The crypto world is rife with smart contracts that have been outsmarted by attackers, with consequences in the millions of dollars (and more!). Shashank shares his research into scanning contracts for flaws, how the classes of contract flaws have changed in the last few years, and how optimistic we can be about the future of this space.
Segment Re...
Evaluation of the firm's online resources led to the identification of a DockerHub organization containing a Docker image that not only contained the company's backend systems source code but also a .git folder with a GitHub Actions authorization token.
We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important to the web hacking community, and what inspires the kind of research that makes it onto the list. We discuss why we keep seeing eternal flaws like XSS and SQL injection making these lists year after ye...
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming.
At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for...
The flaw, which was linked to an unpatched issue in the Chrome browser integrated into Facebook’s ad infrastructure, could grant malicious actors control over the server.
Curl and Python (and others) deal with bad vuln reports generated by LLMs, supply chain attack on Solana, comparing 5 genAI mistakes to OWASP's Top Ten for LLM Applications, a Rust survey, and more!
Microsoft has announced the Zero Day Quest, an expanded bug bounty initiative offering $4 million in potential rewards for identifying vulnerabilities in its cloud and artificial intelligence technologies.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
