Top Security News for October 5, 2023
Bybit $1.5b hack was a Safe Wallet web app JS payload injection
https://www.reddit.com/r/netsec/comments/1j0y8fc/bybit_15b_hack_was_a_safe_wallet_web_app_js/
Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service
https://securityaffairs.com/174779/cyber-crime/azure-abuse-scheme-individuals-exposed.html
Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day
https://securityaffairs.com/174789/cyber-crime/ransomware-gangs-paragon-partition-manager-biontdrv-sys-driver-zero-day-attacks.html
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China
https://www.reddit.com/r/netsec/comments/1j1evli/wallbleed_a_memory_disclosure_vulnerability_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Bybit $1.5b hack was a Safe Wallet web app JS payload injection
https://www.reddit.com/r/netsec/comments/1j0y8fc/bybit_15b_hack_was_a_safe_wallet_web_app_js/
Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service
https://securityaffairs.com/174779/cyber-crime/azure-abuse-scheme-individuals-exposed.html
Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day
https://securityaffairs.com/174789/cyber-crime/ransomware-gangs-paragon-partition-manager-biontdrv-sys-driver-zero-day-attacks.html
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China
https://www.reddit.com/r/netsec/comments/1j1evli/wallbleed_a_memory_disclosure_vulnerability_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Bybit $1.5b hack was a Safe Wallet web app JS payload injection
Posted by pzduniak - 156 votes and 9 comments
Top Security News for October 24, 2023
Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/
Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/
Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/
Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://www.reddit.com/r/netsec/comments/1j1wt6u/mitm_attack_against_opensshs/
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://www.reddit.com/r/netsec/comments/1j1wt6u/mitm_attack_against_opensshs/
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://www.reddit.com/r/netsec/comments/1j1wt6u/mitm_attack_against_opensshs/
HUB Security Secures Continued Nasdaq Listing, Marking an Important Milestone
https://www.reddit.com/r/netsec/comments/1j1zypx/hub_security_secures_continued_nasdaq_listing/
Understanding the AI Act and its compliance challenges
https://www.reddit.com/r/netsec/comments/1j2fo1p/understanding_the_ai_act_and_its_compliance/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/
Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/
Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/
Substack Domain Takeover
https://www.reddit.com/r/netsec/comments/1j1ofqp/substack_domain_takeover/
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://www.reddit.com/r/netsec/comments/1j1wt6u/mitm_attack_against_opensshs/
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://www.reddit.com/r/netsec/comments/1j1wt6u/mitm_attack_against_opensshs/
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://www.reddit.com/r/netsec/comments/1j1wt6u/mitm_attack_against_opensshs/
HUB Security Secures Continued Nasdaq Listing, Marking an Important Milestone
https://www.reddit.com/r/netsec/comments/1j1zypx/hub_security_secures_continued_nasdaq_listing/
Understanding the AI Act and its compliance challenges
https://www.reddit.com/r/netsec/comments/1j2fo1p/understanding_the_ai_act_and_its_compliance/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Substack Domain Takeover
Posted by whisperingmime - 0 votes and 0 comments
❤1
Top Security News for Today
Why a push for encryption backdoors is a global security risk
https://www.reddit.com/r/netsec/comments/1j38aru/why_a_push_for_encryption_backdoors_is_a_global/
We Deliberately Exposed AWS Keys on Developer Forums: Attackers Exploited One in 10 Hours
https://www.reddit.com/r/netsec/comments/1j38z5p/we_deliberately_exposed_aws_keys_on_developer/
We Deliberately Exposed AWS Keys on Developer Forums: Attackers Exploited One in 10 Hours
https://www.reddit.com/r/netsec/comments/1j38z5p/we_deliberately_exposed_aws_keys_on_developer/
DISCOUNTED HOTEL DEALS ANNOUNCED FOR HOPE_16
https://www.2600.com/content/discounted-hotel-deals-announced-hope16
Securing generative AI models on Azure AI Foundry
https://www.microsoft.com/en-us/security/blog/2025/03/04/securing-generative-ai-models-on-azure-ai-foundry/
Adaptive Attacks Break Defenses Against Indirect Prompt Injection Attacks on LLM Agents
https://arxiv.org/abs/2503.00061
CRFU: Compressive Representation Forgetting Against Privacy Leakage on Machine Unlearning
https://arxiv.org/abs/2503.00062
ADAGE: Active Defenses Against GNN Extraction
https://arxiv.org/abs/2503.00065
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Why a push for encryption backdoors is a global security risk
https://www.reddit.com/r/netsec/comments/1j38aru/why_a_push_for_encryption_backdoors_is_a_global/
We Deliberately Exposed AWS Keys on Developer Forums: Attackers Exploited One in 10 Hours
https://www.reddit.com/r/netsec/comments/1j38z5p/we_deliberately_exposed_aws_keys_on_developer/
We Deliberately Exposed AWS Keys on Developer Forums: Attackers Exploited One in 10 Hours
https://www.reddit.com/r/netsec/comments/1j38z5p/we_deliberately_exposed_aws_keys_on_developer/
DISCOUNTED HOTEL DEALS ANNOUNCED FOR HOPE_16
https://www.2600.com/content/discounted-hotel-deals-announced-hope16
Securing generative AI models on Azure AI Foundry
https://www.microsoft.com/en-us/security/blog/2025/03/04/securing-generative-ai-models-on-azure-ai-foundry/
Adaptive Attacks Break Defenses Against Indirect Prompt Injection Attacks on LLM Agents
https://arxiv.org/abs/2503.00061
CRFU: Compressive Representation Forgetting Against Privacy Leakage on Machine Unlearning
