    No content preview
    HDMI Ethernet Channel
    No content preview
    Managing PowerShell in a modern corporate environment
    No content preview
    NCC Group placed first in global 5G Cyber Security Hack competition
    No content preview
    Symantec Backup Exec 2012 Backup/Restore Data Traverses Memory with Weak ACLs
    No content preview
    Ragweed
    No content preview
    Samba on the BlackBerry PlayBook
    No content preview
    Security Considerations of zk-SNARK Parameter Multi-Party Computation
    No content preview
    typofinder
    No content preview
    Reviewing Verifiable Random Functions
    No content preview
    Technical Advisory – Apple HFS+ Information Disclosure Vulnerability
    No content preview
    iOS SSL Killswitch
    No content preview
    Managing Cyber Risk in the Supply Chain
    No content preview
    SIAM AG23: Algebraic Geometry with Friends
    No content preview
    Improving your Network and Application Assurance Strategy in an environment of increasing 0day vulnerabilities
    No content preview
    Oracle Retail Integration Bus Manager Directory Traversal
    No content preview
    Porting the Misfortune Cookie Exploit: A Look into Router Exploitation Using the TD-8817
    No content preview
    Some Notes About the Xen XSA-122 Bug
    No content preview
    Microsoft SQL Server Passwords
    No content preview
    IAX Voice Over-IP Security
    No content preview
    Fuzzbox
    No content preview
    Login Service Security
    No content preview
    MSSQL Lateral Movement
    No content preview
    Nagios XI Network Monitor – Stored and Reflective XSS
    No content preview
    Non Obvious PE Parsers – The .NET runtime – Part 1
    No content preview
    Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often
    No content preview
    Alternative Approaches for Fault Injection Countermeasures (Part 3/3)
    No content preview
    NCC Con Europe 2022 – Pwn2Own Austin Presentations
    No content preview
    Protecting stored cardholder data (an unofficial supplement to PCI DSS V3.0)
    No content preview
    Whitepaper: Recognizing and Preventing TOCTOU
    No content preview
    Machine learning from idea to reality: a PowerShell case study
    No content preview
    metasploitavevasion
    No content preview
    A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext
    No content preview
    Hacking Displays Made Interesting
    No content preview
    Lessons learned from 50 USB bugs
    No content preview
    Mergers & Acquisitions (M&A) cyber security due diligence
    No content preview
    tybocer
    No content preview
    Password and brute-force mitigation policies
    No content preview
    Post-quantum cryptography overview
    No content preview
    Real World Cryptography Conference 2022
    No content preview
    USB keyboards by post – use of embedded keystroke injectors to bypass autorun restrictions on modern desktop operating systems
    No content preview
    Spectre on a Television
    No content preview
    PhanTap (Phantom Tap): Making networks spookier one packet at a time
    No content preview
    Mature Security Testing Framework
    No content preview
    OS X Lion USB Hub Class Descriptor Arbitrary Code Execution
    No content preview
    Tool Release – ScoutSuite 5.13.0
    No content preview
    A New Flying Kitten?
    No content preview
    NX Server for Linux Arbitrary Files can be read with root privileges
    No content preview
    Variations in Exploit methods between Linux and Windows
    No content preview
    Optimum Routers: Researching Managed Routers
    No content preview
    McAfee Email and Web Security Appliance Password hashes can be recovered from a system backup and easily cracked
    No content preview
    NIST Selects Post-Quantum Algorithms for Standardization
    No content preview
    Microsoft announces the WMIC command is being retired, Long Live PowerShell
    No content preview
    Technical Advisory: Citrix Workspace / Receiver Remote Code Execution Vulnerability
    No content preview
    On Linux’s Random Number Generation
    No content preview
    The death of USB autorun and the rise of the USB keyboard
    No content preview
    UK government cyber security guidelines for connected & autonomous vehicles
    No content preview
    Tool Release: SSLyze v0.8 released
    No content preview
    Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust
    No content preview
    Practical Machine Learning for Random (Filename) Detection
    No content preview
    McAfee Email and Web Security Appliance Any logged-in user can bypass controls to reset passwords of other administrators
    No content preview
    G-Scout
    No content preview
    An Adaptive-Ciphertext Attack Against “I ⊕ C” Block Cipher Modes With an Oracle
    No content preview
    Multiple Format String Injections in AFFLIB
    No content preview
    Premium Security Content Gateway
    No content preview
    Machine Learning 104: Breaking AES With Power Side-Channels
    No content preview
    Shell Arithmetic Expansion and Evaluation Abuse
    No content preview
    Integrating DigitalOcean into ScoutSuite
    No content preview
    Lumension Device Control (formerly Sanctuary) remote memory corruption
    No content preview
    Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161)
    No content preview
    Owning the Virgin Media Hub 3.0: The perfect place for a backdoor
    No content preview
    Singularity of Origin
    No content preview
    Public Report – Confidential Space Security Review
    No content preview
    The Phishing Guide: Understanding & Preventing Phishing Attacks
    No content preview
    Testing HTTP/2 only web services
    No content preview
    Getting per-user Conditional Access MFA status in Azure
