Mastodawn

Who needs developers? #GitHub has just announced that any open GitHub issues can now be assigned to an #AI Agent who will do all the work: 😮

* Fix bugs
* Implement new features
* Improve test coverage
* Update documentation
* Address technical debt
👇
https://docs.github.com/en/copilot/using-github-copilot/coding-agent/about-assigning-tasks-to-copilot

Sam Stepanyan

🐘2d ago

#JWT: 'Attacking JWT using X509 Certificates': how an attacker could sign the JWT token with their own private key and modify the header value to specify their public key for signature verification:
#AppSec
#APIsecurity

https://trustedsec.com/blog/attacking-jwt-using-x509-certificates

Sam Stepanyan

🐘Jun 11

#Nettacker: very pleased to see @helpnetsecurity publishing an article about our #OWASP Nettacker project!
👇
https://www.helpnetsecurity.com/2025/06/11/owasp-nettacker-open-source-scanner/

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment - Help Net Security

OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment.

Help Net Security

Sam Stepanyan

🐘Jun 9

#NPM: New Supply Chain #Malware Hits NPM and #PyPI Package Ecosystems. #ReactNative-Aria & #GlueStack packages with cumulative 1mln+ weekly downloads backdoored overnight - check your dependencies!
#SoftwareSupplyChainSecurity
👇
https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Supply chain attack infects 16 GlueStack npm packages used by 1M weekly users, enabling malware that steals data and controls systems.

The Hacker News

Show thread

Sam Stepanyan

🐘Jun 7

@anant I believe OWASP challenge coins are only available at the OWASP Global AppSec Conferences, the next one is in Washington DC in November:

https://dc.globalappsec.org

OWASP 2025 Global AppSec USA (Washington, DC) | The OWASP Foundation Inc.

Training Dates - November 3-5, 2025Conference Dates - November 6-7, 2025Get ready for the ultimate cybersecurity experience at the OWASP Global AppSec US Conference in Washington, D.C.!From November 3-7, 2025, join over 800 industry experts at the stunning Marriott Marquis for an event that promises to ignite your passion for security. This is your chance to connect, learn, and grow with some of the brightest minds in the field. Prepare to be inspired by powerful keynote speakers and dive deep i...

Glue Up

Sam Stepanyan

🐘Jun 7

IDOR with unpredictable IDs are valid vulnerabilities - blog post by @rez0__

https://josephthacker.com/hacking/cybersecurity/2022/08/18/unpredictable-idors.html

IDORs with unpredictable IDs are valid vulnerabilities

A breakdown of why IDORs with unpredictable IDs are valid vulnerabilities.

Sam Stepanyan

🐘Jun 3

#Chrome: #Google released a fresh Chrome 137 update to address 3 vulnerabilities, including a high-severity #zeroday CVE-2025-5419 exploited in the wild. Make sure to restart your Chrome TODAY to update it:

https://www.securityweek.com/google-researchers-find-new-chrome-zero-day/

DOM Explorer - a brilliant HTML hacking tool!

https://yeswehack.github.io/Dom-Explorer/

Dom-Explorer

Sam Stepanyan

🐘May 31

Many thanks everyone who came to my talk on the OWASP Nettacker project at the #OWASP Global AppSec 2025 Conference in Barcelona!
Several attendees will be joining us to collaborate and contribute! 🚀
👉 https://github.com/OWASP/Nettacker

Sam Stepanyan

🐘May 31

#Deloitte Data Breach: Alleged Leak of Source Code & GitHub Credentials that could potentially grant unauthorized access to Deloitte’s internal development infrastructure, as well as source code from proprietary projects - now on the Darkweb
👇
https://cybersecuritynews.com/deloitte-data-breach/