Lessons for API and AI Security
IBM’s 2025 Cost of a Data Breach Report offers one of the clearest and most comprehensive views yet of how AI adoption is shaping the…
Category: Mix
Before bounties: know your assets
If you are unaware of what’s running in your environment, you can’t patch, monitor, or secure it. The simple fact is, you can’t defend what…
Hacking misconfigured Firebase targets: A complete guide
Google Firebase is a popular back-end application development platform that provides several built-in components and services, allowing developers to seamlessly build interactive web and mobile…
I’m Worried It Might Get Really Bad
I’m starting to worry things might get very bad, very soon. Not like in a year or two, but maybe in a few months. As…
Why Dwarkesh Is Wrong About AGI
Dwarkesh Patel is one of my favorite thinkers right now. I just love the intensity of his curiosity. I love how broad his interests are.…
The Worst AI Metric
The “how many r’s in strawberry” test for AI intelligence is dumb. As a writer to write a quality sentence for the book they’re working…
![[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review](https://image.cybernoz.com/wp-content/uploads/2025/08/tldr-sec-291-Build-a-GuardDuty-Triage-Agent-Scaling.png)
[tl;dr sec] #291 – Build a GuardDuty Triage Agent, Scaling Netflix’s Threat Detection Pipelines, Claude for Security Review
Hacker Summer Camp Once more, hackers have descended onto Vegas for our annual Hacker Summer Camp pilgrimage. I hope you enjoy the talks, meet some…
The Desync Delusion: Are You Really Protected Against HTTP Request Smuggling?
Andrzej Matykiewicz | 06 August 2025 at 22:22 UTC The Hidden Threat That’s Slipping Past Your Security HTTP request smuggling remains one of the most…
HTTP/1.1 Must Die: What This Means for Contract Pentesters and MSSPs
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research, James Kettle, issued a stark…
HTTP/1.1 Must Die: What This Means for Bug Bounty Hunters
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research, James Kettle, issued a stark…
HTTP/1.1 Must Die: What This Means for In-House Pentesters
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research, James Kettle, issued a stark…
HTTP/1.1 Must Die: What This Means for AppSec Leadership
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research, James Kettle, issued a stark…