Top Security News for Today
Squid: RISC-V emulator for high-performance fuzzing with AOT instead of JIT compilation
https://www.reddit.com/r/netsec/comments/1ja8yg7/squid_riscv_emulator_for_highperformance_fuzzing/
Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis
https://www.reddit.com/r/netsec/comments/1jd0bgp/android_kernel_adventures_insights_into/
BioSerenity-E1: a self-supervised EEG model for medical applications
https://arxiv.org/abs/2503.10362
Complementarity, Augmentation, or Substitutivity? The Impact of Generative Artificial Intelligence on the U.S. Federal Workforce
https://arxiv.org/abs/2503.09637
History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Squid: RISC-V emulator for high-performance fuzzing with AOT instead of JIT compilation
https://www.reddit.com/r/netsec/comments/1ja8yg7/squid_riscv_emulator_for_highperformance_fuzzing/
Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis
https://www.reddit.com/r/netsec/comments/1jd0bgp/android_kernel_adventures_insights_into/
BioSerenity-E1: a self-supervised EEG model for medical applications
https://arxiv.org/abs/2503.10362
Complementarity, Augmentation, or Substitutivity? The Impact of Generative Artificial Intelligence on the U.S. Federal Workforce
https://arxiv.org/abs/2503.09637
History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: squid: RISC-V emulator for high-performance fuzzing with AOT instead of JIT compilation 🦑
Explore this post and more from the netsec community
Top Security News for Today
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/
History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution
https://www.reddit.com/r/netsec/comments/1jd9oed/cve202524016_unsafe_deserialization_vulnerability/
[Tool] TruffleShow: A Client-Side Web Viewer for TruffleHog Outputs
https://www.reddit.com/r/netsec/comments/1jdcen1/tool_truffleshow_a_clientside_web_viewer_for/
17th March – Threat Intelligence Report
https://research.checkpoint.com/2025/17th-march-threat-intelligence-report/
Improvements in Brute Force Attacks
https://www.schneier.com/blog/archives/2025/03/improvements-in-brute-force-attacks.html
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
https://www.reddit.com/r/netsec/comments/1jd7t1f/jaguar_land_rover_breached_by_hellcat_ransomware/
History of NULL Pointer Dereferences on macOS
https://www.reddit.com/r/netsec/comments/1jd7e2j/history_of_null_pointer_dereferences_on_macos/
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution
https://www.reddit.com/r/netsec/comments/1jd9oed/cve202524016_unsafe_deserialization_vulnerability/
[Tool] TruffleShow: A Client-Side Web Viewer for TruffleHog Outputs
https://www.reddit.com/r/netsec/comments/1jdcen1/tool_truffleshow_a_clientside_web_viewer_for/
17th March – Threat Intelligence Report
https://research.checkpoint.com/2025/17th-march-threat-intelligence-report/
Improvements in Brute Force Attacks
https://www.schneier.com/blog/archives/2025/03/improvements-in-brute-force-attacks.html
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then…
Explore this post and more from the netsec community
Top Security News for Today
Auditing language models for hidden objectives
https://arxiv.org/abs/2503.10965
Combinatorial Optimization for All: Using LLMs to Aid Non-Experts in Improving Optimization Algorithms
https://arxiv.org/abs/2503.10968
Is Security Human Factors Research Skewed Towards Western Ideas and Habits?
https://www.schneier.com/blog/archives/2025/03/is-security-human-factors-research-skewed-towards-western-ideas-and-habits.html
Learn how an out-of-bounds write vulnerability in the Linux kernel can be exploited to achieve an LPE (CVE-2025-0927)
https://www.reddit.com/r/netsec/comments/1je3w9o/learn_how_an_outofbounds_write_vulnerability_in/
What is Bundesamt für Sicherheit in der Informationstechnik (BSI)?
https://www.tripwire.com/state-of-security/what-is-bundesamt-fur-sicherheit-in-der-informationstechnik-bsi
Arbitrary File Write CVE-2024-0402 in GitLab (Exploit)
https://www.reddit.com/r/netsec/comments/1je4j6r/arbitrary_file_write_cve20240402_in_gitlab_exploit/
SAML roulette: the hacker always wins
https://www.reddit.com/r/netsec/comments/1je8f1h/saml_roulette_the_hacker_always_wins/
AI innovation requires AI security: Hear what’s new at Microsoft Secure
https://techcommunity.microsoft.com/blog/microsoft-security-blog/ai-innovation-requires-ai-security-hear-what%e2%80%99s-new-at-microsoft-secure/4394130
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Auditing language models for hidden objectives
https://arxiv.org/abs/2503.10965
Combinatorial Optimization for All: Using LLMs to Aid Non-Experts in Improving Optimization Algorithms
https://arxiv.org/abs/2503.10968
Is Security Human Factors Research Skewed Towards Western Ideas and Habits?
