Forem

Ksenia Rudneva profile picture

Ksenia Rudneva

I hunt for vulnerabilities and explore how attacks really work. Expect deep dives into protocols, packet‑level mysteries, and surprising weak spots in everyday systems.

Joined Joined on 
NTLM-Relaying Attacks Persist Due to Lack of EPA Enforcement on Web Servers: Implementing EPA Mitigates Risk
kserude profile

NTLM-Relaying Attacks Persist Due to Lack of EPA Enforcement on Web Servers: Implementing EPA Mitigates Risk

#ntlm #epa #cybersecurity #webservers
Comments
12 min read
Navia Benefit Solutions' BOLA Vulnerability Exposed PII of 10,000+ Employees Due to Inadequate Access Controls
kserude profile

Navia Benefit Solutions' BOLA Vulnerability Exposed PII of 10,000+ Employees Due to Inadequate Access Controls

#bola #cybersecurity #pii #accesscontrol
1
Comments
14 min read
Age-Verification Integration in Internet Infrastructure Raises Technical, Legal, and Privacy Concerns
kserude profile

Age-Verification Integration in Internet Infrastructure Raises Technical, Legal, and Privacy Concerns

#internet #security #privacy #regulation
Comments
14 min read
Agent Skill Marketplace Vulnerable to Supply Chain Attacks: Standardized Security Scanning Proposed
kserude profile

Agent Skill Marketplace Vulnerable to Supply Chain Attacks: Standardized Security Scanning Proposed

#security #github #ai #supplychain
Comments
14 min read
ONNX `silent=True` Disables Security Checks, Exposing ML Models to Supply Chain Attacks: Solution Needed
kserude profile

ONNX `silent=True` Disables Security Checks, Exposing ML Models to Supply Chain Attacks: Solution Needed

#onnx #security #machinelearning #supplychain
Comments
11 min read
DarkSword iOS Exploit Analysis: Evaluating Lookout's LLM-Assisted Findings Against Other Research Teams
kserude profile

DarkSword iOS Exploit Analysis: Evaluating Lookout's LLM-Assisted Findings Against Other Research Teams

#cybersecurity #ai #darksword #ios
1
Comments
12 min read
Claude Code CLI Vulnerability: Malicious Configs Bypass Trust Dialog, Enabling Unauthorized Permission Elevation
kserude profile

Claude Code CLI Vulnerability: Malicious Configs Bypass Trust Dialog, Enabling Unauthorized Permission Elevation

#security #vulnerability #cli #permissions
Comments
10 min read
Simplifying Cybersecurity Frameworks: Practical Solutions for Startups to Implement ISO 27001 and NIST
kserude profile

Simplifying Cybersecurity Frameworks: Practical Solutions for Startups to Implement ISO 27001 and NIST

#cybersecurity #startup #iso27001 #nist
Comments
11 min read
AI/ML Infrastructure Vulnerabilities Expose Systems to Security Risks: Patching and Mitigation Strategies Proposed
kserude profile

AI/ML Infrastructure Vulnerabilities Expose Systems to Security Risks: Patching and Mitigation Strategies Proposed

#security #aiml #vulnerabilities #rce
2
Comments
13 min read
GlassWorm Malware Campaign Steals Crypto Seeds via Obfuscation, Chrome Exploit, and Social Engineering: Mitigation Strategies
kserude profile

GlassWorm Malware Campaign Steals Crypto Seeds via Obfuscation, Chrome Exploit, and Social Engineering: Mitigation Strategies

#malware #cryptocurrency #obfuscation #exploitation
1
Comments
10 min read
Efficiently Locating and Analyzing PoC Code for CVEs with Contextual Information Integration
kserude profile

Efficiently Locating and Analyzing PoC Code for CVEs with Contextual Information Integration

#cybersecurity #poc #cve #ai
Comments
8 min read
Windows Vulnerability CVE-2025-59284: Incomplete Patch Enables NetNTLM Hash Phishing During Archive Extraction
kserude profile

Windows Vulnerability CVE-2025-59284: Incomplete Patch Enables NetNTLM Hash Phishing During Archive Extraction

