The fifth generation mobile communications protocol (5G) is perhaps the most complicated wireless protocol ever made. Featuring wildly fast download speeds, beam forming base stations, and of course non-standard additions, it’s rather daunting prospect to analyze for the home hacker and researcher alike. But this didn’t stop the ASSET Research Group from developing a 5G […]
One of the hot topics currently is using LLMs for security research. Poor quality reports written by LLMs have become the bane of vulnerability disclosure programs. But there is an equally interesting effort going on to put LLMs to work doing actually useful research. One such story is [Romy Haik] at ULTRARED, trying to build […]
The Internet is fighting over whether robots.txt applies to AI agents. It all started when Cloudflare published a blog post, detailing what the company was seeing from Perplexity crawlers. Of course, automated web crawling is part of how the modern Internet works, and almost immediately after the first web crawler was written, one managed to […]
Web systems are designed to be simple and reliable. Designing for the everyday person is the goal, but if you don’t consider the odd man out, they may encounter some problems. This is the everyday life for some people with names that often have unconsidered features, such as apostrophes or spaces. This is the life […]
The Tea app has had a rough week. It’s not an unfamiliar story: Unsecured Firebase databases were left exposed to the Internet without any authentication. What makes this story particularly troubling is the nature of the app, and the resulting data that was spilled. Tea is a “dating safety” application strictly for women. To enforce […]
A universal feature of traveling Europe as a Hackaday scribe is that when you sit in a hackerspace in another country and proclaim how nice a place it all is, the denizens will respond pessimistically with how dreadful their country really is. My stock response is to say “Hold my beer” and recount the antics […]
There was a disturbance in the enterprise security world, and it started with a Pwn2Own Berlin. [Khoa Dinh] and the team at Viettel Cyber Security discovered a pair of vulnerabilities in Microsoft’s SharePoint. They were demonstrated at the Berlin competition in May, and patched by Microsoft in this month’s Patch Tuesday. This original exploit chain […]
There’s a train vulnerability making the rounds this week. The research comes from [midwestneil], who first discovered an issue way back in 2012, and tried to raise the alarm. Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years […]
The old saying that the best way to learn is by doing holds as true for penetration testing as for anything else, which is why intentionally vulnerable systems like the Damn Vulnerable Web Application are so useful. Until now, however, there hasn’t been a practice system for penetration testing with drones. The Damn Vulnerable Drone […]
In case you can’t wait for your flash memory to die from write cycling, TeamGroup now has a drive that, via software or hardware, can destroy its own flash chips with a surge of voltage. If you wonder why you might want this, there are military applications where how you destroy a piece of equipment […]