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Any logged-in user can bypass controls to reset passwords of other administrators
    No content preview
    Mobile & web browser credential management: Security implications, attack cases & mitigations
    No content preview
    Forensic Fuzzing Tools
    No content preview
    iOS certificate pinning code updated for iOS 7
    No content preview
    Intel BIOS Advisory – Memory Corruption in HID Drivers
    No content preview
    HTTP Profiler
    No content preview
    Ghost Vulnerability (CVE-2015-0235)
    No content preview
    FrisbeeLite
    No content preview
    Some Musings on Common (eBPF) Linux Tracing Bugs
    No content preview
    iSEC Partners Releases SSLyze
    No content preview
    Intent Sniffer
    No content preview
    Heartbleed (CVE-2014-0160) Advisory
    No content preview
    Samba Andx Request Remote Code Execution
    No content preview
    Hackproofing MySQL
    No content preview
    Immunity Debugger Buffer Overflow
    No content preview
    Gizmo
    No content preview
    Fuzzing the Easy Way Using Zulu
    No content preview
    Overview of Modern Memory Security Concerns
    No content preview
    Project Bishop: Clustering Web Pages
    No content preview
    lapith
    No content preview
    Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
    No content preview
    Security Code Review With ChatGPT
    No content preview
    Fuzzing USB devices using Frisbee Lite
    No content preview
    Fuzzing the Easy Way Using Zulu (1)
    No content preview
    Public Report – Google Privacy Sandbox Aggregation Service and Coordinator
    No content preview
    Implementing and Detecting a PCI Rootkit
    No content preview
    Hiccupy
    No content preview
    Hacking a web application
    No content preview
    Package Play
    No content preview
    Public Report – IOV Labs powHSM Security Assessment
    No content preview
    Jackson Deserialization Vulnerabilities
    No content preview
    SAML Pummel
    No content preview
    Introspy for Android
    No content preview
    Hackproofing Oracle Application Server
    No content preview
    Flubot: the evolution of a notorious Android Banking Malware
    No content preview
    Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review
    No content preview
    Interfaces.d to RCE
    No content preview
    Improving Your Embedded Linux Security Posture With Yocto
    No content preview
    Kubernetes Security: Consider Your Threat Model
    No content preview
    iSEC audit of MediaWiki
    No content preview
    How to protect yourself & your organisation from phishing attacks
    No content preview
    Ghidra nanoMIPS ISA module
    No content preview
    NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers
    No content preview
    Readable Thrift (1)
    No content preview
    Inter-Protocol Communication
    No content preview
    Quantum Cryptography – A Study Into Present Technologies and Future Applications
    No content preview
    Premium Practical Law Content Gateway
    No content preview
    Introducing Azucar
    No content preview
    Impress Pages CMS Remote Code Execution
    No content preview
    Oracle Forensics Part 7 Using the Oracle System Change Number in Forensic Investigations
    No content preview
    Properly Signed Certificates on CPE Devices
    No content preview
    Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis
    No content preview
    iOS 7 arbitrary code execution in kernel mode
    No content preview
    Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple
    No content preview
    Oracle Passwords and OraBrute
    No content preview
    How much training should staff have on cyber security?
    No content preview
    Mobile apps and security by design
    No content preview
    Public Report – Dell Secured Component Verification
    No content preview
    Jailbreak, updated and open-sourced
    No content preview
    Flash security restrictions bypass: File upload by URLRequest
    No content preview
    IODIDE
    No content preview
    How to Spot and Prevent an Eclipse Attack
    No content preview
    HIDDEN COBRA Volgmer: A Technical Analysis
    No content preview
    Intel® Software Guard Extensions (SGX): A Researcher’s Primer
    No content preview
    hostresolver
    No content preview
    Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
    No content preview
    Discovering Smart Contract Vulnerabilities with GOATCasino
    No content preview
    Conference Talks – February 2020
    No content preview
    Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit
    No content preview
    Public Report - Security Risks of AI Hardware for Personal and Edge Computing Devices
    No content preview
    IG Learner Walkthrough
    No content preview
    Security Tips For Your AI Cloud Infrastructure
    No content preview
    ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again
    No content preview
    Technical Advisory: Multiple Vulnerabilities in MailEnable
    No content preview
    When Security Gets in the Way: PenTesting Mobile Apps That Use Certificate Pinning
    No content preview
    Technical Advisory: Multiple Vulnerabilities in SmarterMail
    No content preview
    How I did not get a shell
    No content preview
    The economics of defensive security
    No content preview
    5G security – how to minimise the threats to a 5G network
    No content preview
    Denial of Service in Parsing a URL by ierutil.dll
    No content preview
    Medium Risk Vulnerability in Symantec Enterprise Security Management
    No content preview
    Defending Your Directory: An Expert Guide to Combating Kerberoasting in Active Directory
    No content preview
    Public Report – AWS Nitro System API & Security Claims French
    No content preview
    On the malicious use of large language models like GPT-3
