[go: up one dir, main page]

Forem

Ksenia Rudneva profile picture

Ksenia Rudneva

I hunt for vulnerabilities and explore how attacks really work. Expect deep dives into protocols, packet‑level mysteries, and surprising weak spots in everyday systems.

Joined Joined on 
LLMs Generate Vulnerable C/C++ Code: Self-Review Fails to Mitigate Security Flaws
kserude profile

LLMs Generate Vulnerable C/C++ Code: Self-Review Fails to Mitigate Security Flaws

#llms #security #vulnerabilities #formalverification
Comments
10 min read
CUPS RCE Vulnerabilities Enable Root Access: Patching and Mitigation Strategies Discussed
kserude profile

CUPS RCE Vulnerabilities Enable Root Access: Patching and Mitigation Strategies Discussed

#cups #rce #patching #cybersecurity
Comments
12 min read
Non-Intrusive JavaScript Runtime Instrumentation via Chrome DevTools Protocol for Advanced Debugging and Reverse Engineering
kserude profile

Non-Intrusive JavaScript Runtime Instrumentation via Chrome DevTools Protocol for Advanced Debugging and Reverse Engineering

#javascript #debugging #cdp #instrumentation
Comments
13 min read
Securing Plex on Synology NAS with Post-Quantum Cryptography via Cloudflare Tunnel
kserude profile

Securing Plex on Synology NAS with Post-Quantum Cryptography via Cloudflare Tunnel

#security #quantum #plex #synology
Comments
15 min read
Progress ShareFile RCE Vulnerabilities (CVE-2026-2699 & CVE-2026-2701) Enable Pre-Authentication Code Execution: Patch Now.
kserude profile

Progress ShareFile RCE Vulnerabilities (CVE-2026-2699 & CVE-2026-2701) Enable Pre-Authentication Code Execution: Patch Now.

#rce #sharefile #preauthentication #patching
Comments
9 min read
SHA Pinning Alone Fails to Prevent Supply Chain Attacks: Lessons from Trivy Compromise
kserude profile

SHA Pinning Alone Fails to Prevent Supply Chain Attacks: Lessons from Trivy Compromise

#security #supplychain #shapinning #trivy
Comments
11 min read
LinkedIn/Microsoft Accused of Scanning Browser Extensions Without Consent: Privacy Concerns Raised
kserude profile

LinkedIn/Microsoft Accused of Scanning Browser Extensions Without Consent: Privacy Concerns Raised

#privacy #surveillance #gdpr #javascript
Comments
12 min read
Undocumented AWS CodeBuild Endpoints Expose Privileged Tokens: Mitigation Strategies for Lateral Movement Risks
kserude profile

Undocumented AWS CodeBuild Endpoints Expose Privileged Tokens: Mitigation Strategies for Lateral Movement Risks

#aws #codebuild #security #lateralmovement
Comments
9 min read
Adobe Investigates Data Breach Claim via Indian BPO Firm, Alleging 13M Support Tickets Compromised
kserude profile

Adobe Investigates Data Breach Claim via Indian BPO Firm, Alleging 13M Support Tickets Compromised

#cybersecurity #databreach #supplychain #thirdpartyrisk
Comments
15 min read
Mongoose Library Flaws Expose Devices to RCE and mTLS Bypass: Update to Version 7.21+ to Mitigate Risks
kserude profile

Mongoose Library Flaws Expose Devices to RCE and mTLS Bypass: Update to Version 7.21+ to Mitigate Risks

#iot #rce #mtls #vulnerabilities
Comments
6 min read
Mercor AI Data Breach: Supply Chain Attack via LiteLLM Package Compromise
kserude profile

Mercor AI Data Breach: Supply Chain Attack via LiteLLM Package Compromise

#cybersecurity #supplychain #ai #databreach
Comments
8 min read
FreeBSD Kernel Vulnerability CVE-2026-4747 Enables Root-Level Code Execution: Mitigation Strategies Discussed
kserude profile

FreeBSD Kernel Vulnerability CVE-2026-4747 Enables Root-Level Code Execution: Mitigation Strategies Discussed

#security #freebsd #kernel #vulnerability
Comments
13 min read
LmCompatibilityLevel 5 Fails to Block NTLMv1 Due to MS-NRPC ParameterControl Flag Bypass
kserude profile

LmCompatibilityLevel 5 Fails to Block NTLMv1 Due to MS-NRPC ParameterControl Flag Bypass

#ntlmv1 #security #bypass #msnrpc
Comments
9 min read
Axios npm Package Compromised: Malicious Versions Distributed, Security Risk Mitigation Required
kserude profile

Axios npm Package Compromised: Malicious Versions Distributed, Security Risk Mitigation Required

#security #npm #supplychain #malware
Comments
12 min read
Critical MCP Server Vulnerabilities Due to Poor Authentication: Implementing Security Best Practices to Mitigate Risks
kserude profile

Critical MCP Server Vulnerabilities Due to Poor Authentication: Implementing Security Best Practices to Mitigate Risks

