While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...

An attacker installed Huntress onto their operating machine, giving us a detailed look at how they’re using AI to build workflows, searching for tools like Evilginx, and researching targets like software development companies.

Audit and log all GitHub Copilot MCP tool calls in VSCode with ease. - Agentity-com/mcp-audit-extension

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware.

A binary and file access authorization system for macOS. - northpolesec/santa

Google’s vulnerability finding team is again pushing the envelope of responsible disclosure: Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period allowed for patch adoption if the bug is fixed before the deadline. However, as of July 29, Project Zero will also release limited details about any discovery they make within one week of vendor disclosure. This information will encompass: The vendor or open-source project that received the report ...

Today 404Media released a truly stunning report that almost beggars belief. To break it down into its simplest form: A hacker submitted a PR. It got merged. It told Amazon Q to nuke your computer and ...

AWS audits, without screenshots. Contribute to ajdehn/AWS-Audit-Playbook development by creating an account on GitHub.

Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa.

While looking for an API to use with Home Assistant, I found a remote code execution vulnerability in a popular WiFi-connected alarm clock.

Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.

AWS Security Hub has been enhanced with new capabilities that integrate multiple AWS security services to automatically discover resources, evaluate risks, analyze attack paths, and provide AI-assisted recommendations, helping security teams prioritize critical issues and respond to threats at scale with improved visualization and remediation guidance.

You can now use AWS Certificate Manager to issue exportable public certificates for your AWS, hybrid, or multicloud workloads that require secure TLS traffic termination.