4th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 4th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medtronic, a global medical device maker, has disclosed
Search Intelligence
Extending Ruzzy with LibAFL
LibAFL is all the rage in the fuzzing community these days, especially with LLVM’s libFuzzer being placed in maintenance mode. Written in Rust, LibAFL claims improved performance, modularity, state-of
Trailmark turns code into graphs
We’re open-sourcing Trailmark, a library that parses source code into a queryable call graph of functions, classes, call relationships, and semantic metadata, then exposes that graph through a P
Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150
CTO says new AI model is "every bit as capable" as world's best security researchers.
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted hi
We beat Google’s zero-knowledge proof of quantum cryptanalysis
Two weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptograp
UK gov's Mythos AI tests help separate cybersecurity threat from hype
New model is the first AI system to complete a difficult multistep infiltration challenge.
Master C and C++ with our new Testing Handbook chapter
We added a new chapter to our Testing Handbook: a comprehensive security checklist for C and C++ code. We’ve identified a broad range of common bug classes, known footguns, and API gotchas across C an
How we made Trail of Bits AI-native (so far)
This post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or downlo
Spotting issues in DeFi with dimensional analysis
Using dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required, just better reasoning! One of the first le
How World ID wants to put a unique human identity on every AI agent
Iris scan-backed tokens could help stop agent swarms from overwhelming online systems.
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Internet-exposed devices that give BIOS-level access? What could possibly go wrong?