wired.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-27.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-27 2026 | The AI Era Is Creating a Bug Hunting Arms RaceBug Bounty | Survey of AI's impact on bug hunting, detailing how agentic AI models are accelerating vulnerability discovery and exploit development, leading to an arms race. This surge is flooding bug bounty programs, changing payout economics, and pressuring traditional disclosure timelines like 90-day deadlines, as seen with projects like Curl and the Linux mailing list. Researchers like Joseph Thacker are leveraging AI for increased submissions, while companies like Google are adapting reward programs, and some advocate for structural defenses over patching to mitigate risks posed by AI-enabled zero-day exploits from both criminal and nation-state actors. |
| 2026-05-21 2026 | A Hacker Group Is Poisoning Open Source Code at an Unprecedented ScaleSupply Chain | Library providing defensive measures against unprecedented software supply chain attacks, detailing the techniques employed by the threat group TeamPCP. The group has successfully compromised hundreds of open source tools, including VSCode extensions, AntV, Trivy, LiteLLM, Checkmarx, pgserve, TanStack, and Mistral AI, leading to breaches at entities like GitHub, OpenAI, and Mercor. TeamPCP utilizes self-spreading worms like Mini Shai-Hulud and exploits long-lived credentials to gain access, often for ransomware and data extortion. |
| 2026-04-02 2026 | Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the WildMobile | Library for detecting DarkSword, a stealthy iPhone hacking technique that exploits vulnerabilities in iOS 18. This "smash-and-grab" tool, found embedded in websites, targets hundreds of millions of iOS devices by hijacking legitimate system processes to steal data like passwords, messages, browser history, and cryptocurrency credentials. DarkSword's fileless nature leaves minimal traces, and its code has been publicly exposed, inviting wider adoption by various hacking groups. |
| 2026-01-22 2026 | AI’s Hacking Skills Are Approaching an ‘Inflection Point’AIBug Bounty | Library detecting federated GraphQL vulnerabilities; AI models are increasingly capable of finding zero-day bugs and complex system interactions, as demonstrated by RunSybil's Sybil tool and Dawn Song's CyberGym benchmark. Frontier models like Anthropic's Claude Sonnet 4.5 show significant improvements in vulnerability identification, highlighting the growing need for AI-assisted defense strategies and secure-by-design coding practices. |
| 2024-08-27 2024 | This Teen Hacker Found Bugs in School Software That Exposed Millions of RecordsBug Bounty | Writeup detailing Bill Demirkapi's discovery of critical vulnerabilities in Blackboard and Follett school software, including SQL injection and cross-site scripting flaws. These bugs potentially exposed millions of student and teacher records, encompassing grades, immunization data, passwords, and personal information. The findings highlight significant security weaknesses in educational technology and the challenges researchers face in getting vendors to address them. |
| 2024-08-27 2024 | Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them AllOSINTSecrets | Writeup detailing researcher Bill Demirkapi's methods for discovering thousands of hard-coded developer secrets, including API keys and credentials for entities like Nebraska's Supreme Court and Stanford University, by leveraging VirusTotal's Retrohunt feature and YARA rules. The writeup also covers his identification of 66,000 websites with dangling subdomain issues, which could lead to hijacking and other attacks, using passive DNS replication data. Demirkapi developed an automated revocation process for exposed secrets, notably with OpenAI's assistance. |
| 2023-12-21 2023 | The Unsinkable Maddie Stone Googles Bug-Hunting BadassBug Bounty | Library for analyzing actively exploited software flaws, including zero-days found in security scanning tools and Android malware. It focuses on understanding attacker behavior, identifying novel techniques, and determining how structural improvements can mitigate entire classes of exploits, aiming to make zero-day vulnerabilities harder to find and exploit in the wild. |
| 2022-01-10 2022 | 6 Ways to Delete Yourself From the InternetOSINT | Reference to techniques for reducing your online footprint, covering data broker opt-outs, account deletion using services like Justdelete.me and Have I Been Pwned?, and cleaning up old social media posts via tools like TweetDelete. This also touches on using Google's tools to remove outdated or harmful content and the implications of third-party services accessing your data, referencing GDPR and CCPA. |