https://arxiv.org/abs/2503.00062
ADAGE: Active Defenses Against GNN Extraction
https://arxiv.org/abs/2503.00065
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Why a push for encryption backdoors is a global security risk
Explore this post and more from the netsec community
Top Security News for March 5, 2025
Silk Typhoon targeting IT supply chain
https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/
EvilLoader: Yesterday was published PoC for unpatched Vulnerability affecting Telegram for Android
https://www.reddit.com/r/netsec/comments/1j3y1kl/evilloader_yesterday_was_published_poc_for/
EvilLoader: Yesterday was published PoC for unpatched Vulnerability affecting Telegram for Android
https://www.reddit.com/r/netsec/comments/1j3y1kl/evilloader_yesterday_was_published_poc_for/
UDora: A Unified Red Teaming Framework against LLM Agents by Dynamically Hijacking Their Own Reasoning
https://arxiv.org/abs/2503.01908
Datenschutzkonformer LLM-Einsatz: Eine Open-Source-Referenzarchitektur
https://arxiv.org/abs/2503.01915
A Lightweight and Secure Deep Learning Model for Privacy-Preserving Federated Learning in Intelligent Enterprises
https://arxiv.org/abs/2503.02017
Protecting DeFi Platforms against Non-Price Flash Loan Attacks
https://arxiv.org/abs/2503.01944
Advancing Obfuscation Strategies to Counter China's Great Firewall: A Technical and Policy Perspective
https://arxiv.org/abs/2503.02018
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Silk Typhoon targeting IT supply chain
https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/
EvilLoader: Yesterday was published PoC for unpatched Vulnerability affecting Telegram for Android
https://www.reddit.com/r/netsec/comments/1j3y1kl/evilloader_yesterday_was_published_poc_for/
EvilLoader: Yesterday was published PoC for unpatched Vulnerability affecting Telegram for Android
https://www.reddit.com/r/netsec/comments/1j3y1kl/evilloader_yesterday_was_published_poc_for/
UDora: A Unified Red Teaming Framework against LLM Agents by Dynamically Hijacking Their Own Reasoning
https://arxiv.org/abs/2503.01908
Datenschutzkonformer LLM-Einsatz: Eine Open-Source-Referenzarchitektur
https://arxiv.org/abs/2503.01915
A Lightweight and Secure Deep Learning Model for Privacy-Preserving Federated Learning in Intelligent Enterprises
https://arxiv.org/abs/2503.02017
Protecting DeFi Platforms against Non-Price Flash Loan Attacks
https://arxiv.org/abs/2503.01944
Advancing Obfuscation Strategies to Counter China's Great Firewall: A Technical and Policy Perspective
https://arxiv.org/abs/2503.02018
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Microsoft News
Silk Typhoon targeting IT supply chain
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this…
Top Security News for October 20, 2023
The Burn Notice, Part 2/5 | How We Uncovered a Critical Vulnerability in a Leading AI Agent Framework
https://www.reddit.com/r/netsec/comments/1j4x1tp/the_burn_notice_part_25_how_we_uncovered_a/
Sleeping Beauty Vulnerability: Bypassing CrowdStrike Falcon With One Simple Trick
https://www.reddit.com/r/netsec/comments/1j4s3as/sleeping_beauty_vulnerability_bypassing/
Malvertising campaign leads to info stealers hosted on GitHub
https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/
Command Injection - Compressive Guide & Payloads | VeryLazyTech
https://www.reddit.com/r/netsec/comments/1j4yi3f/command_injection_compressive_guide_payloads/
Zen and the Art of Microcode Hacking
https://www.reddit.com/r/netsec/comments/1j4r13c/zen_and_the_art_of_microcode_hacking/
Mind the Gap: Detecting Black-box Adversarial Attacks in the Making through Query Update Analysis
https://arxiv.org/abs/2503.02986
Adopt a PET! An Exploration of PETs, Policy, and Practicalities for Industry in Canada
https://arxiv.org/abs/2503.03027
Network Anomaly Detection for IoT Using Hyperdimensional Computing on NSL-KDD
https://arxiv.org/abs/2503.03031
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Burn Notice, Part 2/5 | How We Uncovered a Critical Vulnerability in a Leading AI Agent Framework
https://www.reddit.com/r/netsec/comments/1j4x1tp/the_burn_notice_part_25_how_we_uncovered_a/
Sleeping Beauty Vulnerability: Bypassing CrowdStrike Falcon With One Simple Trick
https://www.reddit.com/r/netsec/comments/1j4s3as/sleeping_beauty_vulnerability_bypassing/
Malvertising campaign leads to info stealers hosted on GitHub
https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/
Command Injection - Compressive Guide & Payloads | VeryLazyTech
https://www.reddit.com/r/netsec/comments/1j4yi3f/command_injection_compressive_guide_payloads/
Zen and the Art of Microcode Hacking
https://www.reddit.com/r/netsec/comments/1j4r13c/zen_and_the_art_of_microcode_hacking/
Mind the Gap: Detecting Black-box Adversarial Attacks in the Making through Query Update Analysis
https://arxiv.org/abs/2503.02986
Adopt a PET! An Exploration of PETs, Policy, and Practicalities for Industry in Canada
https://arxiv.org/abs/2503.03027
Network Anomaly Detection for IoT Using Hyperdimensional Computing on NSL-KDD
https://arxiv.org/abs/2503.03031
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: The Burn Notice, Part 2/5 | How We Uncovered a Critical Vulnerability in a Leading AI Agent…
Explore this post and more from the netsec community
Top Security News for October 23, 2023
Crxplorer.com is a great free tool for blue team to check overly permissive browser extensions
https://www.reddit.com/r/netsec/comments/1j5me7r/crxplorercom_is_a_great_free_tool_for_blue_team/
Uncovering .NET Malware Obfuscated by Encryption and Virtualization
https://www.reddit.com/r/netsec/comments/1j3y26r/uncovering_net_malware_obfuscated_by_encryption/
Automatically create an operation log of your shell! Supports Linux (Bash/Zsh) and Windows (PowerShell).