    No content preview
    Medical Devices: A Hardware Security Perspective
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Xerox Printers
    No content preview
    Hardware Security By Design: ESP32 Guidance
    No content preview
    Understanding and Hardening Linux Containers
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 3: Understanding Existing Approaches and Attempts
    No content preview
    Exposing Vulnerabilities in Media Software
    No content preview
    Tool Release: tcpprox
    No content preview
    Using Semgrep with Jupyter Notebook files
    No content preview
    Dangers of Kubernetes IAM Integrations
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive
    No content preview
    Weak Randomness Part I – Linear Congruential Random Number Generators
    No content preview
    Webinar – PCI Version 3.0: Are you ready?
    No content preview
    Phish Supper: An Incident Responder’s Bread and Butter
    No content preview
    Assessing IIS Configuration Remotely
    No content preview
    44CON - Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own Automotive 2024
    No content preview
    Machine Learning 102: Attacking Facial Authentication with Poisoned Data
    No content preview
    Vaccine Misinformation Part 1: Misinformation Attacks as a Cyber Kill Chain
    No content preview
    Technical Advisory: Code Execution by Viewing Resource Files in .NET Reflector
    No content preview
    Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
    No content preview
    Real World Cryptography Conference 2023 – Part II
    No content preview
    Puckungfu: A NETGEAR WAN Command Injection
    No content preview
    Sobelow Update
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 7: Development of Prototype #3 – Adventures in Anomaly Detection
    No content preview
    Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
    No content preview
    Whitepaper: CA Alternative
    No content preview
    Windows remote desktop memory corruptoin leading to RCE on XPSP3
    No content preview
    Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)
    No content preview
    NCC Group’s 2021 Annual Research Report
    No content preview
    CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2
    No content preview
    Nameless and shameless: Ransomware Encryption via BitLocker
    No content preview
    The Importance of a Cryptographic Review
    No content preview
    Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
    No content preview
    Car Parking Apps Vulnerable To Hacks
    No content preview
    Analyzing AI Application Threat Models
    No content preview
    Cryptopals: Exploiting CBC Padding Oracles
    No content preview
    Immortalising 20 Years of Epic Research
    No content preview
    Detecting Rclone – An Effective Tool for Exfiltration
    No content preview
    BlackHat USA 2024 - Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
    No content preview
    Public Report – Penumbra Labs R1CS Implementation Review
    No content preview
    To dock or not to dock, that is the question: Using laptop docking stations as hardware-based attack platforms
    No content preview
    Why IoT Security Matters
    No content preview
    Exploring DeepFake Capabilities & Mitigation Strategies with University College London
    No content preview
    Technical Advisory – play-pac4j Authentication rule bypass
    No content preview
    Tool Release: Announcing the Release of RtspFuzzer
    No content preview
    Back in Black: Unlocking a LockBit 3.0 Ransomware Attack
    No content preview
    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    No content preview
    Oracle Forensics Part 2: Locating Dropped Objects
    No content preview
    Cracking Mifare Classic 1K: RFID, Charlie Cards, and Free Subway Rides
    No content preview
    Tool Release – Carnivore: Microsoft External Assessment Tool
    No content preview
    The Pharming Guide – Understanding and preventing DNS related attacks by phishers
    No content preview
    Weaknesses and Best Practices of Public Key Kerberos with Smart Cards
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 1: Understanding the Basics and What Platforms and Frameworks Are Available
    No content preview
    NCC Group WhitepaperUnderstanding and HardeningLinux ContainersJune 29, 2016 – Version 1.1
    No content preview
    iOS 7 tool updates
    No content preview
    Lights, Camera, HACKED! An insight into the world of popular IP Cameras
    No content preview
    Public Report – AWS Nitro System API & Security Claims German
    No content preview
    PRTG Network Monitor Command injection
    No content preview
    Understanding Microsoft Word OLE Exploit Primitives
    No content preview
    Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
    No content preview
    Technical Advisory: Multiple Vulnerabilities in ManageEngine Desktop Central
    No content preview
    Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices
    No content preview
    Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review
    No content preview
    Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities
    No content preview
    OCP S.A.F.E. How-to
    No content preview
    NCC Group Connected Health Whitepaper July 2019
    No content preview
    Deception Engineering: exploring the use of Windows Service Canaries against ransomware
    No content preview
    An offensive guide to the Authorization Code grant
    Discover NCC Group’s offensive security perspective on Authorization Code Grant vulnerabilities and mitigations.  ( 14 min )
    RSA Conference – Mobile Threat War Room
    No content preview  ( 6 min )
    Research Insights Volume 7: Exploitation Advancements
    No content preview  ( 7 min )
