Jorge alvarez

Daniel Stenberg (curl project) on security reports generated with the help of AI linkedin.com/posts/danielst… hackerone.com/curl/hacktivit…

FREE Azure Red Team Webinars As part of the Month of Azure Red Teaming 2026, explore real-world attack techniques across compute, identity, APIs & more. Learn from experts through hands-on sessions. Register: alteredsecurity.com/azure-red-team… #Azure #RedTeaming #CloudSecurity #CyberSecurity

Claude Code's remote control protocol lets developers orchestrate instances programmatically. @tyholms reverse engineered it and found an undocumented flag that redirects any instance to attacker-controlled infrastructure, silently bypassing all permission checks. originhq.com/blog/reversing…

If you can't see the queries, you can't secure the data. DNS filtering helps you identify and score every AI tool on your network. See 5 ways to build a better security foundation: cfl.re/3Qawx9d

The Initial Access Broker market is maturing. In H2 2025... 📈 Asking prices (and the size of targeted orgs) rose 👀 New marketplaces thrive; older forums stall or shut down 🏛️ Government the top-targeted sector For key findings, recommendations & more: r-7.co/4bVvi4Z

#TeamPCP was caught using #AdaptixC2 after compromising a package. They deployed the beacon for remote shell, process management, and screenshot capture. Full writeup by OX Security: ox.security/blog/teampcps-… The sample hit both of our rules. valhalla.nextron-systems.com/info/search?ke…

ffuf just got smarter 🤖⚡ ffufai brings AI into fuzzing — smarter payloads, better endpoint discovery, less noise. Stop guessing. Start targeting. 🎯 🔗 Source: github.com/jthack/ffufai #BugBounty #Infosec #WebSecurity #Recon

I use this graph in internal slides to better explain the concept

WMI Internals, by @JonnyJohnson_ Part 1 Understanding the Basics jsecurity101.medium.com/wmi-internals-… Part 2 Reversing a WMI Provider jsecurity101.medium.com/wmi-internals-… Part 3 Beyond COM jonny-johnson.medium.com/wmi-internals-…

Hijacking threads via ROP chains. A stealthy injection technique that manipulates existing threads to execute malicious code. A post by Umarex. Source: infosecwriteups.com/t-rop-h-thread… #redteam #blueteam #maldev #malwaredevelopment

Resources from the #TROOPERS25 AD & Entra ID Security track Featuring @Jonas_B_K @martinhaller_IT @TEMP43487580 @JsQForKnowledge @fabian_bader @_dirkjan @ShitSecure @DrAzureAD @SecurityThunder @kazma_tw @subat0mik @unsigned_sh0rt @ericonidentity insinuator.net/2025/08/troope…

ADTrapper. Active Directory Security Analysis Platform, by @M_haggis github.com/MHaggis/ADTrap… Video: youtube.com/watch?v=kr4SwB…

CEOs are wasting millions on AI. Here's why. 💸 CEOs are pouring millions into AI, but simply swapping a human for an AI agent in the middle of a broken process won't change your business. True AI transformation requires an end-to-end workflow redesign. Don't just use AI to make the old way faster—use it to build a completely new experience. Ready to build AI workflows that actually move the needle? @DeepLearningAI offers free short courses to help you master agentic workflows and the latest AI tools. Start learning today: hubs.la/Q048nRwq0 Subscribe to The Batch newsletter for weekly AI insights: hubs.la/Q048nVvj0

The @VulnCheckAI team took a look at exploited CVEs in network edge technologies, with emphasis on EOL versions and device categorization. This is a neat graphic, esp. if you've manually categorized these things before! Full network edge report here: wwv.vulncheck.com/2026-network-e…

DDoS is accelerating. 📈 +77% YoY growth ⚡ Fastest-growing attack vector in North America Attackers don’t always need access. Sometimes, disruption is enough. 👉 Get the data: blog.checkpoint.com/research/north… #CyberSecurity #DDoS #ThreatIntel

Understand how AI systems break — so you can defend them. Join us in Arlington at #AISummit (Apr 20–21) for 2 days of talks & workshops inc a session with Venkata Sai Kishore Modalavalasa & Helen Oakley on attacking & securing agentic AI workflows. ➡️ sans.org/u/1CNB

oh oh! Someone didn't follow @SANSOffensive SEC565 and left their C2 web interface exposed to the internet! can you get in? sec565.rocks read about how I recently used an LLM to bypass math captchas and decided to make it a SEC565 bonus lab. jfmaes.me/blog/your-capt…

Querida Red: lo prometido es deuda. Aquí tenéis el repositorio de la herramienta que comenté en #rootedcon2026. Antes un breve descargo de responsabilidad: 1. La herramienta tiene distintos puntos débiles que permiten hacer inútil su uso efectivo en el mundo real: estoy comprometido con lo que hago, pero no quiero liberar nada dañino *todavía*. 2. Puede ser o no que funcione bien en escenarios de NAT traverlas: he probado distintos y otros no. 3. Hay cosas en la forma que se usa el cifrado que son cuestionables. En conclusión, NO LA USÉIS PARA NADA QUE OS PUEDA GENERAR UN PELIGRO. github.com/cryptografree/… #rootedcon2026 #criptored #anon #CryptograFREE /cc @criptored @rootedcon @mindcrypt

From Ransomware to Residency: Inside the Rise of the Digital Parasite dlvr.it/TRRKhJ #Cybersecurity #Ransomware #Malware #DataBreach #DigitalSecurity