#security #authentication #vulnerabilities #mcp
Comments
9 min read
New Attack Class Exploits LLM Context Interpretation, Bypassing Filters: Mitigation Strategies Explored
kserude profile

New Attack Class Exploits LLM Context Interpretation, Bypassing Filters: Mitigation Strategies Explored

#llm #security #framing #stealth
Comments
12 min read
Addressing OAuth Phishing: Training to Differentiate Device Code and App Consent Attacks
kserude profile

Addressing OAuth Phishing: Training to Differentiate Device Code and App Consent Attacks

#oauth #phishing #security #training
Comments
7 min read
Citrix NetScaler CVE-2026-3055 Memory Overread Vulnerability: Mitigation Strategies Discussed
kserude profile

Citrix NetScaler CVE-2026-3055 Memory Overread Vulnerability: Mitigation Strategies Discussed

#cybersecurity #vulnerability #netscaler #memoryoverread
Comments
9 min read
Telnyx Python SDK Compromised on PyPI: Malware Delivered via Steganography in WAV Files, Mitigation Strategies Discussed
kserude profile

Telnyx Python SDK Compromised on PyPI: Malware Delivered via Steganography in WAV Files, Mitigation Strategies Discussed

#cybersecurity #steganography #supplychain #malware
Comments
7 min read
Ethical Phishing Simulations: Balancing Security Training and Legal Compliance in Authorized Environments
kserude profile

Ethical Phishing Simulations: Balancing Security Training and Legal Compliance in Authorized Environments

#cybersecurity #phishing #aitm #compliance
Comments
12 min read
Addressing VoIP/WebRTC Security Training Gaps with a Standardized Vulnerable Lab Environment
kserude profile

Addressing VoIP/WebRTC Security Training Gaps with a Standardized Vulnerable Lab Environment

#voip #webrtc #cybersecurity #training
Comments
9 min read
EspoCRM Formula Engine Bypass Enables Path Traversal and RCE via Unsanitized Attachment.sourceId Field
kserude profile

EspoCRM Formula Engine Bypass Enables Path Traversal and RCE via Unsanitized Attachment.sourceId Field

#rce #espocrm #pathtraversal #webshell
Comments
14 min read
NTLM-Relaying Attacks Persist Due to Lack of EPA Enforcement on Web Servers: Implementing EPA Mitigates Risk
kserude profile

NTLM-Relaying Attacks Persist Due to Lack of EPA Enforcement on Web Servers: Implementing EPA Mitigates Risk

#ntlm #epa #cybersecurity #webservers
Comments
12 min read
Navia Benefit Solutions' BOLA Vulnerability Exposed PII of 10,000+ Employees Due to Inadequate Access Controls
kserude profile

Navia Benefit Solutions' BOLA Vulnerability Exposed PII of 10,000+ Employees Due to Inadequate Access Controls

#bola #cybersecurity #pii #accesscontrol
1
Comments
14 min read
Age-Verification Integration in Internet Infrastructure Raises Technical, Legal, and Privacy Concerns
kserude profile

Age-Verification Integration in Internet Infrastructure Raises Technical, Legal, and Privacy Concerns

#internet #security #privacy #regulation
Comments
14 min read
Agent Skill Marketplace Vulnerable to Supply Chain Attacks: Standardized Security Scanning Proposed
kserude profile

Agent Skill Marketplace Vulnerable to Supply Chain Attacks: Standardized Security Scanning Proposed

#security #github #ai #supplychain
Comments
14 min read
ONNX `silent=True` Disables Security Checks, Exposing ML Models to Supply Chain Attacks: Solution Needed
kserude profile

ONNX `silent=True` Disables Security Checks, Exposing ML Models to Supply Chain Attacks: Solution Needed

#onnx #security #machinelearning #supplychain
Comments
11 min read
DarkSword iOS Exploit Analysis: Evaluating Lookout's LLM-Assisted Findings Against Other Research Teams
kserude profile

DarkSword iOS Exploit Analysis: Evaluating Lookout's LLM-Assisted Findings Against Other Research Teams

#cybersecurity #ai #darksword #ios
1
Comments
12 min read
Claude Code CLI Vulnerability: Malicious Configs Bypass Trust Dialog, Enabling Unauthorized Permission Elevation
kserude profile

Claude Code CLI Vulnerability: Malicious Configs Bypass Trust Dialog, Enabling Unauthorized Permission Elevation

#security #vulnerability #cli #permissions
Comments
10 min read
Simplifying Cybersecurity Frameworks: Practical Solutions for Startups to Implement ISO 27001 and NIST
kserude profile

Simplifying Cybersecurity Frameworks: Practical Solutions for Startups to Implement ISO 27001 and NIST

#cybersecurity #startup #iso27001 #nist
Comments
11 min read
AI/ML Infrastructure Vulnerabilities Expose Systems to Security Risks: Patching and Mitigation Strategies Proposed
kserude profile

AI/ML Infrastructure Vulnerabilities Expose Systems to Security Risks: Patching and Mitigation Strategies Proposed