    Which database is more secure? Oracle vs. Microsoft
    No content preview  ( 7 min )
    Stepping Stones – A Red Team Activity Hub
    No content preview  ( 9 min )
    NCC Group Malware Technical Note
    No content preview  ( 6 min )
    Black Hat 2013 – Femtocell Presentation Slides, Videos and App
    Explore NCC Group’s femtocell attack research presented at Black Hat 2013, including downloadable resources.  ( 8 min )
    White Paper: Browser Extension Password Managers
    No content preview  ( 7 min )
    Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
    No content preview  ( 8 min )
    Hunting SQL Injection Bugs
    No content preview  ( 6 min )
    Integrity destroying malicious code for financial or geopolitical gain: A vision of the future?
    No content preview  ( 7 min )
    A few notes on usefully exploiting libstagefright on Android 5.x
    No content preview  ( 8 min )
    Understanding Ransomware: Impact, Evolution and Defensive Strategies
    No content preview  ( 7 min )
    LeaPFRogging PFR Implementations
    Explore NCC Group’s insights on leapfrogging PFR implementations to improve security and streamline processes.  ( 12 min )
    An Illustrated Guide to Elliptic Curve Cryptography Validation
    No content preview  ( 16 min )
    EasyDA – Easy Windows Domain Access Script
    No content preview
    Decoder Improved Burp Suite Plugin
    No content preview
    Conference Talks – September 2021
    No content preview
    Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE-2015-0057) bug on both 32-bit and 64-bit
    No content preview
    Emissary Panda – A potential new malicious tool
    No content preview
    Dissecting social engineering attacks
    No content preview
    Derusbi: A Case Study in Rapid Capability Development
    No content preview
    CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service
    No content preview
    Combating Java Deserialisation Vulnerabilities with Look-Ahead Object Input Streams (LAOIS)
    No content preview
    Erlang Security 101
    No content preview
    Double-odd Elliptic Curves
    No content preview
    Distributed Ledger (Blockchain) Security and Quantum Computing Implications
    No content preview
    Decoding network data from a Gh0st RAT variant
    No content preview
    Database Security Brief: The Oracle Critical Patch Update for April 2007
    No content preview
    Firmware Rootkits: The Threat to the Enterprise
    No content preview
    Exploiting CVE-2014-0282 (1)
    No content preview
    Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm
    No content preview
    Deep Dive into Real-World Kubernetes Threats
    No content preview
    Chafer backdoor analysis
    No content preview
    Ethics in Security Testing
    No content preview
    Enumerating System Management Interrupts
    No content preview
    Don’t throw a hissy fit; defend against Medusa
    No content preview
    DNS Pinning and Web Proxies
    No content preview
    Detecting Karakurt – an extortion focused threat actor
    No content preview
    Decrypting OpenSSH sessions for fun and profit
    No content preview
    eBook – Planning a robust incident response process
    No content preview
    Disclosure Policy
    No content preview
    D0nut encrypt me, I have a wife and no backups
    No content preview
    Cyber red-teaming business-critical systems while managing operational risk
    No content preview
    Common Flaws of Distributed Identity and Authentication Systems
    No content preview
    Exploring Overfitting Risks in Large Language Models
    No content preview
    easyda
    No content preview
    dotnetpefuzzing
    No content preview
    Does TypeScript Offer Security Improvements Over JavaScript?
    No content preview
    Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study
    No content preview
    Endpoint connectivity
    No content preview
    Encryption at rest: Not the panacea to data protection
    No content preview
    Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)
    No content preview
    Detection Engineering for Kubernetes clusters
    No content preview
    Critical Risk Vulnerability in Ingres (Pointer Overwrite 1)
    No content preview
    Content Security Policies and Popular CMS Systems
    No content preview
    External Enumeration and Exploitation of Email and Web Security Solutions
    No content preview
    Elephant in the Boardroom Survey 2016
    No content preview
    DIBF – Updated
    No content preview
    DeLux Edition: Getting root privileges on the eLux Thin Client OS
    No content preview
    Early CCS Attack Analysis
    No content preview
    Domestic IoT Nightmares: Smart Doorbells
    No content preview
    Database Servers on Windows XP and the unintended consequences of simple file sharing
    No content preview
    Five Essential Machine Learning Security Papers
    No content preview
    Microsoft Office Memory Corruption Vulnerability
    No content preview
    firstexecution
    No content preview
    File Fuzzers
    No content preview
    Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record
    No content preview
    Finding the weak link in binaries
    No content preview
    Exporting non-exportable RSA keys
    No content preview
    Exploiting Security Gateways Via Web Interfaces
    No content preview
    Exploiting CVE-2014-0282
    No content preview
    Extractor
    No content preview
    Exploiting Noisy Oracles with Bayesian Inference
    No content preview
    Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
    No content preview
    Extending a Thinkst Canary to become an interactive honeypot
    No content preview
    Exploiting Samba CVE-2015-0240 on Ubuntu 12.04 and Debian 7 32-bit
    No content preview
    Exploiting Rich Content
    No content preview
    Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges
    No content preview
    Exception Handling and Data Integrity in Salesforce
    No content preview
    Enterprise-scale seamless onboarding and deployment of Azure Sentinel using Lighthouse for multi-tenant environments
    No content preview
    Fat-Finger
    No content preview
    Extracting the Payload from a CVE-2014-1761 RTF Document
    No content preview
    Exploring Verifiable Random Functions in Code
    No content preview
    Estimating the Bit Security of Pairing-Friendly Curves
    No content preview
    EDIDFuzzer
    No content preview
    Faux Disk Encryption: Realities of Secure Storage On Mobile Devices
    No content preview
    Exploring Prompt Injection Attacks
    No content preview
    Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)
    No content preview
    Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code
    No content preview
    Exploit mitigations: keeping up with evolving and complex software/hardware
    No content preview
    Experiments in Extending Thinkst Canary – Part 1
    No content preview
    EternalGlue part one: Rebuilding NotPetya to assess real-world resilience
    No content preview
    LAPSUS$: Recent techniques, tactics and procedures
    No content preview
    Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)
    No content preview
    Public Report – Threshold ECDSA Cryptography Review
    No content preview
    The Password is Dead, Long Live the Password!
    No content preview
    Latest threats to the connected car & intelligent transport ecosystem
    No content preview
    An adventure in PoEKmon NeutriGo land
    No content preview
    Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap
    No content preview
    Working with the Open Technology Fund
    No content preview
    Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
    No content preview
    An Introduction to Fault Injection (Part 1/3)
    No content preview
    An Analysis of Mobile Geofencing App Security
    No content preview
    Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks
    No content preview
    NCC Group’s 2020 Annual Research Report
    No content preview
    Drones: Detect, Identify, Intercept, and Hijack
    No content preview
    Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
    No content preview
    Tool Release – Reliably-checked String Library Binding
    No content preview
    Launching the first in our series of Research Insights
    No content preview
    Practical Considerations of Right-to-Repair Legislation
    No content preview  ( 17 min )
    A Look At Some Real-World Obfuscation Techniques
    No content preview  ( 17 min )
    Finding and Exploiting .NET Remoting over HTTP using Deserialisation
    No content preview  ( 12 min )
    Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)
    No content preview  ( 20 min )
    Fake CAPTCHA led to LUMMA
    Discover the social engineering behind fake CAPTCHA attacks. Learn how Lumma malware infects systems and what defenses can stop it.  ( 9 min )
    Spectre and Meltdown: What you Need to Know
    No content preview  ( 12 min )
    Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark
    No content preview  ( 12 min )
    Technical Advisory – libraptor – XXE in RDF/XML File Interpretation
    A technical breakdown of the XXE vulnerability in libraptor’s RDF/XML interpretation and its impact on downstream applications.  ( 10 min )
    Technical Advisory – Hash Denial-of-Service Attack in Multiple QUIC Implementations
    No content preview  ( 14 min )
    Whitepaper: Perfect Forward Security
    No content preview  ( 7 min )
    RIFT: Analysing a Lazarus Shellcode Execution Method
    No content preview  ( 9 min )
    CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1
    No content preview  ( 32 min )
    Stepping Insyde System Management Mode
    No content preview  ( 17 min )
    Metastealer – filling the Racoon void
    No content preview  ( 10 min )
    A WarCon 2017 Presentation: Cisco ASA – Exploiting the IKEv1 Heap Overflow – CVE-2016-1287
    No content preview  ( 7 min )
    Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902
    No content preview  ( 10 min )
    Detecting and Hunting for the PetitPotam NTLM Relay Attack
    No content preview  ( 9 min )
    Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)
    No content preview  ( 24 min )
    Rustproofing Linux (Part 2/4 Race Conditions)
    No content preview  ( 14 min )
    Vulnerability Overview: Ghost (CVE-2015-0235)
    No content preview  ( 9 min )
    So long and thanks for all the 0day
    No content preview  ( 21 min )
    Detecting Mimikatz with Busylight
    No content preview  ( 10 min )
    Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes
    No content preview  ( 17 min )
    A Primer On Slowable Encoders
    No content preview  ( 12 min )
    Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
    No content preview  ( 10 min )
    Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)
    No content preview  ( 9 min )
    How To Spot a Penetration Tester in Your Network (and Catch the Real Bad Guys at the Same Time)
    This guide reveals techniques to detect penetration testers and uncover genuine threats during security assessments.  ( 13 min )
    Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
    No content preview  ( 10 min )
    Helping Engineering Teams Tackle Security Debt in Embedded Systems: U-Boot Configuration Auditing Introduced in Depthcharge v0.2.0
    No content preview  ( 14 min )
    Public Report – Zendoo Proof Verifier Cryptography Review
    No content preview  ( 7 min )
    Announcing the Cryptopals Guided Tour Video 18: Implement CTR
    No content preview  ( 8 min )
    StreamDivert: Relaying (specific) network connections
    No content preview  ( 9 min )
    Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
    No content preview  ( 25 min )
    Exploring the Security & Privacy of Canada’s Digital Proof of Vaccination Programs
    Understand the security challenges and privacy concerns of Canada’s digital vaccination systems and how to mitigate potential threats.  ( 30 min )
    Matty McMattface: Security implications, mitigations & testing strategies for biometric facial recognition systems
    No content preview  ( 7 min )
    Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL (authenticated)
    Learn how a crafted URL can exploit Symantec Messaging Gateway for arbitrary file downloads and how to mitigate this risk.  ( 7 min )
    Self-Driving Cars- The future is now…
    No content preview  ( 7 min )
    Secure Coding in C and C++, 2nd Edition
    No content preview  ( 6 min )
    Xen HYPERVISOR_xen_version stack memory revelation
    No content preview  ( 6 min )
    Adobe Flash Player Cross Domain Policy Bypass
    No content preview  ( 6 min )
    Ricochet Security Assessment Public Report
    No content preview  ( 6 min )
    HTML5 Security The Modern Web Browser Perspective
    No content preview  ( 6 min )
    Insomnihack - Pioneering Zero Days at Pwn2Own Automotive 2024
    No content preview  ( 7 min )
    Sniffle: A Sniffer for Bluetooth 5
    No content preview  ( 7 min )
    Threat Profiling Microsoft SQL Server
    No content preview  ( 6 min )
    NCC CON Europe 2017
    No content preview  ( 7 min )
    Auditing Enterprise Class Applications and Secure Containers on Android
    No content preview  ( 6 min )
    Technical Advisory: Shell Injection in MacVim mvim URI Handler
    No content preview  ( 7 min )
    Windows DACLs & Why There Is Still Room for Interest
    No content preview  ( 8 min )
    OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel
    No content preview  ( 7 min )
    A Rendezvous with System Management Interrupts
    No content preview  ( 9 min )
    Understanding Microsoft Word OLE Exploit Primitives: Exploiting CVE-2015-1642 Microsoft Office CTaskSymbol Use-After-Free Vulnerability
    No content preview  ( 7 min )
    Technical Advisory: Condeon CMS
    No content preview  ( 8 min )
    Where You Inject Matters: The Role-Specific Impact of Prompt Injection Attacks on OpenAI models
    No content preview  ( 8 min )
    Public Report – Zcash NU5 Cryptography Review
    No content preview  ( 7 min )
    Non-flood/non-volumetric Distributed Denial of Service (DDoS)
    No content preview  ( 7 min )
    Oracle Retail Invoice Manager SQL Injection
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance Reflective XSS allowing an attacker to gain session tokens
    No content preview  ( 6 min )
    Symantec Messaging Gateway – Out of band stored XSS via email
    No content preview  ( 6 min )
    IETF Draft: Indicators of Compromise and Their Role in Attack and Defen[c|s]e
    No content preview  ( 7 min )
    Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports
    No content preview  ( 7 min )
    Passive Information Gathering – The Analysis of Leaked Network Security Information
    No content preview  ( 7 min )
    Whitepaper – Exploring the Security of KaiOS Mobile Applications
    No content preview  ( 7 min )
    Tool Release: Blackbox Android App Analysis with Introspy
    No content preview  ( 7 min )
    Technical Advisory: Command Injection
    No content preview  ( 7 min )
    How organisations can properly configure SSL services to ensure the integrity and confidentiality of data in transit
    No content preview  ( 7 min )
    Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions
    No content preview  ( 6 min )
    White Paper: Login Service Security
    No content preview  ( 7 min )
    Medium Risk Vulnerability in Symantec Network Access Control
    No content preview  ( 6 min )
    Windows Remote Desktop Memory Corruption Leading to RCE on XPSP3
    No content preview  ( 8 min )
    Kivlad
    No content preview  ( 7 min )
    Introducing idb-Simplified Blackbox iOS App Pentesting
    No content preview  ( 6 min )
    Public Report – Entropy/Rust Cryptography Review
    No content preview  ( 7 min )
    port-scan-automation
    No content preview  ( 7 min )
    Chrome Password Manager Cross Origin Weakness
    Explore how a cross-origin flaw in Chrome’s password manager could allow attackers to steal credentials via embedded content.  ( 8 min )
    Symantec Messaging Gateway – Unauthorised SSH access
    No content preview  ( 6 min )
    Harnessing GPUs Building Better Browser Based Botnets
    No content preview  ( 6 min )
    iOS Instrumentation Without Jailbreak
    No content preview
    How will GDPR impact your communications?
    No content preview
    Public Report – Coda Cryptographic Review
    No content preview
    Jailbreak
    No content preview
    Going “AUTH the Rails” on a Crazy Train
    No content preview
    An Introduction to Heap overflows on AIX 5.3L
    No content preview  ( 6 min )
    Heartbleed OpenSSL vulnerability
    Learn the impact of Heartbleed on OpenSSL and how NCC Group helps secure systems against this critical flaw.  ( 9 min )
    Analysis of the Linux backdoor used in freenode IRC network compromise
    No content preview  ( 12 min )
    Lessons learned from 50 bugs: Common USB driver vulnerabilities
    No content preview  ( 7 min )
    Adventures in Windows Driver Development: Part 1
    Dive into the fundamentals of Windows driver development with NCC Group’s hands-on exploration of kernel-mode programming.  ( 13 min )
    Announcing the AWS blog post series
    No content preview
    Android SSL Bypass
    No content preview
    Analysis of Boomerang Differential Trials via a SAT-Based Constraint Solver URSA
    No content preview
    An Introduction to Ultrasound Security Research
