Published on: 2025-06-17 16:00:44
Hey HN! We're Brandon, Sam, and Akul from MindFort ( https://mindfort.ai ). We're building autonomous AI agents that continuously find, validate, and patch security vulnerabilities in web applications—essentially creating an AI red team that runs 24/7. Here's a demo: https://www.loom.com/share/e56faa07d90b417db09bb4454dce8d5a Security testing today is increasingly challenging. Traditional scanners generate 30-50% false positives, drowning engineering teams in noise. Manual penetration testing
Keywords: agents ai security testing vulnerabilities
Find related items on AmazonPublished on: 2025-06-20 08:25:31
More than 40,000 new vulnerabilities (CVEs) were published in 2024 alone. More than 60% of those were labeled “high” or “critical.” Sounds scary, sure, but how many of them actually put your environment at risk? Not nearly as many as you might think. Scoring systems like CVSS flag severity based on technical factors. But they don’t know your network, your controls, or how you’ve hardened key assets. That’s a problem. Because without context, teams spend too much time chasing scary-looking bugs
Keywords: critical exposure teams validation vulnerability
Find related items on AmazonPublished on: 2025-06-22 18:25:45
In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API – no scaffolding, no agentic frameworks, no tool use. Recently I’ve been auditing ksmbd for vulnerabilities. ksmbd is “a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network.“. I started this project specifically to take a break from LLM-related tool development but after t
Keywords: code o3 sess user vulnerability
Find related items on AmazonPublished on: 2025-06-22 20:41:19
Lnk Git-native dotfiles management that doesn't suck. Move your dotfiles to ~/.config/lnk , symlink them back, and use Git like normal. That's it. lnk init lnk add ~ /.vimrc ~ /.bashrc lnk push " setup " Install # Quick install (recommended) curl -sSL https://raw.githubusercontent.com/yarlson/lnk/main/install.sh | bash # Homebrew (macOS/Linux) brew tap yarlson/lnk brew install lnk # Manual download wget https://github.com/yarlson/lnk/releases/latest/download/lnk- $( uname -s | tr ' [:uppe
Keywords: config files git lnk symlinks
Find related items on AmazonPublished on: 2025-07-02 07:05:00
Cairo-based Sylndr has raised $15.7 million as it expands beyond online used car sales into auto financing, servicing, and tools for dealers. Development Partners International’s Nclude Fund led the round. The company, which operates in Egypt’s fast-growing but under-digitized vehicle market, said the latest round includes both fresh equity and previously unannounced seed financing. Sylndr also raised nearly $10 million in debt financing from local banks in the past year, bringing its total ra
Keywords: cars egypt financing sylndr used
Find related items on AmazonPublished on: 2025-07-04 22:18:49
Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly exploited in decades past. XSS is short for cross-site scripting. Vulnerabilities result from programming errors found in webserver software that, when exploited, allow attackers to execute malicious code in the browsers of people visiting an affected website. XSS first got attention in 2005, with t
Keywords: eset mdaemon sednit vulnerabilities xss
Find related items on AmazonPublished on: 2025-07-07 23:40:54
A California judge fined two law firms $31,000 after discovering that they'd included AI slop in a legal brief — the latest instance in a growing tide of avoidable legal drama wrought by lawyers using generative AI to do their work without any due diligence. As The Verge reported this week, the court filing in question was a brief for a civil lawsuit against the insurance giant State Farm. After its submission, a review of the brief found that it contained "bogus AI-generated research" that led
Keywords: ai brief firm legal milner
Find related items on AmazonPublished on: 2025-07-09 19:55:47
A plaintiff's law firms were sanctioned and ordered to pay $31,100 after submitting fake AI citations that nearly ended up in a court ruling. Michael Wilner, a retired US magistrate judge serving as special master in US District Court for the Central District of California, admitted that he initially thought the citations were real and "almost" put them into an order. These aren't the first lawyers caught submitting briefs with fake citations generated by AI. In some cases, opposing attorneys f
Keywords: ai attorneys citations order wilner
Find related items on AmazonPublished on: 2025-07-10 00:55:47
A plaintiff's law firms were sanctioned and ordered to pay $31,100 after submitting fake AI citations that nearly ended up in a court ruling. Michael Wilner, a retired US magistrate judge serving as special master in US District Court for the Central District of California, admitted that he initially thought the citations were real and "almost" put them into an order. These aren't the first lawyers caught submitting briefs with fake citations generated by AI. In some cases, opposing attorneys f
Keywords: ai attorneys citations order wilner
Find related items on AmazonPublished on: 2025-07-11 16:22:47
is a news writer who covers the streaming wars, consumer tech, crypto, social media, and much more. Previously, she was a writer and editor at MUO. A California judge slammed a pair of law firms for the undisclosed use of AI after he received a supplemental brief with “numerous false, inaccurate, and misleading legal citations and quotations.” In a ruling submitted last week, Judge Michael Wilner imposed $31,000 in sanctions against the law firms involved, saying “no reasonably competent attorn
