{"id":20785743,"url":"https://github.com/beerisgood/security-link-collection","last_synced_at":"2026-01-27T22:33:06.196Z","repository":{"id":47546844,"uuid":"403163356","full_name":"beerisgood/Security-link-collection","owner":"beerisgood","description":"a collection of links on various security topics","archived":false,"fork":false,"pushed_at":"2026-01-09T14:07:43.000Z","size":333,"stargazers_count":46,"open_issues_count":1,"forks_count":7,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-01-26T10:44:41.691Z","etag":null,"topics":["badness-enumeration","facts","insecurity","privacy","real-talk","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/beerisgood.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"beerisgood","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":"beerisgood","issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":"beerisgood","thanks_dev":null,"custom":null}},"created_at":"2021-09-04T21:58:33.000Z","updated_at":"2026-01-09T14:07:48.000Z","dependencies_parsed_at":"2024-02-11T18:27:33.469Z","dependency_job_id":"dd57ea1d-e23c-4ec2-ba0f-9f3cdfba895f","html_url":"https://github.com/beerisgood/Security-link-collection","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/beerisgood/Security-link-collection","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beerisgood%2FSecurity-link-collection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beerisgood%2FSecurity-link-collection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beerisgood%2FSecurity-link-collection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beerisgood%2FSecurity-link-collection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/beerisgood","download_url":"https://codeload.github.com/beerisgood/Security-link-collection/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beerisgood%2FSecurity-link-collection/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28824742,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T18:44:20.126Z","status":"ssl_error","status_checked_at":"2026-01-27T18:44:09.161Z","response_time":168,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["badness-enumeration","facts","insecurity","privacy","real-talk","security"],"created_at":"2024-11-17T14:47:09.308Z","updated_at":"2026-01-27T22:33:06.182Z","avatar_url":"https://github.com/beerisgood.png","language":null,"funding_links":["https://github.com/sponsors/beerisgood","https://liberapay.com/beerisgood","https://buymeacoffee.com/beerisgood"],"categories":[],"sub_categories":[],"readme":"### This list is constantly being expanded\n![GitHub last commit](https://img.shields.io/github/last-commit/beerisgood/Security-link-collection?label=last%20update%3A\u0026style=flat-square)\n\n* Password Manager: Tavis Ormandy's opinion on [Password Managers](https://lock.cmpxchg8b.com/passmgrs.html), also [fatal flaws](https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-managers) in deterministic password managers. [How](https://palant.info/2021/12/29/how-did-lastpass-master-passwords-get-compromised/) did LastPass master passwords get compromised, [how](https://www.malwarebytes.com/blog/news/2022/08/source-code-of-password-manager-lastpass-stolen-by-attacker) their source code was stolen, how password vaults were [obtained](https://palant.info/2022/12/23/lastpass-has-been-breached-what-now/) and even a year after the disastrous breach, [LastPass has not improved](https://palant.info/2023/09/05/a-year-after-the-disastrous-breach-lastpass-has-not-improved/). Bitwarden [design flaw](https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/): Server side iterations. (In)Security of the Unix \"[Pass](https://rot256.dev/post/pass/)\" password manager. KeePass's InSecurity [against local attackers](https://www.cve.org/CVERecord?id=CVE-2023-24055), A Case Study in Attacking KeePass Part [1](https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/), [2](https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/)\n* Networking 101 [YouTube](https://www.youtube.com/playlist?list=PLR0bgGon_WTKY2irHaG_lNRZTrA7gAaCj)\n* The Six [Dumbest Ideas](https://www.ranum.com/security/computer_security/editorials/dumb/index.html) in