SeanWrightSec
@seanwrightsec.com
Principal Application Security Engineer focused on all things #AppSec. Occasionally dabble in my own research. Also keen gamer and aspiring photographer.
The candidate list for the OWASP Top 10 2025 list (owasp.org/Top10/2025/0...):
November 6, 2025 at 9:59 PM
The candidate list for the OWASP Top 10 2025 list (owasp.org/Top10/2025/0...):
So the release candidate has been will be released today (6 November 2025): owasp.org/www-project-...
Comments until 20 November 2025.
Comments until 20 November 2025.
November 6, 2025 at 9:57 PM
So the release candidate has been will be released today (6 November 2025): owasp.org/www-project-...
Comments until 20 November 2025.
Comments until 20 November 2025.
Friendly reminder… the 2025 OWASP Top 10 should be dropping at the end of this week!
November 3, 2025 at 6:25 PM
Friendly reminder… the 2025 OWASP Top 10 should be dropping at the end of this week!
2 update paths to go down today…
September 15, 2025 at 5:20 PM
2 update paths to go down today…
This is a really tough time of the year for me. I lost my own father 7 years ago. And while it does become easier to cope over time, it’s still difficult.
What makes it harder this time is seeing people celebrating the death of someone else’s father all because they don’t agree with their viewpoints
What makes it harder this time is seeing people celebrating the death of someone else’s father all because they don’t agree with their viewpoints
September 14, 2025 at 2:05 PM
This is a really tough time of the year for me. I lost my own father 7 years ago. And while it does become easier to cope over time, it’s still difficult.
What makes it harder this time is seeing people celebrating the death of someone else’s father all because they don’t agree with their viewpoints
What makes it harder this time is seeing people celebrating the death of someone else’s father all because they don’t agree with their viewpoints
This is starting to look like this may have significant implications. 18 popular packages affected so far.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
In a supply chain attack, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.
www.bleepingcomputer.com
September 8, 2025 at 9:34 PM
This is starting to look like this may have significant implications. 18 popular packages affected so far.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Great article by @jpmjr.bsky.social on @reversinglabs.com blog. Thank you for including my comments.
It’s going to be an interesting time ahead with AI now playing a larger role in development.
www.reversinglabs.com/blog/modern-...
It’s going to be an interesting time ahead with AI now playing a larger role in development.
www.reversinglabs.com/blog/modern-...
The state of software development: 5 action items for AppSec teams | ReversingLabs
Application security pros need to be ready to cope with security at the speed of code. Here's how to get a handle on modern software risk.
www.reversinglabs.com
August 20, 2025 at 4:31 PM
Great article by @jpmjr.bsky.social on @reversinglabs.com blog. Thank you for including my comments.
It’s going to be an interesting time ahead with AI now playing a larger role in development.
www.reversinglabs.com/blog/modern-...
It’s going to be an interesting time ahead with AI now playing a larger role in development.
www.reversinglabs.com/blog/modern-...
Looks like you can import from other apps…
August 1, 2025 at 6:12 PM
Looks like you can import from other apps…
A good example of why understanding what the code of AI is doing.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Amazon AI coding agent hacked to inject data wiping commands
A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code.
www.bleepingcomputer.com
July 25, 2025 at 10:00 PM
A good example of why understanding what the code of AI is doing.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Source: caniphish.com/blog/cyber-s...
July 10, 2025 at 12:07 AM
Source: caniphish.com/blog/cyber-s...
Reposted by SeanWrightSec
Humble Bundle has an interesting bundle at the moment.
Humble Tech Book Bundle: The Pentesting & Hacking Toolkit by Packt
Learn how to test your cyber defenses with the Pentesting & Hacking Toolkit by Packt. Protect yourself from cyberattacks and support charity!
www.humblebundle.com
July 9, 2025 at 6:40 PM
Humble Bundle has an interesting bundle at the moment.
Another reminder to revoke access immediately for former employees, especially ones who have been dismissed.
www.theregister.com/2025/06/30/b...
www.theregister.com/2025/06/30/b...
Seven months for IT worker who trashed his work network
: Don't leave the door open to disgruntled workers
www.theregister.com
June 30, 2025 at 8:05 PM
Another reminder to revoke access immediately for former employees, especially ones who have been dismissed.
www.theregister.com/2025/06/30/b...
www.theregister.com/2025/06/30/b...
I’ve given this advice to several folk, and it’s worth sharing with others.
Learning how to become comfortable with not knowing something is liberating. It’ll help give you the confidence to then do something about it.
Learning how to become comfortable with not knowing something is liberating. It’ll help give you the confidence to then do something about it.
May 24, 2025 at 2:18 PM
I’ve given this advice to several folk, and it’s worth sharing with others.
Learning how to become comfortable with not knowing something is liberating. It’ll help give you the confidence to then do something about it.
Learning how to become comfortable with not knowing something is liberating. It’ll help give you the confidence to then do something about it.
While having something showing the likelihood of a vuln being exploited is good, I do worry this will end up being just another metric. I hope that I’m wrong, and this will prove helpful.
www.darkreading.com/vulnerabilit...
www.darkreading.com/vulnerabilit...
NIST's LEV Equation to Rate Chances a Bug Was Exploited
The new equation, introduced by the National Institute of Standards and Technology (NIST), aims to offer a mathematical likelihood index that could be a game-changer for SecOps teams and vulnerability...
www.darkreading.com
May 22, 2025 at 11:55 AM
While having something showing the likelihood of a vuln being exploited is good, I do worry this will end up being just another metric. I hope that I’m wrong, and this will prove helpful.
www.darkreading.com/vulnerabilit...
www.darkreading.com/vulnerabilit...
Anyone else seen this on Instagram?
May 21, 2025 at 8:25 PM
Anyone else seen this on Instagram?
A really important reason why it’s important to have security tooling working and operating as you expect. It’s already difficult to get other teams to buy into these tools so when they are constantly “wrong”, getting those teams onboard is almost impossible.
May 15, 2025 at 1:35 PM
A really important reason why it’s important to have security tooling working and operating as you expect. It’s already difficult to get other teams to buy into these tools so when they are constantly “wrong”, getting those teams onboard is almost impossible.
Important to note that CVE is not a database per se. This is why we have the likes of NVD. So if anything, ENISA would be competing with NVD. But I still have concerns of how this may fragment the ecosystem.
New EU vulnerability database will complement CVE program, not compete with it, says ENISA
New EU vulnerability database will complement CVE program, not compete with it, says ENISA
After the CVE’s program’s near-death experience in April, might the Europeans be looking for a more reliable long-term system?
buff.ly
May 15, 2025 at 8:36 AM
Important to note that CVE is not a database per se. This is why we have the likes of NVD. So if anything, ENISA would be competing with NVD. But I still have concerns of how this may fragment the ecosystem.
May 13, 2025 at 11:20 AM
See the EU Vulnerability Database is now live. While I get the desire to have this, the problem that I now worry about is that this is going to fragment vulnerabilities. So making an already difficult problem even harder.
euvd.enisa.europa.eu
euvd.enisa.europa.eu
EUVD
European Vulnerability Database
euvd.enisa.europa.eu
May 13, 2025 at 10:21 AM
See the EU Vulnerability Database is now live. While I get the desire to have this, the problem that I now worry about is that this is going to fragment vulnerabilities. So making an already difficult problem even harder.
euvd.enisa.europa.eu
euvd.enisa.europa.eu