Top Security News for February 25, 2025

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup & Replication (CVE-2024-48248)
https://www.reddit.com/r/netsec/comments/1iykzuc/the_best_security_is_when_we_all_agree_to_keep/

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads
https://thehackernews.com/2025/02/malicious-pypi-package-automslc-enables.html

SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent
https://thehackernews.com/2025/02/soc-30-evolution-of-soc-and-how-ai-is.html

New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems
https://thehackernews.com/2025/02/new-linux-malware-auto-color-grants.html

CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
https://thehackernews.com/2025/02/cert-ua-warns-of-uac-0173-attacks.html

Three Password Cracking Techniques and How to Defend Against Them
https://thehackernews.com/2025/02/three-password-cracking-techniques-and.html

Kubernetes Golden Tickets
https://www.reddit.com/r/netsec/comments/1iyn5m4/kubernetes_golden_tickets/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for February 21, 2025

Malicious Chrome extensions infected over 3.2 million users worldwide.
https://www.reddit.com/r/netsec/comments/1izcoti/16_malicious_chrome_extensions_infected_over_32/

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware
https://thehackernews.com/2025/02/space-pirates-targets-russian-it-firms.html

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades
https://thehackernews.com/2025/02/new-tgtoxic-banking-trojan-variant.html

89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals
https://thehackernews.com/2025/02/89-of-enterprise-genai-usage-is.html

Modern Approach to Attributing Hacktivist Groups
https://research.checkpoint.com/2025/modern-approach-to-attributing-hacktivist-groups/

Research: Using Stylometry & Topic Modeling to Attribute State-Sponsored Hacktivist Groups
https://www.reddit.com/r/netsec/comments/1izgnfx/research_using_stylometry_topic_modeling_to/

Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations
https://thehackernews.com/2025/02/silver-fox-apt-uses-winos-40-malware-in.html

FBI attributes $1.5 billion Bybit hack to DPRK hackers.
https://thecyberwire.com/newsletters/daily-briefing/14/3816

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for February 2025

Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme
https://thehackernews.com/2025/02/microsoft-exposes-llmjacking.html

Cisco Fixed Command Injection and DoS Flaws in Nexus Switches
https://securityaffairs.com/174753/security/cisco-fixed-command-injection-and-dos-flaws-in-nexus-switches.html

Bypass AMSI in 2025
https://www.reddit.com/r/netsec/comments/1j07zpp/bypass_amsi_in_2025/

Behavior Models, Temperature Tweaks, and Safety Battles
https://thecyberwire.com/podcasts/the-faik-files/24/notes

5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs
https://thehackernews.com/2025/02/5000-phishing-pdfs-on-260-domains.html

RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable
https://thehackernews.com/2025/02/rdp-double-edged-sword-for-it-teams.html

Qilin Ransomware Gang Claims Responsibility for Attack Against Lee Enterprises
https://www.reddit.com/r/netsec/comments/1j07zpp/bypass_amsi_in_2025/

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone
https://thehackernews.com/2025/02/amnesty-finds-cellebrites-zero-day.html

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for October 5, 2023

Bybit $1.5b hack was a Safe Wallet web app JS payload injection
https://www.reddit.com/r/netsec/comments/1j0y8fc/bybit_15b_hack_was_a_safe_wallet_web_app_js/

Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service
https://securityaffairs.com/174779/cyber-crime/azure-abuse-scheme-individuals-exposed.html

Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day
https://securityaffairs.com/174789/cyber-crime/ransomware-gangs-paragon-partition-manager-biontdrv-sys-driver-zero-day-attacks.html

Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China
https://www.reddit.com/r/netsec/comments/1j1evli/wallbleed_a_memory_disclosure_vulnerability_in/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for October 24, 2023

Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/

Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/

Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/

Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/

MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://www.reddit.com/r/netsec/comments/1j1wt6u/mitm_attack_against_opensshs/

MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://www.reddit.com/r/netsec/comments/1j1wt6u/mitm_attack_against_opensshs/

MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://www.reddit.com/r/netsec/comments/1j1wt6u/mitm_attack_against_opensshs/

HUB Security Secures Continued Nasdaq Listing, Marking an Important Milestone
https://www.reddit.com/r/netsec/comments/1j1zypx/hub_security_secures_continued_nasdaq_listing/

