Because we can!

The npm public registry is drowning in a tsunami of spam and phishing, and it's all thanks to everyone's favorite gun-toting antihero, John Wick.

IDs in APIs can be exploited to gain unauthorized access to data, for example though enumeration and timing attacks. These can be mitigated using authenticated encryption and opaque IDs.

Socket is using ChatGPT to examine every npm and PyPI package for security issues.

A sophisticated new toolset is being used to harvest credentials from multiple cloud service providers, including AWS SES and Microsoft Office 365.

Exploit-DB and 0day.today are two of the largest public exploit databases. In this blog, we compare the databases to determine which one is the most relevant today.

Today we are super excited to release the SafeDep vet 🚀 to identify risks in Open Source dependencies and establish trust in open source software supply chain security.

A Public Git repository & misconfiguration detection tool - GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool

By Henrik Brodin, Lead Security Engineer, Research The aCropalypse is upon us! Last week, news about CVE-2023-21036, nicknamed the “aCropalypse,” spread across Twitter and other media, and I quickl…

In 2022, I embarked on a journey with jswzl, believing that a single developer could deliver immense value without a team by focusing on high-value outputs and minimizing low-leverage work. As a so…

Learn Basic Concepts of Linux. Best site to learn Linux from beginner to Advanced.

How it happened, why it matters, and what's being done about it.

CoinFabrik received a grant from the Web3 Foundation to develop a proof-of-concept tool for detecting security vulnerabilities in Parity’s…

Taking a look at the (in)security of the amazon echo dot.

Intro

IcedID continues to deliver malspam emails to facilitate a compromise. This case covers the activity from a campaign in late September of 2022. Post exploitation activities detail some familiar and … Read More