Good and Bad Harness Engineering
There is a right and wrong way to do Harness Engineering. What makes it right or wrong mostly comes down to whether you’re following the…
Category: Mix
duty-free.cc
forum.duty-free.cc is a Russian-language forum focused on information security and hacking-related topics, where users discuss penetration testing, vulnerabilities, exploits, OSINT, and real-world cases. The platform…
AI Only Has to Beat 3/10
I think there’s a misconception about how AI will break and change things. The Mythos hype has convinced people that AI is about to be…
It’s Time for Full Activation
I’ve been experiencing a feeling lately that’s massive and hard to pin down. But here goes. If you remember my piece on Constraints on Creativity,…
How to Avoid Aperture Collapse
I’ve been playing with this idea of Aperture Collapse. It’s a problem I have that I suspect a lot of people have as well. It’s…
A(I) future of Bug Bounty
AI and all the tools built around related technologies have been working their way into the Bug Bounty community for a little over a year…
![[tl;dr sec] #323 - Anthropic Mythos, Security Program Politics, Vulnerability Research is Cooked](https://image.cybernoz.com/wp-content/uploads/2026/04/tldr-sec-323-Anthropic-Mythos-Security-Program-Politics-Vulnerability-600x340.png)
[tl;dr sec] #323 – Anthropic Mythos, Security Program Politics, Vulnerability Research is Cooked
High School Reflections As you might guess from the fact that I write a cybersecurity newsletter, I was pretty cool in high school. I remember…
We’re Getting the Wrong Message from Mythos
We’re missing a much bigger point on Mythos. It wasn’t even trained specifically for cybersecurity. It’s just that much better at doing work in general.…
The 29-minute Breakout: Why monthly vulnerability scanning no longer works
TLDR: We attended Cyber Security 2026: Kritisk infrastruktur in Stockholm, and the reality check was simple: “breakout time” has hit a record low of 29…
The 22-minute Breakout: Why monthly vulnerability scanning no longer works
TLDR: We attended Cyber Security 2026: Kritisk infrastruktur in Stockholm, and the reality check was simple: “breakout time” has hit a record low of 22…
Five takeaways from the UK’s Cyber Security & Resilience Bill
The content of the Cyber Security & Resilience Bill (CSRB) recently introduced to Parliament contained few surprises. Having spent a significant amount of time working…
PortSwigger partners with Meta Bug Bounty to empower bug hunters with training and Pro licenses
Fran Hutchings | Tuesday, 7 April 2026 at 12:12 UTC We’re excited to announce a new partnership with Meta Bug Bounty, bringing together two organizations…