Understanding the AI Act and its compliance challenges
https://www.reddit.com/r/netsec/comments/1j2fo1p/understanding_the_ai_act_and_its_compliance/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Why a push for encryption backdoors is a global security risk
https://www.reddit.com/r/netsec/comments/1j38aru/why_a_push_for_encryption_backdoors_is_a_global/

We Deliberately Exposed AWS Keys on Developer Forums: Attackers Exploited One in 10 Hours
https://www.reddit.com/r/netsec/comments/1j38z5p/we_deliberately_exposed_aws_keys_on_developer/

We Deliberately Exposed AWS Keys on Developer Forums: Attackers Exploited One in 10 Hours
https://www.reddit.com/r/netsec/comments/1j38z5p/we_deliberately_exposed_aws_keys_on_developer/

DISCOUNTED HOTEL DEALS ANNOUNCED FOR HOPE_16
https://www.2600.com/content/discounted-hotel-deals-announced-hope16

Securing generative AI models on Azure AI Foundry
https://www.microsoft.com/en-us/security/blog/2025/03/04/securing-generative-ai-models-on-azure-ai-foundry/

Adaptive Attacks Break Defenses Against Indirect Prompt Injection Attacks on LLM Agents
https://arxiv.org/abs/2503.00061

CRFU: Compressive Representation Forgetting Against Privacy Leakage on Machine Unlearning
https://arxiv.org/abs/2503.00062

ADAGE: Active Defenses Against GNN Extraction
https://arxiv.org/abs/2503.00065

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for March 5, 2025

Silk Typhoon targeting IT supply chain
https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/

EvilLoader: Yesterday was published PoC for unpatched Vulnerability affecting Telegram for Android
https://www.reddit.com/r/netsec/comments/1j3y1kl/evilloader_yesterday_was_published_poc_for/

EvilLoader: Yesterday was published PoC for unpatched Vulnerability affecting Telegram for Android
https://www.reddit.com/r/netsec/comments/1j3y1kl/evilloader_yesterday_was_published_poc_for/

UDora: A Unified Red Teaming Framework against LLM Agents by Dynamically Hijacking Their Own Reasoning
https://arxiv.org/abs/2503.01908

Datenschutzkonformer LLM-Einsatz: Eine Open-Source-Referenzarchitektur
https://arxiv.org/abs/2503.01915

A Lightweight and Secure Deep Learning Model for Privacy-Preserving Federated Learning in Intelligent Enterprises
https://arxiv.org/abs/2503.02017

Protecting DeFi Platforms against Non-Price Flash Loan Attacks
https://arxiv.org/abs/2503.01944

Advancing Obfuscation Strategies to Counter China's Great Firewall: A Technical and Policy Perspective
https://arxiv.org/abs/2503.02018

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for October 20, 2023

The Burn Notice, Part 2/5 | How We Uncovered a Critical Vulnerability in a Leading AI Agent Framework
https://www.reddit.com/r/netsec/comments/1j4x1tp/the_burn_notice_part_25_how_we_uncovered_a/

Sleeping Beauty Vulnerability: Bypassing CrowdStrike Falcon With One Simple Trick
https://www.reddit.com/r/netsec/comments/1j4s3as/sleeping_beauty_vulnerability_bypassing/

Malvertising campaign leads to info stealers hosted on GitHub
https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/

Command Injection - Compressive Guide & Payloads | VeryLazyTech
https://www.reddit.com/r/netsec/comments/1j4yi3f/command_injection_compressive_guide_payloads/

Zen and the Art of Microcode Hacking
https://www.reddit.com/r/netsec/comments/1j4r13c/zen_and_the_art_of_microcode_hacking/

Mind the Gap: Detecting Black-box Adversarial Attacks in the Making through Query Update Analysis
https://arxiv.org/abs/2503.02986

Adopt a PET! An Exploration of PETs, Policy, and Practicalities for Industry in Canada
https://arxiv.org/abs/2503.03027

Network Anomaly Detection for IoT Using Hyperdimensional Computing on NSL-KDD
https://arxiv.org/abs/2503.03031

