Pwning web sites through their AI chatbot agents and politely breaking guard rails ...

I stumbled into infosec the same year the NSA graced us with Ghidra. It’s by far become the most used tool in my arsenal for reverse engineering and vulnerability research. It’s free, extensible, and ...

Product security has matured significantly over the last decade. Secure defaults, defined ownership of security risk, reliable update mechanisms, and structured vulnerability handling are now ...

I first encountered the chatbot as a normal Eurostar customer while planning a trip. When it opened, it clearly told me that “the answers in this chatbot are generated by AI”, which is good disclosure ...

Kubernetes has changed the way we deploy and scale workloads. It’s powerful, flexible, and very good at hiding a lot of complexity. It is also very good at hiding security problems until someone ...

Windows thumbnail cache, or thumbcache, is a well-known forensic artifact, but often one that is overlooked. The thumbcache stores small previews of images, videos and documents and can persist even ...

AI is proving to be a useful companion for analysing data at scale for forensic examiners (data that is already publicly available if not privately hosted). This involves building an AI chatbot system ...

If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You ...

In certain circumstances it can be challenging installing client applications for testing. Situations arise where the application could be provided unsigned or requires self-signing. As a result, the ...

When we carry out security assessments in Operational Technology (OT) and Industrial Control System (ICS) environments, one thing that often stands out is the use of dual-homed devices. In this blog ...

When a data breach hits the news, it’s usually all about the numbers: millions of names, emails, and maybe even credit card details stolen. Sounds serious, right? But here’s the catch, sometimes *not ...

If you want to register for a service or platform you need an email address. But what happens if someone uses their corporate address?: If the third-party service is compromised the corporate email ...