#security-research — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #security-research, aggregated by home.social.
-
https://winbuzzer.com/2026/07/06/ai-bug-hunters-coincide-with-record-cve-disclosures-xcxwbn/
Epoch AI data points to a record June surge in public software-flaw disclosures as AI bug-hunting expands, but the data cannot prove which flaws AI found.
#AI #SecurityVulnerabilities #Cybersecurity #SecurityResearch #OpenAI #Anthropic #ClaudeMythos #ProjectGlasswing #OpenAIDaybreak
-
https://winbuzzer.com/2026/07/06/ai-bug-hunters-coincide-with-record-cve-disclosures-xcxwbn/
Epoch AI data points to a record June surge in public software-flaw disclosures as AI bug-hunting expands, but the data cannot prove which flaws AI found.
#AI #SecurityVulnerabilities #Cybersecurity #SecurityResearch #OpenAI #Anthropic #ClaudeMythos #ProjectGlasswing #OpenAIDaybreak
-
https://winbuzzer.com/2026/07/06/ai-bug-hunters-coincide-with-record-cve-disclosures-xcxwbn/
Epoch AI data points to a record June surge in public software-flaw disclosures as AI bug-hunting expands, but the data cannot prove which flaws AI found.
#AI #SecurityVulnerabilities #Cybersecurity #SecurityResearch #OpenAI #Anthropic #ClaudeMythos #ProjectGlasswing #OpenAIDaybreak
-
https://winbuzzer.com/2026/07/06/ai-bug-hunters-coincide-with-record-cve-disclosures-xcxwbn/
Epoch AI data points to a record June surge in public software-flaw disclosures as AI bug-hunting expands, but the data cannot prove which flaws AI found.
#AI #SecurityVulnerabilities #Cybersecurity #SecurityResearch #OpenAI #Anthropic #ClaudeMythos #ProjectGlasswing #OpenAIDaybreak
-
https://winbuzzer.com/2026/07/06/ai-bug-hunters-coincide-with-record-cve-disclosures-xcxwbn/
Epoch AI data points to a record June surge in public software-flaw disclosures as AI bug-hunting expands, but the data cannot prove which flaws AI found.
#AI #SecurityVulnerabilities #Cybersecurity #SecurityResearch #OpenAI #Anthropic #ClaudeMythos #ProjectGlasswing #OpenAIDaybreak
-
Ok, I managed to block all of those new followers with boobies. "I reply when it feels right".... "Are you looking for a new friend "... no. I'm #gay and I'm disgusted with scammers. I like #CyberSecurity #Infosec #ThreatIntelligence #SecurityResearch #BlueTeam #tech
-
Ok, I managed to block all of those new followers with boobies. "I reply when it feels right".... "Are you looking for a new friend "... no. I'm #gay and I'm disgusted with scammers. I like #CyberSecurity #Infosec #ThreatIntelligence #SecurityResearch #BlueTeam #tech
-
I need followers in tech + cybersecurity—please help... I promise I’ll post stuff smarter than “oops, wrong config”.
#CyberSecurity #Infosec #ThreatIntelligence #SecurityResearch #BlueTeam #RedTeam #SOC #VulnerabilityManagement #AppSec #PenTesting #threatintel
-
I need followers in tech + cybersecurity—please help... I promise I’ll post stuff smarter than “oops, wrong config”.
#CyberSecurity #Infosec #ThreatIntelligence #SecurityResearch #BlueTeam #RedTeam #SOC #VulnerabilityManagement #AppSec #PenTesting #threatintel
-
I need followers in tech + cybersecurity—please help... I promise I’ll post stuff smarter than “oops, wrong config”.
#CyberSecurity #Infosec #ThreatIntelligence #SecurityResearch #BlueTeam #RedTeam #SOC #VulnerabilityManagement #AppSec #PenTesting #threatintel
-
I need followers in tech + cybersecurity—please help... I promise I’ll post stuff smarter than “oops, wrong config”.
#CyberSecurity #Infosec #ThreatIntelligence #SecurityResearch #BlueTeam #RedTeam #SOC #VulnerabilityManagement #AppSec #PenTesting #threatintel
-
New blog post!
The title should be self-explanatory, it's an appreciation post for Nightmare Eclipse.
You might notice that the tone is a bit more emotional/angry than my usual style of writing.
This one's personal.https://ti-kallisti.com/general/ms/nightmare-eclipse.html
#NightmareEclipse #Microsoft #Hackers #InfoSec #SecurityResearch #ChainsawMan #Reze
-
New blog post!
