Security Links
A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.

Crucible

AI Capture the Flag. Crucible is a "Capture the flag" platform made for security researchers, data scientists, and developers with an interest in AI security. You'll get access to a variety of challenges which are designed to build your skills in adversarial machine learning and model security. These challenges include dataset analysis, model inversion, adversarial attacks, code execution, and more.

Visit Website