infosec

infosec

Discussions about information security, applied cryptography, and privacy-preserving technology

᠎ pfp

https://x.com/nicksdjohnson/status/1912439023982834120?t=ozQ-FQFM17KJuhRF5Qjjbw&s=19 another sites.google & DKIM campaign

0 reply

1 recast

2 reactions

Mantej Rajpal pfp

downstream effects: untracked vulnerabilities in widely used systems, increased exploitation risk, inconsistent IDs and general chaos https://x.com/0xtib3rius/status/1912195160416338031?s=46&t=dO0uo_CgV6MrB7N3NkVjDA

1 reply

0 recast

3 reactions

Mantej Rajpal pfp

Leveraging data flow analysis to tackle prompt injection: https://simonwillison.net/2025/Apr/11/camel/

0 reply

0 recast

1 reaction

Ed O'Shaughnessy pfp

Ed O'Shaughnessy

https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/

0 reply

0 recast

1 reaction

᠎ pfp

https://warpcast.com/pjc/0x4ec5fc35

0 reply

0 recast

1 reaction

Mantej Rajpal pfp

every security org I’ve been a part of in ~recent times (e.g. flatiron health, cash app, duolingo) have used allowlist and denylist — they’re simply better terms because they perfectly describe their functions is that not common? https://x.com/malwarejake/status/1907416667052786110?s=46&t=dO0uo_CgV6MrB7N3NkVjDA

2 replies

0 recast

2 reactions

Mantej Rajpal pfp

Security teams have long suffered from fragmentation—both in tooling and data context. Anthropic’s Model Context Protocol (MCP) could change that ✨ https://mayakaczorowski.com/blogs/mcp

0 reply

0 recast

1 reaction

Ed O'Shaughnessy pfp

Ed O'Shaughnessy

https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

0 reply

0 recast

1 reaction

Andrew pfp

I really hate that this is the release details we get for a *9.1 critical vuln* in a common js stack: https://cve.org/CVERecord?id=CVE-2025-29927 I will be blocking all requests with the header `x-middleware-subrequest` rather than risk deploying a > 5pm release for something without any real info

0 reply

0 recast

4 reactions

Andrew pfp

The good: Claude 3.7-thinking can actually understand and code rust now! The bad: I've turned my EFF Rayhunter ( https://github.com/EFForg/rayhunter ) into a screensaver for a while but its getting back on track

1 reply

0 recast

1 reaction

Mantej Rajpal pfp

Multi-cloud security platform powered by a major cloud provider is a gamble. I’m cautiously optimistic. Could Wiz reduce GCP churn, or perhaps even bring users over from Azure/AWS? https://blog.google/inside-google/company-announcements/google-agreement-acquire-wiz/

1 reply

0 recast

3 reactions

᠎ pfp

https://warpcast.com/a16zcrypto/0x78527e51

0 reply

0 recast

4 reactions

Ed O'Shaughnessy pfp

Ed O'Shaughnessy

https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying

0 reply

1 recast

1 reaction

Mantej Rajpal pfp

1 reply

1 recast

7 reactions

Daniel Lombraña pfp

Daniel Lombraña

Apple's Find My Network Exploit Lets Hackers Silently Track Any Bluetooth Device 9to5Mac reports: Although AirTag was designed to change its Bluetooth address based on a cryptographic key, the attackers developed a system that could quickly find keys for Bluetooth addresses. This was made possible by using "hundreds" of GPUs to find a key match. The exploit called "nRootTag" has a frightening success rate of 90% and doesn't require "sophisticated administrator privilege escalation." In one of the experiments, the researchers were able to track the location of a computer with an accuracy of 10 feet, which allowed them to trace a bicycle moving through the city. In another experiment, they reconstructed a person's flight path by tracking their game console. https://yro.slashdot.org/story/25/02/28/013227/apples-find-my-network-exploit-lets-hackers-silently-track-any-bluetooth-device?utm_source=rss1.0mainlinkanon&utm_medium=feed

1 reply

0 recast

1 reaction