The title should be self-explanatory, it's an appreciation post for Nightmare Eclipse.
You might notice that the tone is a bit more emotional/angry than my usual style of writing.
This one's personal.https://ti-kallisti.com/general/ms/nightmare-eclipse.html
#NightmareEclipse #Microsoft #Hackers #InfoSec #SecurityResearch #ChainsawMan #Reze
-
New blog post!
The title should be self-explanatory, it's an appreciation post for Nightmare Eclipse.
You might notice that the tone is a bit more emotional/angry than my usual style of writing.
This one's personal.https://ti-kallisti.com/general/ms/nightmare-eclipse.html
#NightmareEclipse #Microsoft #Hackers #InfoSec #SecurityResearch #ChainsawMan #Reze
-
New blog post!
The title should be self-explanatory, it's an appreciation post for Nightmare Eclipse.
You might notice that the tone is a bit more emotional/angry than my usual style of writing.
This one's personal.https://ti-kallisti.com/general/ms/nightmare-eclipse.html
#NightmareEclipse #Microsoft #Hackers #InfoSec #SecurityResearch #ChainsawMan #Reze
-
https://winbuzzer.com/2026/06/21/pypi-malware-wave-exposes-weak-ai-scanner-boundary-xcxwbn/
PyPI Malware Wave Exposes Weak AI Malware Scanner Boundary
#AI #PyPI #Malware #AISecurity #Cybersecurity #Javascript #AISafety #AntiMalware #SecurityResearch #CyberThreats
-
https://winbuzzer.com/2026/06/21/pypi-malware-wave-exposes-weak-ai-scanner-boundary-xcxwbn/
PyPI Malware Wave Exposes Weak AI Malware Scanner Boundary
#AI #PyPI #Malware #AISecurity #Cybersecurity #Javascript #AISafety #AntiMalware #SecurityResearch #CyberThreats
-
https://winbuzzer.com/2026/06/21/pypi-malware-wave-exposes-weak-ai-scanner-boundary-xcxwbn/
PyPI Malware Wave Exposes Weak AI Malware Scanner Boundary
#AI #PyPI #Malware #AISecurity #Cybersecurity #Javascript #AISafety #AntiMalware #SecurityResearch #CyberThreats
-
https://winbuzzer.com/2026/06/21/pypi-malware-wave-exposes-weak-ai-scanner-boundary-xcxwbn/
PyPI Malware Wave Exposes Weak AI Malware Scanner Boundary
#AI #PyPI #Malware #AISecurity #Cybersecurity #Javascript #AISafety #AntiMalware #SecurityResearch #CyberThreats
-
https://winbuzzer.com/2026/06/21/pypi-malware-wave-exposes-weak-ai-scanner-boundary-xcxwbn/
PyPI Malware Wave Exposes Weak AI Malware Scanner Boundary
#AI #PyPI #Malware #AISecurity #Cybersecurity #Javascript #AISafety #AntiMalware #SecurityResearch #CyberThreats
-
Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.
Check out some of the sessions: https://loom.ly/qC3L65o
@owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch
-
Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.
Check out some of the sessions: https://loom.ly/qC3L65o
@owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch
-
Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.
Check out some of the sessions: https://loom.ly/qC3L65o
@owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch
-
Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.
Check out some of the sessions: https://loom.ly/qC3L65o
@owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch
-
Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.
Check out some of the sessions: https://loom.ly/qC3L65o
@owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch
-
You demonstrate a fileless RCE chain. Complex delivery, in-memory execution, zero detections, confirmed working on multiple devices.
The vendor reviews it twice, involves engineering, then tells you:
"Your research demonstrates a complex chain for delivering and executing code."
...and closes it as 'intended behavior. Not a platform vulnerability.'
Question: is it a vulnerability?
Follow-up: does your answer change if the attack surface exists *between* components — where no single owner's scope definition covers the full chain?
Asking because I have a paper dropping soon about that.
#VRP #responsibleDisclosure #semanticGap #infosec #securityResearch
-
You demonstrate a fileless RCE chain. Complex delivery, in-memory execution, zero detections, confirmed working on multiple devices.
The vendor reviews it twice, involves engineering, then tells you:
"Your research demonstrates a complex chain for delivering and executing code."
...and closes it as 'intended behavior. Not a platform vulnerability.'
Question: is it a vulnerability?
Follow-up: does your answer change if the attack surface exists *between* components — where no single owner's scope definition covers the full chain?
Asking because I have a paper dropping soon about that.
#VRP #responsibleDisclosure #semanticGap #infosec #securityResearch
-
You demonstrate a fileless RCE chain. Complex delivery, in-memory execution, zero detections, confirmed working on multiple devices.
The vendor reviews it twice, involves engineering, then tells you:
"Your research demonstrates a complex chain for delivering and executing code."
...and closes it as 'intended behavior. Not a platform vulnerability.'
Question: is it a vulnerability?
Follow-up: does your answer change if the attack surface exists *between* components — where no single owner's scope definition covers the full chain?
Asking because I have a paper dropping soon about that.
#VRP #responsibleDisclosure #semanticGap #infosec #securityResearch
-
I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.
Hack Hub is a curated directory of useful security resources.
#CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech
-
I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.
Hack Hub is a curated directory of useful security resources.
#CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech
-
I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.
Hack Hub is a curated directory of useful security resources.
#CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech
-
I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.
Hack Hub is a curated directory of useful security resources.
#CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech
-
I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.
Hack Hub is a curated directory of useful security resources.
#CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech
-
https://winbuzzer.com/2026/06/03/toronto-ai-worm-prototype-tests-adaptive-malware-risk-xcxwbn/
Researchers built a contained AI powered malware worm that adapts attacks across lab hosts, exposing how local open-weight models complicate malware containment.
#AI #AIAgents #AISecurity #AIResearch #Cybersecurity #Malware #SecurityVulnerabilities #CyberThreats #SecurityResearch
-
https://winbuzzer.com/2026/06/03/toronto-ai-worm-prototype-tests-adaptive-malware-risk-xcxwbn/
Researchers built a contained AI powered malware worm that adapts attacks across lab hosts, exposing how local open-weight models complicate malware containment.
#AI #AIAgents #AISecurity #AIResearch #Cybersecurity #Malware #SecurityVulnerabilities #CyberThreats #SecurityResearch
-
https://winbuzzer.com/2026/06/03/toronto-ai-worm-prototype-tests-adaptive-malware-risk-xcxwbn/
Researchers built a contained AI powered malware worm that adapts attacks across lab hosts, exposing how local open-weight models complicate malware containment.
#AI #AIAgents #AISecurity #AIResearch #Cybersecurity #Malware #SecurityVulnerabilities #CyberThreats #SecurityResearch
-
https://winbuzzer.com/2026/06/03/toronto-ai-worm-prototype-tests-adaptive-malware-risk-xcxwbn/
Researchers built a contained AI powered malware worm that adapts attacks across lab hosts, exposing how local open-weight models complicate malware containment.
#AI #AIAgents #AISecurity #AIResearch #Cybersecurity #Malware #SecurityVulnerabilities #CyberThreats #SecurityResearch
-
https://winbuzzer.com/2026/06/03/toronto-ai-worm-prototype-tests-adaptive-malware-risk-xcxwbn/
Researchers built a contained AI powered malware worm that adapts attacks across lab hosts, exposing how local open-weight models complicate malware containment.
#AI #AIAgents #AISecurity #AIResearch #Cybersecurity #Malware #SecurityVulnerabilities #CyberThreats #SecurityResearch
-
https://winbuzzer.com/2026/06/02/microsoft-backs-off-threats-against-security-researchers-xcxwbn/
Microsoft has ruled out action against security researchers after a backlash, narrowing legal risk around its wider disclosure dispute.
#SecurityResearch #Microsoft #Security #Cybersecurity #ZeroDay #MicrosoftWindows #WindowsSecurity #WindowsVulnerability #Windows11
-
https://winbuzzer.com/2026/06/02/microsoft-backs-off-threats-against-security-researchers-xcxwbn/
Microsoft has ruled out action against security researchers after a backlash, narrowing legal risk around its wider disclosure dispute.
#SecurityResearch #Microsoft #Security #Cybersecurity #ZeroDay #MicrosoftWindows #WindowsSecurity #WindowsVulnerability #Windows11
-
https://winbuzzer.com/2026/06/02/microsoft-backs-off-threats-against-security-researchers-xcxwbn/
Microsoft has ruled out action against security researchers after a backlash, narrowing legal risk around its wider disclosure dispute.