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for October 23, 2023

Crxplorer.com is a great free tool for blue team to check overly permissive browser extensions
https://www.reddit.com/r/netsec/comments/1j5me7r/crxplorercom_is_a_great_free_tool_for_blue_team/

Uncovering .NET Malware Obfuscated by Encryption and Virtualization
https://www.reddit.com/r/netsec/comments/1j3y26r/uncovering_net_malware_obfuscated_by_encryption/

Automatically create an operation log of your shell! Supports Linux (Bash/Zsh) and Windows (PowerShell).
https://www.reddit.com/r/netsec/comments/1j40l9q/automatically_create_an_operation_log_of_your/

gpt4free - because I ain't got cash and I need synthetic LLM response data dammit.
https://www.reddit.com/r/netsec/comments/1j37kyi/gpt4free_because_i_aint_got_cash_and_i_need/

CRAFT: Characterizing and Root-Causing Fault Injection Threats at Pre-Silicon
https://arxiv.org/abs/2503.03877

Parser Knows Best: Testing DBMS with Coverage-Guided Grammar-Rule Traversal
https://arxiv.org/abs/2503.03893

A Quantum Good Authentication Protocol
https://arxiv.org/abs/2503.03884

Cryptographic Verifiability for Voter Registration Systems
https://arxiv.org/abs/2503.03974

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Reversing Samsung's H-Arx Hypervisor Framework (Part 1)
https://www.reddit.com/r/netsec/comments/1j6gbqj/reversing_samsungs_harx_hypervisor_framework_part/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Injecting domain expertise into your AI system
https://www.reddit.com/r/netsec/comments/1j76ap1/injecting_domain_expertise_into_your_ai_system/

Injecting domain expertise into your AI system
https://medium.com/towards-data-science/injecting-domain-expertise-into-your-ai-system-792febff48f0

Watson: A Cognitive Observability Framework for the Reasoning of LLM-Powered Agents
https://arxiv.org/abs/2411.03455

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

SideWinder targets the maritime and nuclear sectors with an updated toolset
https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/

Understanding the Windows Filtering Platform (WFP): A Quick Overview
https://www.tripwire.com/state-of-security/understanding-windows-filtering-platform-wfp-quick-overview

Thousands of WordPress Websites Infected with Malware
https://www.schneier.com/blog/archives/2025/03/thousands-of-wordpress-websites-infected-with-malware.html

FlippyR.AM: Large-Scale Rowhammer Study
https://www.reddit.com/r/netsec/comments/1j7whk7/flippyram_largescale_rowhammer_study/

Blind Eagle: …And Justice for All
https://research.checkpoint.com/2025/blind-eagle-and-justice-for-all/

Azure’s Weakest Link? How API Connections Spill Secrets
https://www.reddit.com/r/netsec/comments/1j7yqj6/azures_weakest_link_how_api_connections_spill/

10th March – Threat Intelligence Report
https://research.checkpoint.com/2025/10th-march-threat-intelligence-report/

HOWTO: build ATF (Trusted Firmware ARM) and OPTEE for RK3588
https://www.reddit.com/r/netsec/comments/1j84rrm/howto_build_atf_trusted_firmware_arm_and_optee/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

DCRat backdoor returns
https://securelist.com/new-wave-of-attacks-with-dcrat-backdoor-distributed-by-maas/115850/

Old medpy Deserialization Vulnerability
https://www.reddit.com/r/netsec/comments/1j8rx3b/old_medpy_deserialization_vulnerability/

R1-Searcher: Incentivizing the Search Capability in LLMs via Reinforcement Learning
https://arxiv.org/abs/2503.05592

MeanCache: User-Centric Semantic Caching for LLM Web Services
https://arxiv.org/abs/2403.02694

Nature-Inspired Population-Based Evolution of Large Language Models
https://arxiv.org/abs/2503.01155

Language Models Enable Simple Systems for Generating Structured Views of Heterogeneous Data Lakes
https://arxiv.org/abs/2304.09433

Npm Run Hack:Me - A Supply Chain Attack Journey
https://www.reddit.com/r/netsec/comments/1j8ugic/npm_run_hackme_a_supply_chain_attack_journey/

