Customizing Your Claude Code Spinner Verbs
Most people don’t think about spinner text. It’s that little “Thinking…” or “Processing…” that ticks by while Claude Code works. Background noise. Furniture. Daniel went…
Category: Mix
Discovering Negative-Days with LLM Workflows
By now, you may have Anthropic’s zero-days blogpost where an “out-of-the-box” Claude Opus 4.6 workflow was used to find 500 vulnerabilities in open-source projects. While…
![[tl;dr sec] #311 - Slack's Security Agents, Cloud-Native Detection Engineering, Trail of Bits' Claude Skills](https://image.cybernoz.com/wp-content/uploads/2026/01/tldr-sec-311-Slacks-Security-Agents-Cloud-Native-Detection-Engineering.png){kind=small}
[tl;dr sec] #314 – ClawdBot Security, Security Scorecards, Threat Framework for SDLC Infrastructure
I hope you’ve been doing well! ClawdBot Security Well… what an exciting week to be in security ClawdBot Moltbot OpenClaw exploded with popularity as a…
global bug bounty adoption accelerates, led by the U.S.
Bug bounty programs have evolved from a niche security tactic into a core component of modern defense strategies worldwide. In this blog, we focus on the US: one of the…
Introducing Detectify Internal Scanning for internal vulnerability scanning behind the firewall
TL;DR We’re launching Internal Scanning, bringing our proprietary security engines, research-led crawling and fuzzing engine for internal vulnerability scanning behind your firewall. Built by Detectify’s…
Ticket Tricking OpenSSL.org with Google Groups
Over the holidays, I found some time to work on a small idea I had for a while. As a sometimes-Google Workspace admin with a…
InsertScript: SiteKiosk – Breakout
SiteKiosk – Breakout It has been a while since my last blog post, therefore I am going to share two possible bypasses for the software…
InsertScript: Multiple PDF Vulnerabilities – Text and Pictures on Steroids
/*UPDATE */ @irsdl brought two import links to my attention: 2010 formcalc: http://t.co/6OfGLa9Cu1 2013 XXE + SOP Bypass: http://t.co/VZMSVg3HtN It seems like Adobe knew about the SOP issue…
InsertScript: MHTML: x-usc – A feature from the past
What is mhtml ? For those who have never saved a complete web page in Internet Explorer, mhtml or its extensions .mht is most likely…
InsertScript: PDF – How to steal PDFs by injecting JavaScript
Intro Quite some time has passed since my last blog post, so I decided to present a nice feature of PDF. I will use a…
DLL Hijacking via URL files
This blogpost describes how I got annoyed by vulnerabilities in 3rd party Windows applications, which allowed to execute local files but without parameters. So I…
InsertScript: Adobe Reader – PDF callback via XSLT stylesheet in XFA
I have seen on twitter that there is use for another PDF callback Proof-of-Concept in Adobe Reader. Last year a PDF file called “BadPDF” was…