🔓
Attacks & Vulnerabilities
New WiFi Vulnerability: The SSID Confusion Attack (12 minute read)
Researchers have uncovered a new vulnerability in the IEEE 802.11 WiFi standard that affects every WiFi client and operating system. The vulnerability occurs because the WiFi standard does not require authentication of the SSID during beaconing which could allow an attacker to trick a victim into connecting to a different network. This post provides more details of the vulnerability and threat models that apply.
SignSaboteur (GitHub Repo)
SignSaboteur is a Burp Suite extension for editing, signing, verifying, and attacking signed tokens. It supports a wide variety of different tokens.
Deepkeep (Product Launch)
DeepKeep's AI-Native Trust, Risk, and Security Management (TRiSM) platform provides data scientists and security leaders a valuable understanding of the risks and challenges that AI systems face while also delivering protection and alerts
Arcjet-js (GitHub Repo)
Arcjet JS SDKs, Next.js, and Node.js library for rate limiting, bot protection, email verification, and defense against common attacks.
FBI seizes hacking forum BreachForums — again (3 minute read)
The FBI, in collaboration with international law enforcement agencies, seized the notorious cybercrime forum BreachForums on Wednesday. BreachForums has been a popular platform for hackers and cybercriminals to advertise, sell, and trade stolen data.
assumptions_made (3 minute read)
When LLMs and AI agents respond to user inputs, they inherently make certain assumptions to provide context and accurate responses to a user. These assumptions should be explicitly stated in an assumptions_made metadata field. This would provide more insight into improving LLMs and AI agents.