    No content preview
    EAP-TLS: The most secure option?
    No content preview
    Research Paper – Machine Learning for Static Malware Analysis, with University College London
    No content preview
    Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
    No content preview
    Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath
    No content preview
    Conference Talks – February/March 2021
    No content preview
    Pairing over BLS12-381, Part 1: Fields
    No content preview
    SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities
    Discover how these SSL/TLS flaws allow attackers to bypass encryption, impersonate servers, and intercept sensitive data.  ( 10 min )
    Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
    No content preview  ( 10 min )
    SCOMplicated? – Decrypting SCOM “RunAs” credentials
    No content preview  ( 10 min )
    Secure Device Manufacturing: Supply Chain Security Resilience
    No content preview  ( 7 min )
    Readable Thrift
    No content preview  ( 10 min )
    On the Use of Pedersen Commitments for Confidential Payments
    No content preview  ( 12 min )
    Shellshock Bash Vulnerability
    No content preview  ( 8 min )
    Writing Robust Yara Detection Rules for Heartbleed
    Explore NCC Group’s approach to writing effective YARA rules for detecting Heartbleed in OpenSSL implementations.  ( 11 min )
    Pairing over BLS12-381, Part 2: Curves
    A technical look at the curve foundations of BLS12-381 and their importance in pairing-based cryptography.  ( 15 min )
    SAML XML Injection
    No content preview  ( 14 min )
    TA505: A Brief History Of Their Time
    No content preview  ( 14 min )
    NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020
    No content preview  ( 8 min )
    Technical Advisory – Authorization Bypass Allows for Pinboard Corruption
    Explore how a flaw in access control could allow unauthorized users to corrupt Pinboard data and compromise integrity.  ( 8 min )
    Secure Messaging for Normal People
    No content preview  ( 7 min )
    Oracle Forensics Part 4: Live Response
    No content preview  ( 7 min )
    Pointer Sequence Reverser (PSR)
    No content preview  ( 7 min )
    TANDBERG Video Communication Server Arbitrary File Retrieval
    No content preview  ( 7 min )
    PeachFarmer
    No content preview  ( 7 min )
    Pip3line
    No content preview  ( 6 min )
    Research Report – Zephyr and MCUboot Security Assessment
    No content preview  ( 8 min )
    PDF Form Filling and Flattening Tool Buffer Overflow
    Explore how a buffer overflow vulnerability in a PDF form filling and flattening tool could lead to memory corruption and security risks.  ( 8 min )
    Symantec Backup Exec 2012 – OS version and service pack information leak
    No content preview  ( 7 min )
    Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond
    No content preview  ( 7 min )
    Security Best Practice: Host Naming & URL Conventions
    No content preview  ( 7 min )
    Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application
    No content preview  ( 8 min )
    Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)
    No content preview  ( 8 min )
    State-of-the-art email risk
    No content preview  ( 7 min )
    Maritime Cyber Security: Threats and Opportunities
    No content preview  ( 6 min )
    Setting a New Standard for Kubernetes Deployments
    No content preview  ( 9 min )
    SSL checklist for pentesters
    No content preview  ( 6 min )
    Ransomware: what organisations can do to survive
    No content preview  ( 6 min )
    Memory Scanning for the Masses
    No content preview  ( 9 min )
    RtspFuzzer
    No content preview  ( 6 min )
    OSX afpserver remote code execution
    No content preview  ( 6 min )
    Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism
    No content preview  ( 7 min )
    Secure Device Provisioning Best Practices: Heavy Truck Edition
    No content preview  ( 7 min )
    Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability
    Explore how a flaw in Apple’s NSXMLParser could allow XML External Entity (XXE) attacks on iOS and macOS systems.  ( 9 min )
    scenester
    No content preview  ( 6 min )
    Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption
    No content preview  ( 10 min )
    SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
    No content preview  ( 14 min )
    Second-Order Code Injection Attacks
    No content preview  ( 6 min )
    Symantec Messaging Gateway – Unauthenticated detailed version disclosure
    No content preview  ( 6 min )
    Oracle Hyperion 11 Directory Traversal
    No content preview  ( 7 min )
    Perfect Forward Security
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance Session hijacking and bypassing client-side session timeouts
    No content preview  ( 6 min )
    Return of the hidden number problem
    No content preview  ( 7 min )
    Technical Advisory – Coda Filesystem Kernel Memory Disclosure
    This technical advisory details a kernel memory disclosure issue in the Coda filesystem and its potential impact.  ( 9 min )
    Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)
    No content preview  ( 8 min )
    Poison Ivy string decryption
    Explore how NCC Group reverse-engineers Poison Ivy’s string obfuscation to uncover hidden commands and payloads.  ( 8 min )
    Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing
    No content preview  ( 7 min )
    Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)
    No content preview  ( 8 min )
    Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)
    No content preview  ( 8 min )
    Story of a Hundred Vulnerable Jenkins Plugins
    Explore the security risks in Jenkins plugins, how vulnerabilities were found, and steps to strengthen CI/CD security.  ( 14 min )

