My Current Definition of AGI
People throw the term “AGI” around like it’s nothing, but they rarely define what they mean by it. So most discussions about AGI (and AI…
Category: Mix
Yes. LLMs can create convincingly human output. · rez0
Why LLMs don’t sound human, strategies to fix it, and real examples. I’ve talked to a lot of people that think it’s obvious when text…
Reborn XSpear 🔱
제가 Dalfox 를 개발하기 전에 Ruby로 작성했었던 XSpear란 도구가 있었습니다. 동일하게 XSS를 테스팅하기 위한 도구였고, 현재 성능은 당연히 Dalfox쪽이 압도적으로 좋은 상태입니다. 그리고 작년부터 XSpear에…
Improve DevOps Security With Code Security Audit
Use Code Security Audit for DevOps DevOps teams may care about security, but it is not their area of expertise and it is not a…
Proposed Legislation Requires Federal Contractors Implement VDPs
Federal contractors play a critical role in supporting the U.S. government. Because of their access to federal systems and data, they have the potential to…
Advisory: Flarum LFI – Assetnote
Summary An attacker with a basic user forum account can specify a malicious avatar URL that discloses the contents of arbitrary local files on the…
Leaking File Contents with a Blind File Oracle in Flarum – Assetnote
Flarum is a free, open source PHP-based forum software used for everything from gaming hobbyist sites to cryptocurrency discussion. A quick survey on Shodan suggests…
API5:2023 Broken Function Level Authorization
Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…
API Abuse – Lessons from the Duolingo Data Scraping Attack
It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API…
The Prompt Injection Primer · rez0
Bringing clarity to questions about Prompt Injection Security Everyone loves talking about prompt injection, but the real impact to an application is often hard to…
Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements
We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four (4) days. Now the National Credit Union…
[tl;dr sec] #196 – How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain
I hope you’ve been doing well! What We’re Known For It’s long had a place in my heart, as I loved the TV show as…