Keywords: ai brief judge law milner
Find related items on AmazonPublished on: 2025-07-12 12:56:57
Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also fixes six "Critical" vulnerabilities, five being remote code execution vulnerabilities and another an information disclosure bug. The number of bugs in each vulnerability category is listed below: 17 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 28 Remote Co
Keywords: 2025 exploited microsoft privileges vulnerability
Find related items on AmazonPublished on: 2025-07-12 16:44:51
Anyone who speculates on likely events ahead of time and prepares accordingly can react quicker to new developments. What practically every person does every day, consciously or unconsciously, is also used by modern computer processors to speed up the execution of programs. They have so-called speculative technologies which allow them to execute instructions on reserve that experience suggests are likely to come next. Anticipating individual computing steps accelerates the overall processing of
Keywords: computer cpu information processors vulnerability
Find related items on AmazonPublished on: 2025-07-12 22:58:25
The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems. As of Tuesday, the full-fledged version of the website is up and running. "The EU is now equipped with an essential tool designed to substantially improve the management of vulnerabilities and the risks associated wit
Keywords: cve euvd program vulnerabilities vulnerability
Find related items on AmazonPublished on: 2025-07-14 12:07:58
NurPhoto/Getty Images Are you still using a router that's past its prime? If so, you could be opening yourself up to a malicious attack. The FBI is warning that cybercriminals are targeting routers that have reached their end of life and are no longer supported by the manufacturer. In an advisory and a PSA published last week, the agency said that attackers are deploying malware against many older routers. Typically dated from 2010 or earlier, these routers have already reached end-of-life, wh
Keywords: linksys malware router routers vulnerable
Find related items on AmazonPublished on: 2025-07-22 00:09:33
A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app. The verdict is considered a landmark case for being the first time a spyware vendor is held accountable in court, and could send ripples across the commercial spyware industry. "Today's verdict in WhatsApp's case is an important step forward for privacy and security as the f
Keywords: group nso spyware vulnerability whatsapp
Find related items on AmazonPublished on: 2025-07-26 12:01:30
Given a function such as \(\tan x\), could you write \(\frac{d}{dx} \arctan x\) and \(\int \arctan x \; dx\), just from \(\tan x\), \(\frac{d}{dx} \tan x\) and \(\int \tan x \; dx\)? With some caveats, the inverse function theorem answers the former while the Legendre transformation answers the later. We’ll approach this with as much geometric intuition as possible, avoiding the dry application of formulas. Derivatives of inverse functions and the inverse function theorem Instead of approachin
Find related items on AmazonPublished on: 2025-07-26 22:00:00
is a news editor covering technology, gaming, and more. He joined The Verge in 2019 after nearly two years at Techmeme. Polygon, The Verge’s former sister site dedicated to covering gaming and entertainment, is now owned by Valnet, a company that owns more than 27 different brands covering gaming, entertainment, sports, travel, and more. The transition is, let’s say, ongoing: a day after the acquisition, the site still said it was a Vox Media property, and the site’s coverage continued more or
Keywords: arzoumanian gaming polygon said valnet
Find related items on AmazonPublished on: 2025-07-30 16:12:06
is a news editor covering technology, gaming, and more. He joined The Verge in 2019 after nearly two years at Techmeme. Polygon, The Verge’s sister site dedicated to gaming and entertainment, has been sold by Vox Media to Valnet, a company that owns brands like ScreenRant, GameRant, and Android Police. Some Polygon staffers will continue with the publication under its new owner, while others have been laid off, according to posts online and an internal message sent to Vox Media employees. Valn
Keywords: gaming media polygon staffers valnet
Find related items on AmazonPublished on: 2025-08-04 10:56:00
Lincoln's internet options shine bright like its nickname: Star City. Home to the stunning Sunken Gardens and a fantastic collection of museums, Lincoln isn't just stuck in the past. It's also got some of the fastest and most reliable internet connectivity options for its residents. In most cases, that would be a pick between Allo, Spectrum and Kinetic by Windstream. Allo is the best internet service provider in Lincoln, Nebraska. The company's widespread fiber network and straightforward prici
Keywords: allo internet lincoln month service
Find related items on AmazonPublished on: 2025-08-04 20:12:20
