Information Security

Showing 100 articles max
360 Tech Engineering
360 Tech Engineering
Jul 3, 2026 · Information Security

AI Agent Security Summit Recap: Key Insights from the June 24 “ZhiYi” Workshop

The June 24 “ZhiYi” AI agent security summit in Beijing gathered leading researchers and practitioners to discuss the rapid evolution of AI agents in offensive and defensive contexts, presenting five technical sessions and a round‑table that examined real‑world agent designs, skill‑poisoning risks, chain‑escape attacks, large‑scale hardening at Baidu, and AI‑native SOC transformations.

AI agentsAI securitySOC automation
0 likes · 12 min read
AI Agent Security Summit Recap: Key Insights from the June 24 “ZhiYi” Workshop
360 Tech Engineering
360 Tech Engineering
Jul 3, 2026 · Information Security

Evolving AI‑Native Security Operations: From Agent Risk Monitoring to Agentic SOC

Facing an explosion of enterprise agents, 360’s security team built a dual‑track AI‑native operation that first makes agent‑related threats visible through AI runtime telemetry and then amplifies incident analysis, response and multi‑agent coordination while keeping expert oversight, ultimately turning the SOC into a real‑time risk decision engine.

AI runtime telemetryAI securityAgentic SOC
0 likes · 23 min read
Evolving AI‑Native Security Operations: From Agent Risk Monitoring to Agentic SOC
Black & White Path
Black & White Path
Jul 3, 2026 · Information Security

recon-skills: An Open‑Source Library of 156 Penetration‑Testing Skills

recon-skills is a community‑maintained open‑source repository that bundles 156 offensive security skills—validated on over 600 real targets across more than 45 industries—covering information gathering, vulnerability discovery, attack‑chain construction, and anti‑detection techniques, with full manuals and quick‑start instructions.

Security toolsinformation gatheringopen source
0 likes · 6 min read
recon-skills: An Open‑Source Library of 156 Penetration‑Testing Skills
Black & White Path
Black & White Path
Jul 3, 2026 · Information Security

The One API Line That Separates You From Top Hackers

The article argues that the bottleneck in security research is information scarcity, not talent, and introduces Preview—a RAG platform that indexes recent write‑ups and provides a simple API allowing AI agents to retrieve up‑to‑date vulnerability details, overcoming frozen LLM knowledge and delivering raw source links for accurate exploitation.

AI securityAPIRAG
0 likes · 9 min read
The One API Line That Separates You From Top Hackers
AI Architecture Path
AI Architecture Path
Jul 3, 2026 · Information Security

AI‑Powered Strix: 34K‑Star Security Tool Tackles Pen‑Testing Pain Points

Developers and security engineers face three major hurdles—high manual pen‑test costs, flood of false positives from SAST, and weak DAST coverage—so the open‑source AI framework Strix combines multi‑agent LLM coordination, Docker sandboxing, and native GitHub Actions to deliver verified exploits, full PoCs, and automated remediation, while noting its Docker dependency and token costs.

AI securityDockerGitHub Actions
0 likes · 11 min read
AI‑Powered Strix: 34K‑Star Security Tool Tackles Pen‑Testing Pain Points
21CTO
21CTO
Jul 2, 2026 · Information Security

Anthropic Strips Hidden Code That Detected Chinese Competitor Traffic

Anthropic confirmed that its Claude Code client contained a covert, Unicode‑based detection module that silently flagged traffic from Chinese AI firms and proxy services, and announced that the hidden logic will be completely removed in the upcoming software update.

AI securityAnthropicClaude Code
0 likes · 9 min read
Anthropic Strips Hidden Code That Detected Chinese Competitor Traffic
Cloud Architecture
Cloud Architecture
Jul 2, 2026 · Information Security

Production-Grade Anti-Fraud Architecture: From Traffic Entry to Decision Loop

This whitepaper details a production‑grade, multi‑layer anti‑fraud system that starts with low‑cost traffic filtering, builds rich risk signals, orchestrates rules, models and graph analysis for real‑time decisions, and embeds governance, scalability and high‑concurrency practices to protect online services.

anti-fraudarchitecturegovernance
0 likes · 44 min read
Production-Grade Anti-Fraud Architecture: From Traffic Entry to Decision Loop
Raymond Ops
Raymond Ops
Jul 2, 2026 · Information Security

Linux Security Hardening in Practice: 20 Essential Configurations Explained

This comprehensive guide walks you through Linux system hardening by outlining default settings, common pitfalls, and a step‑by‑step checklist of 20 critical configurations covering account policies, SSH, firewall, kernel parameters, file permissions, and audit logging, complete with verification commands, rollback procedures, and real‑world case studies.

ComplianceLinuxSSH
0 likes · 37 min read
Linux Security Hardening in Practice: 20 Essential Configurations Explained
Golang Shines
Golang Shines
Jul 2, 2026 · Information Security

AI Agent Automates PTES Penetration Testing – Inside Pentester

Pentester is an open‑source AI‑driven framework that fully automates the PTES seven‑stage penetration testing workflow—from pre‑engagement parameter collection and compliance checks to intelligence gathering, vulnerability analysis, exploitation, post‑exploitation, and report generation—by interacting with users one question at a time and parallelizing sub‑tasks.

