Robert Auger
@robertauger.bsky.social
25 years Appsec,PurpleTeam,Web Application Security Consortium(WASC) cofounder,Baythreat Organizer,Ex-PayPal/eBay/Box/Workday/Coinbase infosec. http://Sectemplates.com | https://www.cgisecurity.com/ | https://github.com/securitytemplates/sectemplates
Reposted by Robert Auger
“From an attacker perspective, #React2Shell is the kind of vulnerability that affords massive opportunity for crime, but that also has a narrow window for exploitation, partly because of public awareness leading to patching, and partly because of competition.”
securityboulevard.com/2025/12/atta...
securityboulevard.com/2025/12/atta...
Attackers Worldwide are Zeroing In on React2Shell Vulnerability
Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat…
m.cje.io
December 13, 2025 at 12:27 AM
“From an attacker perspective, #React2Shell is the kind of vulnerability that affords massive opportunity for crime, but that also has a narrow window for exploitation, partly because of public awareness leading to patching, and partly because of competition.”
securityboulevard.com/2025/12/atta...
securityboulevard.com/2025/12/atta...
What do pentesters think of aws security agent pentesting capabilities?
December 13, 2025 at 12:27 AM
What do pentesters think of aws security agent pentesting capabilities?
Reposted by Robert Auger
Future of CVE Program in limbo as CISA, board members debate path forward
Future of CVE Program in limbo as CISA, board members debate path forward
Last week, CISA released two documents explaining their plans for the CVE Program — a critical cybersecurity resource used globally to catalog thousands of software and hardware bugs.
therecord.media
September 19, 2025 at 8:23 PM
Future of CVE Program in limbo as CISA, board members debate path forward
At defcon today if anyone wants to chat
August 9, 2025 at 10:14 PM
At defcon today if anyone wants to chat
About 75% done with a new pack for Sectemplates.com focusing on appsec 'Security Partnerships'. How many of you have leveraged such as program and how did it go for you?
March 9, 2025 at 7:18 AM
About 75% done with a new pack for Sectemplates.com focusing on appsec 'Security Partnerships'. How many of you have leveraged such as program and how did it go for you?
I wonder how long it will take for AI interfaces into your brain to
1. read your ‘database’ of memories to help with memory recovery
2. Read your thoughts on current tasks and help you optimize it
3. Write access to your memory or ‘ram’ to aid with tasks
5-10 years?
1. read your ‘database’ of memories to help with memory recovery
2. Read your thoughts on current tasks and help you optimize it
3. Write access to your memory or ‘ram’ to aid with tasks
5-10 years?
March 7, 2025 at 9:01 PM
I wonder how long it will take for AI interfaces into your brain to
1. read your ‘database’ of memories to help with memory recovery
2. Read your thoughts on current tasks and help you optimize it
3. Write access to your memory or ‘ram’ to aid with tasks
5-10 years?
1. read your ‘database’ of memories to help with memory recovery
2. Read your thoughts on current tasks and help you optimize it
3. Write access to your memory or ‘ram’ to aid with tasks
5-10 years?
I have a bunch of solid security domain names I'm thinking of finally selling. What would be the best way to sell them to security vendors?
March 1, 2025 at 5:43 AM
I have a bunch of solid security domain names I'm thinking of finally selling. What would be the best way to sell them to security vendors?
Random rant: If security teams understood how to represent their work as dollar savings, how much more funding and support they'd receive?
February 28, 2025 at 7:08 AM
Random rant: If security teams understood how to represent their work as dollar savings, how much more funding and support they'd receive?
Announcement - Incident Response Program Pack v1.5
This release is to provide you with everything you need to establish a functioning security incident response program at your company.
Announcement: www.sectemplates.com/2025/02/anno...
GitHub: github.com/securitytemp...
This release is to provide you with everything you need to establish a functioning security incident response program at your company.
Announcement: www.sectemplates.com/2025/02/anno...
GitHub: github.com/securitytemp...
February 17, 2025 at 11:45 PM
Announcement - Incident Response Program Pack v1.5
This release is to provide you with everything you need to establish a functioning security incident response program at your company.
Announcement: www.sectemplates.com/2025/02/anno...
GitHub: github.com/securitytemp...
This release is to provide you with everything you need to establish a functioning security incident response program at your company.
Announcement: www.sectemplates.com/2025/02/anno...
GitHub: github.com/securitytemp...
I need to spend more time here, Twitter is just political yelling and screaming
February 9, 2025 at 5:35 AM
I need to spend more time here, Twitter is just political yelling and screaming
Reposted by Robert Auger
Stealing Accesses tokens from Cloud Functions in GCP
Stealing Accesses tokens from Cloud Functions in GCP
How Attackers Leverage Serverless Functions to Escalate Privileges and Move Laterally
infosecwriteups.com
February 8, 2025 at 8:32 AM
Stealing Accesses tokens from Cloud Functions in GCP
I imagine people using botnets to train AI models in the near future.
