今日已更新 213 条资讯 | 累计 20683 条内容
关于我们

标签:#Security

找到 680 篇相关文章

AI 资讯

I Audited My Own Open-Source Project With 26 AI Agents (and Found a Real Vulnerability)

ShareBox is my self-hosted streaming server: a PHP thing I built because I just wanted to send someone a link to a movie without installing Plex and its ten gigabytes of dependencies. It runs on my seedbox, serves my users, and one morning I notice it's starting to pick up a few stars on GitHub. And then, that little voice: "does this thing actually hold up?" Because between "works on my machine" and "code that strangers are going to install on their own box," there's a chasm. A chasm full of flaws I can't see anymore, because I've had my nose in it for weeks. Normally, you re-read your code. Except re-reading 22,000 lines alone, honestly, you do it badly: you skim over what you think you already know. So I tried something else — unleashing a pack of 26 AI agents on it, each with a precise mission, and seeing what surfaced. Spoiler: they found a flaw that had been sitting right under my eyes from the start. 26 agents to comb through my own code The idea wasn't "AI, tell me if my code is good" — that always produces the same encouraging, useless mush. The idea was to orchestrate : split the audit into roles, run the agents in parallel, then have a final, deliberately harsh agent tear apart the conclusions. The pipeline looked like this: eleven readers start in parallel, each swallowing an entire slice of the code (the core, the streaming handlers, the API, the front end, the tests, the Docker setup…). Their reports flow up into an architecture synthesis and a test-coverage analysis. Then twelve "radar" agents each score one single axis — security, performance, architecture, tests… And finally, a "verdict" agent re-reads every score in adversarial mode: its job is to knock down the ones that are too kind. Audit pipeline: 11 readers in parallel, then synthesis, then 12 radar agents, then an adversarial verdict. 11 readers in parallel each slice of the code read in full Architecture + coverage synthesis connect the pieces, measure the gaps 12 radar agents one agent = on

2026-05-29 原文 →
AI 资讯

Renovate & Dependabot: The New Malware Delivery System

Supply chain attacks every other morning Unless you've lived under a rock for the last few months, you probably noticed that software supply chain attacks are getting trendy among threat actor groups. Over the last 12 months, we've seen more of those than ever before, to name only a few of them: tj-actions/changed-files : In March 2025, a popular reusable GitHub application workflow was compromised to dump secrets from CI/CD pipelines. Salesloft Drift : In August 2025, threat actors stole OAuth credentials from the compromised Drift chatbot application. Shai-Hulud : In September and November 2025, a wormed attack propagated through npm packages and collected secrets. The common thread among those incidents is that they all revolved around secrets, one way or another. Some used secrets as an initial access vector, and others were focused on collecting secrets from victim environments. March 2026 did not change the state of things, with two new severe attacks added to our dreadful collection: trivy-action & LiteLLM campaign by Team PCP. The most popular Axios package compromise. Both those attacks followed a now-classical pattern, spreading through compromised open-source dependencies to maximise the impact in the shortest possible time. Your all-time classic, now with added internal threats Open-source supply chain attacks are not new. Ever since we started using centralized open-source package registries, the risk has existed. Threat actors understood this and started exploiting it. What has changed since 2015 is how we have improved software development productivity through automation. And now, this very same automation that lets you test and build your projects without typing a single command is amplifying the supply-chain threat and the velocity of attacks. Let's see how. Keeping your malware up to date A very concerning pattern we've observed in the trivy-action and Axios campaigns is that automation can become the source of your compromise. One thing no develop

