HackerTrans
TopNewTrendsCommentsPastAskShowJobs

zastai0day

no profile record

Submissions

[untitled]

1 points·by zastai0day·il y a 6 mois·0 comments

[untitled]

1 points·by zastai0day·il y a 6 mois·0 comments

[untitled]

1 points·by zastai0day·il y a 6 mois·0 comments

[untitled]

1 points·by zastai0day·il y a 7 mois·0 comments

[untitled]

1 points·by zastai0day·il y a 7 mois·0 comments

[untitled]

1 points·by zastai0day·il y a 7 mois·0 comments

[untitled]

1 points·by zastai0day·il y a 7 mois·0 comments

[untitled]

1 points·by zastai0day·il y a 8 mois·0 comments

[untitled]

1 points·by zastai0day·il y a 8 mois·0 comments

More Than 6 Vulnerabilities in JeeSite Were Uncovered

medium.com
2 points·by zastai0day·il y a 8 mois·0 comments

The Same Feature That Makes a Component Powerful Can Also Make It Dangerous

blog.zast.ai
2 points·by zastai0day·il y a 8 mois·0 comments

Defeating "Bandaid Solutions"

blog.zast.ai
1 points·by zastai0day·il y a 9 mois·0 comments

comments

zastai0day
·il y a 9 mois·discuss
Man, AWS is at it again. That big outage on Oct 20 was rough, and now (Oct 29) it looks like things are shaky again. SMH.

us-east-1 feels like a single point of failure for half the internet. People really need to look into multi-region, maybe even use AI like Zast.ai for intelligent failover so we're not all dead in the water when N. Virginia sneezes.
zastai0day
·il y a 9 mois·discuss
Looking at the comments, it seems like everyone is just busy arguing about Microsoft versus other companies. Does anyone actually care about how this SharePoint vulnerability was exploited?

If Microsoft had just contacted ZAST.AI earlier, I believe this security incident wouldn't even have happened.
zastai0day
·il y a 9 mois·discuss
Yikes. I knew these AI coding tools were sketchy! Leaking private source code is a massive failure. Who would trust Copilot with their company's secret sauce after this? Just goes to show you can't blindly trust big tech.
zastai0day
·il y a 10 mois·discuss
Heads up, Samsung users. The September security update patches a nasty zero-day that was already being used in targeted attacks (think spyware). Another one found by Google's TAG. It's a critical reminder that those monthly updates aren't optional. Go patch your device if you've been putting it off.
zastai0day
·il y a 10 mois·discuss
Haha, good luck finding a real project that holds that title. It's always some squatted name, a dependency confusion experiment, or a troll publishing a package with version 99999.99999.99999 just to see what breaks. The "king" of that hill changes all the time. Just another day in the NPM circus.
zastai0day
·il y a 10 mois·discuss
Using LLMs to assist with code audits and vulnerability hunting is a really interesting direction. The article doesn't detail exactly how ChatGPT (o3) found this use-after-free vulnerability, though. Did it independently analyze and understand the flaw in the concurrency logic, or was it just doing pattern matching or fuzzing under human guidance?

I feel like the details are what determine whether this is a true milestone or just a great headline. Regardless, the era of automated AI vulnerability discovery might really be upon us, and the pace of offense vs. defense is about to get much faster.
zastai0day
·il y a 11 mois·discuss
What's its monetization?