Rapid7 Blog40 · 2026-04-03 13:46
You Don’t Have a Security Problem, You Have a Visibility Problem
What you’ll learn in this article This article explains why many breaches are driven by gaps in visibility rather than advanced exploits, how attackers move through modern environments, and what changes when organizations start connecting assets, identities, and attack paths into a single view. What is a visibility problem in cybersecurity? A visibility problem exists when security teams cannot clearly answer three basic questions: what assets exist, who or what can access them, and how those...
Full Disclosure20 · 2026-04-03 03:52
[CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability
Posted by cyber security on Apr 02 A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This issue has been assigned CVE‑2026‑33691. Impact: Attackers may evade CRS protections and upload web shells disguised with whitespace‑padded extensions. Exploitation is most practical on Windows backends that normalize whitespace in filenames...
idiallo.com15 · 2026-04-03 12:00
My Zip bomb strategy is not as effective as it used to be
Last year, I wrote about my server setup and how I use zipbombs to mitigate attacks from rogue bots. It was an effective method that helped my blog survive for 10 years. I usually hesitate to write these types of articles, especially since it means revealing the inner workings of my own servers. This blog runs on a basic DigitalOcean droplet, a modest setup that can handle the usual traffic spike without breaking a sweat. But lately, things have started to change. My zipbomb strategy doesn't ...
Blog | Praetorian12 · 2026-04-03 16:26
Meet Vespasian. It Sees What Static Analysis Can’t.
Praetorian is excited to announce the release of Vespasian, a probabilistic API endpoint discovery, enumeration, and analysis tool. Vespasian watches real HTTP traffic from a headless browser or your existing proxy captures and turns it into API specifications (OpenAPI, GraphQL SDL, WSDL). We built it because pentesters spend the first days of every API engagement […] The post Meet Vespasian. It Sees What Static Analysis Can’t. appeared first on Praetorian .
Hayden James12 · 2026-04-03 01:39
curl Command in Linux with Examples
curl is more than just a download tool. This practical guide covers HTTP headers, API testing, authentication, SSL inspection, timing analysis, and real-world one-liners that sysadmins actually use. Continue reading...
gilesthomas.com11 · 2026-04-03 23:50
Writing an LLM from scratch, part 32h -- Interventions: full fat float32
This is the last of the interventions I'm trying out to see if I can improve the test loss for a from-scratch GPT-2 small base model, trained on code based on Sebastian Raschka 's book " Build a Large Language Model (from Scratch) ". Back when I did my first training run for a base model, on my local RTX 3090 , I used two optimisations: Setting the 32-bit floating point matrix multiplication precision to "high" rather than to "highest" , which means that it uses lower-precision (but still tec...
Deeplinks9 · 2026-04-03 23:15
Triple Header for Privacy’s Defender in New York
You’re invited on a journey inside the privacy battles that shaped the internet. EFF’s Executive Director Cindy Cohn has tangled with the feds, fought for your data security, and argued before judges to protect our access to science and knowledge on the internet. Join Cindy at three events in New York discussing her bestselling new book: Privacy's Defender: My Thirty-Year Fight Against Digital Surveillance , on sale now. All proceeds from the book benefit EFF. Find the full event details be...
Deeplinks9 · 2026-04-03 15:58
Double Shot of Privacy's Defender in D.C.
You’re invited on a journey inside the privacy battles that shaped the internet. EFF’s Executive Director Cindy Cohn has tangled with the feds, fought for your data security, and argued before judges to protect our access to science and knowledge on the internet. Join Cindy at two events in Washingtion, D.C. on April 13 and 14 discussing her new book: Privacy's Defender: My Thirty-Year Fight Against Digital Surveillance , on sale now. All proceeds from the book benefit EFF. Find the full even...