🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We scanned 400TB of DeepSeek’s training data & found: 🚨 ~12K live API keys & passwords 🌐 2.76M affected pages 🔄 One key appeared 57K+ times 🔑 219 secret types (AWS root keys, Slack webhooks, etc.) 🔗 Full research: trufflesecurity.com/blog/research-…

AI-generated code is scaling fast, but code security is often a function of how a model is trained. This can create hidden risks for companies, says @insecurenature Truffle Security Co-Founder and CEO. Alignment around security best practices can be a challenge, so instead of waiting

Thanks for covering my research Linus Tech Tips m.youtube.com/watch?v=FX9QFt… Cc Jake

🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 Big Thanks to PortSwigger ! 🙌 🔗trufflesecurity.com/blog/introduci…

🚨 🚨 A quick word the: ⚫ TruffleHog Chrome Extension ⚫ TruffleHog burp plugin From Dylan

Hey Jeffrey Goldberg what's your Signal username just incase I want to add you to future groups?

A couple of years ago I co-presented with Whitney Merrill how sensitive bug bounty hunter accounts can be, especially active hunters with years of file attachments and POC data. Today bugcrowd is mandating 2fa on all accounts: bugcrowd.com/blog/bugcrowd-… Definitely a positive change.

A distro that ships with a default password deserves a CVE.

Tomorrow I'll be speaking at BSidesSF at 11:15am. The topic? Aligning light weight AI models to become self replicating ransomware worms. Join me on the IMAX.

I shared an Uber ride with Feross and I thought his new reachability analysis tool (Socket) was neat. So I pulled out my phone and asked him to repeat say it again on camera

How to make a $100 billion AI ransomware worm: youtu.be/s4RKXTC8iuM?si…

If you like AI or security, you HAVE to watch this video: youtu.be/s4RKXTC8iuM?si…

I asked Maya Kaczorowski (former Senior Director GitHub) about her thoughts about GitHub's identity system. Personally I think managing identity in GitHub is clear as mud.

The fall of the empire did NOT depend on the rebellion. Obi-Wan used Luke to turn Vader against the Emperor. The death star didn't need to explode. Luke didn't need to meet the rebellion.

If only they had done it back and forth fast enough, they could have doubled the money.

This is WILD. When you opt out of ad tracking this website makes you check a box saying: "I acknowledge cookies need to be deleted from my browser to remove tracking." Ad tracker opt-out is a GDPR requirement. Forcing the user to delete their cookies is...

Google's least viewed YouTube video is about a cybersecurity feature.

🔍Accessing 15 million "Permanently deleted" commits at scale across GitHub. 🔗A guest post by Sharon Brizinov: trufflesecurity.com/blog/guest-pos…