The Ongoing Risks of Hardcoded JWT Keys — API Security
In early May 2025, Cisco released software fixes to address a flaw in its IOS XE Software for Wireless LAN Controllers (WLCs). The vulnerability, tracked…
Category: Mix
The link between security maturity and bug bounty success
What defines a security maturity posture? A security maturity posture refers to an organization’s ability to detect, manage, and mitigate security vulnerabilities and risks. It…
Reverse Engineering Granola to Get Notes In Obsidian · Joseph Thacker
I love granola.ai. Everyone I know is using it for meeting transcription. I’ve been using it to transcribe my calls and meetings for months. But…
![[tl;dr sec] #278 - North Korean IT Workers, How Sentinel One Defends Itself, How Threat Actors Use Claude](https://image.cybernoz.com/wp-content/uploads/2025/05/tldr-sec-278-North-Korean-IT-Workers-How-Sentinel.png)
[tl;dr sec] #278 – North Korean IT Workers, How Sentinel One Defends Itself, How Threat Actors Use Claude
Several posts on DPRK IT workers infiltrating companies, Sentinel One on fighting off threat actors, Anthropic shares how attackers were using Claude I hope you’ve…
How Attackers Are Exploiting Business Logic
As businesses rely more on APIs, attackers are quick to turn that trust into opportunity. Among the most dangerous and difficult-to-detect threats are business logic…
AI Solution Factories | Daniel Miessler
Everyone is trying to figure out whether developers are screwed or not. Some say they are, and others say more AI just means more need…
Hive Five 222 – How to Move Fast
In July 1995, Tatu Ylonen sent the following e-mail to IANA: From ylo Mon Jul 10 11:45:48 +0300 1995 From: Tatu Ylonen [email protected]To: Internet Assigned…
![[tl;dr sec] #277 - Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security](https://image.cybernoz.com/wp-content/uploads/2025/05/tldr-sec-277-Cybersecurity-AntiPatterns-64K-from-Deleted-Files.png)
[tl;dr sec] #277 – Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security
How to avoid Busywork Generators, bug bounty story of secrets in deleted files, new AI security tools and evals from Meta I hope you’ve been…
What’s New & How It Helps You
As we have entered Q2 2025, let’s dive into key improvements and new features introduced on the Intigriti platform in Q1, the value they bring,…
Introducing the Glazing Score · Joseph Thacker
ChatGPT has been lying to users to make them happy as a part of OpenAI’s effort to “improve personality”, and maybe that’s fine for some…
Using AI to find web app vulnerabilities: hacking expert John Hammond takes Burp AI for a spin | Blog
Amelia Coen | 30 April 2025 at 13:23 UTC 1000s of pentesters are currently using Burp AI features to hack smarter by eliminating tedious tasks…
Hive Five 221 – Underdoing the Competition
I’m still running daily, but I’ve swapped some days for walking with a weighted vest. The main limitation I’m currently facing is the lack of…