@metacurity@infosec.exchange2026-04-07 23:29:43
What Anthropic Glasswing reveals about the future of vulnerability discovery
https://www.csoonline.com/article/4155342/what-anthropic-glasswing-reveals-about-the-future-of-vulnerability-discovery.html
@Techmeme@techhub.social2026-04-07 18:20:55
Anthropic commits up to $100M in usage credits for Project Glasswing, along with $4M in direct donations to open-source security organizations (Greg Otto/CyberScoop)
https://cyberscoop.com/project-glasswing-anthropic-ai-open-source-software-vulnera…
@fanf@mendeddrum.org2026-05-06 20:42:02
from my link log —
Vulnerabilities show why STARTTLS should be avoided if possible.
https://blog.apnic.net/2021/11/18/vulnerabilities-show-why-starttls-should-be-avoided-if-possible/
saved 2021-11-18
@edintone@mastodon.green2026-06-07 16:57:20
We do need to ask the question here, who is taking the decision to operate this practice? Is it council staff or elected councillors? Frankly, it has echoes of state-sponsored #ghettos of the 1940s.
Vulnerable families illegally ‘dumped’ hundreds of miles away by London councils
@servelan@newsie.social2026-06-07 17:37:00
Trump is targeting queers. Faeries & witches are magically helping the most vulnerable. - LGBTQ Nation
https://www.lgbtqnation.com/2026/06/is-targeting-queers-faeries-witches-are-magically-helping-the-most-vulnerable/
@curiouscat@fosstodon.org2026-05-07 23:02:17
Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”
https://arstechnica.com/information-technology/2026/05/mozilla-says-271-vulnerabilities-found-by-mythos-have-almost-no-fa…
@grahamperrin@bsd.cafe2026-04-06 19:20:15
Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense – Check Point
<https://blog.checkpoint.com/artificial-intelligence/claude-mythos-wake-up-call-what-ai-vulnerability-d…
@matthiasott@mastodon.social2026-05-06 07:18:19
#Webmention for Craft v1.3.0 is out 🎉 – first in a short series of #security releases. 🔒
Fixes a stored XSS vulnerability in author/entry URLs, adds per-IP rate limits, and failure-backoff to harden the public endpoint against abuse.
Upgrade recommended!
@hex@kolektiva.social2026-05-06 18:49:20
There was a time when creating massive amounts of code would have been valuable. There was a time when lowering the bar for creating software would have been beneficial. But today we are inundated with garbage apps, written too quickly and never maintained, half-working libraries, projects someone took up once and abandoned (I have several), and grift startups just waiting to be acquired and "fixed."
#LLM code generation is a pestilence. We don't need more code owned by people who know less, we need less code managed by people who know more. It's literally the opposite of everything we want. Oh, but it will be easier for infosec to find bugs so it's fine, right? I've found critical bugs that never get fixed (I think one of mine is like 7 years old now).
There are a lot of bugs that just can't be fixed because there are no systems to fix them. Go on Shodan and look for ATGs. There are thousands of them. I'm betting that most of those are not honeypots. It may be possible to blow up a bunch of gas stations with a for loop, but, yeah, we need #AI to find some more bugs.
https://www.darkreading.com/ics-ot-security/fuel-tank-monitoring-systems-vulnerable-disruption
@Techmeme@techhub.social2026-06-06 00:31:03
Privacy token Zcash plunges after the disclosure of a 2022 vulnerability in its Orchard shielded pool that could have allowed undetectable ZEC counterfeiting (Akash Girimath/Decrypt)
https://decrypt.co/370105/zec-crashes-38-as-zcash-discloses…
