Assessing the Software Security Comprehension of Large Language Models

Large language models LLMs are increasingly used in software development, but their level of software security expertise remains unclear. This work systematically evaluates the security comprehension of five leading LLMs: GPT-4o-Mini, GPT-5-Mini, Gemini-2.5-Flash, Llama-3.1, and Qwen-2.5, using...

Debunking API Security Myths

I recently sat down with Tejpal Garwhal, Application Security and DevSecOps Leader, for a conversation debunking some of the most common API security myths. From zombie endpoints to the limits of WAFS and gateways, we covered what’s really happening on the ground; and what security teams need to ...

From Paranoia to Compliance: the Bumpy Road of System Hardening Practices on Stack Exchange

Hardening computer systems against cyberattacks is crucial for security. However, past incidents illustrated, that many system operators struggle with effective system hardening. Hence, many computer systems and applications remain insecure. So far, the research community lacks an in-depth...

Exploring User Security and Privacy Attitudes and Concerns toward the Use of General-Purpose LLM Chatbots for Mental Health

Individuals are increasingly relying on large language model LLM-enabled conversational agents for emotional support. While prior research has examined privacy and security issues in chatbots specifically designed for mental health purposes, these chatbots are overwhelmingly "rule-based" offering...

Cyber resilience begins before the crisis

In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer CISO for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents, particularly surrounding communications. This blog is part of a new, ongoing series where our Deputy...

Cyber Story Time: The Boy Who Cried "Secure!"

As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation ASV tools?" We've covered that pretty extensively in the past, so today, instead of covering the "What is ASV?" I wanted to address the "Why ASV?"...

Reimagining Network Pentesting With Automation

Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making. This blog acts as a quick guide on network...

Why we should be more open about ransomware attacks

The UKs National Cyber Security Centre NCSC has published an article that reflects on why its so concerning when cyberattacks go unreported, saying: ...we are increasingly concerned about what happens behind the scenes of the attacks we dont hear about, particularly the ransomware ones. One of th...

NFTs Don’t Work the Way You Might Think They Do

We bust the biggest misconceptions about what "minting" actually means...

Bad bots continue to evolve. Your mitigation strategy should, too.

With the global pandemic continuing to catalyze digitalization, we’ve seen two years worth of digital transformation take place in a mere two months, according to Microsoft CEO Satya Nadella. Clearly, bad actors are capitalizing on the opportunities that digital transformation creates, as more da...

Risk Misconceptions in Social Engineering Testing

The post Risk Misconceptions in Social Engineering Testing appeared first on Rhino Security Labs...

Small Business: A Target for Cyber Criminals

The age of cyber threats has been marked with critical vulnerabilities, evolving strains and organizations that have faced the consequences. Target's breach, the rise of ransomware like WannaCry and the recent Equifax hack serve as lessons that these attacks are the new normal for companies, maki...

Tor Developer Busts Myths, Announces New Features

The Tor Project gets a bad rap as being a playground for the guilty. That’s why Tor Project co-founder Roger Dingledine took the stage last week at DEF CON to bust popular myths and announce upcoming features related to the anonymity network that averages 2 million users a day. Dingledine’s bigge...

Stratfor Website Back Online After Hack, CEO Apologizes

The website of Texas-based security and intelligence think tank, Stratfor, is back online with a newly designed site today after being hacked by the Anonymous Internet collective on December 25. Stratfor suspended access to the company’s site, servers, and emails after acknowledging the attack. I...

Unable to use HTTPS for login only

If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...

Cutting Through The Twitter DDoS Hype

There are a lot of theories flying around about why Twitter and other social media services got knocked offline yesterday. I’ve heard rumors about it being linked to political tension between Georgia and Russia. Others blame Iran for the outages. I’m not a political commentator, therefore I canno...