Recently, there’s been a surge in the popularity of trojan clipboard attacks whereby the attacker convinces the user to carry their attack payload across a security boundary and compromise the device. Meanwhile, AI hype is all the rage. I recent had a bad experience in what I thought was a simple AI task (draw aContinue reading "Vibe-coding for security"| text/plain
Over the last several decades, the Windows team has added a stream of additional security mitigation features to the platform to help application developers harden their applications against exploi…| text/plain
The vast majority of cyberthreats arrive via one of two related sources: That means that by combining network-level sensors and throttles with threat intelligence (about attacker sites), security s…| text/plain
A fairly common security bug report is of the form: “I can put JavaScript inside a PDF file and it runs!” For example, open this PDF file with Chrome, and you can see the alert(1) messa…| text/plain