Photo by amirali mirhashemian on UnsplashSeclog - #31Don't npm install https, Securing the AI Pipeline, SSO Gadgets II, bug at npm ecosystem, route-detect, etc.Rosecurify·Jul 3, 2023·1 min readseclinks Security Alert: Don't npm install https Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away Securing the AI Pipeline Password spraying and MFA bypasses in the modern security landscape Threat Modeling Handbook Azure Attack Paths: Common Findings and Fixes (Part 1) The massive bug at the heart of the npm ecosystem SSO Gadgets II: Unauthenticated Client-Side Template Injection to Account Takeover using SSO Gadget Chain secgit awslabs/threat-composer smokeme/PDFator mschwager/route-detect seclogSecurity Share this