Computer Security\n* [How](https://www.grc.com/dns/dns.htm) [*to*](https://www.dnsleaktest.com) [test](https://bash.ws/dnsleak/) [*your*](https://dnscheck.tools/) [DNS](https://cmdns.dev.dns-oarc.net) (security \u0026 privacy)\n* [How](https://www.ssllabs.com/ssltest/analyze.html) [*to*](https://www.virustotal.com/gui/home/url) [test](https://webbkoll.dataskydd.net/) website (security, privacy, [cookies](https://2gdpr.com) or [headers](https://securityheaders.com)) \n* [How](https://mecsa.jrc.ec.europa.eu/) [*to*](https://internet.nl/test-mail/) [test](https://ssl-tools.net/mailservers) [*your*](https://www.emailprivacytester.com/) eMail provider (security \u0026 privacy)\n* Why the FBI [can’t get](https://blog.cryptographyengineering.com/2021/03/25/whats-in-your-browser-backup/) your browsing history from Apple iCloud (and other scary stories)\n* Why GPG/ (Open-)PGP [isn't](https://archive.is/K1eZz) [*recommend*](https://web.archive.org/web/20230601224637/https://twitter.com/DanielMicay/status/1145264664315604992) and what the numerous [*problems*](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) [are](https://www.kicksecure.com/wiki/OpenPGP#Issues_with_PGP) until [today](https://gpg.fail)\n* Check [if](https://sec.hpi.de/ilc/?lang=en) your [email/ phone number](https://haveibeenpwned.com/) or [password](https://haveibeenpwned.com/Passwords) is in a data breach\n* Understand the [security](https://courses.csail.mit.edu/6.857/2016/files/24.pdf) [*risks*](https://support.google.com/chrome/a/answer/9897812) of permissions for browser extensions and why even manifest v3 does not protect you [sufficiently](https://mattfrisbie.substack.com/p/spy-chrome-extension) against abusing\n* [Some](https://palant.info/2021/09/28/breaking-custom-cursor-to-p0wn-the-web/) [*examples*](https://palant.info/2021/08/02/data-exfiltration-in-keepa-price-tracker/) [why](https://palant.info/2021/06/28/having-fun-with-css-injection-in-a-browser-extension/) [*browser*](https://palant.info/2021/05/04/universal-xss-in-ninja-cookie-extension/) [extensions](https://palant.info/2021/04/13/print-friendly-pdf-full-compromise/) [*are*](https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/) [bad](https://palant.info/2020/02/25/mcafee-webadvisor-from-xss-in-a-sandboxed-browser-extension-to-administrator-privileges/), [scams users](https://youtu.be/vc4yL3YTwWk) - since at least [2015](https://security.googleblog.com/2015/03/out-with-unwanted-ad-injectors.html) [*until*](https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/) [today](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) - even big ones [like](https://palant.info/2022/03/14/party-time-injecting-code-into-teleparty-extension/) [*Skype*](https://palant.info/2022/03/01/skype-extension-all-functionality-broken-still-exploitable/) or [Adobe](https://palant.info/2022/04/19/adobe-acrobat-hollowing-out-same-origin-policy/) and how they make your fingerprint [unique](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_extensions) or [bypass](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rilide-a-new-malicious-browser-extension-for-stealing-cryptocurrencies/) your 2FA and Chrome extensions can [steal](https://arxiv.org/pdf/2308.16321.pdf) your passwords from websites and [they're](https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-are-the-next-frontier-for-identity-attacks/) the next frontier for Identity Attacks. (Even) Chrome Web Store is a [mess](https://palant.info/2025/01/13/chrome-web-store-is-a-mess/).