https://www.reddit.com/r/netsec/comments/1j40l9q/automatically_create_an_operation_log_of_your/
gpt4free - because I ain't got cash and I need synthetic LLM response data dammit.
https://www.reddit.com/r/netsec/comments/1j37kyi/gpt4free_because_i_aint_got_cash_and_i_need/
CRAFT: Characterizing and Root-Causing Fault Injection Threats at Pre-Silicon
https://arxiv.org/abs/2503.03877
Parser Knows Best: Testing DBMS with Coverage-Guided Grammar-Rule Traversal
https://arxiv.org/abs/2503.03893
A Quantum Good Authentication Protocol
https://arxiv.org/abs/2503.03884
Cryptographic Verifiability for Voter Registration Systems
https://arxiv.org/abs/2503.03974
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Crxplorer.com is a great free tool for blue team to check overly permissive browser extensions
https://www.reddit.com/r/netsec/comments/1j5me7r/crxplorercom_is_a_great_free_tool_for_blue_team/
Uncovering .NET Malware Obfuscated by Encryption and Virtualization
https://www.reddit.com/r/netsec/comments/1j3y26r/uncovering_net_malware_obfuscated_by_encryption/
Automatically create an operation log of your shell! Supports Linux (Bash/Zsh) and Windows (PowerShell).
https://www.reddit.com/r/netsec/comments/1j40l9q/automatically_create_an_operation_log_of_your/
gpt4free - because I ain't got cash and I need synthetic LLM response data dammit.
https://www.reddit.com/r/netsec/comments/1j37kyi/gpt4free_because_i_aint_got_cash_and_i_need/
CRAFT: Characterizing and Root-Causing Fault Injection Threats at Pre-Silicon
https://arxiv.org/abs/2503.03877
Parser Knows Best: Testing DBMS with Coverage-Guided Grammar-Rule Traversal
https://arxiv.org/abs/2503.03893
A Quantum Good Authentication Protocol
https://arxiv.org/abs/2503.03884
Cryptographic Verifiability for Voter Registration Systems
https://arxiv.org/abs/2503.03974
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Crxplorer.com is a great free tool for blue team to check overly permissive browser extensions
Posted by kinso1338 - 0 votes and 0 comments
Top Security News for Today
Reversing Samsung's H-Arx Hypervisor Framework (Part 1)
https://www.reddit.com/r/netsec/comments/1j6gbqj/reversing_samsungs_harx_hypervisor_framework_part/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reversing Samsung's H-Arx Hypervisor Framework (Part 1)
https://www.reddit.com/r/netsec/comments/1j6gbqj/reversing_samsungs_harx_hypervisor_framework_part/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Reversing Samsung's H-Arx Hypervisor Framework (Part 1)
Explore this post and more from the netsec community
Top Security News for Today
Injecting domain expertise into your AI system
https://www.reddit.com/r/netsec/comments/1j76ap1/injecting_domain_expertise_into_your_ai_system/
Injecting domain expertise into your AI system
https://medium.com/towards-data-science/injecting-domain-expertise-into-your-ai-system-792febff48f0
Watson: A Cognitive Observability Framework for the Reasoning of LLM-Powered Agents
https://arxiv.org/abs/2411.03455
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Injecting domain expertise into your AI system
https://www.reddit.com/r/netsec/comments/1j76ap1/injecting_domain_expertise_into_your_ai_system/
Injecting domain expertise into your AI system
https://medium.com/towards-data-science/injecting-domain-expertise-into-your-ai-system-792febff48f0
Watson: A Cognitive Observability Framework for the Reasoning of LLM-Powered Agents
https://arxiv.org/abs/2411.03455
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Injecting domain expertise into your AI system
Explore this post and more from the netsec community
Top Security News for Today
SideWinder targets the maritime and nuclear sectors with an updated toolset
https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/
Understanding the Windows Filtering Platform (WFP): A Quick Overview
https://www.tripwire.com/state-of-security/understanding-windows-filtering-platform-wfp-quick-overview
Thousands of WordPress Websites Infected with Malware
https://www.schneier.com/blog/archives/2025/03/thousands-of-wordpress-websites-infected-with-malware.html
FlippyR.AM: Large-Scale Rowhammer Study
https://www.reddit.com/r/netsec/comments/1j7whk7/flippyram_largescale_rowhammer_study/
Blind Eagle: …And Justice for All
https://research.checkpoint.com/2025/blind-eagle-and-justice-for-all/
Azure’s Weakest Link? How API Connections Spill Secrets
https://www.reddit.com/r/netsec/comments/1j7yqj6/azures_weakest_link_how_api_connections_spill/
10th March – Threat Intelligence Report
https://research.checkpoint.com/2025/10th-march-threat-intelligence-report/
HOWTO: build ATF (Trusted Firmware ARM) and OPTEE for RK3588
https://www.reddit.com/r/netsec/comments/1j84rrm/howto_build_atf_trusted_firmware_arm_and_optee/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
SideWinder targets the maritime and nuclear sectors with an updated toolset
https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/
Understanding the Windows Filtering Platform (WFP): A Quick Overview
https://www.tripwire.com/state-of-security/understanding-windows-filtering-platform-wfp-quick-overview
Thousands of WordPress Websites Infected with Malware
https://www.schneier.com/blog/archives/2025/03/thousands-of-wordpress-websites-infected-with-malware.html
FlippyR.AM: Large-Scale Rowhammer Study
https://www.reddit.com/r/netsec/comments/1j7whk7/flippyram_largescale_rowhammer_study/
Blind Eagle: …And Justice for All
https://research.checkpoint.com/2025/blind-eagle-and-justice-for-all/
Azure’s Weakest Link? How API Connections Spill Secrets
https://www.reddit.com/r/netsec/comments/1j7yqj6/azures_weakest_link_how_api_connections_spill/
10th March – Threat Intelligence Report
https://research.checkpoint.com/2025/10th-march-threat-intelligence-report/
HOWTO: build ATF (Trusted Firmware ARM) and OPTEE for RK3588
https://www.reddit.com/r/netsec/comments/1j84rrm/howto_build_atf_trusted_firmware_arm_and_optee/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
DCRat backdoor returns
https://securelist.com/new-wave-of-attacks-with-dcrat-backdoor-distributed-by-maas/115850/
Old medpy Deserialization Vulnerability
https://www.reddit.com/r/netsec/comments/1j8rx3b/old_medpy_deserialization_vulnerability/
R1-Searcher: Incentivizing the Search Capability in LLMs via Reinforcement Learning
https://arxiv.org/abs/2503.05592
MeanCache: User-Centric Semantic Caching for LLM Web Services
https://arxiv.org/abs/2403.02694
Nature-Inspired Population-Based Evolution of Large Language Models
https://arxiv.org/abs/2503.01155
Language Models Enable Simple Systems for Generating Structured Views of Heterogeneous Data Lakes
https://arxiv.org/abs/2304.09433
Npm Run Hack:Me - A Supply Chain Attack Journey
https://www.reddit.com/r/netsec/comments/1j8ugic/npm_run_hackme_a_supply_chain_attack_journey/
Alleged Co-Founder of Garantex Arrested in India
https://krebsonsecurity.com/2025/03/alleged-co-founder-of-garantex-arrested-in-india/
New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/
Microsoft Patch Tuesday, March 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/03/11/microsoft-patch-tuesday-march-2025-security-update-review
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
DCRat backdoor returns
https://securelist.com/new-wave-of-attacks-with-dcrat-backdoor-distributed-by-maas/115850/
Old medpy Deserialization Vulnerability
https://www.reddit.com/r/netsec/comments/1j8rx3b/old_medpy_deserialization_vulnerability/
R1-Searcher: Incentivizing the Search Capability in LLMs via Reinforcement Learning
https://arxiv.org/abs/2503.05592
MeanCache: User-Centric Semantic Caching for LLM Web Services
https://arxiv.org/abs/2403.02694
Nature-Inspired Population-Based Evolution of Large Language Models
https://arxiv.org/abs/2503.01155
Language Models Enable Simple Systems for Generating Structured Views of Heterogeneous Data Lakes
https://arxiv.org/abs/2304.09433
Npm Run Hack:Me - A Supply Chain Attack Journey
https://www.reddit.com/r/netsec/comments/1j8ugic/npm_run_hackme_a_supply_chain_attack_journey/
Alleged Co-Founder of Garantex Arrested in India
https://krebsonsecurity.com/2025/03/alleged-co-founder-of-garantex-arrested-in-india/
New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/
Microsoft Patch Tuesday, March 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/03/11/microsoft-patch-tuesday-march-2025-security-update-review
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
New wave of attacks on gamers with DCRat backdoor
Top Security News for Today
Impossible XXE in PHP
https://www.reddit.com/r/netsec/comments/1j9f0i7/impossible_xxe_in_php/
Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE
https://www.reddit.com/r/netsec/comments/1j9f0ur/analysis_of_cve202524813_apache_tomcat_path/
Cybersecurity Can’t Wait: Modern Enterprises Must Adapt
https://www.tripwire.com/state-of-security/cybersecurity-cant-wait-modern-enterprises-must-adapt
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)
https://www.reddit.com/r/netsec/comments/1j9hcdw/preauthentication_sql_injection_to_rce_in_glpi/
China, Russia, Iran, and North Korea Intelligence Sharing
https://www.schneier.com/blog/archives/2025/03/china-russia-iran-and-north-korea-intelligence-sharing.html
Behind the Scenes of Burp AI: How we built it, and what's next
https://portswigger.net/blog/behind-the-scenes-of-burp-ai-how-we-built-it-and-whats-next
New Lumma Stealer campaign abuses Reddit threads to drop malware via fake WeTransfer links
https://www.reddit.com/r/netsec/comments/1j9xq07/new_lumma_stealer_campaign_abuses_reddit_threads/
Ruthless Mantis - Modus Operandi
https://www.reddit.com/r/netsec/comments/1j9v0dh/ruthless_mantis_modus_operandi/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Impossible XXE in PHP
https://www.reddit.com/r/netsec/comments/1j9f0i7/impossible_xxe_in_php/
Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE
https://www.reddit.com/r/netsec/comments/1j9f0ur/analysis_of_cve202524813_apache_tomcat_path/
Cybersecurity Can’t Wait: Modern Enterprises Must Adapt
https://www.tripwire.com/state-of-security/cybersecurity-cant-wait-modern-enterprises-must-adapt
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)
https://www.reddit.com/r/netsec/comments/1j9hcdw/preauthentication_sql_injection_to_rce_in_glpi/
China, Russia, Iran, and North Korea Intelligence Sharing
https://www.schneier.com/blog/archives/2025/03/china-russia-iran-and-north-korea-intelligence-sharing.html
