Security maturity, complexity, and bug bounty program effectiveness: A deep dive
There are three key elements that, when combined, support the planning of a bug bounty program to attract the right...
Read more →Category: Mix
Why Google I/O Scared This 2007 Apple Fanboy for the First Time
As an Apple Fanboy going back to 2007, this is the first year I’ve felt fear for Apple’s future. And...
Read more →
This Is How They Tell Me Bug Bounty Ends · Joseph Thacker
An AI agent will soon be able to find all the vulnerabilities in any application. Or that’s what they say....
Read more →Hive Five 227 – Developers, Developers, Developers.
I made two new musical discoveries this week: Acid Bath and Ryo Fukui, exploring swamp metal and jazz. I also...
Read more →
The Chinese Room Problem With the ‘LLMs only predict the next token’ Argument
I’m sure you’ve heard the argument that LLMs aren’t really thinking because, according to them, LLMs are just predicting the...
Read more →
Jwt-Hack: Reborn in Rust | HAHWUL
jwt-hack v2 is a complete Rust rewrite, boosting performance, safety, and stability. Back in October 2020, I created a tool...
Read more →
DevSecOps | HAHWUL
Roadmap for everyone who wants DevSecOps DevSecOps is a culture and practice that aims to integrate security into every phase...
Read more →
JWT-HACK | HAHWUL
JSON Web Token Hack Toolkit # Cargo cargo install jwt-hack # Brew brew tap hahwul/jwt-hack brew install jwt-hack JWT-HACK is...
Read more →![[tl;dr sec] #282 - Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery](https://cybernoz.com/wp-content/uploads/2025/06/tldr-sec-282-Weaponizing-Dependabot-Ultimate-Guide-to-JWT.png "[tl;dr sec] #282 - Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery 10")
[tl;dr sec] #282 – Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery
Using Dependabot to merge malicious code and bypass branch protections, JWT attack guide with mitigations and labs, AI agents found...
Read more →
Addressing API Security with NIST SP 800-228 — API Security
According to the Wallarm Q1 2025 ThreatStats report, 70% of all application attacks target APIs. The industry can no longer...
Read more →
A Better Way to Think About AI Job Replacement
You don’t have to believe that companies want to fire all their employees to see AI’s threat to jobs. That’s...
Read more →
What does it take to become CREST-accredited? Top 10 questions answered.
CREST is the gold standard for quality assurance accreditation in the cybersecurity industry. It is a globally recognised not-for-profit cybersecurity...
Read more →