AI AgentAutomationPTES
0 likes · 9 min read
AI Agent Automates PTES Penetration Testing – Inside Pentester
Black & White Path
Black & White Path
Jul 2, 2026 · Information Security

China’s Mysterious AI Security Team “MopMonk” Shocks the Industry with a 73% Success Rate

A previously unknown Chinese AI security group called MopMonk, operating without a website or corporate backing, posted a GitHub report that achieved a 73.1% vulnerability‑exploitation success rate, ranked seventh globally in the UC Berkeley‑run CyberGym benchmark, and demonstrated novel memory‑based multi‑agent techniques that signal China’s rising AI security prowess.

AI securityBenchmarkCyberGym
0 likes · 9 min read
China’s Mysterious AI Security Team “MopMonk” Shocks the Industry with a 73% Success Rate
Black & White Path
Black & White Path
Jul 2, 2026 · Information Security

Unauthenticated Enumeration of All Microsoft Account Authentication Methods with CredSpy

CredSpy, an open‑source tool released by security researcher RedByte1337, leverages Microsoft’s public GetCredentialType API to enumerate, without any authentication, the full set of supported authentication methods for a given Microsoft 365 (Entra ID) account, aiding red‑team reconnaissance and defensive assessments.

Credential EnumerationGetCredentialType APIMicrosoft 365
0 likes · 8 min read
Unauthenticated Enumeration of All Microsoft Account Authentication Methods with CredSpy
Black & White Path
Black & White Path
Jul 2, 2026 · Information Security

Detect MCP, A2A Agents, and Open LLM Interfaces Using AgentScan

AgentScan extends traditional port scanning by identifying MCP servers, A2A agents, and open LLM interfaces, revealing available tools, agent capabilities, model lists, and authentication status, with detailed usage commands and configurable parameters.

A2A AgentAgentScanLLM
0 likes · 3 min read
Detect MCP, A2A Agents, and Open LLM Interfaces Using AgentScan

Anthropic’s Claude Code Trojan Exposed: Hidden Steganography and XOR Obfuscation

Anthropic confirmed that its Claude Code tool contained a three‑month‑old hidden trojan that used XOR‑based obfuscation and steganographic modifications of system prompts to detect proxies and leak user location, prompting a rollback after developer reverse‑engineering revealed the code.

AnthropicClaude CodeSteganography
0 likes · 7 min read
Anthropic’s Claude Code Trojan Exposed: Hidden Steganography and XOR Obfuscation
ITPUB
ITPUB
Jul 1, 2026 · Information Security

Why Claude Code Is Banning Accounts: Hidden Backdoor Targeting Chinese Users

Since June 2026, Anthropic’s Claude Code has abruptly banned hundreds of thousands of accounts, embedding a covert environment‑detection routine that uses steganography to flag Chinese time zones and proxy domains, while the appeal process is broken and the company’s explanations have sparked widespread criticism.

AnthropicClaude CodeSteganography
0 likes · 9 min read
Why Claude Code Is Banning Accounts: Hidden Backdoor Targeting Chinese Users
James' Growth Diary
James' Growth Diary
Jul 1, 2026 · Information Security

How a Three‑Tier Authorization Model Secures Agent Execution

The article details Hermes' multi‑layered permission system—hardline blocklists, pattern‑based dangerous command detection, persistent approval granularity, three approval modes (Manual, Smart, YOLO), file‑write protection rules, customizable shell hooks, tool‑guardrails for loops, and an ACP bridge—illustrating how each layer defends AI agents from destructive actions.

Agent securityFile protectionHardline blocklist
0 likes · 20 min read
How a Three‑Tier Authorization Model Secures Agent Execution
IT Services Circle
IT Services Circle
Jul 1, 2026 · Information Security

Why Claude Code Bans Users: Hidden Code Targeting Chinese Users Unveiled

A reverse‑engineered analysis reveals that Claude Code silently tags Chinese users by reading the system timezone and a custom API endpoint, then embeds covert steganographic markers—altered date separators and special Unicode quotes—into each request, allowing Anthropic to identify and block them without extra network traffic.

APIAccount BanningAnthropic
0 likes · 10 min read
Why Claude Code Bans Users: Hidden Code Targeting Chinese Users Unveiled
Machine Heart
Machine Heart
Jul 1, 2026 · Information Security

Claude Code Caught Secretly Fingerprinting Chinese Users via Prompt Steganography

The article details how Anthropic's Claude Code secretly gathers Chinese users' timezone and proxy information by embedding hidden markers in system prompts through steganography, explains the detection logic, discusses the privacy implications, and notes Anthropic's plan to remove the code in an upcoming release.

AIAnthropicChina
0 likes · 8 min read
Claude Code Caught Secretly Fingerprinting Chinese Users via Prompt Steganography
Black & White Path
Black & White Path
Jul 1, 2026 · Information Security

How Claude Code Secretly Spyed on Chinese Users via Unicode Steganography

Reverse engineers uncovered that Anthropic’s Claude Code, from version 2.1.91 to 2.1.196, silently harvests Chinese users’ location, proxy settings, and AI lab affiliation by exploiting Unicode steganography, timezone checks, punctuation substitution, and XOR‑obfuscated strings, prompting a community outcry over trust and privacy.

AnthropicClaude CodeUnicode steganography
0 likes · 10 min read
How Claude Code Secretly Spyed on Chinese Users via Unicode Steganography