Security Week 2614: Supply Chain Attack on LiteLLM Library
Last week's major news was the hack of the LiteLLM library, used as an intermediary for communication with a large number of language models. Through another malicious…
Security
Discover the latest news, reviews, and best practices in information security. Stay updated on cybersecurity threats, protection strategies, and innovations in safeguarding data
AI Hacker – The End of the Internet?
Today, I read about future AI hackers and realized that the problem is much bigger than "more cyberattacks." It no longer seems like fantasy. OpenAI states that it is…
How Microsoft "Fixes" Windows 11: Flowers After Beatings
Recently, Microsoft announced a seven-point plan to fix Windows 11, which the tech press received as an act of redemption. Windows President Pavan Davuluri admitted in…
SSO: How Single Sign-On Works and How It Is Implemented in MULTIFACTOR
In corporate infrastructure, entry points are often more numerous than desired. Email, VPN, internal portals, development systems, cloud services—each resource has its…
MitM proxy for LLM
Many developers have recently been using cloud-based LLMs for generating code, including with the help of agents. However, this raises at least two issues.
TLS fingerprinting: why even clean proxies don't prevent bans
Imagine a situation: you carefully prepared for multi-accounting, set up the environment, assigned a unique residential proxy for each stream, and trusted your IP addresses…
Blockchain voting architecture for national elections: resilience architecture
In August 2019, just weeks before the Moscow City Duma elections, Pierrick Godri from the INRIA research institute published the results of an analysis of the code of…
Writing Your Own Crypto Engine for USB Drives: Secure Storage, Stream Encryption, and Fault Tolerance in Python
It all started with a simple task: securely transferring files on regular USB drives without cumbersome containers or complex user setups.
VLESS on a router with OpenWRT
A brief guide to installing a VPN on a router running OpenWRT using the Passwall package
Studying eBPF: Linux Kernel Programming for Improved Security, Networking, and Observability
We'd like to remind you about one of the most interesting niche books on Linux that we have published in recent years - "Learning eBPF: Linux Kernel Programming for Improving…
Why Your Password is Already Hacked
Weak passwords are a headache for both users and developers. The former think, "Who would hack me?" while the latter are sure, "I'm not a bank, who needs my database?"…
Art of InfoSec, Part 1: Introduction
Information security is a vast stack of interconnected methodologies, techniques, technologies, software, and hardware, sprinkled with half a ton of regulations and decrees…
Out of 50, only 10 remain: who is actually making NGFW in Russia and who is just talking about it
Of 50+ vendors claiming to develop NGFW after 2022, about 10 remain in the market. We analyze who and why
In Search of Secrets. iOS Pentest. Part Three
This time I will teach you how to find what developers hide in iOS applications. We might find passwords, personal data, or even backend API keys, which will allow us…
Automating Infrastructure Scanning: Script 3.0 for Scanner-BC 7
Hello, tekkix! This is Anton Dyatlov, information security engineer at Selectel. Recently, Echelon released Scanner-BC 7, which changed the API logic. The old script…
From CI to GitOps: Bootstrap Namespaces in Kubernetes
Hello, tekkix! My name is Nikita Chubarov. According to my labor contract, I am an engineering expert in service development and maintenance, but in reality, I am a DevOps…
API and Security Testing in Interviews: A Complete Analysis with Task Examples
Hello, tekkix! In the previous article, I covered 5 test design techniques that are asked in interviews.
Cloud Hosting Can Unknowingly Delete Files from HDD
When using cloud hosting like OneDrive or Google Drive, backup is usually expected. It seems logical that cloud backup should enhance information security by making file…
