https://winbuzzer.com/2026/05/16/windows-11-and-microsoft-edge-hacked-at-pwn2own-be-xcxwbn/

Microsoft Edge and Windows 11 were successfully exploited at the Pwn2Own Berlin 2026 hacking event, contributing to a $523,000 day-one payout total.

#Cybersecurity #MicrosoftEdge #Windows11 #Pwn2Own #SecurityResearch #Exploits #ZeroDayVulnerabilities #WebBrowsers #WindowsSecurity

https://winbuzzer.com/2026/05/14/openais-gpt-55-matches-claude-mythos-in-security-tests-xcxwbn/

A UK AI Security Institute evaluation put GPT-5.5 near Claude Mythos on vulnerability-finding tasks.

#AI #GPT55Cyber #ClaudeMythos #UKAISecurityInstitute #OpenAI #Anthropic #Claude #AIBenchmarks #SecurityResearch #Cybersecurity

Poppy – Dynamic Instrumentation Pipeline for macOS Security Research

Poppy는 macOS 데몬과 XPC 서비스의 동적 분석, 관측성, 결함 주입을 위한 툴킷입니다. Frida, DTrace, 커스텀 인젝터를 결합해 데몬의 런타임 동작과 권한 검사, 호출 경로 등을 실시간으로 관찰하고 결함을 주입할 수 있습니다. 특히 PAC, Swift/Objective-C 동적 디스패치로 인한 정적 분석 한계를 극복하며, JSONL 로그 포맷으로 후처리와 자동화 분석에 용이합니다. macOS 보안 연구 및 취약점 분석에 즉시 활용 가능한 오픈소스 도구입니다.

https://github.com/jetnoir/poppy

#macos #dynamicanalysis #securityresearch #frida #dtrace

https://winbuzzer.com/2026/05/14/microsoft-launches-mdash-after-finding-16-windows-flaws-xcxwbn/

Microsoft has launched the MDASH agentic security system beating OpenAI and Anthropic on the CyberGym benchmark.

#AI #Microsoft #Cybersecurity #MDASH #AgenticAI #AIAgents #Cybersecurity #SecurityResearch

I’ve published a new case study on BASE System, a multi-tenant ticketing platform from Poland used - according to the operator’s own claims - by more than 50 venues in Poland.

The article documents customer email exposed in a redirect URL, nginx/1.10.3 on Ubuntu 16.04, broken CORS, cookies without the Secure flag, and a sales layer running under homelinux.net... DynDNS from Oracle.

https://dadalo.pl/en/tech/anatomy-risks-multi-tenant-ticketing-platform-orientarium-zoo-lodz/

#privacy #cybersecurity #infosec #gdpr #appsec #securityresearch #privacy #phishing

https://winbuzzer.com/2026/05/10/openai-opens-gpt-5-5-cyber-to-vetted-security-researchers-xcxwbn/

OpenAI Opens GPT-5.5-Cyber to Vetted Cybersecurity Researchers

#AI #GPT55 #GPT54Cyber #OpenAI #GPT5 #AISecurity #AISafety #AIModels #ClaudeMythos #SecurityResearch

Lukasz Olejnik (@lukOlejnik)

LLM이 사이버보안에서 모든 취약점을 찾아줄 것이라는 기대에 반박하는 내용이다. 최근 LLM으로 취약점을 찾는 사례가 늘었지만, 실제로는 한계가 있으며 AI가 보안 문제를 전부 해결하지는 못한다는 점을 강조한다.

https://x.com/lukOlejnik/status/2053180557530460506

#llm #cybersecurity #vulnerabilities #securityresearch

⚡ Fresh Talk Alert for BSides Luxembourg 2026!

“Confound and Delay: Honeypot Chronicles from the Digital Battlefield” – Kat Fitzgerald ( @rnbwkat )
Talk (40 minutes)

Step into a 40-minute talk that takes you across the globe through real-world honeypot deployments, uncovering how attackers behave when they think no one is watching. From unexpected attack patterns to cultural quirks and operational chaos, this session blends storytelling with practical insights drawn from running deception systems in diverse and high-risk environments.

Through vivid field experiences, you’ll learn how honeypots can be tailored, maintained, and leveraged to strengthen detection and response strategies. Beyond the humor and war stories, the talk delivers actionable lessons on cyber deception, resilience, and turning attacker behavior into defensive advantage.

Kat Fitzgerald ( @rnbwkat ) a Chicago-based security engineer known for blending technical depth with humor and storytelling. With extensive experience running honeypots across global environments, she brings unique insights into attacker behavior, cyber deception strategies, and real-world operational challenges.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://pretalx.com/bsidesluxembourg-2026/schedule/

📲 Want to navigate the event easily? Check out the full schedule on Hacker Tracker:
https://hackertracker.app/schedule?conf=BSIDESLUX2026

# BSidesLuxembourg2026 #CyberSecurity #Honeypots #ThreatIntelligence #BlueTeam #SecurityResearch