Alleged Co-Founder of Garantex Arrested in India
https://krebsonsecurity.com/2025/03/alleged-co-founder-of-garantex-arrested-in-india/

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/

Microsoft Patch Tuesday, March 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/03/11/microsoft-patch-tuesday-march-2025-security-update-review

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Impossible XXE in PHP
https://www.reddit.com/r/netsec/comments/1j9f0i7/impossible_xxe_in_php/

Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE
https://www.reddit.com/r/netsec/comments/1j9f0ur/analysis_of_cve202524813_apache_tomcat_path/

Cybersecurity Can’t Wait: Modern Enterprises Must Adapt
https://www.tripwire.com/state-of-security/cybersecurity-cant-wait-modern-enterprises-must-adapt

Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)
https://www.reddit.com/r/netsec/comments/1j9hcdw/preauthentication_sql_injection_to_rce_in_glpi/

China, Russia, Iran, and North Korea Intelligence Sharing
https://www.schneier.com/blog/archives/2025/03/china-russia-iran-and-north-korea-intelligence-sharing.html

Behind the Scenes of Burp AI: How we built it, and what's next
https://portswigger.net/blog/behind-the-scenes-of-burp-ai-how-we-built-it-and-whats-next

New Lumma Stealer campaign abuses Reddit threads to drop malware via fake WeTransfer links
https://www.reddit.com/r/netsec/comments/1j9xq07/new_lumma_stealer_campaign_abuses_reddit_threads/

Ruthless Mantis - Modus Operandi
https://www.reddit.com/r/netsec/comments/1j9v0dh/ruthless_mantis_modus_operandi/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
https://www.reddit.com/r/netsec/comments/1ja6lxm/sign_in_as_anyone_bypassing_saml_sso/

6 Potential Security Concerns With the Eventual Rollout of 6G
https://www.tripwire.com/state-of-security/potential-security-concerns-eventual-rollout-6g

Head Mare and Twelve join forces to attack Russian entities
https://securelist.com/head-mare-twelve-collaboration/115887/

Medusa Ransomware: FBI and CISA Urge Organizations to Act Now to Mitigate Threat
https://www.tripwire.com/state-of-security/medusa-ransomware-fbi-and-cisa-urge-organizations-act-now-mitigate-threat

Cradle.sh Open Source Threat Intelligence Hub
https://www.reddit.com/r/netsec/comments/1jad2e8/cradlesh_open_source_threat_intelligence_hub/

Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
https://www.microsoft.com/en-us/security/blog/2025/03/13/phishing-campaign-impersonates-booking-com-delivers-a-suite-of-credential-stealing-malware/

How MSRC coordinates vulnerability research and disclosure while building community
https://www.microsoft.com/en-us/security/blog/2025/03/13/how-msrc-coordinates-vulnerability-research-and-disclosure-while-building-community/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

TP-Link Router Botnet
https://www.schneier.com/blog/archives/2025/03/tp-link-router-botnet.html

Upcoming Speaking Engagements
https://www.schneier.com/blog/archives/2025/03/upcoming-speaking-engagements-44.html

Friday Squid Blogging: SQUID Band
https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-band.html

ClickFix: How to Infect Your PC in Three Easy Steps
https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/

Reversing the Computing Research Workforce Shortfall: Bolstering Domestic Student Pathways to PhDs
https://arxiv.org/abs/2503.09614

Prioritizing Computing Research to Empower and Protect Vulnerable Populations
https://arxiv.org/abs/2503.09612

Factorio Learning Environment
https://arxiv.org/abs/2503.09617

Empowering the Future Workforce: Prioritizing Education for the AI-Accelerated Job Market
https://arxiv.org/abs/2503.09613

Adaptive Deadlock Avoidance for Decentralized Multi-agent Systems via CBF-inspired Risk Measurement
https://arxiv.org/abs/2503.09621

Edge AI-Powered Real-Time Decision-Making for Autonomous Vehicles in Adverse Weather Conditions
https://arxiv.org/abs/2503.09638

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Data Breach Exposes Personal Information of 3 Million Users
https://example.com/data-breach

New Ransomware Strain Targets Healthcare Institutions
https://example.com/ransomware-healthcare

