Puneet Thapliyal
@puneetx.bsky.social
Chief Information Security Officer | Health Care | Startup Advisor | Venture Partner. Advocate for online data privacy rights.
While ORMs help in preventing SQL Injections , beware of the Mass Assignment security vulnerabilities in ORMs
www.nodejs-security.com/blog/raw-sql...
www.nodejs-security.com/blog/raw-sql...
Raw SQL Queries are Actually Better for Security Than ORMs?
Have I gone mad? Do I actually recommend not using an ORM and actually gaining a security advantage? Sort of. It's more nuanced but if we're trying to fix SQL injection and related vulnerabilities the...
www.nodejs-security.com
February 4, 2025 at 6:32 PM
While ORMs help in preventing SQL Injections , beware of the Mass Assignment security vulnerabilities in ORMs
www.nodejs-security.com/blog/raw-sql...
www.nodejs-security.com/blog/raw-sql...
Backdoor in Chinese-made healthcare monitoring device leaks patient data (Contec CMS8000 and the Epsimed MN-120)
www.csoonline.com/article/3814...
www.csoonline.com/article/3814...
Backdoor in Chinese-made healthcare monitoring device leaks patient data
Functionality in the device firmware sends patient data to a hardcoded IP address that also downloads and executes binary files without the owner’s knowledge.
www.csoonline.com
February 3, 2025 at 6:23 PM
Backdoor in Chinese-made healthcare monitoring device leaks patient data (Contec CMS8000 and the Epsimed MN-120)
www.csoonline.com/article/3814...
www.csoonline.com/article/3814...
World’s First MIDI Shellcode psi3.ru/blog/swl01u/
World's First MIDI Shellcode
Blog post about a reverse engineering project
psi3.ru
January 6, 2025 at 12:15 AM
World’s First MIDI Shellcode psi3.ru/blog/swl01u/
China-backed hackers breached US Treasury workstations by compromising a key from BeyondTrust PAM solution.
The cybersecurity tools themselves are leading to major hacks.
www.cnn.com/2024/12/30/i...
The cybersecurity tools themselves are leading to major hacks.
www.cnn.com/2024/12/30/i...
China-backed hackers breached US Treasury workstations | CNN Business
The US Treasury Department notified lawmakers on Monday that a China state-sponsored actor infiltrated Treasury workstations in what officials are describing as a “major incident.”
www.cnn.com
December 31, 2024 at 12:24 AM
China-backed hackers breached US Treasury workstations by compromising a key from BeyondTrust PAM solution.
The cybersecurity tools themselves are leading to major hacks.
www.cnn.com/2024/12/30/i...
The cybersecurity tools themselves are leading to major hacks.
www.cnn.com/2024/12/30/i...
Cybersecurity firm Cyberhaven's Chrome extension hijacked to steal users' data.. smh
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Cybersecurity firm's Chrome extension hijacked to steal users' data
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.
www.bleepingcomputer.com
December 27, 2024 at 9:48 PM
Cybersecurity firm Cyberhaven's Chrome extension hijacked to steal users' data.. smh
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
November 26, 2024 at 5:38 PM
TIL: Google has a special tool to help you monitor and remove your personal information (name, address, email address, phone) should it appear in Google search results.
myactivity.google.com/results-abou...
myactivity.google.com/results-abou...
Results about you
myactivity.google.com
November 16, 2024 at 1:31 AM
TIL: Google has a special tool to help you monitor and remove your personal information (name, address, email address, phone) should it appear in Google search results.
myactivity.google.com/results-abou...
myactivity.google.com/results-abou...