🔍Researcher Eviatar Gerzi uncovered 2 vulnerabilities in #Portainer! 🛡️
Learn how #CodeQL helped identify a blind SSRF and insecure encryption in this popular container management tool.
Read the full analysis here:
I'm really looking forward to this weekend and @BSidesDFW. I'm putting the finishing touches on my lab exercises. I'm also giving the UNCENCORED version of my #SocialEngineering presentation.
Principal researcher Shaked Reiner just published this eye-opening article about a security vulnerability in #LargeLanguageModels (#LLMs ) that allowed him to execute arbitrary code on a server through a simple chat prompt.
https://www.cyberark.com/resources/threat-research-blog/anatomy-of-an-llm-rce
🚨Azure DevOps Users: Is Your Pipeline Secure?🚨
A must-read security analysis by Eviatar Gerzi reveals potential vulnerabilities in Azure DevOps job execution. This comprehensive blog post is a wake-up call for anyone using Azure Pipelines in their development process.
What you'll learn:
âś… How Azure DevOps pipelines really work behind the scenes
⚠️ Security risks in self-hosted agents
🔑 Ways attackers could escalate privileges
🛡️ Best practices to secure your pipelines
Protect your projects and stay ahead of potential threats.
Share your thoughts and experiences in the comments below!
🤖LLMs can be manipulated to execute harmful commands. New research reveals critical security flaws in popular AI models. Learn how you can manipulate AI to execute malicious commands in this must-read article by Shaked Reiner.
https://www.cyberark.com/resources/threat-research-blog/ai-treason-the-enemy-within
Check out how a gaming cheat dev gets caught bundling an infostealer in his code, and then gets ratted out by his coworker!
🤔Curious about the history and evolution of video game cheating? 🤔
Our latest blog, Devid El covers everything from built-in cheats to advanced DMA methods. Discover how developers fight back and the risks involved.
Read more here: https://www.cyberark.com/resources/threat-research-blog/a-brief-history-of-game-cheating
🚨 NEW BLOG POST 🚨
In an astonishing turn of events, a cheat developer for the popular game #EscapeFromTarkov was caught embedding information-stealing malware in his software.
Read our detailed analysis to learn more about this double-dipping scandal and its consequences.
"When ChatGPT hit the public in late 2022, it triggered a spate of references to Skynet. While it’s still a far cry from the dystopian surveillance neural network in the movie Terminator, it does pose unique security challenges that need to be grappled with." @Andy_Thompson
Local Privilege Escalation vulnerability found (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic Privilege Manager).
Andy Thompson (rainmaker)
