Information Security

Showing 100 articles max
Black & White Path
Black & White Path
Jul 12, 2026 · Information Security

How the FBI Recovered Deleted Signal Messages from iPhone Notification Logs

Security researcher @RedHatPentester demonstrates that, despite uninstalling Signal, the FBI can extract plaintext messages from iPhone notification cache databases—a forensic flaw stemming from iOS’s write‑optimized storage that retains deleted notification previews, a risk that also affects Android devices.

AndroidSignaldata deletion
0 likes · 7 min read
How the FBI Recovered Deleted Signal Messages from iPhone Notification Logs
Black & White Path
Black & White Path
Jul 11, 2026 · Information Security

GitHub Verified Badge Malleable: Same Code Yields Multiple Valid Commit Hashes

Jacob Ginesin of Carnegie Mellon discovered that GitHub’s “Verified” badge can be forged through signature malleability, allowing an attacker to create a second commit with identical tree and timestamp but a different hash, breaking the assumption that commit hashes are immutable identifiers for many downstream systems.

GitGitHubVerified badge
0 likes · 8 min read
GitHub Verified Badge Malleable: Same Code Yields Multiple Valid Commit Hashes
Black & White Path
Black & White Path
Jul 11, 2026 · Information Security

GhostLock: 15‑Year‑Old Stack UAF Vulnerability in All Linux Distributions (CVE‑2026‑43499)

GhostLock (CVE‑2026‑43499) is a stack‑use‑after‑free bug that has existed in every major Linux distribution for over 15 years, can be triggered without special kernel configuration, and enables a high‑reliability privilege‑escalation and container‑escape chain that the authors detail step‑by‑step, including mitigation patches and a timeline of disclosure.

CVE-2026-43499GhostLockLinux Kernel
0 likes · 19 min read
GhostLock: 15‑Year‑Old Stack UAF Vulnerability in All Linux Distributions (CVE‑2026‑43499)
Black & White Path
Black & White Path
Jul 11, 2026 · Information Security

CVE-2026-40453: Apache Camel Case‑Insensitive Header Injection Vulnerability (PoC Released)

CVE‑2026‑40453 is a medium‑severity Apache Camel flaw where case‑insensitive header handling lets attackers inject malformed internal control headers, bypass filters and achieve remote code execution or arbitrary file writes, with a public PoC and detailed mitigation guidance provided.

Apache CamelCVE-2026-40453Case Sensitivity
0 likes · 9 min read
CVE-2026-40453: Apache Camel Case‑Insensitive Header Injection Vulnerability (PoC Released)
Black & White Path
Black & White Path
Jul 11, 2026 · Information Security

How an AI‑Assisted Frida Workflow Uncovered Six Android Zero‑Days

The article details how bounty hunter ynsmroztas leveraged an AI‑enhanced, non‑root Android penetration testing framework called AndroScope—built on Frida Gadget—to automate a PREPARE‑ASSESS‑RUNTIME workflow, discover six new Android zero‑day vulnerabilities, and highlight sandbox‑escape techniques as high‑value targets.

AI-assisted Vulnerability DiscoveryAndroScopeAndroid Security
0 likes · 10 min read
How an AI‑Assisted Frida Workflow Uncovered Six Android Zero‑Days
Machine Heart
Machine Heart
Jul 10, 2026 · Information Security

Detect Insider Agents in Multi-Agent Networks with XG-Guard’s Explainable GAD

XG-Guard introduces a novel unsupervised graph anomaly detection framework that jointly encodes sentence- and token-level features of LLM agents, leverages theme-based anomaly scoring and covariance-based score fusion to pinpoint malicious agents in multi-agent systems, providing fine-grained explanations and enabling automatic communication isolation.

LLM securityMulti-agent systemsexplainable AI
0 likes · 9 min read
Detect Insider Agents in Multi-Agent Networks with XG-Guard’s Explainable GAD
Black & White Path
Black & White Path
Jul 10, 2026 · Information Security

JadePuffer: Inside the World’s First Fully Agentic AI Ransomware

JadePuffer, the first ransomware fully driven by a large language model, exploited a CVE‑2025‑3248 flaw in exposed Langflow instances to gain initial access, autonomously performed reconnaissance, credential theft, lateral movement, persistence, and encrypted MySQL/Nacos data, demonstrating rapid self‑healing and highlighting new defensive challenges.

