While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend for service-to-service (S2S) communication, called “Actor tokens”, and a critical vulnerability in the (legacy) Azure AD Graph API that did not properly validate the originating tenant, allowing these tokens to be used for cross-tenant access.

Free open source office suite with business productivity tools: document and project management, CRM, mail aggregator. - ONLYOFFICE/CommunityServer

It took the spacecraft nearly five decades to get there. It takes light a day.

Voting system required three keys. One of them has been “irretrievably lost.”…

Sam Altman’s ChatGPT promises to transform the global economy. But it also poses an enormous threat. Here, a scientist who appeared with Altman before the US Senate on AI safety flags up the danger in AI – and in Altman himself

▦ Universal, standards-based auth provider. Contribute to toolbeam/openauth development by creating an account on GitHub.

A self-evolving open source project. Vote on PRs. Winner gets merged every Sunday.

The journey from Clawd to Moltbot to OpenClaw—and why this name is here to stay.

OpenCoder is an open and reproducible code LLM family which includes 1.5B and 8B models, supporting chat in English and Chinese languages.

OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables.

Open map of the world's electricity, telecoms, oil, and gas infrastructure, using data from OpenStreetMap.

OpenMPTCProuter permit to aggregate multiple Internet connections with the help of Multipath TCP (MPTCP) and shadowsocks

Open source project management software for classic, agile or hybrid project management: task management✓ Gantt charts✓ boards✓ team collaboration✓ time and cost reporting✓ FREE trial!

The unified interface for LLMs. Find the best models & prices for your prompts

A vulnerability in the popular open-source firewall software pfSense has been identified, allowing for remote code execution (RCE) attacks.

The world of custom mechanical keyboards is vibrant, with new designs emerging weekly. However, keyboards are just one way we interact with computers. Ploopy, an open-source hardware company, focus…