Behind the Scenes of Burp AI: How we built it, and what's next
https://portswigger.net/blog/behind-the-scenes-of-burp-ai-how-we-built-it-and-whats-next
New Lumma Stealer campaign abuses Reddit threads to drop malware via fake WeTransfer links
https://www.reddit.com/r/netsec/comments/1j9xq07/new_lumma_stealer_campaign_abuses_reddit_threads/
Ruthless Mantis - Modus Operandi
https://www.reddit.com/r/netsec/comments/1j9v0dh/ruthless_mantis_modus_operandi/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Impossible XXE in PHP
Posted by Fugitif - 6 votes and 0 comments
Top Security News for Today
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
https://www.reddit.com/r/netsec/comments/1ja6lxm/sign_in_as_anyone_bypassing_saml_sso/
6 Potential Security Concerns With the Eventual Rollout of 6G
https://www.tripwire.com/state-of-security/potential-security-concerns-eventual-rollout-6g
Head Mare and Twelve join forces to attack Russian entities
https://securelist.com/head-mare-twelve-collaboration/115887/
Medusa Ransomware: FBI and CISA Urge Organizations to Act Now to Mitigate Threat
https://www.tripwire.com/state-of-security/medusa-ransomware-fbi-and-cisa-urge-organizations-act-now-mitigate-threat
Cradle.sh Open Source Threat Intelligence Hub
https://www.reddit.com/r/netsec/comments/1jad2e8/cradlesh_open_source_threat_intelligence_hub/
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
https://www.microsoft.com/en-us/security/blog/2025/03/13/phishing-campaign-impersonates-booking-com-delivers-a-suite-of-credential-stealing-malware/
How MSRC coordinates vulnerability research and disclosure while building community
https://www.microsoft.com/en-us/security/blog/2025/03/13/how-msrc-coordinates-vulnerability-research-and-disclosure-while-building-community/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
https://www.reddit.com/r/netsec/comments/1ja6lxm/sign_in_as_anyone_bypassing_saml_sso/
6 Potential Security Concerns With the Eventual Rollout of 6G
https://www.tripwire.com/state-of-security/potential-security-concerns-eventual-rollout-6g
Head Mare and Twelve join forces to attack Russian entities
https://securelist.com/head-mare-twelve-collaboration/115887/
Medusa Ransomware: FBI and CISA Urge Organizations to Act Now to Mitigate Threat
https://www.tripwire.com/state-of-security/medusa-ransomware-fbi-and-cisa-urge-organizations-act-now-mitigate-threat
Cradle.sh Open Source Threat Intelligence Hub
https://www.reddit.com/r/netsec/comments/1jad2e8/cradlesh_open_source_threat_intelligence_hub/
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
https://www.microsoft.com/en-us/security/blog/2025/03/13/phishing-campaign-impersonates-booking-com-delivers-a-suite-of-credential-stealing-malware/
How MSRC coordinates vulnerability research and disclosure while building community
https://www.microsoft.com/en-us/security/blog/2025/03/13/how-msrc-coordinates-vulnerability-research-and-disclosure-while-building-community/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Explore this post and more from the netsec community
Top Security News for Today
TP-Link Router Botnet
https://www.schneier.com/blog/archives/2025/03/tp-link-router-botnet.html
Upcoming Speaking Engagements
https://www.schneier.com/blog/archives/2025/03/upcoming-speaking-engagements-44.html
Friday Squid Blogging: SQUID Band
https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-band.html
ClickFix: How to Infect Your PC in Three Easy Steps
https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/
Reversing the Computing Research Workforce Shortfall: Bolstering Domestic Student Pathways to PhDs
https://arxiv.org/abs/2503.09614
Prioritizing Computing Research to Empower and Protect Vulnerable Populations
https://arxiv.org/abs/2503.09612
Factorio Learning Environment
https://arxiv.org/abs/2503.09617
Empowering the Future Workforce: Prioritizing Education for the AI-Accelerated Job Market
https://arxiv.org/abs/2503.09613
Adaptive Deadlock Avoidance for Decentralized Multi-agent Systems via CBF-inspired Risk Measurement
https://arxiv.org/abs/2503.09621
Edge AI-Powered Real-Time Decision-Making for Autonomous Vehicles in Adverse Weather Conditions
https://arxiv.org/abs/2503.09638
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
TP-Link Router Botnet
https://www.schneier.com/blog/archives/2025/03/tp-link-router-botnet.html
Upcoming Speaking Engagements
https://www.schneier.com/blog/archives/2025/03/upcoming-speaking-engagements-44.html
Friday Squid Blogging: SQUID Band
https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-band.html
ClickFix: How to Infect Your PC in Three Easy Steps
https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/
Reversing the Computing Research Workforce Shortfall: Bolstering Domestic Student Pathways to PhDs
https://arxiv.org/abs/2503.09614
Prioritizing Computing Research to Empower and Protect Vulnerable Populations
https://arxiv.org/abs/2503.09612
Factorio Learning Environment
https://arxiv.org/abs/2503.09617
Empowering the Future Workforce: Prioritizing Education for the AI-Accelerated Job Market
https://arxiv.org/abs/2503.09613
Adaptive Deadlock Avoidance for Decentralized Multi-agent Systems via CBF-inspired Risk Measurement