AI ransomwareCloud securityLLM-driven attack
0 likes · 18 min read
JadePuffer: Inside the World’s First Fully Agentic AI Ransomware
Black & White Path
Black & White Path
Jul 10, 2026 · Information Security

Five Repeating Mistakes Behind 50 API Leak Disasters

Analyzing over 50 major API breach cases, the article reveals that a single recurring vulnerability—Broken Object Level Authorization—combined with four systemic errors in trust management, secret handling, monitoring, and project‑based security thinking, repeatedly expose millions of users' sensitive data.

API SecurityBroken Object Level AuthorizationMonitoring
0 likes · 21 min read
Five Repeating Mistakes Behind 50 API Leak Disasters
Black & White Path
Black & White Path
Jul 9, 2026 · Information Security

One‑Stop Linux Privilege Escalation Toolkit Covering 24 Vulnerabilities Across 7 Architectures

lpe-toolkit is a multi‑architecture Linux privilege‑escalation toolkit that bundles 24 exploits across seven CPU architectures, automatically detects kernel versions to filter patched bugs, offers pre‑compiled binaries for amd64, multiple execution modes, and practical use cases for red‑team testing, incident response, and security research.

CVELinuxlpe-toolkit
0 likes · 8 min read
One‑Stop Linux Privilege Escalation Toolkit Covering 24 Vulnerabilities Across 7 Architectures
Black & White Path
Black & White Path
Jul 9, 2026 · Information Security

Designing and Deploying an AI‑Driven Autonomous Penetration Testing Bot

The article details the design of an expert‑driven AI penetration‑testing agent called Zero, built on Cairn with Claude code, and walks through a real‑world attack where the bot discovers a Django site, brute‑forces SSH, writes a webshell, while discussing efficiency, cost, and current limitations.

AI penetration testingCairnLLM
0 likes · 9 min read
Designing and Deploying an AI‑Driven Autonomous Penetration Testing Bot
Java Tech Enthusiast
Java Tech Enthusiast
Jul 8, 2026 · Information Security

How Claude Code Uses Steganography to Precisely Block Chinese Users

Claude Code identifies Chinese users by reading the local timezone and the ANTHROPIC_BASE_URL, then hides this information in system prompts using subtle Unicode steganography, allowing Anthropic to tag and block accounts without any visible telemetry or extra network traffic.

AnthropicClaude CodeSteganography
0 likes · 9 min read
How Claude Code Uses Steganography to Precisely Block Chinese Users
Huolala Safety Emergency Response Center
Huolala Safety Emergency Response Center
Jul 8, 2026 · Information Security

Exploring Host Security with eBPF: Building a Deep Kernel‑Level Monitoring Loop

This article examines how eBPF can reshape host security by providing kernel‑level visibility, low‑overhead real‑time monitoring, and a closed‑loop architecture that improves process and network data capture, compares performance against Netlink, and discusses stability and emergency handling mechanisms.

LinuxStabilityebpf
0 likes · 16 min read
Exploring Host Security with eBPF: Building a Deep Kernel‑Level Monitoring Loop
Machine Heart
Machine Heart
Jul 8, 2026 · Information Security

Prompt Compression Creates a New LLM Vulnerability: HKUST’s Black‑Box Attack Framework COMA (ASE 2026)

The paper reveals that prompt‑compression modules, widely used to reduce token usage in LLM agents, can be exploited to erase critical safety constraints, enabling a black‑box attack called COMA that achieves up to 71% success across multiple compressors and tasks, and proposes isolated compression as an effective defense.

Agentic AICOMALLM security
0 likes · 10 min read
Prompt Compression Creates a New LLM Vulnerability: HKUST’s Black‑Box Attack Framework COMA (ASE 2026)
Huolala Tech
Huolala Tech
Jul 8, 2026 · Information Security

Exploring Host Security with eBPF: Building a Deep Kernel‑Level Monitoring Loop

This article examines how eBPF can reshape host security by providing kernel‑level visibility, low‑overhead real‑time monitoring, and a closed‑loop architecture that improves process and network data capture, demonstrates higher audit success rates than Netlink, and outlines performance, stability, and emergency‑handling mechanisms.

LinuxPerformance benchmarkingebpf
0 likes · 16 min read
Exploring Host Security with eBPF: Building a Deep Kernel‑Level Monitoring Loop
Black & White Path
Black & White Path
Jul 8, 2026 · Information Security

Johnny: A Cross‑Platform GUI Front‑End for John the Ripper

Johnny is an open‑source, cross‑platform graphical front‑end for John the Ripper that simplifies password‑cracking with a visual interface, supports core and jumbo versions, offers multiple attack modes, session management, and provides easy installation on Linux, Windows, and macOS.

GUIJohnnycross‑platform
0 likes · 5 min read
Johnny: A Cross‑Platform GUI Front‑End for John the Ripper