Subscribe
Sign in
Home
Notes
Archive
About
Latest
Top
Discussions
Defining Zero-Day
As we get flooded with vulnerabilities, we need better defined terms
Jun 8
2
The unintended consequences of vulnmaxxing
The only way to fix vulns at AI scale is to use AI. Coincidence or cash grab?
Jun 2
•
Adrian Sanabria
3
3
May 2026
Verizon's 19th edition of the DBIR confirms the vulnpocalypse***
But with many asterisks! Read on to find out why 😅
May 19
•
Adrian Sanabria
3
2
TALK: How Breaches Happen
Delivered at Chicago ISSA's Spring 2026 Meeting
May 9
•
Adrian Sanabria
1
1
1
The Destroyed by Breach project now has a website
Finally, after existing as a Google Sheet for nearly a decade
May 4
•
Adrian Sanabria
2
3
April 2026
A tale of two privilege escalation bugs
Why Copy Fail is a bigger deal than PhantomRPC
Apr 30
•
Adrian Sanabria
1
3
Breach Lessons - First Look: Vercel and Context AI
We usually wait for the investigation to complete, but there are already a ton of useful lessons here.
Apr 20
•
Adrian Sanabria
5
2
From this point on, it only gets rougher
Offense and defense have never been more out of sync
Apr 13
•
Adrian Sanabria
2
2
1
March 2026
I watched all 11 main stage keynotes at RSAC 2026
and less of my time was wasted than you might guess
Mar 31
•
Adrian Sanabria
2
2
Breach Lessons: the 2023 MGM Breach
What really happened in the 2023 MGM breach
Mar 23
•
Vladimir Serov
2
Fix Your Inbox (no AI needed)
10-15 minutes can restore sanity to your inbox - no AI, no purchases
Mar 22
•
Adrian Sanabria
2
Reevaluating vulnerability management
Things are getting complicated.
Mar 6
•
Adrian Sanabria
3
5
1
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