2026-05-29 原文 →
AI 资讯

How to investigate suspicious SSH logins without giving AI a shell

A lot of Linux incident response starts with a login question, not a malware sample. Someone sees a spike of failed SSH attempts. A root login appears in the wrong time window. A service account logs in from an address nobody recognizes. A helpdesk ticket says "the server looks weird" and the only concrete clue is a username or IP address. At that point, the useful question is not "is this host compromised?" It is more boring and more important: Did anyone actually authenticate? Which account was involved? Was it password, key, sudo, su, or a scheduled task? Was the same IP seen in web logs, current sockets, process context, or command history? Did persistence, services, packages, or recent files change near the same time? Can another responder review exactly what evidence was collected? That last point matters. If you let an AI assistant freely run shell commands during the first pass, you can get speed, but you also create a new risk: the model may over-collect, mutate the host, or produce a confident answer that nobody can audit later. For a login anomaly, I prefer a read-only evidence loop. A practical first pass Start with the narrow clue if you have one. If the alert names a user: oi login --user root -s 7d If the alert names an IP address: oi login --ip 203.0.113.44 -s 7d If the alert is vague, start wider: oi login -s 7d oi scan -s 7d The goal of the first pass is not to prove every detail. The goal is to build a timeline that a human responder can challenge. For a suspicious SSH login, I want the initial report to answer five things. 1. Authentication pattern Look for the difference between noise and access. A server can receive thousands of failed SSH attempts from the internet. That is useful background, but it is not the same as a successful session. The first split should be: failed attempts only successful login after many failures accepted key from an unusual source login by an account that normally should not be interactive root login where root SSH

2026-05-29 原文 →
AI 资讯

How AI Hunts Vulnerabilities: A Security Researcher's New Partner

The Transition A few years ago, bug hunting was a manual craft. You scanned subdomains with one tool, tested endpoints with another, and stitched results together by hand. Today, AI changes the speed entirely. Not by replacing the hunter. By eliminating the boring parts. What AI Actually Changes 1. Reconnaissance at Scale Subdomain enumeration, port scanning, and technology fingerprinting used to take hours. AI-powered pipelines now do this in minutes: Passive reconnaissance via Certificate Transparency logs, search engines, and DNS records Automated crawling and endpoint discovery Technology stack detection from response headers and HTML patterns JavaScript file analysis for hidden endpoints and API keys The machine does the grunt work. The human interprets the results. 2. Pattern Recognition Vulnerability classes have signatures. SQL injection looks different from XSS, which looks different from SSRF. AI models trained on thousands of real vulnerabilities can flag suspicious patterns faster than manual code review. This is not about finding zero-days. It is about catching the low-hanging fruit that everyone else misses because they are in a hurry. 3. Intelligent Fuzzing Traditional fuzzers throw random data at endpoints and wait for crashes. AI-guided fuzzers understand the input format and generate test cases that explore edge cases a human would not think of. The result: fewer requests, better coverage, higher signal-to-noise ratio. Where AI Struggles Business Logic Flaws AI does not understand your application's purpose. It cannot tell if a discount code is applied twice, or if a user can access another user's private data through a convoluted API flow. These are the vulnerabilities that require context. Human context. Authentication Logic Authentication bypasses are often creative. They exploit the gap between what the developer intended and what the code actually enforces. AI can find simple auth flaws, but multi-step authentication bypass chains still need h

2026-05-29 原文 →
产品设计

My First Cybersecurity Writeup – VAPT Experience

Overview This is my first real-world cybersecurity VAPT experience inside an enterprise insurance company environment. I worked across network infrastructure, web applications, internal devices, and physical security — and learned how professional security assessments are actually performed beyond labs and CTFs. Introduction I am a cybersecurity enthusiast focused on SOC operations, web application penetration testing, and vulnerability assessment. In this engagement, I worked on assessing the security posture of an insurance company across its network infrastructure, devices, web applications, and physical security controls. This was my first real-world experience working in an enterprise environment, and initially I was not fully confident about the workflow. However, with the guidance and support of my senior, I was able to understand the process step by step and actively contribute to the assessment. Objective Identify security vulnerabilities across network, web, and internal systems Assess exposure of critical assets Analyze potential attack paths in the environment Evaluate basic physical security controls Scope of Work Network infrastructure assessment Web application security testing Device-level security review Basic physical security evaluation Tools Used Nessus (vulnerability scanning) Burp Suite (web application testing & request interception) Nmap (network discovery & port scanning) GVM / OpenVAS (vulnerability assessment) OWASP ZAP (automated web scanning) Wireshark (packet analysis & traffic inspection) Approach / Methodology Performed network discovery using Nmap to identify active hosts and open ports Conducted vulnerability scanning using Nessus and GVM to detect known security issues Analyzed web application behavior using Burp Suite and OWASP ZAP Intercepted and inspected HTTP/HTTPS traffic to understand request/response flow Used Wireshark to analyze packet-level communication and detect anomalies Evaluated system exposure across internal devic

2026-05-29 原文 →
AI 资讯

Why output-stage PII masking is the wrong protective surface for data exfiltration in RAG

"The output filter runs after the LLM has already seen the confidential data. By then, three classes of leak can no longer be stopped. The right surface is retrieval. Walking through a real implementation." TL;DR Most RAG-with-RBAC stacks I see in production put the access-control gate at the output stage: an LLM-response post-filter that masks PII or redacts confidential strings. This is defense-in-depth, not the load-bearing layer. By the time the filter runs, the LLM has already received the confidential context, and three classes of leak — creative paraphrasing, inference, cross-turn persistence — can no longer be stopped by string-matching the output. The protective surface that actually carries the weight is retrieval-stage ABAC: documents and graph nodes the user can't read are never traversed, never make it into the prompt, never seen by the model. The output filter still belongs in the stack, but as the second-to-last line, not the first. This post is a walk through why and how, with code references from a working implementation. It was prompted by a 6-turn LinkedIn DM exchange with Ali Afana (Provia founder, dev.to Featured) on injection-fixture schema design, where the framing crystallized. The seductive default You build a RAG system. You have documents at different sensitivity levels — public, internal, confidential. You want the model to answer based on whichever documents the user is allowed to see. The default mental model: "I'll let the model answer freely, and then I'll filter the response on the way out." This is appealing because: The retrieval pipeline stays simple (one query, one vector search, one response) The access control feels surgical (just before the user, just before damage) The PII-mask vocabulary is well-established (Presidio, regex catalogs, named-entity recognition models) So you wire up something like: Python The seductive default def answer(query, user): chunks = retrieve(query, top_k=10) # No ABAC here context = "\n".join(c.text

2026-05-29 原文 →
AI 资讯

The problem with security scanners isn't the scanning

At a previous job I worked at as a Dev we had someone who ran Semgrep on our codebase for the first time. It came back with 180 findings. We had no security engineer. The developer who ran it looked at the output, closed the terminal, and we never ran it again. That's not a story about a careless team. That's a story about a tool that produced output most teams in small companies with no expertise knew what to do with. I've seen this exact moment happen more times than I can count working with small dev teams. And it's the reason I spent the last year building SecOpsium. But before I get to that let me explain the actual problem, because I think it's misunderstood. The problem isn't the scanning Semgrep and Gitleaks are excellent tools. They're free, actively maintained, and genuinely powerful. If you're not using them you should be. The problem is what happens 10 minutes after you run them. You get 200 findings. Some are critical. Some are test files. Some are commented-out code from 2021. Some are legitimate secrets. Some are variable names that pattern match against a rule but contain nothing sensitive. They all look the same in the output. Now you're a developer who also does DevOps, also reviews PRs, also handles incidents, and you're staring at 200 items with no clear indication of which three actually matter this week. So you close the terminal. Or you create a Jira ticket labeled "security findings" that lives in the backlog forever. Or you spend two days triaging manually and burn out before you fix anything. This is the real problem. The scanning was never the hard part. Why rule based scanners produce so much noise It helps to understand technically why this happens. Semgrep and Gitleaks are rule-based. They match patterns. A variable named api_key_example in a test file flags the same way as a live Stripe key in an active production config. Gitleaks scans for entropy and known credential patterns but can't distinguish between a key that was rotated and r

2026-05-29 原文 →
AI 资讯

Why I built tmpdrop: a self-hosted, expiring file drop

I had a screenshot to send. Nothing secret — a stack trace from a side project — but it had an internal hostname, a file path with my username, and a chunk of a config file in the terminal behind it. The fast move is to drag it onto a free image host and paste the link. I sat there with my cursor over the upload button and couldn't do it. Because I know what happens next. That image lives on someone else's infrastructure, indefinitely, behind a URL I don't control, and I have no idea who else can reach it. For a throwaway screenshot, that's a permanent record I never agreed to. So I closed the tab and built a thing instead. It's called tmpdrop , and it's ~500 lines of Node. The threat model The problem with public file hosts isn't that they're evil. It's the gap between what you intend ("share this once, with one person") and what the platform delivers ("store this forever, serve it to anyone who finds the link"). A few specific things go wrong: Retention. "Temporary" hosts keep your files long after you've forgotten them. There's no expiry you can trust, and deletion is usually best-effort. Predictable URLs. Plenty of hosts use sequential or short IDs. Scrapers walk the keyspace and hoover up everything. Your "private" link was never private. Stored XSS via uploads. If a host serves an uploaded .html or .svg file inline with a permissive content type, an attacker can ship JavaScript that runs in your browser, in the host's origin. Your file host becomes an XSS delivery service. Abuse vectors. No rate limit means the box is a free CDN for whatever someone wants to dump on it — malware, spam payloads, the works. So the design goal wasn't "another uploader." It was: close each of those gaps, then stop. What I built tmpdrop is a single Fastify server backed by SQLite. The whole defensive surface is small enough to hold in your head: Unguessable URLs. Slugs are 9 random bytes, base64url-encoded — 72 bits of entropy. You cannot enumerate them. A TTL reaper. Every upload

2026-05-29 原文 →
AI 资讯

Weekly Dev Log 2026-W07

🗓️ This Week Completed two more sections of the SwiftUI tutorial 🦾 As I continue working through the tutorial, I can feel my understanding of SwiftUI fundamentals becoming more solid 🔥 It was my first time posting a standalone article about reverse engineering📝 If you're interested, feel free to check it out 👇 A Curious Journey Into Reverse Engineering an AI-Generated Python .exe Umitomo Umitomo Umitomo Follow May 26 A Curious Journey Into Reverse Engineering an AI-Generated Python .exe # beginners # reversing # security # python 5 reactions Comments Add Comment 5 min read I started creating UI designs for my future portfolio website in Figma. I was able to roughly sketch out the overall structure of the site, but I also realized how difficult it is to create modern and stylish UI designs. (It really made me realize I don’t have much design sense yet 😂💦) While struggling with the design process, I came across several articles about Figma MCP . That made me interested in exploring how generative AI could help with UI design ideas, so I decided to start researching Figma MCP further. Completed Securing AI Systems room from the AI Security Learning Path on TryHackMe this week🤖 📱 iOS (SwiftUI) Worked through the SwiftUI tutorial and completed "Create an Algorithm for Badges" and "Add inclusive features" 🌐 Web Development Posted my weekly dev log on Dev.to and a standalone article about my first attempt at reverse engineering 📝 Created rough portfolio website UI layouts in Figma Used shadcn/ui component library design templates in Figma Started learning UI design in Figma using community resources 🔐 Security (TryHackMe) Completed Securing AI Systems room (part of the AI Security Learning Path) on TryHackMe. 💡 Key Takeaways 📱 SwiftUI Learning Add inclusive features Learned that SwiftUI automatically adapts UI elements for Light and Dark Mode by default. Learned how to preview and compare Light and Dark Mode layouts in the Xcode canvas. Understood that system-provided sema

2026-05-29 原文 →
AI 资讯

GHES Key Rotation, Bug Bounty Program Refocus, AI Agent Permission Fatigue

GHES Key Rotation, Bug Bounty Program Refocus, AI Agent Permission Fatigue Today's Highlights This week's top security news features critical action for GitHub Enterprise Server users with a signing key rotation due to an ongoing investigation. We also cover GitHub's strategic refocusing of its bug bounty program for higher quality submissions and an interactive look at AI agent permission fatigue. Investigation update: GitHub Enterprise Server signing key rotation (GitHub Blog) Source: https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/ This alert details a critical security update for GitHub Enterprise Server (GHES) customers, urging immediate action to rotate signing keys. The blog post indicates an investigation into unauthorized access to GitHub's internal repositories, which has necessitated this widespread security measure. While specific details of the breach or vulnerability are not fully disclosed, the requirement for a signing key rotation points to a potential compromise of cryptographic keys, which are fundamental to authentication and supply chain integrity. Such incidents could lead to unauthorized code signing, repository tampering, or other severe supply chain attacks, underscoring the importance of robust secrets management and incident response protocols. The advisory emphasizes a proactive stance for GHES administrators to protect their environments by following the provided guidance. This incident highlights the pervasive risk of supply chain attacks and the critical role of secure key management in enterprise environments. It reminds organizations that even trusted platforms like GitHub are targets and necessitates vigilant monitoring and swift action in response to security advisories. The prompt action from GitHub, though implying a significant security event, also showcases their commitment to transparency and securing their ecosystem by guiding customers through the necessary remediation steps to

