8 Tips for writing effective bug bounty reports
So, you’ve found a valid security vulnerability in one of your bug bounty programs, now it’s time to write the report. Finding the vulnerability was…
Category: Mix
The future of security testing: harness AI-Powered Extensibility in Burp | Blog
Amelia Coen | 13 February 2025 at 13:52 UTC Our commitment to innovation At PortSwigger, we’re always striving to push the boundaries of what’s possible…
![[tl;dr sec] #270 - APT Attack Simulation, AWS Phishing, 7 Security Flywheels](https://image.cybernoz.com/wp-content/uploads/2025/03/1743075542_tldr-sec-270-APT-Attack-Simulation-AWS-Phishing-7.png)
[tl;dr sec] #270 – APT Attack Simulation, AWS Phishing, 7 Security Flywheels
I hope you’ve been doing well! This is a story, all about how… Recently some friends and I saw a Fresh Prince of Bel Air…
Hive Five 216 – The Hacker Always Wins
Habits are so good. They even compound! But, they can be hard to start and maintain. I’ve successfully started new ones and then stacked on…
![[tl;dr sec] #271 - Threat Modeling (+ AI), Backdoored GitHub Actions, Compromising a Threat Actor's Telegram](https://image.cybernoz.com/wp-content/uploads/2025/03/1743072871_tldr-sec-271-Threat-Modeling-AI-Backdoored-GitHub.png)
[tl;dr sec] #271 – Threat Modeling (+ AI), Backdoored GitHub Actions, Compromising a Threat Actor’s Telegram
Threat modeling (with) LLMs, tj-actions woes, reading a threat actor’s Telegram C2 I hope you’ve been doing well! Working on Your Personality One family ritual…
Security Update: Publicly Exposed Ingress NGINX Admission
A series of vulnerabilities, known as IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974), have been identified in ingress-nginx, a widely used Kubernetes ingress controller. When exploited together,…
Intigriti insights into latest beg bounty scam
The Intigriti team have recently observed an abuse scenario, trending across the industry, where malicious actors are posing as legitimate white-hat hackers, deceiving targeted companies…
The Hidden Risks Lurking in Your Business Logic
Modern organizations are becoming increasingly reliant on agentic AI, and for good reason: AI agents can dramatically improve efficiency and automate mission-critical functions like customer…
How AI Agents and APIs Can Leak Sensitive Data
Most organizations are using AI in some way today, whether they know it or not. Some are merely beginning to experiment with it, using tools…
DNS is the center of the modern attack surface – are you protecting all levels?
If you are a mature organization, you might manage an external IP block of 65,000 IP addresses (equivalent to a /16 network). In contrast, very…
Coding is Thinking | Daniel Miessler
We can’t stop learning fundamentals just because tech can do them February 28, 2025 Not learning to code just because there are AI coding agents…
Access control vulnerability in the retail industry. Cross-Site Scripting (XSS) use case.
Large-scale operations and the extensive attack surface of the retail industry render it particularly susceptible to cybercrime, on a global scale. Websites, mobile apps, and…