This Is How They Tell Me Bug Bounty Ends · Joseph Thacker
An AI agent will soon be able to find all the vulnerabilities in any application. Or that’s what they say. We’ll have no need for…
Category: Mix
Hive Five 227 – Developers, Developers, Developers.
I made two new musical discoveries this week: Acid Bath and Ryo Fukui, exploring swamp metal and jazz. I also attempted to fix our broken…
The Chinese Room Problem With the ‘LLMs only predict the next token’ Argument
I’m sure you’ve heard the argument that LLMs aren’t really thinking because, according to them, LLMs are just predicting the next token… And that output…
Jwt-Hack: Reborn in Rust | HAHWUL
jwt-hack v2 is a complete Rust rewrite, boosting performance, safety, and stability. Back in October 2020, I created a tool called jwt-hack to make security…
DevSecOps | HAHWUL
Roadmap for everyone who wants DevSecOps DevSecOps is a culture and practice that aims to integrate security into every phase of the software development lifecycle…
JWT-HACK | HAHWUL
JSON Web Token Hack Toolkit # Cargo cargo install jwt-hack # Brew brew tap hahwul/jwt-hack brew install jwt-hack JWT-HACK is a CLI tool for analyzing…
![[tl;dr sec] #282 - Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery](https://image.cybernoz.com/wp-content/uploads/2025/06/tldr-sec-282-Weaponizing-Dependabot-Ultimate-Guide-to-JWT.png)
[tl;dr sec] #282 – Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery
Using Dependabot to merge malicious code and bypass branch protections, JWT attack guide with mitigations and labs, AI agents found a new Linux Kernel USB…
Addressing API Security with NIST SP 800-228 — API Security
According to the Wallarm Q1 2025 ThreatStats report, 70% of all application attacks target APIs. The industry can no longer treat API security as a…
A Better Way to Think About AI Job Replacement
You don’t have to believe that companies want to fire all their employees to see AI’s threat to jobs. That’s negative framing. Most company leaders…
What does it take to become CREST-accredited? Top 10 questions answered.
CREST is the gold standard for quality assurance accreditation in the cybersecurity industry. It is a globally recognised not-for-profit cybersecurity authority that rigorously assesses organisations…
Finding Hidden Parameters: Advanced Enumeration Guide
Reconnaissance plays an integral part in bug bounty hunting, with hidden parameter discovery an even more crucial role as they are often left with inadequate…
Hive Five 226 – Mastery vs. Management
I took my laptop on the road and outside several times this week while it was sunny, and it made me appreciate light mode in…