the420.in
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-15.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-15 2026 | 124 Days To Fix Out Of Scope Bug: AMD Faces Backlash From Cyber CommunityBug Bounty | AMD is facing criticism from the cybersecurity community for taking an excessive 124 days to address a bug that was initially deemed "out of scope." This lengthy delay has raised concerns about AMD's vulnerability management practices. The cyber community expects quicker responses to security issues, regardless of their initial classification, to ensure timely protection for users. |
| 2026-06-12 2026 | Researcher Brutecat Uses Claude AI To Crack Google API SecurityAPI Sec | Writeup detailing how Claude AI assisted a researcher in discovering over 20 critical vulnerabilities across 1,500 Google APIs and internal systems, earning over $500,000 in bug bounty rewards. The process involved analyzing Google's API discovery documents, extracting thousands of API keys from Android and iOS applications, and leveraging AI for automated audits of access-control weaknesses. Vulnerabilities affected services like Google Voice, Fiber, YouTube, advertising platforms, and Vertex AI Search, with some enabling unauthorized access to sensitive user data and account control. |
| 2026-06-08 2026 | Microsoft Threat Intelligence Exposes Prompt Injection Flaw In Anthropic Claude Code ActionAPI Sec | Library for securing AI coding agents, this entry details a prompt injection vulnerability discovered by Microsoft in Anthropic's Claude Code GitHub Action. The flaw allowed attackers to steal sensitive credentials and access tokens by embedding malicious instructions within issues, leading the AI agent to read restricted runner files like `/proc/self/environ`. Anthropic patched the vulnerability by reinforcing sandboxing around the Read tool and blocking access to sensitive procfs files. |
| 2026-04-12 2026 | Could Sock Puppeting Be the New Trick Jailbreaking Major LLMs?AI | Technique for jailbreaking LLMs using "sockpuppeting" exploits assistant prefill APIs across major models like Gemini 2.5 Flash and GPT-4o-mini. This method injects a fake acceptance message into the assistant's role, forcing models to bypass safety guardrails and generate prohibited content, including malicious exploit code and system prompts. Providers like OpenAI and AWS Bedrock mitigate this by blocking assistant prefills entirely, while platforms like Google Vertex AI are susceptible due to differing message handling. Security teams are advised to incorporate this vulnerability into AI red-teaming and implement API-layer message ordering validation. |
| 2026-04-02 2026 | Agentic OSINT: The Next Evolution Of Intelligence GatheringOSINT | Walkthrough of Agentic OSINT, an evolution in intelligence gathering where goal-driven AI agents autonomously plan, execute, adapt, and collaborate to achieve specific intelligence objectives. This paradigm shift, contrasting with traditional Generative AI's pattern identification, multiplies analytical capabilities by orchestrating multiple agents for tasks like data collection, verification, and threat mapping, enabling proactive, mission-oriented workflows for cybersecurity professionals. |