🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Ready to reverse security debt? 🎯 Don't miss Amanda Lee at the May DevSecOps London Gathering! Learn to assess maturity, prioritize vulnerabilities & implement AI solutions. 🕕 May 21, 6-8pm | 📍 Veracode HQ. 🚀 Claim your spot today! meetup.com/devsecops-lond…

Cyber hard problems, unsolved tech & research problems for which progress toward solution would have a significant impact on the practical security of cyber systems, are frequently caused or sustained by human or societal factors & misaligned incentives nap.nationalacademies.org/catalog/29056/…

.Veracode’s Chris Wysopal sat down with ISMG Network News Mathew J Schwartz at #RSAC2025 to talk about one of the biggest shifts in software development: AI-generated code. If you’re passionate about building software that’s both fast & secure, this one’s worth a watch🎥 sprou.tt/1juv1sdZZ8G

Current revalation: Bitcoin is like a owning a hamster: No one knows why it was a good idea in the first place, it never sleeps, and if you lose track of it—good luck explaining that to your family. Give me a break, Allistair.

If China’s MSS is suddenly crying foul about cyber espionage, you can bet they’re feeling the heat. Whether it’s the NSA or not, someone’s clearly poking back—and it’s hitting nerves. Spy games just went digital and global. #CyberEspionage #MSS #NSA globaltimes.cn/page/202506/13…

Researchers from Rice and Stanford refer to this recursive data contamination as Model Autophagy Disorder (MAD), analogous to mad cow disease. (Reminder: do not eat the neural tissue of your own species.) therepublicjournal.com/essays/the-cur…

Trump's new Cybersecurity EO eliminates these provisions from Biden's last Cybersecurity EO: Mandatory, machine-readable attestations from every federal software supplier that they follow NIST’s Secure Software Development Framework (SSDF) A CISA-run Repository for Software

"Absurd" 12-step malware dropper spotted in malicious npm packages. Supply chain attack effort used steganography, a "dizzying wall of Unicode characters" and more. thestack.technology/absurd-12-step…

Are you reviewing your NPM dependencies for malicious code? #devsecops #appsec #npm scworld.com/news/complex-n…

AI is already writing code—do our AppSec programs need an update? During the RSA Conference, I sat down with Tejas Dakve (Senior Manager, AppSec @ Bloomberg Industry Group) to ask the hard question: “Gen AI is shipping features at warp speed, but can security keep pace?” Our

At long last! Jolt has reappeared in my area!

1/ 🔥 AI agents are reaching a breakthrough moment in cybersecurity. In our latest work: 🔓 CyberGym: AI agents discovered 15 zero-days in major open-source projects 💰 BountyBench: AI agents solved real-world bug bounty tasks worth tens of thousands of dollars 🤖

Great article on slopsquatting and more LLM vulnerability invention. usenix.org/publications/l…

Is there going to be a Phrack reunion for editors and contributors?

I'm excited to announce our "Out-of-Band" series; focused on the security risks of management devices like BMCs, serial servers, and KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at: runzero.com/blog/oob-p1-ip…