Cybersecurity Firm Discovers Major Vulnerability in Cloud Services
https://example.com/cloud-vulnerability

Increase in Phishing Attacks Exploiting Remote Work Trends
https://example.com/phishing-remote-work

Critical Security Flaw Found in Popular Web Browser
https://example.com/web-browser-flaw

Government Agency Issues New Cyber Threat Advisory
https://example.com/cyber-threat-advisory

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Squid: RISC-V emulator for high-performance fuzzing with AOT instead of JIT compilation
https://www.reddit.com/r/netsec/comments/1ja8yg7/squid_riscv_emulator_for_highperformance_fuzzing/

Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis
https://www.reddit.com/r/netsec/comments/1jd0bgp/android_kernel_adventures_insights_into/

BioSerenity-E1: a self-supervised EEG model for medical applications
https://arxiv.org/abs/2503.10362

Complementarity, Augmentation, or Substitutivity? The Impact of Generative Artificial Intelligence on the U.S. Federal Workforce
https://arxiv.org/abs/2503.09637

History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/

Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/

History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/

CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution
https://www.reddit.com/r/netsec/comments/1jd9oed/cve202524016_unsafe_deserialization_vulnerability/

[Tool] TruffleShow: A Client-Side Web Viewer for TruffleHog Outputs
https://www.reddit.com/r/netsec/comments/1jdcen1/tool_truffleshow_a_clientside_web_viewer_for/

17th March – Threat Intelligence Report
https://research.checkpoint.com/2025/17th-march-threat-intelligence-report/

Improvements in Brute Force Attacks
https://www.schneier.com/blog/archives/2025/03/improvements-in-brute-force-attacks.html

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Auditing language models for hidden objectives
https://arxiv.org/abs/2503.10965

Combinatorial Optimization for All: Using LLMs to Aid Non-Experts in Improving Optimization Algorithms
https://arxiv.org/abs/2503.10968

Is Security Human Factors Research Skewed Towards Western Ideas and Habits?
https://www.schneier.com/blog/archives/2025/03/is-security-human-factors-research-skewed-towards-western-ideas-and-habits.html

Learn how an out-of-bounds write vulnerability in the Linux kernel can be exploited to achieve an LPE (CVE-2025-0927)
https://www.reddit.com/r/netsec/comments/1je3w9o/learn_how_an_outofbounds_write_vulnerability_in/

What is Bundesamt für Sicherheit in der Informationstechnik (BSI)?
https://www.tripwire.com/state-of-security/what-is-bundesamt-fur-sicherheit-in-der-informationstechnik-bsi

Arbitrary File Write CVE-2024-0402 in GitLab (Exploit)
https://www.reddit.com/r/netsec/comments/1je4j6r/arbitrary_file_write_cve20240402_in_gitlab_exploit/

SAML roulette: the hacker always wins
https://www.reddit.com/r/netsec/comments/1je8f1h/saml_roulette_the_hacker_always_wins/

AI innovation requires AI security: Hear what’s new at Microsoft Secure
https://techcommunity.microsoft.com/blog/microsoft-security-blog/ai-innovation-requires-ai-security-hear-what%e2%80%99s-new-at-microsoft-secure/4394130

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for Today

Arcane stealer: We want all your data
https://securelist.com/arcane-stealer/115919/

The Intersection of Public Policy and Cybersecurity: Building a Framework for 2025 and Beyond
https://www.tripwire.com/state-of-security/intersection-public-policy-and-cybersecurity-building-framework-2025-and-beyond

How to Secure Your Information on AWS: 10 Best Practices
https://www.tripwire.com/state-of-security/secure-information-aws-10-best-practices

Linux supply chain attack journey: critical vulnerabilities on multiple distribution build & packaging systems
https://www.reddit.com/r/netsec/comments/1jetbh3/linux_supply_chain_attack_journey_critical/

Introducing WEBCAT: Web-based Code Assurance and Transparency
https://www.reddit.com/r/netsec/comments/1jf1zwq/introducing_webcat_webbased_code_assurance_and/

DOGE to Fired CISA Staff: Email Us Your Personal Data
https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/

By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
https://www.reddit.com/r/netsec/comments/1jff8u9/by_executive_order_we_are_banning_blacklists/

Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman