#securityresearch — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securityresearch, aggregated by home.social.
-
New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.
We’re also releasing ELBaph — a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.
https://blog.doyensec.com/2026/05/25/cloudsectidbits-elbaph-alb.html
#AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch
-
New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.
We’re also releasing ELBaph — a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.
https://blog.doyensec.com/2026/05/25/cloudsectidbits-elbaph-alb.html
#AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html
#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity
-
Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.
At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.
🔗 https://oxidizeconf.com/sessions/awaiting_exploitation
#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust
-
Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.
At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.
🔗 https://oxidizeconf.com/sessions/awaiting_exploitation
#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust
-
Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.
At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.
🔗 https://oxidizeconf.com/sessions/awaiting_exploitation
#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust
-
Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.
At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.
🔗 https://oxidizeconf.com/sessions/awaiting_exploitation
#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust
-
Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.
At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.
🔗 https://oxidizeconf.com/sessions/awaiting_exploitation
#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust
-
Sometimes I’ve found myself banging my head against the keyboard trying to contact companies to help them fix their misconfigurations and exposed servers.
After several frustrating experiences, I decided to create my own clear and structured Responsible Disclosure methodology.
Today I’m sharing it with you 👇
This flow represents how I handle vulnerabilities — always prioritizing ethical contact, escalation when necessary, and only publishing write-ups once the issue is fixed.
Opinions and constructive feedback are more than welcome. Have you faced similar situations? What’s your approach?
-
Sometimes I’ve found myself banging my head against the keyboard trying to contact companies to help them fix their misconfigurations and exposed servers.
After several frustrating experiences, I decided to create my own clear and structured Responsible Disclosure methodology.
Today I’m sharing it with you 👇
This flow represents how I handle vulnerabilities — always prioritizing ethical contact, escalation when necessary, and only publishing write-ups once the issue is fixed.
Opinions and constructive feedback are more than welcome. Have you faced similar situations? What’s your approach?
-
Sometimes I’ve found myself banging my head against the keyboard trying to contact companies to help them fix their misconfigurations and exposed servers.
After several frustrating experiences, I decided to create my own clear and structured Responsible Disclosure methodology.
Today I’m sharing it with you 👇
This flow represents how I handle vulnerabilities — always prioritizing ethical contact, escalation when necessary, and only publishing write-ups once the issue is fixed.
Opinions and constructive feedback are more than welcome. Have you faced similar situations? What’s your approach?
-
Sometimes I’ve found myself banging my head against the keyboard trying to contact companies to help them fix their misconfigurations and exposed servers.
After several frustrating experiences, I decided to create my own clear and structured Responsible Disclosure methodology.
Today I’m sharing it with you 👇
This flow represents how I handle vulnerabilities — always prioritizing ethical contact, escalation when necessary, and only publishing write-ups once the issue is fixed.
Opinions and constructive feedback are more than welcome. Have you faced similar situations? What’s your approach?
-
Sometimes I’ve found myself banging my head against the keyboard trying to contact companies to help them fix their misconfigurations and exposed servers.
After several frustrating experiences, I decided to create my own clear and structured Responsible Disclosure methodology.
Today I’m sharing it with you 👇
This flow represents how I handle vulnerabilities — always prioritizing ethical contact, escalation when necessary, and only publishing write-ups once the issue is fixed.
Opinions and constructive feedback are more than welcome. Have you faced similar situations? What’s your approach?
-
https://winbuzzer.com/2026/05/19/anthropic-says-it-began-letting-mythos-users-share-xcxwbn/
Anthropic has loosened sharing limits for Claude Mythos after earlier confidentiality restrictions, turning a tightly controlled cyber program into a broader disclosure channel.
#AI #ClaudeMythos #Anthropic #Claude #ProjectGlasswing #AISecurity #Cybersecurity #ThreatIntelligence #SecurityResearch #AIModels #AISafety
-
https://winbuzzer.com/2026/05/19/anthropic-says-it-began-letting-mythos-users-share-xcxwbn/
Anthropic has loosened sharing limits for Claude Mythos after earlier confidentiality restrictions, turning a tightly controlled cyber program into a broader disclosure channel.
#AI #ClaudeMythos #Anthropic #Claude #ProjectGlasswing #AISecurity #Cybersecurity #ThreatIntelligence #SecurityResearch #AIModels #AISafety
-
https://winbuzzer.com/2026/05/19/anthropic-says-it-began-letting-mythos-users-share-xcxwbn/
Anthropic has loosened sharing limits for Claude Mythos after earlier confidentiality restrictions, turning a tightly controlled cyber program into a broader disclosure channel.
#AI #ClaudeMythos #Anthropic #Claude #ProjectGlasswing #AISecurity #Cybersecurity #ThreatIntelligence #SecurityResearch #AIModels #AISafety
-
https://winbuzzer.com/2026/05/19/anthropic-says-it-began-letting-mythos-users-share-xcxwbn/
Anthropic has loosened sharing limits for Claude Mythos after earlier confidentiality restrictions, turning a tightly controlled cyber program into a broader disclosure channel.
#AI #ClaudeMythos #Anthropic #Claude #ProjectGlasswing #AISecurity #Cybersecurity #ThreatIntelligence #SecurityResearch #AIModels #AISafety
-
https://winbuzzer.com/2026/05/19/anthropic-says-it-began-letting-mythos-users-share-xcxwbn/
Anthropic has loosened sharing limits for Claude Mythos after earlier confidentiality restrictions, turning a tightly controlled cyber program into a broader disclosure channel.
#AI #ClaudeMythos #Anthropic #Claude #ProjectGlasswing #AISecurity #Cybersecurity #ThreatIntelligence #SecurityResearch #AIModels #AISafety
-
https://winbuzzer.com/2026/05/16/windows-11-and-microsoft-edge-hacked-at-pwn2own-be-xcxwbn/
Microsoft Edge and Windows 11 were successfully exploited at the Pwn2Own Berlin 2026 hacking event, contributing to a $523,000 day-one payout total.
#Cybersecurity #MicrosoftEdge #Windows11 #Pwn2Own #SecurityResearch #Exploits #ZeroDayVulnerabilities #WebBrowsers #WindowsSecurity
-
https://winbuzzer.com/2026/05/16/windows-11-and-microsoft-edge-hacked-at-pwn2own-be-xcxwbn/
Microsoft Edge and Windows 11 were successfully exploited at the Pwn2Own Berlin 2026 hacking event, contributing to a $523,000 day-one payout total.
#Cybersecurity #MicrosoftEdge #Windows11 #Pwn2Own #SecurityResearch #Exploits #ZeroDayVulnerabilities #WebBrowsers #WindowsSecurity
-
https://winbuzzer.com/2026/05/16/windows-11-and-microsoft-edge-hacked-at-pwn2own-be-xcxwbn/
Microsoft Edge and Windows 11 were successfully exploited at the Pwn2Own Berlin 2026 hacking event, contributing to a $523,000 day-one payout total.
#Cybersecurity #MicrosoftEdge #Windows11 #Pwn2Own #SecurityResearch #Exploits #ZeroDayVulnerabilities #WebBrowsers #WindowsSecurity
-
https://winbuzzer.com/2026/05/16/windows-11-and-microsoft-edge-hacked-at-pwn2own-be-xcxwbn/
Microsoft Edge and Windows 11 were successfully exploited at the Pwn2Own Berlin 2026 hacking event, contributing to a $523,000 day-one payout total.
#Cybersecurity #MicrosoftEdge #Windows11 #Pwn2Own #SecurityResearch #Exploits #ZeroDayVulnerabilities #WebBrowsers #WindowsSecurity
-
https://winbuzzer.com/2026/05/16/windows-11-and-microsoft-edge-hacked-at-pwn2own-be-xcxwbn/
Microsoft Edge and Windows 11 were successfully exploited at the Pwn2Own Berlin 2026 hacking event, contributing to a $523,000 day-one payout total.
#Cybersecurity #MicrosoftEdge #Windows11 #Pwn2Own #SecurityResearch #Exploits #ZeroDayVulnerabilities #WebBrowsers #WindowsSecurity
-
https://winbuzzer.com/2026/05/14/openais-gpt-55-matches-claude-mythos-in-security-tests-xcxwbn/
A UK AI Security Institute evaluation put GPT-5.5 near Claude Mythos on vulnerability-finding tasks.
#AI #GPT55Cyber #ClaudeMythos #UKAISecurityInstitute #OpenAI #Anthropic #Claude #AIBenchmarks #SecurityResearch #Cybersecurity
-
https://winbuzzer.com/2026/05/14/openais-gpt-55-matches-claude-mythos-in-security-tests-xcxwbn/
A UK AI Security Institute evaluation put GPT-5.5 near Claude Mythos on vulnerability-finding tasks.
#AI #GPT55Cyber #ClaudeMythos #UKAISecurityInstitute #OpenAI #Anthropic #Claude #AIBenchmarks #SecurityResearch #Cybersecurity
-
https://winbuzzer.com/2026/05/14/openais-gpt-55-matches-claude-mythos-in-security-tests-xcxwbn/
A UK AI Security Institute evaluation put GPT-5.5 near Claude Mythos on vulnerability-finding tasks.
#AI #GPT55Cyber #ClaudeMythos #UKAISecurityInstitute #OpenAI #Anthropic #Claude #AIBenchmarks #SecurityResearch #Cybersecurity
-
https://winbuzzer.com/2026/05/14/openais-gpt-55-matches-claude-mythos-in-security-tests-xcxwbn/
A UK AI Security Institute evaluation put GPT-5.5 near Claude Mythos on vulnerability-finding tasks.
#AI #GPT55Cyber #ClaudeMythos #UKAISecurityInstitute #OpenAI #Anthropic #Claude #AIBenchmarks #SecurityResearch #Cybersecurity
-
https://winbuzzer.com/2026/05/14/openais-gpt-55-matches-claude-mythos-in-security-tests-xcxwbn/
A UK AI Security Institute evaluation put GPT-5.5 near Claude Mythos on vulnerability-finding tasks.
#AI #GPT55Cyber #ClaudeMythos #UKAISecurityInstitute #OpenAI #Anthropic #Claude #AIBenchmarks #SecurityResearch #Cybersecurity
-
https://winbuzzer.com/2026/05/14/microsoft-launches-mdash-after-finding-16-windows-flaws-xcxwbn/
Microsoft has launched the MDASH agentic security system beating OpenAI and Anthropic on the CyberGym benchmark.
#AI #Microsoft #Cybersecurity #MDASH #AgenticAI #AIAgents #Cybersecurity #SecurityResearch
-
https://winbuzzer.com/2026/05/14/microsoft-launches-mdash-after-finding-16-windows-flaws-xcxwbn/
Microsoft has launched the MDASH agentic security system beating OpenAI and Anthropic on the CyberGym benchmark.
#AI #Microsoft #Cybersecurity #MDASH #AgenticAI #AIAgents #Cybersecurity #SecurityResearch
-
https://winbuzzer.com/2026/05/14/microsoft-launches-mdash-after-finding-16-windows-flaws-xcxwbn/
Microsoft has launched the MDASH agentic security system beating OpenAI and Anthropic on the CyberGym benchmark.
#AI #Microsoft #Cybersecurity #MDASH #AgenticAI #AIAgents #Cybersecurity #SecurityResearch
-
https://winbuzzer.com/2026/05/14/microsoft-launches-mdash-after-finding-16-windows-flaws-xcxwbn/
Microsoft has launched the MDASH agentic security system beating OpenAI and Anthropic on the CyberGym benchmark.
#AI #Microsoft #Cybersecurity #MDASH #AgenticAI #AIAgents #Cybersecurity #SecurityResearch
-
https://winbuzzer.com/2026/05/14/microsoft-launches-mdash-after-finding-16-windows-flaws-xcxwbn/
Microsoft has launched the MDASH agentic security system beating OpenAI and Anthropic on the CyberGym benchmark.
#AI #Microsoft #Cybersecurity #MDASH #AgenticAI #AIAgents #Cybersecurity #SecurityResearch
-
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
I’ve published a new case study on BASE System, a multi-tenant ticketing platform from Poland used - according to the operator’s own claims - by more than 50 venues in Poland.
The article documents customer email exposed in a redirect URL, nginx/1.10.3 on Ubuntu 16.04, broken CORS, cookies without the Secure flag, and a sales layer running under homelinux.net... DynDNS from Oracle.
https://dadalo.pl/en/tech/anatomy-risks-multi-tenant-ticketing-platform-orientarium-zoo-lodz/
#privacy #cybersecurity #infosec #gdpr #appsec #securityresearch #privacy #phishing
-
https://winbuzzer.com/2026/05/10/openai-opens-gpt-5-5-cyber-to-vetted-security-researchers-xcxwbn/
OpenAI Opens GPT-5.5-Cyber to Vetted Cybersecurity Researchers
#AI #GPT55 #GPT54Cyber #OpenAI #GPT5 #AISecurity #AISafety #AIModels #ClaudeMythos #SecurityResearch
-
https://winbuzzer.com/2026/05/10/openai-opens-gpt-5-5-cyber-to-vetted-security-researchers-xcxwbn/
OpenAI Opens GPT-5.5-Cyber to Vetted Cybersecurity Researchers
#AI #GPT55 #GPT54Cyber #OpenAI #GPT5 #AISecurity #AISafety #AIModels #ClaudeMythos #SecurityResearch
-
https://winbuzzer.com/2026/05/10/openai-opens-gpt-5-5-cyber-to-vetted-security-researchers-xcxwbn/
OpenAI Opens GPT-5.5-Cyber to Vetted Cybersecurity Researchers
#AI #GPT55 #GPT54Cyber #OpenAI #GPT5 #AISecurity #AISafety #AIModels #ClaudeMythos #SecurityResearch
