wired.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-02.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-02 2026 | Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the WildMobile | Library for detecting DarkSword, a stealthy iPhone hacking technique that exploits vulnerabilities in iOS 18. This "smash-and-grab" tool, found embedded in websites, targets hundreds of millions of iOS devices by hijacking legitimate system processes to steal data like passwords, messages, browser history, and cryptocurrency credentials. DarkSword's fileless nature leaves minimal traces, and its code has been publicly exposed, inviting wider adoption by various hacking groups. |
| 2026-01-22 2026 | AI’s Hacking Skills Are Approaching an ‘Inflection Point’AIBug Bounty | Library detecting federated GraphQL vulnerabilities; AI models are increasingly capable of finding zero-day bugs and complex system interactions, as demonstrated by RunSybil's Sybil tool and Dawn Song's CyberGym benchmark. Frontier models like Anthropic's Claude Sonnet 4.5 show significant improvements in vulnerability identification, highlighting the growing need for AI-assisted defense strategies and secure-by-design coding practices. |
| 2024-08-27 2024 | This Teen Hacker Found Bugs in School Software That Exposed Millions of RecordsBug Bounty | Writeup detailing Bill Demirkapi's discovery of critical vulnerabilities in Blackboard and Follett school software, including SQL injection and cross-site scripting flaws. These bugs potentially exposed millions of student and teacher records, encompassing grades, immunization data, passwords, and personal information. The findings highlight significant security weaknesses in educational technology and the challenges researchers face in getting vendors to address them. |
| 2024-08-27 2024 | Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them AllOSINTSecrets | Writeup detailing researcher Bill Demirkapi's methods for discovering thousands of hard-coded developer secrets, including API keys and credentials for entities like Nebraska's Supreme Court and Stanford University, by leveraging VirusTotal's Retrohunt feature and YARA rules. The writeup also covers his identification of 66,000 websites with dangling subdomain issues, which could lead to hijacking and other attacks, using passive DNS replication data. Demirkapi developed an automated revocation process for exposed secrets, notably with OpenAI's assistance. |
| 2023-12-21 2023 | The Unsinkable Maddie Stone Googles Bug-Hunting BadassBug Bounty | Library for analyzing actively exploited software flaws, including zero-days found in security scanning tools and Android malware. It focuses on understanding attacker behavior, identifying novel techniques, and determining how structural improvements can mitigate entire classes of exploits, aiming to make zero-day vulnerabilities harder to find and exploit in the wild. |
| 2022-01-10 2022 | 6 Ways to Delete Yourself From the InternetOSINT | Reference to techniques for reducing your online footprint, covering data broker opt-outs, account deletion using services like Justdelete.me and Have I Been Pwned?, and cleaning up old social media posts via tools like TweetDelete. This also touches on using Google's tools to remove outdated or harmful content and the implications of third-party services accessing your data, referencing GDPR and CCPA. |