\n* [read](https://madaidans-insecurities.github.io/linux.html) [*what*](https://forums.whonix.org/t/fixing-the-desktop-linux-security-model/9172/2) [countless](https://www.reddit.com/r/GrapheneOS/comments/bj1gpz/syzbot_and_the_tale_of_thousand_kernel_bugs/) [*security*](https://forums.grsecurity.net/viewtopic.php?f=7\u0026t=4309) [experts](https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html) and [Washington Post](https://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/) [*have*](https://slo-tech.com/clanki/10001en/) [to](https://www.youtube.com/watch?v=LqaWIn4y26E) [*say*](https://www.youtube.com/watch?v=BVOCYFTC_rQ) [about](https://grsecurity.net/~spender/interview_notes.txt) [*linux*](https://jenda.hrach.eu/w/linux-insecurity) [insecurity](https://web.archive.org/web/20210404210717/https://dnetc.net/are-the-bsd-dying/)/ [*Security Circus*](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), [hacks](https://ar.al/2022/08/30/dear-linux-privileged-ports-must-die/), [*dangerous*](https://bitsex.net/english/2021/kodachi-linux-is-probably-not-secure/) configurations and [All](https://ciq.com/whitepaper/vendor-kernels-bugs-stability/) vendor kernels are plagued with security vulnerabilities (encryption is [also broken](https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html))\n* Some [Thoughts](https://qua3k.github.io/pegasus/) about the NSO Group's Pegasus\n* [An](https://web.archive.org/web/20211009210153/https://twitter.com/ZanthedNT/status/1446943944261128192) [*Antivirus*](https://archive.is/pyY3l) [does](https://archive.is/bxpzf) [*not*](https://archive.is/4WWXD) [improve](https://archive.is/7aKME) [*your*](https://archive.is/cwxDK) [security](https://privsec.dev/knowledge/badness-enumeration/#antiviruses) and even collect and [sell](https://www.bleepingcomputer.com/news/security/ftc-to-ban-avast-from-selling-browsing-data-for-advertising-purposes/) your data or [force-install](https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/) unwanted crap\n* [Enumerating](https://lwn.net/Articles/293034/) badness\n* (Electron; nodejs) [Applications](https://github.com/sickcodes/no-sandbox) that run Chromium without the Sandbox\n* [test](https://isbgpsafeyet.com/) your ISP (Internet Service Provider) Border Gateway Protocol (BGP) security\n* Stop using (encrypted) [Email](https://latacora.singles/2020/02/19/stop-using-encrypted.html), even in [2026](https://soatok.blog/2026/01/04/everything-you-need-to-know-about-email-encryption-in-2026/).\n* FLOSS [doesn't](https://seirdy.one/2022/02/02/floss-security.html) imply security\n* Email Security [Pitfalls](https://web.archive.org/web/20230601105530/https://improsec.com/tech-blog/email-security-pitfalls)\n* End-to-End Encryption in [Web Apps](https://cronokirby.com/posts/2021/06/e2e_in_the_browser/)\n* Docker - the [security nightmare](https://wonderfall.dev/docker-hardening/#is-it-really-a-security-nightmare) of [dependencies](https://wonderfall.dev/docker-hardening/#the-nightmare-of-dependencies) and [hidden place](https://community.atlassian.com/t5/Trust-Security-articles/Hiding-malware-in-Docker-Desktop-s-virtual-machine/ba-p/1924743) for malware, [exposed](https://arxiv.org/pdf/2307.03958.pdf) secrets and private keys and also with \"Hub\" a place for [millions of malicious repositories](https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/)\n* SIM Card [Hijacking](https://www.maketecheasier.com/sim-card-hijacking/): How it works and what you can do about it\n* [SS7](https://secure-voice.com/ss7_attacks/) Attacks: Intercepting SMS and calls as easy as ABC\n* Messenger (problems): [Whatsapp's Backups](https://sudneela.github.io/posts/the-workings-of-whatsapps-end-to-end-encrypted-backups/), [Signal's Sealed Sender](https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/) and [downplayed](https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama/) encryption key flaw, [Reviewing](https://soatok.blog/2025/02/18/reviewing-the-cryptography-used-by-signal/) the Cryptography Used by Signal, [Telegram](https://portswigger.net/daily-swig/multiple-encryption-flaws-uncovered-in-telegram-messaging-protocol)'s [*Cryptanalysis 1*](https://www.cryptofails.com/post/70546720222/telegrams-cryptanalysis-contest), [2](https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/) and [*very*](https://words.filippo.io/dispatches/telegram-ecdh/) old [InSecurity](https://blog.bytebytego.com/p/ep29-online-gaming-protocol#§is-telegram-secure), Three Lessons from [Threema](https://breakingthe3ma.app/), [Converso - how to uncover extraordinary claims](https://crnkovic.dev/testing-converso/), Tox handshake [vulnerablity](https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/), [Ginlo](https://lets.re/blog/ginlo/), [Collaborative Groups](https://lets.re/blog/roll-your-own-e2ee-protocol/), [KakaoTalk](https://stulle123.github.io/posts/kakaotalk/secret-chat/) , [Session](https://soatok.blog/2025/01/14/dont-use-session-signal-fork/), Part [2](https://soatok.blog/2025/01/20/session-round-2/), Bitchat [security debate](https://blog.trailofbits.com/2025/07/18/building-secure-messaging-is-hard-a-nuanced-take-on-the-bitchat-security-debate/)\n* Browser Insecurity: [Pale Moon](https://seirdy.one/notes/2022/06/01/pale-moon/), [ungoogled-Chromium](https://qua3k.github.io/ungoogled/), [Brave](https://www.spacebar.news/p/stop-using-brave-browser), [Avast Browser](https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/), [Arc Browser](https://kibty.town/blog/arc/), Perplexity's [Comet AI](https://guard.io/labs/scamlexity-we-put-agentic-ai-browsers-to-the-test-they-clicked-they-paid-they-failed) browser\n* [SMS phishing](https://www.bejarano.io/sms-phishing/) is way too easy\n* [Why](https://gergelykalman.com/why-you-shouldnt-use-a-commercial-vpn-amateur-hour-with-windscribe.html) you [shouldn't](https://gist.github.com/joepie91/5a9909939e6ce7d09e29) [*use*](https://superuser.com/a/926524) VPN [services](https://educatedguesswork.org/posts/public-wifi/) with their [leaks](https://www.leviathansecurity.com/blog/tunnelvision). If needed, use [MPRs](https://invisv.com/articles/relay.html)\n* [avoid](https://blog.sekoia.io/luckymouse-uses-a-backdoored-electron-app-to-target-macos/) Electron [*based*](https://web.archive.org/web/20220816044304/https://www.malwarebytes.com/blog/news/2022/08/a-vulnerability-was-found-in-electron-which-is-what-drives-discord-spotify-and-microsoft-teams) [programs](https://blog.doyensec.com/2022/09/27/electron-api-default-permissions.html)\n* [Matrix](https://archive.is/bPrxT) [*InSecurity*](https://archive.is/lqtLl), [concerns](https://anarc.at/blog/2022-06-17-matrix-notes/) and big [potential metadata issues](https://blog.erethon.com/blog/2023/06/21/what-happens-when-a-matrix-server-disappears/)\n* Phishing [with](https://mrd0x.com/phishing-with-chromium-application-mode/) Chromium's Application Mode\n* Browser in the Browser (BITB) [Attack](https://mrd0x.com/browser-in-the-browser-phishing-attack/)\n* Chrome Browser Exploitation [Part 1](https://jhalon.github.io/chrome-browser-exploitation-1/)\n* [graphics](https://archive.is/432zQ) about [PassKeys](https://www.passkeys.io) in detail, security [overview](https://support.apple.com/102195) and an [overview](https://passkeys.directory) of supporting websites\n* What [happens](https://blog.bytebytego.com/i/64353490/how-does-visa-work-when-we-swipe-a-credit-card-at-a-merchants-shop) when you swipe a credit card and what are the [differences](https://blog.bytebytego.com/i/68502474/visa-vs-american-express)\n* What are the differences [between](https://www.youtube.com/watch?v=Jz8Gs4UHTO8) bare metal, virtual machines, and containers\n* HTTP/1 to HTTP/2 [to](https://www.youtube.com/watch?v=a-sBfyiXysI) HTTP/3 - a [Deep Dive](https://blog.bytebytego.com/p/http1-vs-http2-vs-http3-a-deep-dive)\n* The Rising [Threat](https://www.apple.com/newsroom/pdfs/The-Rising-Threat-to-Consumer-Data-in-the-Cloud.pdf) to Consumer Data in the Cloud\n* Common [pitfalls](https://palant.info/2022/12/08/common-pitfalls-of-breaking-up-https-connections/) of breaking up HTTPS connections\n* (Motherboard vendor) MSI's [(in)Secure](https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/) Boot\n* \"Sign in with\" [Apple](https://www.apple.com/privacy/docs/Sign_in_with_Apple_White_Paper_Nov_2019.pdf)\n* [Building a Trusted Ecosystem](https://www.apple.com/privacy/docs/Building_a_Trusted_Ecosystem_for_Millions_of_Apps.pdf) for Millions of Apps\n* Protecting Chrome Traffic with [Hybrid Kyber KEM](https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html)\n* fail2ban [sucks](https://j3s.sh/thought/fail2ban-sux.html), [pfSense](https://www.bleepingcomputer.com/news/security/over-1-450-pfsense-servers-exposed-to-rce-attacks-via-bug-chain/)\n* iMessage with [PQ3](https://security.apple.com/blog/imessage-pq3/) post-quantum cryptographic protocol - external security review [1](https://security.apple.com/assets/files/Security_analysis_of_the_iMessage_PQ3_protocol_Stebila.pdf), [2](https://security.apple.com/assets/files/A_Formal_Analysis_of_the_iMessage_PQ3_Messaging_Protocol_Basin_et_al.pdf)\n* Security problems with [Routers](https://routersecurity.org/consumerrouters.php) like from [Netgear](https://web.archive.org/web/20240610184918/https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/), [*Netgear 2*](https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-authentication-bypass-xss-router-flaws/), [D-Link](https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-d-link-dir-859-router-flaw-to-steal-passwords/), [*D-Link 2*](https://www.bleepingcomputer.com/news/security/d-link-fixes-critical-rce-hardcoded-password-flaws-in-wifi-6-routers/), [Asus](https://www.bleepingcomputer.com/news/security/asus-warns-of-critical-remote-authentication-bypass-on-7-routers/) or [DrayTek](https://www.bleepingcomputer.com/news/security/draytek-fixed-critical-flaws-in-over-700-000-exposed-routers/), [TP-Link](https://www.bleepingcomputer.com/news/security/new-botnet-exploits-vulnerabilities-in-nvrs-tp-link-routers/)\n* [how](https://developer.apple.com/security/complying-with-the-dma.pdf) Apple handle the Digital Markets Act\n* Breaking the DECT Standard Cipher [with](https://eprint.iacr.org/2024/404) Lower Time Cost\n* IoT Device Security [Specification 1.0](https://csa-iot.org/newsroom/the-connectivity-standards-alliance-product-security-working-group-launches-the-iot-device-security-specification-1-0/)\n* Cloud InSecurity: Nextcloud E2EE [broken](https://eprint.iacr.org/2024/546.pdf)\n* About Apple threat [notifications](https://support.apple.com/102174) and protecting against mercenary spyware\n* WiFi - The [SSID Confusion Attack](https://www.top10vpn.com/research/wifi-vulnerability-ssid/)\n* [Leveraging](https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/) DNS Tunneling for Tracking and Scanning\n* Security research on Apple's [Private Cloud Compute](https://security.apple.com/blog/pcc-security-research)\n* Privacy, Anonymity and Compartmentalization [repository](https://github.com/HotCakeX/Privacy-Anonymity-Compartmentalization)\n* Flow Correlation Attacks on Tor Onion Service Sessions with [Sliding Subset Sum](https://www.ndss-symposium.org/wp-content/uploads/2024-337-paper.pdf)\n* [Detect and avoid](https://support.apple.com/102568) social engineering schemes such as phishing messages, fake support calls, and other scams\n* [Understanding](https://machinelearning.apple.com/research/differential-privacy-aggregate-trends) Aggregate Trends for Apple Intelligence Using Differential Privacy\n* Online Identity Verification with the [Digital Credentials API](https://webkit.org/blog/17431/online-identity-verification-with-the-digital-credentials-api/)\n* Video: Secure your app with Memory Integrity Enforcement | [Meet with Apple](https://www.youtube.com/watch?v=iYUMr3Y9fAU)\n* ASCII [Smuggling](https://reference.garak.ai/en/latest/ascii_smuggling.html) for [LLMs](https://www.promptfoo.dev/docs/red-team/plugins/ascii-smuggling/), Hidden Prompt Injections with Anthropic [Claude](https://embracethered.com/blog/posts/2024/claude-hidden-prompt-injection-ascii-smuggling/), Ghosts in the Machine: ASCII Smuggling [across Various LLMs](https://www.firetail.ai/blog/ghosts-in-the-machine-ascii-smuggling-across-various-llms), Defending LLM applications [against](https://aws.amazon.com/de/blogs/security/defending-llm-applications-against-unicode-character-smuggling/) Unicode character smuggling\n* Hacking Google Bard - [From Prompt Injection to Data Exfiltration](https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/), Mitigating prompt injection attacks with a [layered defense strategy](https://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html)\n* [TEE.fail](https://tee.fail): Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbeerisgood%2Fsecurity-link-collection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbeerisgood%2Fsecurity-link-collection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbeerisgood%2Fsecurity-link-collection/lists"}