Weekly Update 505
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…
Security
Friday Squid Blogging: Regulating Squid Fishing in the South Pacific
The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As usual, you…
What is an IDOR vulnerability?
Insecure direct object references (IDOR) are a type of access control vulnerability where an application exposes internal object identifiers –…
CISA Security Leak
Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub…
macOS Kernel Memory Corruption Exploit
A group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5.…
Your session cookies are probably misconfigured: How to fix cookie security flags
Understand how to correctly implement cookie security flags in modern web applications. Includes practical examples, browser behavior nuances, and guidance…
Hackers Stealing Bank Accounts from iPhone and Android Users Using AI
As the AI universe expands, so have the cybercriminals that use AI for hacking. Recent reports are showing that bank…
SPF, DKIM, and DMARC: The Foundational Protocols Behind Email Authentication
Email security is not something that is achieved in a single step. Each email you send passes through multiple checkpoints,…
I Asked AI to Break Into My Lab Server. It Changed How I Think About Security.
AI is not just answering security questions anymore. It is helping operationalize security workflows. That makes weak systems easier to…
On AI Security
Good report: Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize…