[webapps] OctoPrint 1.11.2 - File Upload
OctoPrint 1.11.
General
20 articles
[webapps] aiohttp 3.9.1 - directory traversal PoC
aiohttp 3.9.
[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
Docker Desktop 4.44.
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw
A security researcher found 386 malicious ‘skills’ published on ClawHub, a skill repository for the popular OpenClaw AI assistant project
UK ICO Launches Investigation into X Over AI Generated Non-Consensual Sexual Imagery
UK Data Protection Watchdog has “serious concerns” over data privacy on Elon Musk’s social platform
Cybercrime Unit of Paris Prosecutors Raid Elon Musk’s X Offices in France
Elon Musk and X’s former CEO were summoned for voluntary interviews in Paris on April 20, 2026
Vibe-Coded Moltbook Exposes User Data, API Keys and More
Wiz Security claims Moltbook misconfiguration allowed full read and write access
Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim fir...
NSA Publishes New Zero Trust Implementation Guidelines
NSA released new guidelines to help organizations achieve target-level Zero Trust maturity
A slippery slope: Beware of Winter Olympics scams and other cyberthreats
It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices.
Former Google Engineer Found Guilty of Stealing AI Secrets
Linwei Ding, a former Google engineer, has been found guilty of stealing trade secrets for China
Autonomous Threat Operations in action: Real results from Recorded Future’s own SOC team | Recorded Future
This article explores how Recorded Future served as Customer Zero for Autonomous Threat Operations, testing the new solution within our own SOC to validate i...
Explore scaling options for AWS Directory Service for Microsoft Active Directory
You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams ca...
This month in security with Tony Anscombe – January 2026 edition
The trends from January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year
Celebrating our 2025 open-source contributions
Last year, our engineers submitted over 375 pull requests that were merged into non–Trail of Bits repositories, touching more than 90 projects from cryptogra...
National Crime Agency and NatWest Issue Joint Warning Over Invoice Fraud Threat
Cyber fraudsters targeting corporate finance departments costs businesses millions a year
DynoWiper update: Technical analysis and attribution
ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector
How to get started with security response automation on AWS
December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation.
Google Disrupts Extensive Residential Proxy Networks
Google has taken coordinated action against the massive IPIDEA residential proxy network, enhancing customer protections and disrupting cybercrime operations
US Data Breaches Hit Record High but Victim Numbers Decline
Non-profit ITRC says the number of data breaches increased 5% annually to reach a record total in 2025