Seceng
@seceng.bsky.social
Security engineer, back to tech role after leadership role. Previously head of engineering in a large US corp and security startups and academic research (PhD). Sharing thoughts and opinions on engineering leadership and security.
blog.trailofbits.com/2025/07/31/h...
MAS Hijacking
I mean no surprises here. These agents systems simply comes with basically no security when it comes to connecting to one another. no input validation. no authorization or enforcement of any sort of allowed/denied routes/tools.
MAS Hijacking
I mean no surprises here. These agents systems simply comes with basically no security when it comes to connecting to one another. no input validation. no authorization or enforcement of any sort of allowed/denied routes/tools.
Hijacking multi-agent systems in your PajaMAS
We’re releasing pajaMAS: a curated set of MAS hijacking demos that illustrate important principles of MAS security.
blog.trailofbits.com
August 1, 2025 at 8:33 AM
blog.trailofbits.com/2025/07/31/h...
MAS Hijacking
I mean no surprises here. These agents systems simply comes with basically no security when it comes to connecting to one another. no input validation. no authorization or enforcement of any sort of allowed/denied routes/tools.
MAS Hijacking
I mean no surprises here. These agents systems simply comes with basically no security when it comes to connecting to one another. no input validation. no authorization or enforcement of any sort of allowed/denied routes/tools.
Reposted by Seceng
Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked. They’re removed for now, v3.3.0 is set at latest, v3.3.1 is deprecated, and a v3.3.2 will be published once I’m not on my phone (thx @github.com codespaces)
is
the definitive JavaScript type testing library. Latest version: 3.3.1, last published: 6 hours ago. Start using is in your project by running `npm i is`. There are 638 other projects in the npm regist...
npmjs.com
July 19, 2025 at 6:21 PM
Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked. They’re removed for now, v3.3.0 is set at latest, v3.3.1 is deprecated, and a v3.3.2 will be published once I’m not on my phone (thx @github.com codespaces)
IBM donated its CBOM tooling to the Linux foundation. Hopefully this will enable CBOMs more widely.
research.ibm.com/blog/cryptog...
#cryptoagility #cbom #cyclonedx #cryptography
research.ibm.com/blog/cryptog...
#cryptoagility #cbom #cyclonedx #cryptography
IBM is donating its CBOM toolset to the Linux Foundation
At IBM Research, we’re inventing what’s next in AI, quantum computing, and hybrid cloud to shape the world ahead.
research.ibm.com
June 27, 2025 at 6:31 AM
IBM donated its CBOM tooling to the Linux foundation. Hopefully this will enable CBOMs more widely.
research.ibm.com/blog/cryptog...
#cryptoagility #cbom #cyclonedx #cryptography
research.ibm.com/blog/cryptog...
#cryptoagility #cbom #cyclonedx #cryptography
This is nice initiative!
The European Commission has just launched #DNS4EU, a public DNS resolver intended as a European alternative to services like Google’s Public #DNS resolver and Cloudflare’s DNS resolver.
www.joindns4.eu/for-public
www.joindns4.eu/dns-guidelines
www.joindns4.eu/for-public
www.joindns4.eu/dns-guidelines
DNS4EU For Public
Discover comprehensive information on the DNS4EU public resolver services. Compare available options, learn about features, and find answers to frequently asked questions to optimize your DNS privacy ...
www.joindns4.eu
June 7, 2025 at 9:08 PM
This is nice initiative!
ai.meta.com/research/pub...
Recent paper on #Llama #firewall . Protecting deployments of #AI applications
Recent paper on #Llama #firewall . Protecting deployments of #AI applications
LlamaFirewall: An open source guardrail system for building secure AI agents | Research - AI at Meta
Large language models (LLMs) have evolved from simple chatbots into autonomous agents capable of performing complex tasks such as editing production...
ai.meta.com
May 21, 2025 at 10:06 AM
ai.meta.com/research/pub...
Recent paper on #Llama #firewall . Protecting deployments of #AI applications
Recent paper on #Llama #firewall . Protecting deployments of #AI applications
#Llama #Firewall is out: github.com/meta-llama/P...
Another interesting Open source tool to detect #prompt #injection .
The other one I saw this week is github.com/fr0gger/nova... . #Prompt pattern matching, like #yara rules for detecting injection.
Two different approaches, same goal.
Another interesting Open source tool to detect #prompt #injection .
The other one I saw this week is github.com/fr0gger/nova... . #Prompt pattern matching, like #yara rules for detecting injection.
Two different approaches, same goal.
