Bug bounty Tips

Открыть в Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

Больше

Индия58 680 Технологии и приложения17 583

5 779

Подписчики

+1024 часа

+887 дней

+41930 день

459

Просмотры поста

~ 21924 часа

~ 26848 часов

7.94%

Коэффициент вовлеченности

~ 4

Постов в день

Ads index

beta

Архив постов

5 780

#tools #AIOps "SkillTester: Benchmarking Utility and Security of Agent Skills", Mar. 2026. // Benchmark system for testing skills with a repeatable agent workflow

5 780

#cryptography "Cryptanalysis of a Lightweight RFID Authentication Protocol Based on a Variable Matrix Encryption Algorithm", Mar. 2026. // Taken together, our results indicate that the protocol is structurally insecure and admits a realistic route to full compromise in the lightweight parameter regime advocated for deployment

5 780

#Malware_analysis 1⃣ Bogus Avast website fakes virus scan, installs Venom Stealer instead https://www.malwarebytes.com/blog/threat-intel/2026/03/bogus-avast-website-fakes-virus-scan-installs-venom-stealer-instead 2⃣ Supply Chain Attack on Axios https://socket.dev/blog/axios-npm-package-compromised 3⃣ SHA Pinning Is Not Enough.. https://rosesecurity.dev/2026/03/24/sha-pinning-is-not-enough.html

5 780

#Research #Hardware_Security "Attacking AI Accelerators by Leveraging Arithmetic Properties of Addition", Mar. 2026. // A new hardware aging attack that exploits commutative properties of addition to disrupt the multiply-and-add operation that forms the backbone of almost all AI models. Experimental results demonstrates that the proposed attack degrades inference accuracy by up to 64% in 4 years, posing a significant threat to AI accelerators. The attack can also be extended to arithmetic units of general-purpose processors

5 780

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Mar.21-28, 2026) 1⃣ Telegram 0-click RCE // CVSS: 9.8 2⃣ litellm PyPI package (v1.82.7 + v1.82.8) compromised // full timeline and status 3⃣ Claude security configurations // Enhanced security configurations for Claude on MacOS 4⃣ Business TikTok accounts targeted with AITM phishing kits 5⃣ Exploiting AQL Injection Vulnerabilities in ArangoDB // This post serves as a comprehensive reference for pentesters seeking detailed insight into AQL injections and how they can be exploited 6⃣ Infiniti Stealer // New macOS infostealer using ClickFix and Python/Nuitka 7⃣ Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack // On Mar.19,2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions 8⃣ strongSwan CVE-2026-25075: Integer Underflow in VPN Authentication // Critical integer underflow vulnerability in strongSwan 4.5.0-6.0.4 allows attackers to cause DoS via malformed EAP-TTLS messages ]-> P.S. The past week has demonstrated that attackers' focus has finally shifted to developer tools (AI libraries, CI/CD) ... ]-> Analytical review (Mar.14-21, 2026)

5 780

#AIOps #DevOps #MLSecOps AI Security Solutions Landscape for LLM and Gen AI Apps, Q2 2026. See also: ]-> AI Security Solutions Landscape for Agentic AI Q2 2026 ]-> OWASP GenAI Data Security Risks & Mitigations 2026

5 780

#AppSec #WebApp_Security "A Large-Scale Study of Telegram Bots", Mar. 2027. ]-> Dataset // This research provides the first large-scale characterization of Telegram bots by analyzing over 32K bots and 492M messages. The authors developed an automated interaction system to classify bots, uncovering both beneficial applications and sophisticated malicious infrastructures

5 780

#tools #MLSecOps "Claudini: Autoresearch Discovers State-of-the-Art Adversarial Attack Algorithms for LLMs", Mar. 2026. ]-> Code repository // This paper demonstrates that LLM agents can automate AI safety research by autonomously discovering novel white-box adversarial attacks. The resulting algorithms significantly outperform over 30 existing methods, achieving up to 100% success rates in jailbreaking and prompt injection evaluations across various models. These findings highlight the potential for LLM agents to accelerate security red-teaming through iterative optimization and quantitative feedback

5 780

#NetSec #cryptography "Analyzing the WebRTC Ecosystem and Breaking Authentication in DTLS-SRTP", 2026. ]-> Repo // In this work developing an automated MitM testing framework (DTLS-MitM-Scanner) to test the DTLS channel of a DTLS-SRTP connection

5 780

#AIOps #Research "Malicious Or Not: Adding Repository Context to Agent Skill Classification", Mar. 2026. ]-> Repo // The largest empirical security analysis of the AI agent skill ecosystem

5 780

#Whitepaper "Implementing Micro-Segmentation in a Legacy Enterprise Lab Network: A Zero Trust Approach to Reducing Lateral Movement, Improving Containment, and Controlling Operational Overhead", Jan. 2026. // This study evaluates micro-segmentation as a practical Zero Trust control in a Windows Active Directory lab that models common legacy dependencies (directory services, file services, a web tier, and a database tier)

5 780

#info #Events #MLSecOps [un]prompted 2026: The AI Security Practitioner Conference, March 3-4, The Hibernia, San Francisco. https://github.com/ethanolivertroy/unpromptedcon-2026-slides // 49 slide decks from talks across both days and both stages, covering AI agents, offensive AI, LLM security, governance, and the agentic future

5 780

#tools #AIOps #MLSecOps "Auditing MCP Servers for Over-Privileged Tool Capabilities", Mar. 2026. // MCP Tools Detection provides a comprehensive, multi-layered defense mechanism combining static code analysis (AST-based) with dynamic runtime monitoring (eBPF-based) to identify malicious or vulnerable MCP servers before they can compromise an agentic workflow

5 780

#Whitepaper #Offensive_security "Leveraging Generative AI for Password Cracking Efficiency Under Resource Constraints", Jan. 2026. // The purpose of this research is to investigate whether GenAI can alleviate the hardware and financial burdens of password cracking/recovery while maintaining or even improving cracking success rates...

5 780

#Whitepaper #Blue_Team_Techniques "Enhancing Linux Threat Detection: A Sysmon - Based Approach to Identifying Sandworm TTPs", Mar. 2026. // Linux systems have become foundational across modern IT enterprises. Threat actors are increasingly targeting Linux systems, including well - known APTs such as Sandworm. This research evaluates the effectiveness of Sysmon for Linux in detecting Sandworm TTPs compared to the more established Linux auditd See also: ]-> The Sysmon Community Guide, v.2.0, Dec.2025

5 780

#tools #Threat_Research "ProHunter: A Comprehensive APT Hunting System Based on Whole-System Provenance", Mar. 2026. // ProHunter - efficient and accurate provenance-based APT hunting system with a platform-independent design

5 780

#tools #DFIR #Research #Whitepaper "Assessing the Impact of Memory Acquisition on Key Windows Artifacts", Feb. 2026. // This research evaluates the impact of memory capture tools on data at rest, aiming to understand the degree of change that occurs to artifacts, measure differences based on tool selection, and inform best practices for live responders

5 780

#AppSec 1⃣ Intego X9: Never trust my updates https://blog.quarkslab.com/intego_lpe_macos_3.html // Multiple vulnerabilities in Intego's macOS products enable privilege escalation through XPC flaws, race conditions, and insecure updates 2⃣ LLVM Adventures: Fuzzing Apache Modules https://pwner.gg/blog/2026-03-20-apatchy // Apatchy - LLVM-based fuzzing framework for Apache HTTPD with advanced coverage analysis, and a modular build system 3⃣ A Copy-Paste Bug That Broke PSpice AES-256 Encryption https://jtsylve.blog/post/2026/03/18/PSpice-Encryption-Weakness // Bug in PSpice's AES-256 mode reduces its effective keyspace from 2^256 to 2^32, enabling rapid brute-force attacks that compromise encrypted models

5 780

#Infosec_Standards NIST SP 800-81 Rev.3: "Secure Domain Name System (DNS) Deployment Guide", March 2026.

5 780

#reversing #Tech_book #Cyber_Education "Windows Debugging, Disassembling, Reversing: Practical Foundations. Training Course", Third Edition, 2025. // Another bestseller from a subject-matter leader...