  • Open

    Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass
    Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass  ( 12 min )

  • Open

    Public Report: Meta Whatsapp message summarization service
    No content preview  ( 7 min )

  • Open

    Adventures in EM Side-channel Attacks
    Adventures in EM Side-channel Attacks Eucleak  ( 7 min )

  • Open

    TANDBERG Video Communication Server Static SSH Host KeysN
    Explore how hardcoded SSH host keys in Tandberg Video Communication Server could expose systems to impersonation and MITM attacks.  ( 9 min )

  • Open

    Crack the Riddle, Secure the Oasis: Core NetWars Version 11 is Here
    A blog about SANS Institute's new Core NetWars Version 11  ( 12 min )

  • Open

    Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)
    GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.  ( 10 min )
    Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)
    GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.  ( 10 min )

  • Open

    The Cost Savings of Fixing Security Flaws in Development
    No content preview  ( 7 min )

  • Open

    A New Approach to Proving Cybersecurity Value (That Isn’t ROI)
    In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.  ( 6 min )
    Celebrating 10 Years of Partnership: Snap and HackerOne Reach $1M in Bounties
    At Snap, security is more than a priority—it’s a core mission. Over the past decade, Snap has partnered with HackerOne to build and sustain a robust bug bounty program. This collaboration has led to major milestones, including paying security researchers over $1M in bounties. To celebrate this achievement and their 10-year partnership, we spoke with Jim Higgins, Snap's Chief Information Security Officer, Vinay Prabhushankar, Snap’s Security Engineering Manager, and Ilana Arbisser, Snap’s Privacy Engineer.

  • Open

    Women@ Kicks Off the Year with a Vision Board Event
    No content preview  ( 4 min )

  • Open

    Gain Actionable, Data-backed Insights with HackerOne Recommendations
    What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.  ( 5 min )

  • Open

    Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery
    What are Hackbots and how are they impacting vulnerability discovery and the researcher community?  ( 6 min )

  • Open

    DORA Compliance Is Here: What Financial Entities Should Know
    The new DORA regulation: everything your organization needs to know about its impact and how to comply.  ( 5 min )
2026-07-03T01:56:58.542Z osmosfeed 1.15.1