Root for Your Friends · Joseph Thacker
Heads‑up: The concept of this post might seem trivial, but it can improve your career, happiness, and the people you care about. Proceed without caution.…
Category: Mix
Intigriti Bug Bytes #224 – May 2025
Hello Hackers Spring is in the air, and so is the sweet scent of freshly reported bugs. Intigriti’s blooming too—each month, we squad up with…
![[tl;dr sec] #280 - Hardening GitHub Actions, Uber's Multi-Cloud Secret Management, Prompts are the New IOCs](https://image.cybernoz.com/wp-content/uploads/2025/05/tldr-sec-280-Hardening-GitHub-Actions-Ubers-Multi-Cloud-Secret.png)
[tl;dr sec] #280 – Hardening GitHub Actions, Uber’s Multi-Cloud Secret Management, Prompts are the New IOCs
Detailed guide on all the ways to harden GitHub Actions, Uber’s Secret Management Platform that manages >150,000 secrets, “LLM TTPs” + a tool to detect…
Attackers Abuse TikTok and Instagram APIs — API Security
It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX…
Mapping the Future of AI Security
AI security is one of the most pressing challenges facing the world today. Artificial intelligence is extraordinarily powerful, and, especially considering the advent of Agentic…
Elevate your testing with Burp AI: watch Clint Gibler’s exclusive interview with PortSwigger’s Dafydd Stuttard and James Kettle
Amelia Coen | 21 May 2025 at 07:54 UTC AI is transforming Application Security, and PortSwigger is leading the charge. In a must-watch interview, Clint…
CREST Accreditation Reinforces Intigriti’s Pentesting Excellence
Intigriti, a global crowdsourced security provider, is delighted to announce that it is now CREST accredited. CREST, a globally recognised not-for-profit authority in cyber security,…
Hive Five 224 – Happiest Country on Earth
Most tech tends to isolate us, but let’s not forget how crucial real-world experiences are. I just got back from a three-day work offsite, and…
CORS Misconfigurations: Advanced Exploitation Guide
CORS misconfiguration vulnerabilities are a highly underestimated vulnerability class. With an impact ranging from sensitive information disclosure to facilitating SSRF attacks, this client-side security vulnerability…
![[tl;dr sec] #279 - Security for High Velocity Engineering, Cloud Incident Readiness, AI-powered Malware Implants](https://image.cybernoz.com/wp-content/uploads/2025/05/tldr-sec-279-Security-for-High-Velocity-Engineering-Cloud.png)
[tl;dr sec] #279 – Security for High Velocity Engineering, Cloud Incident Readiness, AI-powered Malware Implants
I hope you’ve been doing well! I’m absolutely thrilled to share a new guest post from my friend Jason Chan. Jason was the VP of…
Developer Leaks API Key for Private Tesla, SpaceX LLMs — API Security
In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly…
a first step to a more centralized approach
We’re pleased to share a significant new change to our platform for companies. Our goal is to empower our customers with clear, actionable insights into…