What abliterated models are, how they work by removing the refusal direction in activation space, an

Introduction
Hello, I’m RyotaK
(@ryotkak
), a security engineer at GMO Flatt Security Inc.
A few months ago, I came across an interesting behavior while using Claude Code—it executed a command without my approval.
Since I wasn’t using the permission bypass…

Modern Endpoint Detection and Response systems depend on persistent, bidirectional communication with their cloud management console, enabling them to continuously report suspicious activity and re…

OID-See or BloodHound for OAuth in Entra: mapping consent, scopes, assignments, and trust signals into a graph so you can spot impersonation risk and OAuth sprawl.

In a newly identified campaign, internally referred to as Boto Cor-de-Rosa, our researchers discovered that Astaroth now exploits WhatsApp Web as part of its propagation strategy.

Or Why You Can't Regex Your Way to Agent Security

Two CVSS 10 flaws (CVE-2025-69425 & CVE-2025-69426) hit Ruckus vRIoT. Hardcoded secrets allow attackers to seize root access. Update to v3.0.0.0 now.

The largest free directory of open source security tools. Join 2,600+ professionals who get a weekly, expert-curated newsletter of the best tools.

Horizon3.ai details CVE-2025-64155, revealing chained FortiSIEM vulnerabilities enabling remote code execution and root access, analysis of the root cause, and indicators of compromise.

Fortinet EMS Remote Code Execution. How one tiny img tag was all we needed to escalate our access to a full remote code execution.

Tenzai researchers tested Cursor, Claude Code, Codex, Replit, and Devin. Every AI coding agent shipped vulnerable code. Here’s what broke - and why it matters.

Exploring security blunders in Bluspark Global’s BLUVOYIX, an ocean logistics / supply chain platform used by hundreds of the world’s largest companies.

Introduction

Desoldering a drone's flash chip and reconstructing the firmware from broken data.

Varonis Threat Labs discovered a way to bypass Copilot’s safety controls, steal users’ darkest secrets, and evade detection.

Cymulate Research Labs uncovered CVE-2026-20965, a token validation flaw in Azure Windows Admin Center enabling tenant-wide RCE and lateral movement.

IHackAI (ihackai.com) - Master AI security through hands-on challenges. Learn prompt injection, jailbreaking, and defense strategies.