LunaSec (@[email protected])
@LunaSecIO
Followers
3K
Following
277
Media
16
Statuses
228
Want to network with other InfoSec professionals? Come join our community on Discord! https://t.co/NfFVJREjqo
Seattle
Joined July 2021
Before you go, please follow our new Mastodon account: https://t.co/BmPi4zEreg We'll be posting all of our content there too as we see how the Twitter cookie crumbles. @lunasec@infosec.exchange #infosec #infosectwitter #Mastodon #mastodonmigration
infosec.exchange
68 Posts, 311 Following, 295 Followers Β· We blog about InfoSec vulns and build Open Source Application Security Tooling to help you fix them. Try our supply chain vuln scanner: https://lunatrace.lu...
1
1
5
Vector DB intro w/ sample code and links to a few popular ones with free plans - https://t.co/514CQxbPJb
0
3
6
Iβm an instant pass on any startup that just wraps OpenAI. Zero differentiation over time. Building your solution / app on your own models that you control, train and tune yourself? Good.
81
41
463
There's a new Open Source LLM model called "Cerebras-GPT" that hit the internet yesterday. I was curious how it compared in performance to #ChatGPT and #LLaMA so I wrote an article that compares them. If you haven't heard of this yet, it's worth a read! https://t.co/YYkVp8pOx2
1
2
1
From a DM, just in case anyone else needs to hear this.
325
4K
20K
Super helpful list of ChatGPT alternatives with a focus on the licensing stuff https://t.co/3UkF8Bofqx
github.com
A list of totally open alternatives to ChatGPT. Contribute to nichtdax/awesome-totally-open-chatgpt development by creating an account on GitHub.
0
1
0
Sneak peak of what we are teaching ChatGPT to do. Watch it browse the web like a human. https://t.co/YFkW1gTBta Amazing stuff. Not shown, we also have it hooked up to our vulnerability database. Should be available in a discord bot for you next week.
0
1
3
We could add this functionality into the dependency helper bot we've been building on GitHub. Please leave your thoughts in the comments below! (And if you'd like to try it out.)
When I'm upgrading dependencies, here's when I tend to pump the brakes and look more closely: - Major version change - Release notes mention breaking changes - No release notes - Last release was more than a year ago - Maintainer has changed - Tons of files have changed
1
1
1
Props to @Phylum_IO for finding this malware in Pypi! https://t.co/v8Sff2FkSh
arstechnica.com
The code found in the malicious packages closely resembled legit offerings.
0
2
2
A "truthy" lie will run 2x round the world faster than a boring truth. The sad fact that a high effort piece from @alexrkonrad and @kenrickcai got overrun by lazy bullshit shows pulling the biggest possible number out of your ass while keeping a straight face is all you need.
5
4
43
So... @YCombinator has invested in 100+ COSS startups since 2008 (80%+ of those over the last 2 years alone!). If this were abstracted out as a distinct fund, it would do extremely well... like a 100X fund, I think, and that's not an exaggeration. π https://t.co/RVRu2VsTng
ycombinator.com
A list of companies YC has funded across many verticals including hardware, edtech, biotech, healthcare, developer tools, consumer and enterprise, to name a few.
1
3
11
WOWβ¦ Nearly 10% of ALL games published on @Steam are built with @godotengine. π₯ π π€
1
7
64
We've added environmental adjustment to LunaTrace. Answer a couple of questions about what type of app you're scanning and the severity of your vulnerabilities will be re-calibrated using the environmental CVSS spec, automatically. https://t.co/xXIdVmuBH3
0
0
2
Looks like a vuln in "Control Web Panel" is being actively exploited in the wild. Ars has some more details here --
arstechnica.com
A patch was released in October, but not all servers have installed it.
0
1
1
>blog post hits HN >check comments >friend already defending post from comment snark
2
2
32
Your grandma asks you what an XSS is, what do you answer? π΅
65
19
224
Status update for 2023: Here is a video of @breadchris showing off the new dynamic tracing capabilities that we've been adding to LunaTrace over the past few weeks. You can now see which CVEs are ever executed in production-- a helpful signal for patching! https://t.co/nw0d0iT2hF
0
1
1
"Cross-Site Request Forgery in OWASP CSRFGuard" got to love the irony CVE-2021-28490
0
1
5
FYI if you stop seeing as many Mastodon links here, it's because Twitter is now blocking them.
bbc.com
The social media giant has also suspended the Twitter account of its new rival.
0
0
0
What's a better platform for building a community of security humans? Slack or Discord? Come share your opinion with us here:
discord.com
Check out the LunaBrain Community community on Discord - hang out with 246 other members and enjoy free voice and text chat.
0
0
0