#SecurityResearch #Microsoft #Security #Cybersecurity #ZeroDay #MicrosoftWindows #WindowsSecurity #WindowsVulnerability #Windows11
-
https://winbuzzer.com/2026/06/02/microsoft-backs-off-threats-against-security-researchers-xcxwbn/
Microsoft has ruled out action against security researchers after a backlash, narrowing legal risk around its wider disclosure dispute.
#SecurityResearch #Microsoft #Security #Cybersecurity #ZeroDay #MicrosoftWindows #WindowsSecurity #WindowsVulnerability #Windows11
-
https://winbuzzer.com/2026/06/02/microsoft-backs-off-threats-against-security-researchers-xcxwbn/
Microsoft has ruled out action against security researchers after a backlash, narrowing legal risk around its wider disclosure dispute.
#SecurityResearch #Microsoft #Security #Cybersecurity #ZeroDay #MicrosoftWindows #WindowsSecurity #WindowsVulnerability #Windows11
-
Bug Bounty situation = Netflix & Piracy situation?
*Boosts welcome
I want to hear your opinion on an idea I had recently:
So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.I was wondering if the same thing would/is happening in the bug bounty world.
As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?After all, many researchers do this to make a living, and not be a knight on a white horse.
And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.what do you think?
I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
is it already happening? -
Bug Bounty situation = Netflix & Piracy situation?
*Boosts welcome
I want to hear your opinion on an idea I had recently:
So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.I was wondering if the same thing would/is happening in the bug bounty world.
As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?After all, many researchers do this to make a living, and not be a knight on a white horse.
And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.what do you think?
I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
is it already happening? -
Bug Bounty situation = Netflix & Piracy situation?
*Boosts welcome
I want to hear your opinion on an idea I had recently:
So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.I was wondering if the same thing would/is happening in the bug bounty world.
As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?After all, many researchers do this to make a living, and not be a knight on a white horse.
And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.what do you think?
I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
is it already happening? -
Bug Bounty situation = Netflix & Piracy situation?
*Boosts welcome
I want to hear your opinion on an idea I had recently:
So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.I was wondering if the same thing would/is happening in the bug bounty world.
As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?After all, many researchers do this to make a living, and not be a knight on a white horse.
And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.what do you think?
I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
is it already happening? -
Bug Bounty situation = Netflix & Piracy situation?
*Boosts welcome
I want to hear your opinion on an idea I had recently:
So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.I was wondering if the same thing would/is happening in the bug bounty world.
As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?After all, many researchers do this to make a living, and not be a knight on a white horse.
And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.what do you think?
I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
is it already happening? -
Shodan Dork Cheat Sheet
In this cheat sheet, I cover useful Shodan search queries, filtering techniques, and practical reconnaissance workflows for cybersecurity assessments
https://denizhalil.com/2023/12/19/shodan-dork-cheat-sheet/#CyberSecurity #Shodan #OSINT #Reconnaissance #AttackSurface #ThreatIntelligence #Pentesting #RedTeam #InfoSec #EthicalHacking #SecurityResearch #DenizHalil
-
Shodan Dork Cheat Sheet
In this cheat sheet, I cover useful Shodan search queries, filtering techniques, and practical reconnaissance workflows for cybersecurity assessments
https://denizhalil.com/2023/12/19/shodan-dork-cheat-sheet/#CyberSecurity #Shodan #OSINT #Reconnaissance #AttackSurface #ThreatIntelligence #Pentesting #RedTeam #InfoSec #EthicalHacking #SecurityResearch #DenizHalil
-
Shodan Dork Cheat Sheet
In this cheat sheet, I cover useful Shodan search queries, filtering techniques, and practical reconnaissance workflows for cybersecurity assessments
https://denizhalil.com/2023/12/19/shodan-dork-cheat-sheet/#CyberSecurity #Shodan #OSINT #Reconnaissance #AttackSurface #ThreatIntelligence #Pentesting #RedTeam #InfoSec #EthicalHacking #SecurityResearch #DenizHalil
-
New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.
We’re also releasing ELBaph — a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.
https://blog.doyensec.com/2026/05/25/cloudsectidbits-elbaph-alb.html
#AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch
-
New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.
We’re also releasing ELBaph — a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.
https://blog.doyensec.com/2026/05/25/cloudsectidbits-elbaph-alb.html
#AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.
At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.
🔗 https://oxidizeconf.com/sessions/awaiting_exploitation
#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust
-
Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.
At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.
🔗 https://oxidizeconf.com/sessions/awaiting_exploitation
#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust