https://winbuzzer.com/2026/06/21/pypi-malware-wave-exposes-weak-ai-scanner-boundary-xcxwbn/
PyPI Malware Wave Exposes Weak AI Malware Scanner Boundary
#AI #PyPI #Malware #AISecurity #Cybersecurity #Javascript #AISafety #AntiMalware #SecurityResearch #CyberThreats
Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.
Check out some of the sessions: https://loom.ly/qC3L65o
@owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch
You demonstrate a fileless RCE chain. Complex delivery, in-memory execution, zero detections, confirmed working on multiple devices.
The vendor reviews it twice, involves engineering, then tells you:
"Your research demonstrates a complex chain for delivering and executing code."
...and closes it as 'intended behavior. Not a platform vulnerability.'
Question: is it a vulnerability?
Follow-up: does your answer change if the attack surface exists *between* components — where no single owner's scope definition covers the full chain?
Asking because I have a paper dropping soon about that.
#VRP #responsibleDisclosure #semanticGap #infosec #securityResearch
I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.
Hack Hub is a curated directory of useful security resources.
#CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech
https://winbuzzer.com/2026/06/03/toronto-ai-worm-prototype-tests-adaptive-malware-risk-xcxwbn/
Researchers built a contained AI powered malware worm that adapts attacks across lab hosts, exposing how local open-weight models complicate malware containment.
#AI #AIAgents #AISecurity #AIResearch #Cybersecurity #Malware #SecurityVulnerabilities #CyberThreats #SecurityResearch
https://winbuzzer.com/2026/06/02/microsoft-backs-off-threats-against-security-researchers-xcxwbn/
Microsoft has ruled out action against security researchers after a backlash, narrowing legal risk around its wider disclosure dispute.
#SecurityResearch #Microsoft #Security #Cybersecurity #ZeroDay #MicrosoftWindows #WindowsSecurity #WindowsVulnerability #Windows11
Bug Bounty situation = Netflix & Piracy situation?
*Boosts welcome
I want to hear your opinion on an idea I had recently:
So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.
I was wondering if the same thing would/is happening in the bug bounty world.
As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?
After all, many researchers do this to make a living, and not be a knight on a white horse.
And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.
what do you think?
I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
is it already happening?
Shodan Dork Cheat Sheet
In this cheat sheet, I cover useful Shodan search queries, filtering techniques, and practical reconnaissance workflows for cybersecurity assessments
https://denizhalil.com/2023/12/19/shodan-dork-cheat-sheet/
#CyberSecurity #Shodan #OSINT #Reconnaissance #AttackSurface #ThreatIntelligence #Pentesting #RedTeam #InfoSec #EthicalHacking #SecurityResearch #DenizHalil
Back in January 2025, multiple different security researchers published a total of 6 security vulnerabilities in rsync, some of which allow arbitrary code execution and file leaks, so naturally I was wondering whether/how my gokrazy/rsync implementation was affected. Did implementing my own (compatible, but minimal) rsync in Go, a modern and memory-safe programming language, really rule out entire classes of security vulnerabilities?
New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.
We’re also releasing ELBaph — a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.
https://blog.doyensec.com/2026/05/25/cloudsectidbits-elbaph-alb.html
#AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch
Winbuzzer
NowSecure
Caria Giovanni - Harpocrates
hoek 💎
InfiniteRedirects
halil deniz
ティージェーグレェ
Doyensec