https://arxiv.org/abs/2503.09621
Edge AI-Powered Real-Time Decision-Making for Autonomous Vehicles in Adverse Weather Conditions
https://arxiv.org/abs/2503.09638
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
TP-Link Router Botnet - Schneier on Security
There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw…
Top Security News for Today
Data Breach Exposes Personal Information of 3 Million Users
https://example.com/data-breach
New Ransomware Strain Targets Healthcare Institutions
https://example.com/ransomware-healthcare
Cybersecurity Firm Discovers Major Vulnerability in Cloud Services
https://example.com/cloud-vulnerability
Increase in Phishing Attacks Exploiting Remote Work Trends
https://example.com/phishing-remote-work
Critical Security Flaw Found in Popular Web Browser
https://example.com/web-browser-flaw
Government Agency Issues New Cyber Threat Advisory
https://example.com/cyber-threat-advisory
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Data Breach Exposes Personal Information of 3 Million Users
https://example.com/data-breach
New Ransomware Strain Targets Healthcare Institutions
https://example.com/ransomware-healthcare
Cybersecurity Firm Discovers Major Vulnerability in Cloud Services
https://example.com/cloud-vulnerability
Increase in Phishing Attacks Exploiting Remote Work Trends
https://example.com/phishing-remote-work
Critical Security Flaw Found in Popular Web Browser
https://example.com/web-browser-flaw
Government Agency Issues New Cyber Threat Advisory
https://example.com/cyber-threat-advisory
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
Squid: RISC-V emulator for high-performance fuzzing with AOT instead of JIT compilation
https://www.reddit.com/r/netsec/comments/1ja8yg7/squid_riscv_emulator_for_highperformance_fuzzing/
Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis
https://www.reddit.com/r/netsec/comments/1jd0bgp/android_kernel_adventures_insights_into/
BioSerenity-E1: a self-supervised EEG model for medical applications
https://arxiv.org/abs/2503.10362
Complementarity, Augmentation, or Substitutivity? The Impact of Generative Artificial Intelligence on the U.S. Federal Workforce
https://arxiv.org/abs/2503.09637
History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Squid: RISC-V emulator for high-performance fuzzing with AOT instead of JIT compilation
https://www.reddit.com/r/netsec/comments/1ja8yg7/squid_riscv_emulator_for_highperformance_fuzzing/
Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis
https://www.reddit.com/r/netsec/comments/1jd0bgp/android_kernel_adventures_insights_into/
BioSerenity-E1: a self-supervised EEG model for medical applications
https://arxiv.org/abs/2503.10362
Complementarity, Augmentation, or Substitutivity? The Impact of Generative Artificial Intelligence on the U.S. Federal Workforce
https://arxiv.org/abs/2503.09637
History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: squid: RISC-V emulator for high-performance fuzzing with AOT instead of JIT compilation 🦑
Explore this post and more from the netsec community
Top Security News for Today
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/
History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution
https://www.reddit.com/r/netsec/comments/1jd9oed/cve202524016_unsafe_deserialization_vulnerability/
[Tool] TruffleShow: A Client-Side Web Viewer for TruffleHog Outputs
https://www.reddit.com/r/netsec/comments/1jdcen1/tool_truffleshow_a_clientside_web_viewer_for/
17th March – Threat Intelligence Report
https://research.checkpoint.com/2025/17th-march-threat-intelligence-report/
Improvements in Brute Force Attacks
https://www.schneier.com/blog/archives/2025/03/improvements-in-brute-force-attacks.html
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/
History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution
https://www.reddit.com/r/netsec/comments/1jd9oed/cve202524016_unsafe_deserialization_vulnerability/
[Tool] TruffleShow: A Client-Side Web Viewer for TruffleHog Outputs
https://www.reddit.com/r/netsec/comments/1jdcen1/tool_truffleshow_a_clientside_web_viewer_for/
17th March – Threat Intelligence Report
https://research.checkpoint.com/2025/17th-march-threat-intelligence-report/
Improvements in Brute Force Attacks
https://www.schneier.com/blog/archives/2025/03/improvements-in-brute-force-attacks.html
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then…
Explore this post and more from the netsec community
Top Security News for Today
Auditing language models for hidden objectives
https://arxiv.org/abs/2503.10965
Combinatorial Optimization for All: Using LLMs to Aid Non-Experts in Improving Optimization Algorithms
https://arxiv.org/abs/2503.10968
Is Security Human Factors Research Skewed Towards Western Ideas and Habits?
https://www.schneier.com/blog/archives/2025/03/is-security-human-factors-research-skewed-towards-western-ideas-and-habits.html
Learn how an out-of-bounds write vulnerability in the Linux kernel can be exploited to achieve an LPE (CVE-2025-0927)
https://www.reddit.com/r/netsec/comments/1je3w9o/learn_how_an_outofbounds_write_vulnerability_in/
What is Bundesamt für Sicherheit in der Informationstechnik (BSI)?
https://www.tripwire.com/state-of-security/what-is-bundesamt-fur-sicherheit-in-der-informationstechnik-bsi
Arbitrary File Write CVE-2024-0402 in GitLab (Exploit)
https://www.reddit.com/r/netsec/comments/1je4j6r/arbitrary_file_write_cve20240402_in_gitlab_exploit/
SAML roulette: the hacker always wins
https://www.reddit.com/r/netsec/comments/1je8f1h/saml_roulette_the_hacker_always_wins/
AI innovation requires AI security: Hear what’s new at Microsoft Secure
https://techcommunity.microsoft.com/blog/microsoft-security-blog/ai-innovation-requires-ai-security-hear-what%e2%80%99s-new-at-microsoft-secure/4394130
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Auditing language models for hidden objectives
https://arxiv.org/abs/2503.10965
Combinatorial Optimization for All: Using LLMs to Aid Non-Experts in Improving Optimization Algorithms
https://arxiv.org/abs/2503.10968
Is Security Human Factors Research Skewed Towards Western Ideas and Habits?
https://www.schneier.com/blog/archives/2025/03/is-security-human-factors-research-skewed-towards-western-ideas-and-habits.html
Learn how an out-of-bounds write vulnerability in the Linux kernel can be exploited to achieve an LPE (CVE-2025-0927)
https://www.reddit.com/r/netsec/comments/1je3w9o/learn_how_an_outofbounds_write_vulnerability_in/
What is Bundesamt für Sicherheit in der Informationstechnik (BSI)?
https://www.tripwire.com/state-of-security/what-is-bundesamt-fur-sicherheit-in-der-informationstechnik-bsi
Arbitrary File Write CVE-2024-0402 in GitLab (Exploit)
https://www.reddit.com/r/netsec/comments/1je4j6r/arbitrary_file_write_cve20240402_in_gitlab_exploit/
SAML roulette: the hacker always wins
https://www.reddit.com/r/netsec/comments/1je8f1h/saml_roulette_the_hacker_always_wins/
AI innovation requires AI security: Hear what’s new at Microsoft Secure
https://techcommunity.microsoft.com/blog/microsoft-security-blog/ai-innovation-requires-ai-security-hear-what%e2%80%99s-new-at-microsoft-secure/4394130
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Auditing language models for hidden objectives
We study the feasibility of conducting alignment audits: investigations into whether models have undesired objectives. As a testbed, we train a language model with a hidden objective. Our training...
Top Security News for Today
Arcane stealer: We want all your data
https://securelist.com/arcane-stealer/115919/
The Intersection of Public Policy and Cybersecurity: Building a Framework for 2025 and Beyond
https://www.tripwire.com/state-of-security/intersection-public-policy-and-cybersecurity-building-framework-2025-and-beyond
How to Secure Your Information on AWS: 10 Best Practices
https://www.tripwire.com/state-of-security/secure-information-aws-10-best-practices
Linux supply chain attack journey: critical vulnerabilities on multiple distribution build & packaging systems
https://www.reddit.com/r/netsec/comments/1jetbh3/linux_supply_chain_attack_journey_critical/
Introducing WEBCAT: Web-based Code Assurance and Transparency
https://www.reddit.com/r/netsec/comments/1jf1zwq/introducing_webcat_webbased_code_assurance_and/
DOGE to Fired CISA Staff: Email Us Your Personal Data
https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/
By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
https://www.reddit.com/r/netsec/comments/1jff8u9/by_executive_order_we_are_banning_blacklists/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Arcane stealer: We want all your data
https://securelist.com/arcane-stealer/115919/
The Intersection of Public Policy and Cybersecurity: Building a Framework for 2025 and Beyond
https://www.tripwire.com/state-of-security/intersection-public-policy-and-cybersecurity-building-framework-2025-and-beyond
How to Secure Your Information on AWS: 10 Best Practices
https://www.tripwire.com/state-of-security/secure-information-aws-10-best-practices
Linux supply chain attack journey: critical vulnerabilities on multiple distribution build & packaging systems
https://www.reddit.com/r/netsec/comments/1jetbh3/linux_supply_chain_attack_journey_critical/
Introducing WEBCAT: Web-based Code Assurance and Transparency
https://www.reddit.com/r/netsec/comments/1jf1zwq/introducing_webcat_webbased_code_assurance_and/
DOGE to Fired CISA Staff: Email Us Your Personal Data
https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/
By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
https://www.reddit.com/r/netsec/comments/1jff8u9/by_executive_order_we_are_banning_blacklists/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
New Arcane stealer spreading via YouTube and Discord
The new Arcane stealer spreads via YouTube and Discord, collecting data from many applications, including VPN and gaming clients, network utilities, messaging apps, and browsers.