PurpleLlama/LlamaFirewall at main · meta-llama/PurpleLlama
Set of tools to assess and improve LLM security. Contribute to meta-llama/PurpleLlama development by creating an account on GitHub.
github.com
April 30, 2025 at 7:22 AM
#Llama #Firewall is out: github.com/meta-llama/P...
Another interesting Open source tool to detect #prompt #injection .
The other one I saw this week is github.com/fr0gger/nova... . #Prompt pattern matching, like #yara rules for detecting injection.
Two different approaches, same goal.
Another interesting Open source tool to detect #prompt #injection .
The other one I saw this week is github.com/fr0gger/nova... . #Prompt pattern matching, like #yara rules for detecting injection.
Two different approaches, same goal.
Reposted by Seceng
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
April 15, 2025 at 5:23 PM
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
#OpenSSL 3.5.0 is out. first version with #PQC key-exchange algorithms. Will wait to get the www.iana.org/assignments/... updated with new TLS ciphersuite parameters.
Release OpenSSL 3.5.0 · openssl/openssl
OpenSSL 3.5.0 is a feature release adding significant new functionality to
OpenSSL.
This release incorporates the following potentially significant or incompatible
changes:
Default encryption cip...
github.com
April 9, 2025 at 6:45 AM
#OpenSSL 3.5.0 is out. first version with #PQC key-exchange algorithms. Will wait to get the www.iana.org/assignments/... updated with new TLS ciphersuite parameters.
Oh yes! :) this is great news: blog.cloudflare.com/open-sourcin...
You can integrate SSH with your OpenID provider. This may resolve a lot of operational work to manage bastion access.
You can integrate SSH with your OpenID provider. This may resolve a lot of operational work to manage bastion access.
Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
OPKSSH (OpenPubkey SSH) is now open-sourced as part of the OpenPubkey project. This enables users and organizations to configure SSH to work with single sign-on technologies like OpenID Connect, remov...
blog.cloudflare.com
April 8, 2025 at 9:57 AM
Oh yes! :) this is great news: blog.cloudflare.com/open-sourcin...
You can integrate SSH with your OpenID provider. This may resolve a lot of operational work to manage bastion access.
You can integrate SSH with your OpenID provider. This may resolve a lot of operational work to manage bastion access.
April 1, 2025 at 8:06 AM
Reposted by Seceng
We are in hell in American cybersecurity. This will embolden and fund DPRK hackers.
But the libs are being owned and politics are boring, right?
home.treasury.gov/news/press-r...
Thanks @ncweaver.skerry-tech.com @briankrebs.infosec.exchange.ap.brid.gy
But the libs are being owned and politics are boring, right?
home.treasury.gov/news/press-r...
Thanks @ncweaver.skerry-tech.com @briankrebs.infosec.exchange.ap.brid.gy
March 21, 2025 at 11:07 PM
We are in hell in American cybersecurity. This will embolden and fund DPRK hackers.
But the libs are being owned and politics are boring, right?
home.treasury.gov/news/press-r...
Thanks @ncweaver.skerry-tech.com @briankrebs.infosec.exchange.ap.brid.gy
But the libs are being owned and politics are boring, right?
home.treasury.gov/news/press-r...
Thanks @ncweaver.skerry-tech.com @briankrebs.infosec.exchange.ap.brid.gy
There will be discussions this year about #cloud #Sovereignty given the recent developments in the US. On the same line of thinking though, there should be discussions about #EDR vendors too. They literally run (defensive) rootkits on all your equipment.
March 11, 2025 at 6:47 PM
There will be discussions this year about #cloud #Sovereignty given the recent developments in the US. On the same line of thinking though, there should be discussions about #EDR vendors too. They literally run (defensive) rootkits on all your equipment.
There are not many examples of code that build CBOM ( #cryptography bills of material) based on the #CycloneDx python library. Or in general there are not many tools that generate CBOM out there. Nice work from the UK Santander research team. Really helpful. repo: github.com/Santandersec...
GitHub - Santandersecurityresearch/cryptobom-forge: Tools and utilities needed to parse GitHub Multi-Repository Variant Analysis output
Tools and utilities needed to parse GitHub Multi-Repository Variant Analysis output - Santandersecurityresearch/cryptobom-forge
github.com
March 11, 2025 at 6:43 PM
There are not many examples of code that build CBOM ( #cryptography bills of material) based on the #CycloneDx python library. Or in general there are not many tools that generate CBOM out there. Nice work from the UK Santander research team. Really helpful. repo: github.com/Santandersec...
