About 2 years ago, Microsoft first released Win32-App-isolation which is a sandbox-like mechanism to further separate application access to resources on Windows clients. Brokering File System (BFS) was released around the same time to specifically …

AI deception platform: Deceive, Detect, Respond. “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.” Bruce Schneier. We turn that hard truth into your tactical advantage. Our AI-based decoys, built using our open-source…

A year-in-review going over 19+ bugs in Mediatek’s MT76xx/MT7915 (and others) wifi chipsets I reported this year, PoCs included!

Detect Claude Computer Use and OpenAI Operator through timing analysis, cursor patterns, and prompt

I was chatting with a close friend of mine and he sent me a link to his new SaaS that he's developing.

The List-Unsubscribe SMTP header is standardized but often overlooked during security assessments. It allows email clients to provide an easy way for end-users to unsubscribe from mailing lists.
This post discusses how this header can be abused to perform…

Deep dive into MacSync Stealer (UserSyncWorker variant), a MaaS infostealer featuring Gatekeeper bypass via notarized Swift dropper, code signature validation, and multi-layer payload obfuscation

Docket for United States v. LICHTENSTEIN, 1:23-cr-00239 — Brought to you by Free Law Project, a non-profit dedicated to creating high quality open legal information.

This paper presents a groundbreaking cryptanalytic framework for the SHA-256 hash function. By mapping the 2^32 modular addition space into a fractional domain [0, 1), I demonstrate that the non-linear "noise" generated by modular overflows is not random…

Explore our extensive archive of in-depth tech reviews, scientific breakthroughs, and cybersecurity analysis. Find the specs, facts, and expert insig

Posted by JDBHub - 4 votes and 0 comments

An unauthenticated local WebSocket server in the CurseForge launcher allowed any website to trigger remote code execution via attacker-controlled JVM arguments.

A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot, and I thought it was a fantastic idea.When I set off to do this…

A critical CVE in LangChain shows why credential isolation matters more than perfect code.

Infosec news that doesn’t make you want to quit tech. Click to read Threat Road, by Alex from Threat Road, a Substack publication. Launched a month ago.

Zero-day and every day protection for your cloud applications with a complete explainable & traceable runtime security story.