The Intersection of Encryption and AI

As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schnei...

Concierge::Sessions 安全漏洞

Concierge::Sessions is a user management system developed by Bruce Van Allen personally. Versions of Concierge::Sessions prior to 0.8.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of the generatesessionid function, which defaults to using the uuidgen command to...

I Am in the Epstein Files

Once. Someone named "Vincenzo lozzo" wrote to Epstein in email, in 2016: "I wouldn't pay too much attention to this, Schneier has a long tradition of dramatizing and misunderstanding things." The topic of the email is DDoS attacks, and it is unclear what I am dramatizing and misunderstanding. Rab...

A Bootiful Podcast: The legendary Bruce Eckel on language design, effects, abstraction, concurrency, and so much more

Hi, Spring fans! In this installment, I sit down with the legendary Bruce Eckel, who has probably forgotten more about programming languages than I will ever know, and whose book Thinking in Java helped launch me into a career...

EUVD-2025-4353

Malicious code in bioql PyPI...

@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)

vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: SNYK:JS-VITEPLUGINSTATICCOPY-12179280...

@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)

vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: OSV:GHSA-PP7P-Q8FX-2968...

CVE-2025-27325

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruce Video.js HLS Player videojs-hls-player allows DOM-Based XSS.This issue affects Video.js HLS Player: from n/a through = 1.0.2...

CVE-2025-27325

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruce Video.js HLS Player videojs-hls-player allows DOM-Based XSS.This issue affects Video.js HLS Player: from n/a through = 1.0.2...

CVE-2025-27325

CVE-2025-27325 concerns the Video.js HLS Player WordPress plugin (Video.js HLS Player) with DOM-based XSS due to improper input neutralization. Affected versions are from n/a through 1.0.2. The CVSS 3.1 base score is 6.5 (Network, Low Privileges, User Interaction Required, Scope Changed; Confiden...

CVE-2025-22267

CVE-2025-22267 is a stored XSS in the WordPress plugin “Weaver Themes Shortcode Compatibility.” The issue arises from improper input neutralization during web page generation and affects versions from n/a up to and including 1.0.4. The vulnerability is authenticated (Contributor+) and is describe...

MAL-2024-2203 Malicious code in down_load_ebook_paul_by_f_f_bruce_dqnzz (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-38626

In the Linux kernel, the following vulnerability has been resolved: fuse: clear FRSENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------ cut here ------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuserequestend+0x685/0x7e0...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking twice at RSA Conference 2024 in San Francisco. Ill be on a panel on software liability on May 6, 2024 at 8:30 AM, and Im giving a keynote on AI and democracy on May 7, 2024 at 2:25 PM. The list is maintained on this pag...

Declassified NSA Newsletters

Through a 2010 FOIA request yes, it took that long, we have copies of the NSAs KRYPTOS Society Newsletter, "Tales of the Krypt," from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted:...

AI and Trust

Watch the Video on YouTube.com A 15-minute talk by Bruce Schneier...

A week in security (January 29 &#8211; February 4)

Last week on Malwarebytes Labs: CISA: Disconnect vulnerable Ivanti products TODAY FBI removes malware from hundreds of routers across the US "You have blood on your hands." Senate Committee calls for action by social media giants to protect children online Tax season is here, so are scammers Moth...

A Hacker’s Mind Is Now Published

Tuesday was the official publication date of A Hackers Mind: How the Powerful Bend Societys Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list. Reviews in the New York Times, Cory Doctorows blog, Science, and the Associated Press. I wrote essays related to th...

Happy 20th Birthday TaoSecurity Blog

Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you Blogger Blogger now part of Google has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security...

Rubeus - C# Toolset For Raw Kerberos Interaction And Abuses

Rubeus is a C toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project CC BY-NC-SA 4.0 license and Vincent LE TOUX's MakeMeEnterpriseAdmin project GPL v3.0 license. Full credit goes to Benjamin and Vincent for working out the hard components of...