January 29, 2025 at 7:48 AM
I imagine people using botnets to train AI models in the near future.
Chinese AI models will be cheaper at the cost of censoring certain topics and people will eat it up... Ask it about Tank man or Xi and you'll see some obvious examples. www.wsj.com/tech/ai/chin...
Silicon Valley Is Raving About a Made-in-China AI Model
DeepSeek is called “amazing and impressive” despite working with less-advanced chips.
www.wsj.com
January 26, 2025 at 11:32 PM
Chinese AI models will be cheaper at the cost of censoring certain topics and people will eat it up... Ask it about Tank man or Xi and you'll see some obvious examples. www.wsj.com/tech/ai/chin...
Feels like the future for automating exploitation is training llms and using agents to perform these attacks. Agree? Disagree?
January 24, 2025 at 8:11 PM
Feels like the future for automating exploitation is training llms and using agents to perform these attacks. Agree? Disagree?
Reposted by Robert Auger
BREAKING: Chinese hackers accessed Yellen's computer in US Treasury breach, per Bloomberg.
January 17, 2025 at 1:25 AM
BREAKING: Chinese hackers accessed Yellen's computer in US Treasury breach, per Bloomberg.
Reposted by Robert Auger
Hacking campaign compromised at least 16 Chrome browser extensions
Hacking campaign compromised at least 16 Chrome browser extensions
Threat actors compromised at least 16 Chrome browser extensions leading to the exposure of data from over 600,000 users.
securityaffairs.com
December 31, 2024 at 5:12 PM
Hacking campaign compromised at least 16 Chrome browser extensions
I'm pleased to announce the latest SecTemplates.com release, External Penetration Testing Program Pack v1.1.
Announcement: www.sectemplates.com/2024/12/anno...
GitHub: github.com/securitytemp...
Announcement: www.sectemplates.com/2024/12/anno...
GitHub: github.com/securitytemp...
December 28, 2024 at 12:12 AM
I'm pleased to announce the latest SecTemplates.com release, External Penetration Testing Program Pack v1.1.
Announcement: www.sectemplates.com/2024/12/anno...
GitHub: github.com/securitytemp...
Announcement: www.sectemplates.com/2024/12/anno...
GitHub: github.com/securitytemp...
This is a good idea, however I doubt that this code on average is getting proper security testing/updates. As a result there may be a surge in agencies adopting vulnerable code and increasing their attack surface fedscoop.com/agencies-mus...
Bill requiring US agencies to share custom source code with each other becomes law
President Joe Biden signed the bipartisan legislation into law Dec. 23.
fedscoop.com
December 27, 2024 at 10:53 PM
This is a good idea, however I doubt that this code on average is getting proper security testing/updates. As a result there may be a surge in agencies adopting vulnerable code and increasing their attack surface fedscoop.com/agencies-mus...
Reposted by Robert Auger
An attacker successfully phished a Cyberhaven employee.
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign
An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension
www.vulnu.com
December 27, 2024 at 3:20 AM
An attacker successfully phished a Cyberhaven employee.
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
You know what one of the best uses for #AI is going to be that nobody is talking about? When you're arguing with an internet stranger about a point and you need to find facts to 'teach them', you can ask the AI to summarize the best sources and paste it back. Soon arguing will be automated. ;)
December 17, 2024 at 7:22 AM
You know what one of the best uses for #AI is going to be that nobody is talking about? When you're arguing with an internet stranger about a point and you need to find facts to 'teach them', you can ask the AI to summarize the best sources and paste it back. Soon arguing will be automated. ;)
These Jersey drones are worrying. Feeling more and more like they are searching for something that has the possibility of a very negative outcome. #drones
December 15, 2024 at 12:05 AM
These Jersey drones are worrying. Feeling more and more like they are searching for something that has the possibility of a very negative outcome. #drones
Is there a known pattern for training LLMs with tenant specific data, that allows for solid separation to avoid cross tenant exposure?
December 12, 2024 at 9:54 PM
Is there a known pattern for training LLMs with tenant specific data, that allows for solid separation to avoid cross tenant exposure?
Reposted by Robert Auger
The only good Christmas song youtu.be/OR07r0ZMFb8?...
RUN DMC - Christmas In Hollis (Official HD Video)
YouTube video by RUNDMCVEVO
youtu.be
December 9, 2024 at 8:10 PM
The only good Christmas song youtu.be/OR07r0ZMFb8?...