Security vulnerabilities discovered in Apple’s AirPlay SDK mean that millions of devices could be hacked by attackers. The flaw has been dubbed AirBorne. Related vulnerabilities would also have allowed hackers to attack Apple devices too, but the iPhone maker says it has issued fixes for these in the past few months. CarPlay devices are also vulnerable, though the real-life risks there are very low … AirPlay is the Wi-Fi-based protocol that allows Apple devices like iPhones, iPads, and Macs to
Keywords: airplay apple devices security vulnerabilities
Find related items on AmazonPublished on: 2025-08-06 16:46:43
Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. SAP NetWeaver is an application server and development platform that runs and connects SAP and non-SAP applications across different technologies. Last week, SAP disclosed an unauthenticated file upload vulnerability, tracked as CVE-2025-31324, in SAP NetWeaver Visual Composer, specifically the Metadata U
Keywords: exposed netweaver sap servers vulnerable
Find related items on AmazonPublished on: 2025-08-11 04:06:59
Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. Power Platform includes applications designed to help companies analyze data and automate processes, while Dynamics 365 is a set of business apps that connect customers, products, people, and operations. Eligible AI vulnerability types include inference manipulation, model manipulation, and inferential information disclosure of critical or impo
Keywords: ai bounty microsoft severity vulnerabilities
Find related items on AmazonPublished on: 2025-08-14 10:20:33
42 Free and Open Source Projects Receive Funding to Reclaim the Public Nature of the Internet It is wonderful to see the growing number of people working on digital commons, inventing and improving technologies to the benefit of all humanity. 42 of such projects have been selected for funding in the October call of the NGI Zero Commons Fund. In terms of applications, it was the largest call round in NGI Zero's life time. And we'd like to take this space to thank all applicants for their contrib
Keywords: details nl nlnet open project
Find related items on AmazonPublished on: 2025-08-20 00:05:23
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. "An improper authentication control vulnerability exists in certain ASUS router firmware series," r
Keywords: asus firmware series users vulnerability
Find related items on AmazonPublished on: 2025-08-21 12:34:57
A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany and given a maximum severity score of 10.0. All devices running the Erlang/OTP SSH daemon are impacted by the vulnerability and are advised to upgrade to versions 25.3.2.10 and 26.2.4 to fix th
Keywords: daemon erlang flaw ssh vulnerability
Find related items on AmazonPublished on: 2025-08-22 20:00:07
I was surrounded by palm trees, the unforgiving Caribbean sun, music in Spanish and sweat in the heart of Puerto Rico's Botanical Garden of Caguas. I was at Me, Myself & I -- the island's most immersive wellness event -- but I left with something far more personal: a deep sense of affirmation that wellness, when rooted in culture and community, is more than a trend. It's a return to self. As a Latina millennial in wellness media and someone who was born and raised in Puerto Rico, this event felt
Keywords: fitness like peloton tech wellness
Find related items on AmazonPublished on: 2025-08-23 06:54:30
On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. Tracked as CVE-2021-20035, this security flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices. Successful exploitation can allow remote threat actors with low privileges to execute arbitrary code in low-complexity attacks. "Improper neutralization of special e
Keywords: attacks exploited sma sonicwall vulnerability
Find related items on AmazonPublished on: 2025-08-24 04:34:39
fotograzia/Getty Images Over the weekend, security experts were beginning to panic. MITRE announced that the US government had not renewed funding for the Common Vulnerabilities and Exposures (CVE) database. MITRE VP Yosry Barsoum warned that the government contract support enabling MITRE "to develop, operate, and modernize CVE" would expire on April 16. That would mean, Barsoum continued, "multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, too
Keywords: cve data mitre security vulnerability
Find related items on AmazonPublished on: 2025-08-24 07:54:17
Assumed Audience: Programmers and others in the cybersecurity industry. Epistemic Status: Confident. tl;dr: The industry needs professional certifications and liabilities for not reporting vulnerabilities. Introduction I don’t know if you have seen the news, but MITRE’s government contract for CVE was about to expire today (until they got a reprieve). As techies are wont to do, and since the current administration is behated by most techies, they are up in arms about it. Let me say upfront:
Keywords: attributes pswe pswes think vulnerabilities
Find related items on AmazonPublished on: 2025-08-25 15:46:17
Robert Triggs / Android Authority TL;DR The US government has stopped funding the Common Vulnerabilities and Exposures (CVE) database, a standardized global system for identifying and tracking software vulnerabilities across platforms and devices, including Android. Without CVEs, Google’s monthly Android security bulletins may face delays, confusion, or reduced transparency. It’s unclear who, if anyone, will step in to maintain or replace the CVE system. The United States government has abru
Keywords: android cve program security vulnerabilities
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.