#security #aiml #vulnerabilities #rce
2
Comments
13 min read
GlassWorm Malware Campaign Steals Crypto Seeds via Obfuscation, Chrome Exploit, and Social Engineering: Mitigation Strategies
kserude profile

GlassWorm Malware Campaign Steals Crypto Seeds via Obfuscation, Chrome Exploit, and Social Engineering: Mitigation Strategies

#malware #cryptocurrency #obfuscation #exploitation
1
Comments
10 min read
Efficiently Locating and Analyzing PoC Code for CVEs with Contextual Information Integration
kserude profile

Efficiently Locating and Analyzing PoC Code for CVEs with Contextual Information Integration

#cybersecurity #poc #cve #ai
Comments
8 min read
Windows Vulnerability CVE-2025-59284: Incomplete Patch Enables NetNTLM Hash Phishing During Archive Extraction
kserude profile

Windows Vulnerability CVE-2025-59284: Incomplete Patch Enables NetNTLM Hash Phishing During Archive Extraction

#windows #vulnerability #netntlm #patching
Comments
14 min read
Self-Hosted Email Threat Detection: Real-Time Monitoring, Multi-Stage Enrichment, and LLM Verdicts with Legal Compliance
kserude profile

Self-Hosted Email Threat Detection: Real-Time Monitoring, Multi-Stage Enrichment, and LLM Verdicts with Legal Compliance

#cybersecurity #email #selfhosted #llm
1
Comments
15 min read
Enhancing Cybersecurity with Hypervisors: Current Practices, Future Advancements, and Nova Design Rationale
kserude profile

Enhancing Cybersecurity with Hypervisors: Current Practices, Future Advancements, and Nova Design Rationale

#cybersecurity #hypervisor #virtualization #isolation
Comments
9 min read
Addressing Security Risks: Replacing Unscoped API Keys with Fine-Grained Access Control in AI Agent Frameworks
kserude profile

Addressing Security Risks: Replacing Unscoped API Keys with Fine-Grained Access Control in AI Agent Frameworks

#security #ai #api #authentication
Comments
11 min read
66% of MCP Servers Have Critical Security Vulnerabilities: Urgent Patching and Audits Needed
kserude profile

66% of MCP Servers Have Critical Security Vulnerabilities: Urgent Patching and Audits Needed

#security #vulnerabilities #mcp #patching
3
Comments
13 min read
Alipay App Vulnerabilities Enable Silent GPS Exfiltration; Vendor Denies Issue Despite High CVSS Scores
kserude profile

Alipay App Vulnerabilities Enable Silent GPS Exfiltration; Vendor Denies Issue Despite High CVSS Scores

#security #vulnerabilities #gps #exfiltration
1
Comments
10 min read
Microsoft's Software Ecosystem Faces 79 Vulnerabilities: Urgent Patching and Mitigation Strategies Required
kserude profile

Microsoft's Software Ecosystem Faces 79 Vulnerabilities: Urgent Patching and Mitigation Strategies Required

#cybersecurity #vulnerabilities #patching #zerodays
2
Comments
16 min read
Drywall Foreman in Ontario Demands $35/Hour Wage Review: Is the Pay Fair for the Responsibilities and Workload?
kserude profile

Drywall Foreman in Ontario Demands $35/Hour Wage Review: Is the Pay Fair for the Responsibilities and Workload?

#compensation #construction #leadership #risk
Comments
13 min read
Pac4j-JWT Authentication Bypass Vulnerability Undetected for Six Years Despite Advanced Security Tools
kserude profile

Pac4j-JWT Authentication Bypass Vulnerability Undetected for Six Years Despite Advanced Security Tools

#security #vulnerability #ai #auditing
Comments
9 min read
Basic Operator Exploits Weak FortiGate Passwords in 55 Countries Using AI, Compromising 600+ Devices Without Zero-Days.
kserude profile

Basic Operator Exploits Weak FortiGate Passwords in 55 Countries Using AI, Compromising 600+ Devices Without Zero-Days.

#cybersecurity #ai #fortigate #passwords
Comments
12 min read
Phishing Campaign Exploits Google Cloud Storage Domain: Redirects to Credential Harvesting Sites
kserude profile

Phishing Campaign Exploits Google Cloud Storage Domain: Redirects to Credential Harvesting Sites

#phishing #cloud #security #exploitation
Comments
8 min read
Post-Quantum TLS Signatures Increase Handshake Size: Solutions to Mitigate Performance and Compatibility Issues
kserude profile

Post-Quantum TLS Signatures Increase Handshake Size: Solutions to Mitigate Performance and Compatibility Issues

#quantum #tls #cryptography #latency
Comments
13 min read
Navigating Legal and Compliance Challenges in Tech Content Aggregation: Balancing Data Privacy, IP Rights, and Liability Risks
kserude profile

Navigating Legal and Compliance Challenges in Tech Content Aggregation: Balancing Data Privacy, IP Rights, and Liability Risks

#compliance #iprights #dataprivacy #liability
Comments
8 min read
loading...