RECON

Trail of Bits57 · 2026-03-24 11:00

Spotting issues in DeFi with dimensional analysis

Using dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required, just better reasoning! One of the first lessons in physics is learning to think in terms of dimensions . Physicists can often spot a flawed formula in seconds just by checking whether the dimensions make sense. I once had a teacher who even kept a stamp that said “non-homogeneous formula” for that purpose (and it was used a lot on studen...

Elastic Security Labs47 · 2026-03-24 00:00

Streamlining the Security Analyst Experience

Alert Triage, Investigation, and Response with Elastic's Agentic Security Operations Platform.

Elastic Security Labs40 · 2026-03-24 00:00

Security Automation with Elastic Workflows: From Alert to Response

A practical guide to building intelligent, automated security playbooks with Elastic Workflows.

Elastic Security Labs40 · 2026-03-24 00:00

Investigating from the Endpoint Across Your Environment with Elastic Security XDR

This article highlights how Elastic Security XDR unifies endpoint protection with multi-domain security analytics to help analysts trace and contain multi-stage attacks across hybrid and cloud environments.

OpenAI Blog30 · 2026-03-24 09:00

Powering product discovery in ChatGPT

ChatGPT introduces richer, visually immersive shopping powered by the Agentic Commerce Protocol, enabling product discovery, side-by-side comparisons, and merchant integration.

OpenAI Blog27 · 2026-03-24 11:00

Helping developers build safer AI experiences for teens

OpenAI releases prompt-based teen safety policies for developers using gpt-oss-safeguard, helping moderate age-specific risks in AI systems.

Checkmarx.com17 · 2026-03-24 15:30

Attackability: Why Context, Not Reachability, Should Drive Remediation

Reachability is not exploitability. Modern software development requires more than execution analysis.

Intigriti17 · 2026-03-24 00:00

Vulnerability disclosure for AI safeguards. How open should programs be and what incentives are necessary?

What you will learn How vulnerability disclosure applies specifically to AI safeguards and systems. The pros and cons of making AI disclosure programs more open/restricted. The kinds of incentives that motivate researchers. Which disclosure program structures can help organizations improve their AI security. In a recent NCSC blog post on adapting vulnerability disclosure for AI safeguards, the authors posed a series of questions to researchers.   Intigriti, being a global crowdsourced sec…

paper - Last paper15 · 2026-03-24 01:47

静默颠覆：通过卫星系统供应链植入物实施的传感器欺骗攻击

作者：Jack Vanlyssel, Gruia-Catalin Roman, Afsah Anwar 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2603.10388v1/https://arxiv.org/html/2603.10388v1 摘要 欺骗攻击是地面系统最具破坏性的网络威胁之一，而在太空中这类威胁愈发危险——卫星难以在轨维修，且运营方依...

Infosecurity14 · 2026-03-24 15:15

Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities

A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory

johndcook.com12 · 2026-03-24 12:47

Mendeleev’s inequality

Dmitri Mendeleev is best known for creating the first periodic table of chemical elements. He also discovered an interesting mathematical theorem. Empirical research led him to a question about interpolation, which in turn led him to a theorem about polynomials and their derivatives. I ran across Mendeleev’s theorem via a paper by Boas [1]. The […] The post Mendeleev’s inequality first appeared on John D. Cook .

SitePoint8 · 2026-03-24 17:15

How to Use GPT-5.4 Computer Use API with OpenClaw: Complete Guide

Build a GPT-5.4 computer use agent with OpenClaw and the OpenAI Responses API. Step-by-step setup, action loops, screenshots, and browser automation. Continue reading How to Use GPT-5.4 Computer Use API with OpenClaw: Complete Guide on SitePoint .

SitePoint8 · 2026-03-24 17:15

GPT-5.4 Mini vs GPT-4o Mini: The Complete 2026 Developer Comparison

Is GPT-5.4 Mini worth upgrading from GPT-4o Mini? We benchmark speed, pricing, coding performance, and context window to find the true budget champion for developers. Continue reading GPT-5.4 Mini vs GPT-4o Mini: The Complete 2026 Developer Comparison on SitePoint .

Infosecurity8 · 2026-03-24 14:30

New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware

Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data

Infosecurity8 · 2026-03-24 14:00

Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe

Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraine’s hybrid war experience

Infosecurity8 · 2026-03-24 13:15

Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security

Poor patch management, increasingly complex IT environments and continued use of obsolete software puts organizations at risk from cyber threats, says the Absolute Security 2026 Resilience Risk Index

Infosecurity8 · 2026-03-24 09:30

Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals

The FBI has warned that Iranian hacking group Handala has been targeting opponents of the regime since 2023

Darknet - The Darkside8 · 2026-03-24 01:00

MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation

MSSQLand enables red teams to interact with MS-SQL servers and linked instances in restricted environments without complex T-SQL queries. Assembly-ready tool for lateral movement.

[DRAGNET]5 · 2026-03-24 07:00

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer    Sonatype

[DRAGNET]5 · 2026-03-24 07:00

The 'DarkSword' malware, an exploit capable of hacking hundreds of millions of iPhones, has been publicly leaked.

The 'DarkSword' malware, an exploit capable of hacking hundreds of millions of iPhones, has been publicly leaked.    GIGAZINE

[DRAGNET]5 · 2026-03-24 07:00

LiteLLM PyPI Malware Steals Cloud, Crypto, Slack, and Discord Keys

LiteLLM PyPI Malware Steals Cloud, Crypto, Slack, and Discord Keys    OX Security

[DRAGNET]5 · 2026-03-24 07:00

"This is nasty": DarkSword malware on Github, patch iPhones immediately

"This is nasty": DarkSword malware on Github, patch iPhones immediately    heise online

[DRAGNET]5 · 2026-03-24 07:00

APT Hackers Attacking RDP Servers to Deploy Malicious Payloads and Establish Persistence

APT Hackers Attacking RDP Servers to Deploy Malicious Payloads and Establish Persistence    CyberSecurityNews

[DRAGNET]5 · 2026-03-24 07:00

Foster City declares state of emergency following ransomware attack

Foster City declares state of emergency following ransomware attack    CBS News

[DRAGNET]0 · 2026-03-24 13:01

Pay2Key Iranian-Linked Ransomware is Back, Back Again

Pay2Key Iranian-Linked Ransomware is Back, Back Again    Halcyon

[DRAGNET]0 · 2026-03-24 07:00

LiteLLM infected with credential-stealing code via Trivy

LiteLLM infected with credential-stealing code via Trivy    theregister.com