2026-05-29 原文 →
AI 资讯

The New Shape of Supply-Chain Trust

One poisoned extension, one package install, one CI workflow. Any of them can now be the first domino. That is the uncomfortable lesson from the latest Shai-Hulud activity and GitHub’s recently confirmed internal-repository breach. The scary part is not only the number of affected packages, tokens, or repositories. Counts move fast. The scarier part is where the attacker code ran: inside the trusted developer and CI path. The modern supply chain is not just “the dependencies we ship to production.” It is your IDE, your package manager, your GitHub Actions runner, your cache keys, your OIDC flow, your local gh auth, your AI coding tool config, and the cloud account that quietly pays the bill when something goes sideways. What happened, briefly CISA described the original Shai-Hulud wave as a self-replicating npm worm that compromised more than 500 packages and targeted GitHub personal access tokens plus AWS, GCP, and Azure keys. GitHub later said it removed 500+ compromised packages and began pushing npm toward shorter-lived credentials, 2FA enforcement, and trusted publishing. The later waves got more CI-aware. Instead of only stealing npm tokens from maintainers, they looked for credentials inside build environments, abused publishing workflows, and used the build system itself as distribution. Microsoft’s May 2026 reporting on the @antv ecosystem described a “Mini Shai-Hulud” style campaign that targeted GitHub Actions environments and stole GitHub, AWS, Vault, npm, Kubernetes, and 1Password secrets. Microsoft said GitHub removed 640 malicious packages and invalidated 61,274 npm granular access tokens with write permissions and 2FA bypass. Then GitHub confirmed an incident involving a compromised employee device and a poisoned third-party VS Code extension. GitHub said the attacker’s claim of roughly 3,800 internal repositories was “directionally consistent” with its investigation, while also saying its current assessment was exfiltration of GitHub-internal reposi

2026-05-28 原文 →
AI 资讯

Leaked Kubernetes Secrets: Impact Assessment and Mitigation Strategies

Threat-intel reports from recent years document campaigns in which attackers obtain AWS IAM credentials from developer workstations, use them to enumerate cloud accounts and access Kubernetes clusters. From there, attackers deploy poisoned container images to move laterally and harvest secrets. The MITRE ATT&CK chain maps to: T1552.001 ( Credentials in Files ) → T1078.004 ( Valid Accounts: Cloud Accounts ) → T1610 ( Deploy Container ) → T1496 ( Resource Hijacking ). This is not an isolated case. The Shai-Hulud supply chain attack harvested Kubernetes credentials from CI and developer workstations, feeding exactly this kind of attack chain. This research started with a short list of questions: What are Kubernetes secrets, exactly? What can an attacker do with them? How can defenders harden their clusters? So before we look at what we found in the wild, and how to harden clusters to mitigate impacts, let's define what Kubernetes secrets are. Three Surfaces, Three Secret Formats A simplified view of the cluster has three sides that matter for this post: A developer, or automation pipeline, talks to the Kubernetes API server with credentials. That is the canonical front door. On every node, the kubelet exposes its own HTTPS API. The same credentials can authenticate to it directly when it is reachable on the network. The cluster's nodes pull images from container registries (Docker Hub, GitHub Container Registry, ECR, Quay, GitLab, ACR…) using a second set of credentials. Kubernetes Architecture These are the attack surfaces where leaked secrets have the most impact, and three secret formats unlock them: TLS client certificates are used by humans through a kubeconfig file with the kubectl command to connect to a Kubernetes cluster. JSON Web Tokens, or Service Accounts, are non-human identities (NHI) used to automate cluster operations from CI/CD jobs, controllers, and integrations. By default, JWTs have no expiration date — which is why a JWT leaked years ago can still

2026-05-28 原文 →
AI 资讯

Gemini for Google Home can now use your cameras to trigger automations

Google Home is rolling out a new Gemini-powered automation feature that can trigger smart home routines based on what your security cameras can see. This is one of several updates announced yesterday for Gemini for Home, including enhanced voice command support and general stability improvements, following its early access launch in October. "We are introducing […]

2026-05-28 原文 →