The many lessons to take away from a 24-year old flaw in glibc and the mastery in crafting an exploit in PHP, changing a fuzzer's configuration to find more flaws, fuzzing LLMs for prompt injection and jailbreaks, security hardening of baseband code, revisiting the threat models in Microsoft's Recall, and more!
Zed Attack Proxy has been a crucial web app testing tool for decades. It's also had a struggle throughout 2024 to obtain funding that would enable the tool to add more features while remaining true to its open source history. Simon Bennetts, founder of ZAP, and Ori Bendet from Checkmarx update us on that journey, share some exploration of LLM fuzzi...
A team of security researchers discovered a vulnerability that allows for Kia cars to be remotely compromised with nothing more than a license plate number.
More remote car control via web interfaces, an RCE in CUPS, Microsoft reduces attack surface, migrating to memory safety, dealing with dependency confusion, getting rid of password strength calculators, and more!