Browser Extensions Are the Quiet SSO Bypass
Most organizations have a process for evaluating software. Procurement reviews, security assessments, sometimes formal vendor questionnaires. Almost none of them have a process for evaluating what browser extensions their employees are running. That gap is exactly what this campaign exploits. Researchers at Socket documented 108 malicious Chrome extensions sharing a single command-and-control backend, collectively installed […]
Meet Pwnagotchi: The AI Pet That Hunts WiFi Handshakes
Discover Pwnagotchi, the AI-powered security tool that captures WiFi handshakes while learning and adapting over time. Part Tamagotchi, part hacker’s companion—this open-source device is redefining ethical network testing with personality and power.
A Year With the Flipper Zero: What I’ve Learned [March 2024 Update]
After a year of hands-on testing, security engineer Cameron Birkland shares what he’s learned about the Flipper Zero—a powerful wireless hacking tool making waves in cybersecurity. From cloning garage remotes to launching BLE attacks, this guide explores Flipper Zero’s capabilities, firmware upgrades, accessories, and why it’s both a valuable learning device and a rising concern for physical security.
Password Problems Part 3: Device Implants & Breaches
Discover how modern threat actors use device implants, SMB share enumeration, Responder poisoning, Kerberoasting, and memory scraping to harvest credentials. Learn about zero trust strategies, password managers, and endpoint controls to defend against network breaches and password hash attacks.