HTTP/1.1 must die: Dafydd Stuttard on what this means for enterprise security
Andrzej Matykiewicz | 09 October 2025 at 14:06 UTC At Black Hat USA 2025 and DEF CON 33, PortSwigger’s Director of Research, James Kettle, unveiled…
Category: Mix
API Attack Awareness: Injection Attacks in APIs
Injection attacks are among the oldest tricks in the attacker playbook. And yet they persist. The problem is that the core weakness, trusting user inputs…
Layered security in action. How VDP, bug bounty, and PTaaS combine to protect your business.
You asked, and we answered. At Intigriti, we’ve been paying close attention to the questions most frequently asked by those with a bug bounty program…
Revisiting the AI Bubble | Daniel Miessler
I did a short post (and a video) about how AI shouldn’t be thought of as a bubble because a bubble is a false belief…
The future of pentesting is Human x AI, and it’s already in Burp Suite Professional | Blog
Andrzej Matykiewicz | 07 October 2025 at 13:17 UTC The latest Hacker-Powered Security Report from HackerOne makes one thing clear: AI-assisted pentesting isn’t a future…
AI Gives You Outcomes | Daniel Miessler
Here’s an interesting frame I’m messing with. Maybe AI is disruptive to the labor market because it combines tools, operators, and outcomes. So, when companies…
Red, Blue, Purple in Offensive Security
An honest reflection on the realities I’ve faced working as part of a Red Team I work as a security engineer in a corporate Red…
Product comparison: Detectify vs. Qualys
Qualys Pros Its unified platform provides a single pane of glass and powerful reporting capabilities that are ideal for satisfying broad compliance mandates and audit…
![[tl;dr sec] #299 - The Security Engineer's Guide to MCP, IAM Hound Dog, IMDS Anomaly Detection](https://image.cybernoz.com/wp-content/uploads/2025/10/tldr-sec-299-The-Security-Engineers-Guide-to-MCP.png)
[tl;dr sec] #299 – The Security Engineer’s Guide to MCP, IAM Hound Dog, IMDS Anomaly Detection
I hope you’ve been doing well! Zero Signal Podcast – AI in Cybersecurity In Vegas this year I joined my friends Conor Sherman (Sysdig CISO…
API Attack Awareness: Broken Object Level Authorization (BOLA)
For this Cybersecurity Awareness Month, we thought it important to draw attention to some of the most common and dangerous API vulnerabilities. This week, we’re…
Hacking smarter with Burp AI: NahamSec puts Burp AI to the test | Blog
Andrzej Matykiewicz | 01 October 2025 at 14:31 UTC Bug bounty legend, NahamSec, has taken Burp AI for a spin. If you’re curious how Burp…
When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise
In early 2025, we encountered a mission-critical software component called TRUfusion Enterprise on the perimeter of one of our customers that is used to transfer…