MEDICAL DATA OF ALMOST 400,000 AMERICANS STOLEN: HERE'S WHAT WE KNOW (2 MINUTE READ)
9 days ago
Gryphon Healthcare has reported a supply-chain cyberattack that affected hundreds of thousands of patients. The breach, which potentially exposed sensitive personal and health information, occurred through an unnamed partner company before August 13. No evidence of data misuse has been found. The co
MOZILLA PATCHES CRITICAL FIREFOX VULN THAT ATTACKERS ARE ALREADY EXPLOITING (2 MINUTE READ)
9 days ago
Mozilla has released a patch for a new Firefox vulnerability with a CVSS of 9.8. The vulnerability arises from a use-after-free bug in the Animation timeline feature in the Page Inspector tool in Firefox. The vulnerability is actively being exploited. Mozilla encourages immediate updating.
THIS NEW SUPPLY CHAIN ATTACK TECHNIQUE CAN TROJANIZE ALL YOUR CLI COMMANDS (14 MINUTE READ)
9 days ago
Open source ecosystems are vulnerable to supply chain attacks, with entry points being an often overlooked risk. Attackers can exploit this feature across multiple programming ecosystems to execute malicious code when specific commands are run using methods like command-jacking.
CISO CONVERSATIONS: JULIEN SORIANO (BOX) AND CHRIS PEAKE (SMARTSHEET) (10 MINUTE READ)
9 days ago
This article profiles two CISOs by discussing their career paths, leadership development, and views on modern CISO roles. It covers team building, mentoring, and advice they've received and they would give. It also explores their perspectives on emerging threats in cybersecurity, including evolving
HOW TO BUILD A SECURE RECON NETWORK USING TAILSCALE (7 MINUTE READ)
9 days ago
Securing offensive security/bug bounty infrastructure is pivotal to protecting the target's sensitive data. This post showcases how Tailscale can be utilized with a VPS and ufw to create a secure, private network. It shows how to use advanced Tailscale features to enable file sharing and keyless SSH
VulnAPI is an Open-Source DAST designed to help users scan APIs for common security vulnerabilities and weaknesses.
Halberd is a tool that executes a comprehensive set of attack techniques across a variety of different clouds via a web interface. It supports Entra ID, Microsoft 365, Azure, and AWS.
Gato is a tool for finding and exploiting vulnerabilities in GitHub pipelines of public and private repositories. It helps security engineers, blue teams, red teamers, and bug bounty hunters detect and prevent attacks using self-hosted runners. The tool requires a GitHub classic PAT for operation. I
MICROSOFT SAYS MORE RANSOMWARE STOPPED BEFORE REACHING ENCRYPTION (5 MINUTE READ)
9 days ago
Microsoft reported a 2.75x increase in ransomware attacks year-over-year, but noted improved defenses. Successful encryptions have decreased threefold in two years due to better automatic detection, while unmanaged devices remain a vulnerability in 90% of cases. Akira is the top ransomware variant,
CLOUD LOGGING TIPS & TRICKS (6 MINUTE READ)
9 days ago
This blog post contains tips for collecting cloud logs. It introduces Wiz's Cloud Logging Framework, which categorizes logs by security use case, mapping logs to either identity, data, network, compute, or control plane. The post highlights the control plane logs by providing tailored tips for AWS,
ELIMINATING MEMORY SAFETY VULNERABILITIES AT THE SOURCE (6 MINUTE READ)
9 days ago
This blog post explores how focusing on writing new code in memory safe languages led to a decrease in vulnerabilities in an Android project. It posits that the next stage in security is to focus on safe coding and secure code practices. Vulnerabilities decay exponentially so older code will become
LEEDS EQUITY PARTNERS ACQUIRES OFFSEC (1 MINUTE READ)
9 days ago
Leeds Equity has acquired the OffSec certification company.
AMAZON SAYS 175 MILLION CUSTOMER NOW USE PASSKEYS TO LOG IN (2 MINUTE READ)
9 days ago
Amazon says that over 175 million customers are using passkeys for faster and more secure logins.
AUTHORITIES SEIZE DARK WEB MARKETPLACES SIPULITIE AND TSÄTTI (2 MINUTE READ)
9 days ago
Finnish and Swedish authorities, with Bitdefender's help, closed down dark web marketplaces Sipulitie and Tsätti, stopping illegal drug sales in the millions.
Dean Kamen Says Inventing Is Easy, but Innovating Is Hard
9 days ago
Over the past 20 years, technological advances have enabled inventors to go from strength to strength. And yet, according to the legendary inventor
Dean Kamen
,
innovation has stalled.
Kamen
made a name for himself with inventions including the first portable insulin pump for diabetics, an
adv
Dean Kamen Says Inventing Is Easy, but Innovating Is Hard
9 days ago
Over the past 20 years, technological advances have enabled inventors to go from strength to strength. And yet, according to the legendary inventor
Dean Kamen
,
innovation has stalled.
Kamen
made a name for himself with inventions including the first portable insulin pump for diabetics, an
adv
Dean Kamen Says Inventing Is Easy, but Innovating Is Hard
9 days ago
Over the past 20 years, technological advances have enabled inventors to go from strength to strength. And yet, according to the legendary inventor
Dean Kamen
,
innovation has stalled.
Kamen
made a name for himself with inventions including the first portable insulin pump for diabetics, an
adv
Build and deploy your own ChatGPT alternative with plugins using this opensource framework
9 days ago
Create entire Flask apps with this opensource self-building agent. This AI feature predicts your intent, not just the next line of code. ChatGPT responds differently based on your name. Opensource ChatGPT Canvas for collaborative writing with AI agents.
Build a web-scraping AI agent that runs entirely on your local machine using Llama 3.2
9 days ago
Build a web-scraping AI agent that runs entirely on your local machine using Llama 3.2. The AI agent uses Ollama to run the model locally and ScrapeGraphAI, a web scraping Python library that uses LLM and direct graph logic to create scraping pipelines for websites and local documents. Hands-on tuto
Opensource framework to Deploy Multimodal AI Chat Apps in Minutes
9 days ago
Lobe Chat is an open-source AI chat framework giving you everything you need to build and deploy multi-modal chat apps. It supports a wide range of AI providers and has a built-in knowledge base, vision, and text-to-speech features. Key highlights include supporting various AI providers, running you
Try the internet’s easiest File API
9 days ago
Pinata’s File API makes adding file uploads and retrieval to your app effortless. It provides fast, secure, and scalable file management without the hassle of maintaining infrastructure.
Opensource Flask App Builder with a Simple LLM Loop
9 days ago
Build multi-file Flask apps with Ditto, a new self-building coding agent. Ditto uses a straightforward LLM loop and five key tools to automate coding from natural language descriptions. Key highlights include a simple toolset, LLM loop-driven operation, modular codebase, and real-time progress track
MAKING THE LEAP FROM SERIES A TO SERIES B IS HARDER NOW THAN EVER (1 MINUTE READ)
9 days ago
The transition from Series A to Series B funding has become significantly more challenging, with only 9% of startups that raised Series A in Q3 2022 reaching Series B within two years compared to 38-40% during the low-interest rate period.
AGENT TASK LOGS FOR AI IMPROVEMENT (2 MINUTE READ)
9 days ago
The challenge of trusting AI agents to perform tasks effectively is compounded by the lack of robust logging and feedback tools, making it difficult to guide agents in understanding user preferences.
WHY LIFETIME VALUE IS RELEVANT AGAIN IN SOFTWARE (2 MINUTE READ)
9 days ago
The financial landscape for software companies has become increasingly challenging, with many experiencing declining net dollar retention and longer payback periods.