#windows #vulnerability #netntlm #patching
Comments
14 min read
Self-Hosted Email Threat Detection: Real-Time Monitoring, Multi-Stage Enrichment, and LLM Verdicts with Legal Compliance
kserude profile

Self-Hosted Email Threat Detection: Real-Time Monitoring, Multi-Stage Enrichment, and LLM Verdicts with Legal Compliance

#cybersecurity #email #selfhosted #llm
1
Comments
15 min read
Enhancing Cybersecurity with Hypervisors: Current Practices, Future Advancements, and Nova Design Rationale
kserude profile

Enhancing Cybersecurity with Hypervisors: Current Practices, Future Advancements, and Nova Design Rationale

#cybersecurity #hypervisor #virtualization #isolation
Comments
9 min read
Addressing Security Risks: Replacing Unscoped API Keys with Fine-Grained Access Control in AI Agent Frameworks
kserude profile

Addressing Security Risks: Replacing Unscoped API Keys with Fine-Grained Access Control in AI Agent Frameworks

#security #ai #api #authentication
Comments
11 min read
66% of MCP Servers Have Critical Security Vulnerabilities: Urgent Patching and Audits Needed
kserude profile

66% of MCP Servers Have Critical Security Vulnerabilities: Urgent Patching and Audits Needed

#security #vulnerabilities #mcp #patching
3
Comments
13 min read
Alipay App Vulnerabilities Enable Silent GPS Exfiltration; Vendor Denies Issue Despite High CVSS Scores
kserude profile

Alipay App Vulnerabilities Enable Silent GPS Exfiltration; Vendor Denies Issue Despite High CVSS Scores

#security #vulnerabilities #gps #exfiltration
1
Comments
10 min read
Microsoft's Software Ecosystem Faces 79 Vulnerabilities: Urgent Patching and Mitigation Strategies Required
kserude profile

Microsoft's Software Ecosystem Faces 79 Vulnerabilities: Urgent Patching and Mitigation Strategies Required

#cybersecurity #vulnerabilities #patching #zerodays
2
Comments
16 min read
Drywall Foreman in Ontario Demands $35/Hour Wage Review: Is the Pay Fair for the Responsibilities and Workload?
kserude profile

Drywall Foreman in Ontario Demands $35/Hour Wage Review: Is the Pay Fair for the Responsibilities and Workload?

#compensation #construction #leadership #risk
Comments
13 min read
Pac4j-JWT Authentication Bypass Vulnerability Undetected for Six Years Despite Advanced Security Tools
kserude profile

Pac4j-JWT Authentication Bypass Vulnerability Undetected for Six Years Despite Advanced Security Tools

#security #vulnerability #ai #auditing
Comments
9 min read
Basic Operator Exploits Weak FortiGate Passwords in 55 Countries Using AI, Compromising 600+ Devices Without Zero-Days.
kserude profile

Basic Operator Exploits Weak FortiGate Passwords in 55 Countries Using AI, Compromising 600+ Devices Without Zero-Days.

#cybersecurity #ai #fortigate #passwords
Comments
12 min read
Phishing Campaign Exploits Google Cloud Storage Domain: Redirects to Credential Harvesting Sites
kserude profile

Phishing Campaign Exploits Google Cloud Storage Domain: Redirects to Credential Harvesting Sites

#phishing #cloud #security #exploitation
Comments
8 min read
Post-Quantum TLS Signatures Increase Handshake Size: Solutions to Mitigate Performance and Compatibility Issues
kserude profile

Post-Quantum TLS Signatures Increase Handshake Size: Solutions to Mitigate Performance and Compatibility Issues

#quantum #tls #cryptography #latency
Comments
13 min read
Navigating Legal and Compliance Challenges in Tech Content Aggregation: Balancing Data Privacy, IP Rights, and Liability Risks
kserude profile

Navigating Legal and Compliance Challenges in Tech Content Aggregation: Balancing Data Privacy, IP Rights, and Liability Risks

#compliance #iprights #dataprivacy #liability
Comments
8 min read
loading...