Top Security News for Today
By Executive Order, We Are Banning Blacklists
https://www.reddit.com/r/netsec/comments/1jff8u9/by_executive_order_we_are_banning_blacklists/
CMS ARS: A Blueprint for US Healthcare Data Security and Compliance
https://www.tripwire.com/state-of-security/cms-ars-blueprint-us-healthcare-data-security-and-compliance
Orphaned DNS Records & Dangling IPs Still a Problem in 2025
https://www.reddit.com/r/netsec/comments/1jfovru/orphaned_dns_records_dangling_ips_still_a_problem/
Shield Your Devices, Secure Your Business: Master Windows Endpoint Security
https://www.reddit.com/r/netsec/comments/1jfoumx/shield_your_devices_secure_your_business_master/
The National Security Case for Email Plus Addressing
https://www.reddit.com/r/netsec/comments/1jfqp8d/the_national_security_case_for_email_plus/
BlackLock Ransomware: What You Need To Know
https://www.tripwire.com/state-of-security/blacklock-ransomware-what-you-need-know
Critical GitHub Attack
https://www.schneier.com/blog/archives/2025/03/critical-github-attack.html
Albabat Ransomware Group Potentially Expands Targets to Multiple OS
https://www.trendmicro.com/en_us/research/25/c/albabat-ransomware-group.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
By Executive Order, We Are Banning Blacklists
https://www.reddit.com/r/netsec/comments/1jff8u9/by_executive_order_we_are_banning_blacklists/
CMS ARS: A Blueprint for US Healthcare Data Security and Compliance
https://www.tripwire.com/state-of-security/cms-ars-blueprint-us-healthcare-data-security-and-compliance
Orphaned DNS Records & Dangling IPs Still a Problem in 2025
https://www.reddit.com/r/netsec/comments/1jfovru/orphaned_dns_records_dangling_ips_still_a_problem/
Shield Your Devices, Secure Your Business: Master Windows Endpoint Security
https://www.reddit.com/r/netsec/comments/1jfoumx/shield_your_devices_secure_your_business_master/
The National Security Case for Email Plus Addressing
https://www.reddit.com/r/netsec/comments/1jfqp8d/the_national_security_case_for_email_plus/
BlackLock Ransomware: What You Need To Know
https://www.tripwire.com/state-of-security/blacklock-ransomware-what-you-need-know
Critical GitHub Attack
https://www.schneier.com/blog/archives/2025/03/critical-github-attack.html
Albabat Ransomware Group Potentially Expands Targets to Multiple OS
https://www.trendmicro.com/en_us/research/25/c/albabat-ransomware-group.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication…
Explore this post and more from the netsec community
Top Security News for Today
Threat landscape for industrial automation systems in Q4 2024
https://securelist.com/ics-cert-q4-2024-report/115944/
NCSC Releases Post-Quantum Cryptography Timeline
https://www.schneier.com/blog/archives/2025/03/ncsc-releases-post-quantum-cryptography-timeline.html
What not to do with on prem virtualization
https://www.reddit.com/r/netsec/comments/1jgfvkp/what_not_to_do_with_on_prem_virtualization/
There's a big problem with browser bookmark security.
https://www.reddit.com/r/netsec/comments/1jgij4f/theres_a_big_problem_with_browser_bookmark/
My Writings Are in the LibGen AI Training Corpus
https://www.schneier.com/blog/archives/2025/03/my-writings-are-in-the-libgen-ai-training-corpus.html
Arrests in Tap-to-Pay Scheme Powered by Phishing
https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/
Palo Alto Cortex XDR bypass (CVE-2024-8690)
https://www.reddit.com/r/netsec/comments/1jgra20/palo_alto_cortex_xdr_bypass_cve20248690/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Threat landscape for industrial automation systems in Q4 2024
https://securelist.com/ics-cert-q4-2024-report/115944/
NCSC Releases Post-Quantum Cryptography Timeline
https://www.schneier.com/blog/archives/2025/03/ncsc-releases-post-quantum-cryptography-timeline.html
What not to do with on prem virtualization
https://www.reddit.com/r/netsec/comments/1jgfvkp/what_not_to_do_with_on_prem_virtualization/
There's a big problem with browser bookmark security.
https://www.reddit.com/r/netsec/comments/1jgij4f/theres_a_big_problem_with_browser_bookmark/
My Writings Are in the LibGen AI Training Corpus
https://www.schneier.com/blog/archives/2025/03/my-writings-are-in-the-libgen-ai-training-corpus.html
Arrests in Tap-to-Pay Scheme Powered by Phishing
https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/
Palo Alto Cortex XDR bypass (CVE-2024-8690)
https://www.reddit.com/r/netsec/comments/1jgra20/palo_alto_cortex_xdr_bypass_cve20248690/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Kaspersky industrial threat report for Q4 2024
The report contains statistics on malware, initial infection vectors and other threats to industrial automation systems in Q4 2024.
Top Security News for Today
Generalization Guarantees for Representation Learning via Data-Dependent Gaussian Mixture Priors
https://arxiv.org/abs/2502.15540
TraceFind - Email OSINT Tool - Information Gathering
https://www.reddit.com/r/netsec/comments/1jhdeb7/tracefind_email_osint_tool_information_gathering/
Secrets.tools - security tool for scanning login pages for secrets, emails, ips and urls
https://www.reddit.com/r/netsec/comments/1jhhbvs/secretstools_security_tool_for_scanning_login/
Profile Image Intel - OSINT Tool for checking when profile pictures were last changed
https://www.reddit.com/r/netsec/comments/1jhhak2/profile_image_intel_osint_tool_for_checking_when/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Generalization Guarantees for Representation Learning via Data-Dependent Gaussian Mixture Priors
https://arxiv.org/abs/2502.15540
TraceFind - Email OSINT Tool - Information Gathering
https://www.reddit.com/r/netsec/comments/1jhdeb7/tracefind_email_osint_tool_information_gathering/
Secrets.tools - security tool for scanning login pages for secrets, emails, ips and urls
https://www.reddit.com/r/netsec/comments/1jhhbvs/secretstools_security_tool_for_scanning_login/
Profile Image Intel - OSINT Tool for checking when profile pictures were last changed
https://www.reddit.com/r/netsec/comments/1jhhak2/profile_image_intel_osint_tool_for_checking_when/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Generalization Guarantees for Representation Learning via...
We establish in-expectation and tail bounds on the generalization error of representation learning type algorithms. The bounds are in terms of the relative entropy between the distribution of the...