Reposted by Seceng
The Abuse[.]ch malware repository launched a new feature, a new malware-hunting platform that aggregates data from its repository, but also seven other platforms (URLhaus, MalwareBazaar, ThreatFox, YARAify, Sandnet, IPintel, and ProxyCheck).
abuse.ch/blog/introdu...
hunting.abuse.ch
abuse.ch/blog/introdu...
hunting.abuse.ch
March 11, 2025 at 5:53 PM
The Abuse[.]ch malware repository launched a new feature, a new malware-hunting platform that aggregates data from its repository, but also seven other platforms (URLhaus, MalwareBazaar, ThreatFox, YARAify, Sandnet, IPintel, and ProxyCheck).
abuse.ch/blog/introdu...
hunting.abuse.ch
abuse.ch/blog/introdu...
hunting.abuse.ch
Did you ever get bothered by people using #slack in a synchronous manner? Texting you "Hello" and making you wait to answer? so annoying
Point them here: nohello.net/en/
Point them here: nohello.net/en/
March 6, 2025 at 10:42 AM
Did you ever get bothered by people using #slack in a synchronous manner? Texting you "Hello" and making you wait to answer? so annoying
Point them here: nohello.net/en/
Point them here: nohello.net/en/
repeat with me: terraform plans contain secrets, they are not meant to be persisted and if so, only with ephemeral credentials. if you do persist them with non-ephemeral credentials, you must secure them as much as you do it for your state. #terraform #secdevops #devops #iac
March 4, 2025 at 8:20 AM
repeat with me: terraform plans contain secrets, they are not meant to be persisted and if so, only with ephemeral credentials. if you do persist them with non-ephemeral credentials, you must secure them as much as you do it for your state. #terraform #secdevops #devops #iac
If you are working on #playbooks for your #SOAR platform, you may be interested in the following research article, which is quite recent: ieeexplore.ieee.org/document/106.... The authors provide some theoretical foundations in incident response playbooks sustained by a thorough analysis.
Do You Play It by the Books? A Study on Incident Response Playbooks and Influencing Factors
Incident response "playbooks" are structured sets of operational procedures organizations use to instruct humans or machines on performing countermeasures against cybersecurity threats. These playbook...
ieeexplore.ieee.org
February 5, 2025 at 8:08 AM
If you are working on #playbooks for your #SOAR platform, you may be interested in the following research article, which is quite recent: ieeexplore.ieee.org/document/106.... The authors provide some theoretical foundations in incident response playbooks sustained by a thorough analysis.
The first step towards #crypto #agility is to be able to make an inventory of all your crypto assets. Currently, there are no "ready-to-use" options. What I found were mainly SAST tools provided by IBM (sonar qube plugin) github.com/IBM/CBOM and github.com/CycloneDX/cd... with language limitations.
February 4, 2025 at 3:02 PM
The first step towards #crypto #agility is to be able to make an inventory of all your crypto assets. Currently, there are no "ready-to-use" options. What I found were mainly SAST tools provided by IBM (sonar qube plugin) github.com/IBM/CBOM and github.com/CycloneDX/cd... with language limitations.
Reposted by Seceng
The Art of Linux Kernel Rootkits
The Art of Linux Kernel Rootkits
An advanced and deep introduction about Linux kernel mode rookits, how to detect, what are hooks and how it works.
buff.ly
January 19, 2025 at 9:21 AM
The Art of Linux Kernel Rootkits
cloud.google.com/transform/ho...
#Threat #detection and #response require a lot of automation, and as such it requires software development skills to develop and maintain such automation.
I also agree with "eating your own food" approach, and not make your output only someone's else problem.
#Threat #detection and #response require a lot of automation, and as such it requires software development skills to develop and maintain such automation.
I also agree with "eating your own food" approach, and not make your output only someone's else problem.
How Google Does It: Modernizing threat detection | Google Cloud Blog
Get an inside look at Google’s approach to modern threat detection and response, part of our new "How Google Does It" series.
cloud.google.com
January 16, 2025 at 9:10 AM
cloud.google.com/transform/ho...
#Threat #detection and #response require a lot of automation, and as such it requires software development skills to develop and maintain such automation.
I also agree with "eating your own food" approach, and not make your output only someone's else problem.
#Threat #detection and #response require a lot of automation, and as such it requires software development skills to develop and maintain such automation.
I also agree with "eating your own food" approach, and not make your output only someone's else problem.
For technical things google search almost became the search function of Reddit. Quite a deal for reddit, they get money for the data deal and even more visitors. It also tells a lot how bad google search became.
January 4, 2025 at 3:43 PM
For technical things google search almost became the search function of Reddit. Quite a deal for reddit, they get money for the data deal and even more visitors. It also tells a lot how bad google search became.