Why API security is different (and why it matters)
Two months in at Detectify and I’ve realized something: API security is a completely different game from web application security....
Read more →Category: Mix
The Government Solution to AI Inequality Might Be UBI + Really Good Games
Or maybe 99-1. UBI is an obvious choice for calming the masses when the world turns into a lopsided 90-10...
Read more →
Hacking the Nokia Beacon 1 Router: UART, Command Injection, and Password Generation with Qiling
ICYMI: My No Starch Press book “From Day Zero to Zero Day” is an Amazon bestseller – grab your copy...
Read more →
Explore vs. Exploit: The Pattern-Novelty Balance
There’s a real cool concept that I always come back around to, which is the oscillation between “explore” and “exploit.”...
Read more →
API Security Platform of the Year 2025 — API Security
2025 has been one of Wallarm’s biggest years yet. In the last few months alone, we unveiled our industry-first API...
Read more →
Product comparison: Detectify vs. Tenable
Tenable Pros Holistic view of the entire IT estate, from external web servers to internal workstations and cloud infrastructure. Through...
Read more →![[tl;dr sec] #300 - Security Headcount Ratios + Hiring Plan, MCP Security, Compliance](https://cybernoz.com/wp-content/uploads/2025/10/tldr-sec-300-Security-Headcount-Ratios-Hiring-Plan-360x270.png "[tl;dr sec] #300 - Security Headcount Ratios + Hiring Plan, MCP Security, Compliance 13")
[tl;dr sec] #300 – Security Headcount Ratios + Hiring Plan, MCP Security, Compliance
I hope you’ve been doing well! Episode 300 This issue will be a bit shorter as I’ve been in Tahoe...
Read more →
HTTP/1.1 must die: Dafydd Stuttard on what this means for enterprise security
Andrzej Matykiewicz | 09 October 2025 at 14:06 UTC At Black Hat USA 2025 and DEF CON 33, PortSwigger’s Director...
Read more →
API Attack Awareness: Injection Attacks in APIs
Injection attacks are among the oldest tricks in the attacker playbook. And yet they persist. The problem is that the...
Read more →
Layered security in action. How VDP, bug bounty, and PTaaS combine to protect your business.
You asked, and we answered. At Intigriti, we’ve been paying close attention to the questions most frequently asked by those...
Read more →
Revisiting the AI Bubble | Daniel Miessler
I did a short post (and a video) about how AI shouldn’t be thought of as a bubble because a...
Read more →
The future of pentesting is Human x AI, and it’s already in Burp Suite Professional | Blog
Andrzej Matykiewicz | 07 October 2025 at 13:17 UTC The latest Hacker-Powered Security Report from HackerOne makes one thing clear:...
Read more →