https://www.schneier.com/blog/archives/2025/03/is-security-human-factors-research-skewed-towards-western-ideas-and-habits.html
Learn how an out-of-bounds write vulnerability in the Linux kernel can be exploited to achieve an LPE (CVE-2025-0927)
https://www.reddit.com/r/netsec/comments/1je3w9o/learn_how_an_outofbounds_write_vulnerability_in/
What is Bundesamt für Sicherheit in der Informationstechnik (BSI)?
https://www.tripwire.com/state-of-security/what-is-bundesamt-fur-sicherheit-in-der-informationstechnik-bsi
Arbitrary File Write CVE-2024-0402 in GitLab (Exploit)
https://www.reddit.com/r/netsec/comments/1je4j6r/arbitrary_file_write_cve20240402_in_gitlab_exploit/
SAML roulette: the hacker always wins
https://www.reddit.com/r/netsec/comments/1je8f1h/saml_roulette_the_hacker_always_wins/
AI innovation requires AI security: Hear what’s new at Microsoft Secure
https://techcommunity.microsoft.com/blog/microsoft-security-blog/ai-innovation-requires-ai-security-hear-what%e2%80%99s-new-at-microsoft-secure/4394130
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Auditing language models for hidden objectives
We study the feasibility of conducting alignment audits: investigations into whether models have undesired objectives. As a testbed, we train a language model with a hidden objective. Our training...
Top Security News for Today
Arcane stealer: We want all your data
https://securelist.com/arcane-stealer/115919/
The Intersection of Public Policy and Cybersecurity: Building a Framework for 2025 and Beyond
https://www.tripwire.com/state-of-security/intersection-public-policy-and-cybersecurity-building-framework-2025-and-beyond
How to Secure Your Information on AWS: 10 Best Practices
https://www.tripwire.com/state-of-security/secure-information-aws-10-best-practices
Linux supply chain attack journey: critical vulnerabilities on multiple distribution build & packaging systems
https://www.reddit.com/r/netsec/comments/1jetbh3/linux_supply_chain_attack_journey_critical/
Introducing WEBCAT: Web-based Code Assurance and Transparency
https://www.reddit.com/r/netsec/comments/1jf1zwq/introducing_webcat_webbased_code_assurance_and/
DOGE to Fired CISA Staff: Email Us Your Personal Data
https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/
By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
https://www.reddit.com/r/netsec/comments/1jff8u9/by_executive_order_we_are_banning_blacklists/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Arcane stealer: We want all your data
https://securelist.com/arcane-stealer/115919/
The Intersection of Public Policy and Cybersecurity: Building a Framework for 2025 and Beyond
https://www.tripwire.com/state-of-security/intersection-public-policy-and-cybersecurity-building-framework-2025-and-beyond
How to Secure Your Information on AWS: 10 Best Practices
https://www.tripwire.com/state-of-security/secure-information-aws-10-best-practices
Linux supply chain attack journey: critical vulnerabilities on multiple distribution build & packaging systems
https://www.reddit.com/r/netsec/comments/1jetbh3/linux_supply_chain_attack_journey_critical/
Introducing WEBCAT: Web-based Code Assurance and Transparency
https://www.reddit.com/r/netsec/comments/1jf1zwq/introducing_webcat_webbased_code_assurance_and/
DOGE to Fired CISA Staff: Email Us Your Personal Data
https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/
By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
https://www.reddit.com/r/netsec/comments/1jff8u9/by_executive_order_we_are_banning_blacklists/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
New Arcane stealer spreading via YouTube and Discord
The new Arcane stealer spreads via YouTube and Discord, collecting data from many applications, including VPN and gaming clients, network utilities, messaging apps, and browsers.
Top Security News for Today
By Executive Order, We Are Banning Blacklists
https://www.reddit.com/r/netsec/comments/1jff8u9/by_executive_order_we_are_banning_blacklists/
CMS ARS: A Blueprint for US Healthcare Data Security and Compliance
https://www.tripwire.com/state-of-security/cms-ars-blueprint-us-healthcare-data-security-and-compliance
Orphaned DNS Records & Dangling IPs Still a Problem in 2025
https://www.reddit.com/r/netsec/comments/1jfovru/orphaned_dns_records_dangling_ips_still_a_problem/
Shield Your Devices, Secure Your Business: Master Windows Endpoint Security
https://www.reddit.com/r/netsec/comments/1jfoumx/shield_your_devices_secure_your_business_master/
The National Security Case for Email Plus Addressing
https://www.reddit.com/r/netsec/comments/1jfqp8d/the_national_security_case_for_email_plus/
BlackLock Ransomware: What You Need To Know
https://www.tripwire.com/state-of-security/blacklock-ransomware-what-you-need-know
Critical GitHub Attack
https://www.schneier.com/blog/archives/2025/03/critical-github-attack.html
Albabat Ransomware Group Potentially Expands Targets to Multiple OS
https://www.trendmicro.com/en_us/research/25/c/albabat-ransomware-group.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
By Executive Order, We Are Banning Blacklists
https://www.reddit.com/r/netsec/comments/1jff8u9/by_executive_order_we_are_banning_blacklists/
CMS ARS: A Blueprint for US Healthcare Data Security and Compliance
https://www.tripwire.com/state-of-security/cms-ars-blueprint-us-healthcare-data-security-and-compliance
Orphaned DNS Records & Dangling IPs Still a Problem in 2025
https://www.reddit.com/r/netsec/comments/1jfovru/orphaned_dns_records_dangling_ips_still_a_problem/
Shield Your Devices, Secure Your Business: Master Windows Endpoint Security
https://www.reddit.com/r/netsec/comments/1jfoumx/shield_your_devices_secure_your_business_master/
The National Security Case for Email Plus Addressing
https://www.reddit.com/r/netsec/comments/1jfqp8d/the_national_security_case_for_email_plus/
BlackLock Ransomware: What You Need To Know
https://www.tripwire.com/state-of-security/blacklock-ransomware-what-you-need-know
Critical GitHub Attack
https://www.schneier.com/blog/archives/2025/03/critical-github-attack.html
Albabat Ransomware Group Potentially Expands Targets to Multiple OS
https://www.trendmicro.com/en_us/research/25/c/albabat-ransomware-group.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication…
Explore this post and more from the netsec community
Top Security News for Today
Threat landscape for industrial automation systems in Q4 2024
https://securelist.com/ics-cert-q4-2024-report/115944/
NCSC Releases Post-Quantum Cryptography Timeline
https://www.schneier.com/blog/archives/2025/03/ncsc-releases-post-quantum-cryptography-timeline.html
What not to do with on prem virtualization
https://www.reddit.com/r/netsec/comments/1jgfvkp/what_not_to_do_with_on_prem_virtualization/
There's a big problem with browser bookmark security.
https://www.reddit.com/r/netsec/comments/1jgij4f/theres_a_big_problem_with_browser_bookmark/
My Writings Are in the LibGen AI Training Corpus
https://www.schneier.com/blog/archives/2025/03/my-writings-are-in-the-libgen-ai-training-corpus.html
Arrests in Tap-to-Pay Scheme Powered by Phishing
https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/
Palo Alto Cortex XDR bypass (CVE-2024-8690)
https://www.reddit.com/r/netsec/comments/1jgra20/palo_alto_cortex_xdr_bypass_cve20248690/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Threat landscape for industrial automation systems in Q4 2024
https://securelist.com/ics-cert-q4-2024-report/115944/
NCSC Releases Post-Quantum Cryptography Timeline
https://www.schneier.com/blog/archives/2025/03/ncsc-releases-post-quantum-cryptography-timeline.html
What not to do with on prem virtualization
https://www.reddit.com/r/netsec/comments/1jgfvkp/what_not_to_do_with_on_prem_virtualization/
There's a big problem with browser bookmark security.
https://www.reddit.com/r/netsec/comments/1jgij4f/theres_a_big_problem_with_browser_bookmark/
My Writings Are in the LibGen AI Training Corpus
https://www.schneier.com/blog/archives/2025/03/my-writings-are-in-the-libgen-ai-training-corpus.html
Arrests in Tap-to-Pay Scheme Powered by Phishing
https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/
Palo Alto Cortex XDR bypass (CVE-2024-8690)
https://www.reddit.com/r/netsec/comments/1jgra20/palo_alto_cortex_xdr_bypass_cve20248690/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Kaspersky industrial threat report for Q4 2024
The report contains statistics on malware, initial infection vectors and other threats to industrial automation systems in Q4 2024.
Top Security News for Today
Generalization Guarantees for Representation Learning via Data-Dependent Gaussian Mixture Priors
https://arxiv.org/abs/2502.15540
TraceFind - Email OSINT Tool - Information Gathering
https://www.reddit.com/r/netsec/comments/1jhdeb7/tracefind_email_osint_tool_information_gathering/
Secrets.tools - security tool for scanning login pages for secrets, emails, ips and urls
https://www.reddit.com/r/netsec/comments/1jhhbvs/secretstools_security_tool_for_scanning_login/
Profile Image Intel - OSINT Tool for checking when profile pictures were last changed
https://www.reddit.com/r/netsec/comments/1jhhak2/profile_image_intel_osint_tool_for_checking_when/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Generalization Guarantees for Representation Learning via Data-Dependent Gaussian Mixture Priors
https://arxiv.org/abs/2502.15540
TraceFind - Email OSINT Tool - Information Gathering
https://www.reddit.com/r/netsec/comments/1jhdeb7/tracefind_email_osint_tool_information_gathering/
Secrets.tools - security tool for scanning login pages for secrets, emails, ips and urls
https://www.reddit.com/r/netsec/comments/1jhhbvs/secretstools_security_tool_for_scanning_login/
Profile Image Intel - OSINT Tool for checking when profile pictures were last changed
https://www.reddit.com/r/netsec/comments/1jhhak2/profile_image_intel_osint_tool_for_checking_when/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Generalization Guarantees for Representation Learning via...
We establish in-expectation and tail bounds on the generalization error of representation learning type algorithms. The bounds are in terms of the relative entropy between the distribution of the...
Top Security News for Today
After a decade of open source security educational tools (SecGen), we've launched a hosted platform, Hacktivity
https://www.reddit.com/r/netsec/comments/1jhvszk/after_a_decade_of_open_source_security/
VanHelsing, new RaaS in Town
https://research.checkpoint.com/2025/vanhelsing-new-raas-in-town/
Cosmos-Reason1: From Physical Common Sense To Embodied Reasoning
https://arxiv.org/abs/2503.15558
Towards Unified Latent Space for 3D Molecular Latent Diffusion Modeling
https://arxiv.org/abs/2503.15567
Privateers Reborn: Digital Letters of Marque
https://www.reddit.com/r/netsec/comments/1jibf18/privateers_reborn_digital_letters_of_marque/
Doing the Due Diligence: Analyzing the Next.js Middleware Bypass (CVE-2025-29927)
https://www.reddit.com/r/netsec/comments/1jim7sp/doing_the_due_diligence_analyzing_the_nextjs/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
After a decade of open source security educational tools (SecGen), we've launched a hosted platform, Hacktivity
https://www.reddit.com/r/netsec/comments/1jhvszk/after_a_decade_of_open_source_security/
VanHelsing, new RaaS in Town
https://research.checkpoint.com/2025/vanhelsing-new-raas-in-town/
Cosmos-Reason1: From Physical Common Sense To Embodied Reasoning
https://arxiv.org/abs/2503.15558
Towards Unified Latent Space for 3D Molecular Latent Diffusion Modeling
https://arxiv.org/abs/2503.15567
Privateers Reborn: Digital Letters of Marque
https://www.reddit.com/r/netsec/comments/1jibf18/privateers_reborn_digital_letters_of_marque/
Doing the Due Diligence: Analyzing the Next.js Middleware Bypass (CVE-2025-29927)
https://www.reddit.com/r/netsec/comments/1jim7sp/doing_the_due_diligence_analyzing_the_nextjs/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: After a decade of open source security educational tools (SecGen), we've launched a hosted…
Explore this post and more from the netsec community
Top Security News for Today
Bypassing Detections with Command-Line Obfuscation
https://www.reddit.com/r/netsec/comments/1jimof1/bypassing_detections_with_commandline_obfuscation/
Doing the Due Diligence: Analyzing the Next.js Middleware Bypass (CVE-2025-29927)
https://www.reddit.com/r/netsec/comments/1jim7sp/doing_the_due_diligence_analyzing_the_nextjs/
Cross-Border Data Compliance: Navigating Public Security Regulations in a Connected World
https://www.tripwire.com/state-of-security/cross-border-data-compliance-navigating-public-security-regulations-connected
More Countries are Demanding Back-Doors to Encrypted Apps
https://www.schneier.com/blog/archives/2025/03/more-countries-are-demanding-back-doors-to-encrypted-apps.html
24th March – Threat Intelligence Report
https://research.checkpoint.com/2025/24th-march-threat-intelligence-report/
Takumi, the AI Security Engineer | GMO Flatt Security Inc.
https://www.reddit.com/r/netsec/comments/1jis8zi/takumi_the_ai_security_engineer_gmo_flatt/
Microsoft unveils Microsoft Security Copilot agents and new protections for AI
https://www.microsoft.com/en-us/security/blog/2025/03/24/microsoft-unveils-microsoft-security-copilot-agents-and-new-protections-for-ai/
Rust for Malware Development
https://bishopfox.com/blog/rust-for-malware-development
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Bypassing Detections with Command-Line Obfuscation
https://www.reddit.com/r/netsec/comments/1jimof1/bypassing_detections_with_commandline_obfuscation/
Doing the Due Diligence: Analyzing the Next.js Middleware Bypass (CVE-2025-29927)
https://www.reddit.com/r/netsec/comments/1jim7sp/doing_the_due_diligence_analyzing_the_nextjs/
Cross-Border Data Compliance: Navigating Public Security Regulations in a Connected World
https://www.tripwire.com/state-of-security/cross-border-data-compliance-navigating-public-security-regulations-connected
More Countries are Demanding Back-Doors to Encrypted Apps
https://www.schneier.com/blog/archives/2025/03/more-countries-are-demanding-back-doors-to-encrypted-apps.html
24th March – Threat Intelligence Report
https://research.checkpoint.com/2025/24th-march-threat-intelligence-report/
Takumi, the AI Security Engineer | GMO Flatt Security Inc.
https://www.reddit.com/r/netsec/comments/1jis8zi/takumi_the_ai_security_engineer_gmo_flatt/
Microsoft unveils Microsoft Security Copilot agents and new protections for AI
https://www.microsoft.com/en-us/security/blog/2025/03/24/microsoft-unveils-microsoft-security-copilot-agents-and-new-protections-for-ai/
Rust for Malware Development
https://bishopfox.com/blog/rust-for-malware-development
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Bypassing Detections with Command-Line Obfuscation
Posted by Wietze- - 0 votes and 1 comment
Top Security News for Today
An Introduction to Data Masking in Privacy Engineering
https://www.tripwire.com/state-of-security/introduction-data-masking-privacy-engineering
MAS Compliance 101: Key Regulations for Financial Institutions in Singapore
https://www.tripwire.com/state-of-security/mas-compliance-key-regulations-financial-institutions-singapore
Frida 16.7.0 is out w/ brand new APIs for observing the lifecycles of threads and modules
https://www.reddit.com/r/netsec/comments/1jjg9kq/frida_1670_is_out_w_brand_new_apis_for_observing/
Report on Paragon Spyware
https://www.schneier.com/blog/archives/2025/03/report-on-paragon-spyware.html
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin
https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html
CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith
https://www.reddit.com/r/netsec/comments/1jjnjam/cve202455963_unauthenticated_rce_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
An Introduction to Data Masking in Privacy Engineering
https://www.tripwire.com/state-of-security/introduction-data-masking-privacy-engineering
MAS Compliance 101: Key Regulations for Financial Institutions in Singapore
https://www.tripwire.com/state-of-security/mas-compliance-key-regulations-financial-institutions-singapore
Frida 16.7.0 is out w/ brand new APIs for observing the lifecycles of threads and modules
https://www.reddit.com/r/netsec/comments/1jjg9kq/frida_1670_is_out_w_brand_new_apis_for_observing/
Report on Paragon Spyware
https://www.schneier.com/blog/archives/2025/03/report-on-paragon-spyware.html
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin
https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html
CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith
https://www.reddit.com/r/netsec/comments/1jjnjam/cve202455963_unauthenticated_rce_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
An Introduction to Data Masking in Privacy Engineering
Data masking protects sensitive information by replacing it with realistic but fictitious data, ensuring compliance and reducing exposure risks.
Top Security News for Today
Implementing Privileged Access Workstations: A Step-by-Step Guide
https://www.tripwire.com/state-of-security/implementing-privileged-access-workstations-step-step-guide
How to Build a Mature Vulnerability Management Program
https://www.tripwire.com/state-of-security/build-mature-vulnerability-management-program
AI Data Poisoning
https://www.schneier.com/blog/archives/2025/03/ai-data-poisoning.html
Over 150K websites hit by full-page hijack linking to Chinese gambling sites
https://www.reddit.com/r/netsec/comments/1jkf34o/over_150k_websites_hit_by_fullpage_hijack_linking/
Llama's Paradox - Delving deep into Llama.cpp and exploiting Llama.cpp's Heap Maze, from Heap-Overflow to Remote-Code Execution
https://www.reddit.com/r/netsec/comments/1jkg6po/llamas_paradox_delving_deep_into_llamacpp_and/
CodeQLEAKED – Public Secrets Exposure Leads to Potential Supply Chain Attack on GitHub CodeQL
https://www.reddit.com/r/netsec/comments/1jkfjub/codeqleaked_public_secrets_exposure_leads_to/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Implementing Privileged Access Workstations: A Step-by-Step Guide
https://www.tripwire.com/state-of-security/implementing-privileged-access-workstations-step-step-guide
How to Build a Mature Vulnerability Management Program
https://www.tripwire.com/state-of-security/build-mature-vulnerability-management-program
AI Data Poisoning
https://www.schneier.com/blog/archives/2025/03/ai-data-poisoning.html
Over 150K websites hit by full-page hijack linking to Chinese gambling sites
https://www.reddit.com/r/netsec/comments/1jkf34o/over_150k_websites_hit_by_fullpage_hijack_linking/
Llama's Paradox - Delving deep into Llama.cpp and exploiting Llama.cpp's Heap Maze, from Heap-Overflow to Remote-Code Execution
https://www.reddit.com/r/netsec/comments/1jkg6po/llamas_paradox_delving_deep_into_llamacpp_and/
CodeQLEAKED – Public Secrets Exposure Leads to Potential Supply Chain Attack on GitHub CodeQL
https://www.reddit.com/r/netsec/comments/1jkfjub/codeqleaked_public_secrets_exposure_leads_to/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Implementing Privileged Access Workstations: A Step-by-Step Guide
Enhance security with Privileged Access Workstations! Discover how PAWs protect privileged accounts from cyber threats.
Top Security News for Today
smugglo – Bypass Email Attachment Restrictions with HTML Smuggling
https://www.reddit.com/r/netsec/comments/1jjfq3d/smugglo_bypass_email_attachment_restrictions_with/
The Firewall Project (Application Security with Enterprise features) is now open-source
https://www.reddit.com/r/netsec/comments/1jismhn/the_firewall_project_application_security_with/
CLI tool to sandbox Linux processes using Landlock no containers, no root
https://www.reddit.com/r/netsec/comments/1jh9y1q/cli_tool_to_sandbox_linux_processes_using/
Kereva scanner: an open-source LLM security (and performance) scanner
https://www.reddit.com/r/netsec/comments/1jgtr4e/kereva_scanner_an_opensource_llm_security_and/
A Taxonomy of Adversarial Machine Learning Attacks and Mitigations
https://www.schneier.com/blog/archives/2025/03/a-taxonomy-of-adversarial-machine-learning-attacks-and-mitigations.html
Blasting Past Webp - Google Project Zero
https://www.reddit.com/r/netsec/comments/1jl2t85/blasting_past_webp_google_project_zero/
Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure
https://www.reddit.com/r/netsec/comments/1jl3ig6/blacklock_ransomware_a_late_holiday_gift_with/
US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID
https://www.microsoft.com/en-us/security/blog/2025/03/27/us-department-of-labors-journey-to-zero-trust-security-with-microsoft-entra-id/
When Getting Phished Puts You in Mortal Danger
https://krebsonsecurity.com/2025/03/when-getting-phished-puts-you-in-mortal-danger/
Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions
https://blog.qualys.com/vulnerabilities-threat-research/2025/03/27/qualys-tru-discovers-three-bypasses-of-ubuntu-unprivileged-user-namespace-restrictions
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
smugglo – Bypass Email Attachment Restrictions with HTML Smuggling
https://www.reddit.com/r/netsec/comments/1jjfq3d/smugglo_bypass_email_attachment_restrictions_with/
The Firewall Project (Application Security with Enterprise features) is now open-source
https://www.reddit.com/r/netsec/comments/1jismhn/the_firewall_project_application_security_with/
CLI tool to sandbox Linux processes using Landlock no containers, no root
https://www.reddit.com/r/netsec/comments/1jh9y1q/cli_tool_to_sandbox_linux_processes_using/
Kereva scanner: an open-source LLM security (and performance) scanner
https://www.reddit.com/r/netsec/comments/1jgtr4e/kereva_scanner_an_opensource_llm_security_and/
A Taxonomy of Adversarial Machine Learning Attacks and Mitigations
https://www.schneier.com/blog/archives/2025/03/a-taxonomy-of-adversarial-machine-learning-attacks-and-mitigations.html
Blasting Past Webp - Google Project Zero
https://www.reddit.com/r/netsec/comments/1jl2t85/blasting_past_webp_google_project_zero/
Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure
https://www.reddit.com/r/netsec/comments/1jl3ig6/blacklock_ransomware_a_late_holiday_gift_with/
US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID
https://www.microsoft.com/en-us/security/blog/2025/03/27/us-department-of-labors-journey-to-zero-trust-security-with-microsoft-entra-id/
When Getting Phished Puts You in Mortal Danger
https://krebsonsecurity.com/2025/03/when-getting-phished-puts-you-in-mortal-danger/
Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions
https://blog.qualys.com/vulnerabilities-threat-research/2025/03/27/qualys-tru-discovers-three-bypasses-of-ubuntu-unprivileged-user-namespace-restrictions
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: smugglo – Bypass Email Attachment Restrictions with HTML Smuggling
Explore this post and more from the netsec community
Top Security News for Today
Detect NetxJS CVE-2025-29927 efficiently and at scale
https://www.reddit.com/r/netsec/comments/1jlqota/detect_netxjs_cve202529927_efficiently_and_at/
AIs as Trusted Third Parties
https://www.schneier.com/blog/archives/2025/03/ais-as-trusted-third-parties.html
VanHelsing Ransomware: What You Need To Know
https://www.tripwire.com/state-of-security/vanhelsing-ransomware-what-you-need-know
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
https://www.trendmicro.com/en_us/research/25/c/deep-dive-into-water-gamayun.html
Friday Squid Blogging: Squid Werewolf Hacking Group
https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-werewolf-hacking-group.html
Payload-Aware Intrusion Detection with CMAE and Large Language Models
https://arxiv.org/abs/2503.20790
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Detect NetxJS CVE-2025-29927 efficiently and at scale
https://www.reddit.com/r/netsec/comments/1jlqota/detect_netxjs_cve202529927_efficiently_and_at/
AIs as Trusted Third Parties
https://www.schneier.com/blog/archives/2025/03/ais-as-trusted-third-parties.html
VanHelsing Ransomware: What You Need To Know
https://www.tripwire.com/state-of-security/vanhelsing-ransomware-what-you-need-know
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
https://www.trendmicro.com/en_us/research/25/c/deep-dive-into-water-gamayun.html
Friday Squid Blogging: Squid Werewolf Hacking Group
https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-werewolf-hacking-group.html
Payload-Aware Intrusion Detection with CMAE and Large Language Models
https://arxiv.org/abs/2503.20790
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Detect NetxJS CVE-2025-29927 efficiently and at scale
Explore this post and more from the netsec community
Top Security News for Today
Can someone please finish the work started on a UDF File System Driver?
https://www.reddit.com/r/lowlevel/comments/1jmrutp/can_someone_please_finish_the_work_started_on_a_udf_file_system_driver/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Can someone please finish the work started on a UDF File System Driver?
https://www.reddit.com/r/lowlevel/comments/1jmrutp/can_someone_please_finish_the_work_started_on_a_udf_file_system_driver/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: Can someone please finish the work started on a UDF File System Driver?
Explore this post and more from the lowlevel community
Top Security News for Today
How Each Pillar of the 1st Amendment is Under Attack
https://krebsonsecurity.com/2025/03/how-each-pillar-of-the-1st-amendment-is-under-attack/
Cross-modal Information Flow in Multimodal Large Language Models
https://arxiv.org/abs/2411.18620
Federal Desktop Core Configuration (FDCC/USGCB) Compliance
https://www.tripwire.com/state-of-security/federal-desktop-core-configuration-fdccusgcb-compliance
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How Each Pillar of the 1st Amendment is Under Attack
https://krebsonsecurity.com/2025/03/how-each-pillar-of-the-1st-amendment-is-under-attack/
Cross-modal Information Flow in Multimodal Large Language Models
https://arxiv.org/abs/2411.18620
Federal Desktop Core Configuration (FDCC/USGCB) Compliance
https://www.tripwire.com/state-of-security/federal-desktop-core-configuration-fdccusgcb-compliance
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Krebs on Security
How Each Pillar of the 1st Amendment is Under Attack
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists,…
Top Security News for Today
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html
Feberis Pro: As one of the first, I had an opportunity to test new 4-in-1 Expansion Board for Flipper Zero
https://www.reddit.com/r/netsec/comments/1jo0eww/feberis_pro_as_one_of_first_i_had_and_an/
The Signal Chat Leak and the NSA
https://www.schneier.com/blog/archives/2025/03/the-signal-chat-leak-and-the-nsa.html
Welcome to the next generation of Burp Suite: elevate your testing with Burp AI
https://portswigger.net/blog/welcome-to-the-next-generation-of-burp-suite-elevate-your-testing-with-burp-ai
Anatomy of an LLM RCE
https://www.reddit.com/r/netsec/comments/1jo1w9n/anatomy_of_an_llm_rce/
Oracle attempt to hide serious security incident from customers in Oracle SaaS service
https://www.reddit.com/r/netsec/comments/1jo2s5g/oracle_attempt_to_hide_serious_security_incident/
New innovations in Microsoft Purview for protected, AI-ready data
https://www.microsoft.com/en-us/security/blog/2025/03/31/new-innovations-in-microsoft-purview-for-protected-ai-ready-data/
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai/
Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood
https://bishopfox.com/blog/epic-fails-heist-tales-red-teamers
🛡️ DoD Sentinel Skills Challenge – compete, win, and gain access to job opportunities!
https://www.reddit.com/r/netsec/comments/1jo6yht/dod_sentinel_skills_challenge_compete_win_and/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html
Feberis Pro: As one of the first, I had an opportunity to test new 4-in-1 Expansion Board for Flipper Zero
https://www.reddit.com/r/netsec/comments/1jo0eww/feberis_pro_as_one_of_first_i_had_and_an/
The Signal Chat Leak and the NSA
https://www.schneier.com/blog/archives/2025/03/the-signal-chat-leak-and-the-nsa.html
Welcome to the next generation of Burp Suite: elevate your testing with Burp AI
https://portswigger.net/blog/welcome-to-the-next-generation-of-burp-suite-elevate-your-testing-with-burp-ai
Anatomy of an LLM RCE
https://www.reddit.com/r/netsec/comments/1jo1w9n/anatomy_of_an_llm_rce/
Oracle attempt to hide serious security incident from customers in Oracle SaaS service
https://www.reddit.com/r/netsec/comments/1jo2s5g/oracle_attempt_to_hide_serious_security_incident/
New innovations in Microsoft Purview for protected, AI-ready data
https://www.microsoft.com/en-us/security/blog/2025/03/31/new-innovations-in-microsoft-purview-for-protected-ai-ready-data/
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai/
Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood
https://bishopfox.com/blog/epic-fails-heist-tales-red-teamers
🛡️ DoD Sentinel Skills Challenge – compete, win, and gain access to job opportunities!
https://www.reddit.com/r/netsec/comments/1jo6yht/dod_sentinel_skills_challenge_compete_win_and/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Trend Micro
The Espionage Toolkit of Earth Alux A Closer Look at its Advanced Techniques
The cyberespionage techniques of Earth Alux, a China-linked APT group, are putting critical industries at risk. The attacks, aimed at the APAC and Latin American regions, leverage powerful tools and techniques to remain hidden while stealing sensitive data.
Top Security News for Today
Japan Passes Active Cyber Defense Bill
https://www.tripwire.com/state-of-security/japan-passes-active-cyber-defense-bill
Top Cybersecurity Considerations When Moving Commercial Premises
https://www.tripwire.com/state-of-security/top-cybersecurity-considerations-when-moving-commercial-premises
Reforging Sliver: How Simple Code Edits Can Outmaneuver EDR
https://www.reddit.com/r/netsec/comments/1joqvup/reforging_sliver_how_simple_code_edits_can/
Harnessing the Power of Named Pipes
https://www.reddit.com/r/netsec/comments/1jor8nr/harnessing_the_power_of_named_pipes/
CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog
https://www.reddit.com/r/netsec/comments/1jopz93/crushftp_authentication_bypass_cve20252825/
Cell Phone OPSEC for Border Crossings
https://www.schneier.com/blog/archives/2025/04/cell-phone-opsec-for-border-crossings.html
XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1jos2z2/xss_to_rce_by_abusing_custom_file_handlers/
When Parameterization Fails: SQL Injection in Nim's db_postgres Module Using Parameterized Queries
https://www.reddit.com/r/netsec/comments/1joth41/when_parameterization_fails_sql_injection_in_nims/
Transforming Public Sector Security Operations in the AI Era
https://www.microsoft.com/en-us/security/blog/2025/04/01/transforming-public-sector-security-operations-in-the-ai-era/
Improved Detection Signature for the K8s IngressNightmare Vulnerability
https://www.reddit.com/r/netsec/comments/1jp9cmt/improved_detection_signature_for_the_k8s/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Japan Passes Active Cyber Defense Bill
https://www.tripwire.com/state-of-security/japan-passes-active-cyber-defense-bill
Top Cybersecurity Considerations When Moving Commercial Premises
https://www.tripwire.com/state-of-security/top-cybersecurity-considerations-when-moving-commercial-premises
Reforging Sliver: How Simple Code Edits Can Outmaneuver EDR
https://www.reddit.com/r/netsec/comments/1joqvup/reforging_sliver_how_simple_code_edits_can/
Harnessing the Power of Named Pipes
https://www.reddit.com/r/netsec/comments/1jor8nr/harnessing_the_power_of_named_pipes/
CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog
https://www.reddit.com/r/netsec/comments/1jopz93/crushftp_authentication_bypass_cve20252825/
Cell Phone OPSEC for Border Crossings
https://www.schneier.com/blog/archives/2025/04/cell-phone-opsec-for-border-crossings.html
XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1jos2z2/xss_to_rce_by_abusing_custom_file_handlers/
When Parameterization Fails: SQL Injection in Nim's db_postgres Module Using Parameterized Queries
https://www.reddit.com/r/netsec/comments/1joth41/when_parameterization_fails_sql_injection_in_nims/
Transforming Public Sector Security Operations in the AI Era
https://www.microsoft.com/en-us/security/blog/2025/04/01/transforming-public-sector-security-operations-in-the-ai-era/
Improved Detection Signature for the K8s IngressNightmare Vulnerability
https://www.reddit.com/r/netsec/comments/1jp9cmt/improved_detection_signature_for_the_k8s/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Japan Passes Active Cyber Defense Bill
Japan's Active Cyber Defense Bill empowers military and law enforcement to take preemptive action against cyber threats, enhancing national security.
Top Security News for Today
Consolidated View of Security Data: CVEs, Breaches, Ransomware & EOL Tracking
https://www.reddit.com/r/netsec/comments/1jyd734/consolidated_view_of_security_data_cves_breaches/
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs
https://www.reddit.com/r/netsec/comments/1jyihpn/we_have_a_package_for_you_a_comprehensive/
PentestGPT – AI-Powered Penetration Testing Assistant
https://www.darknet.org.uk/2025/04/pentestgpt-ai-powered-penetration-testing-assistant/
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://www.reddit.com/r/netsec/comments/1jypjxk/edv_endpoint_detection_vibes_from_vibe_coding_to/
Looking for Elite Malware & Exploit Developers to Join a High-Level Development Group
https://0x00sec.org/t/looking-for-elite-malware-exploit-developers-to-join-a-high-level-development-group/43574
Article 7 of GDPR: Preserving Data Integrity in Image Publication
https://www.tripwire.com/state-of-security/article-7-gdpr-preserving-data-integrity-image-publication
Energy Under Siege: How the Industry is Fighting Against Cyber Attacks
https://www.tripwire.com/state-of-security/energy-under-siege-how-industry-fighting-against-cyber-attacks
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Consolidated View of Security Data: CVEs, Breaches, Ransomware & EOL Tracking
https://www.reddit.com/r/netsec/comments/1jyd734/consolidated_view_of_security_data_cves_breaches/
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs
https://www.reddit.com/r/netsec/comments/1jyihpn/we_have_a_package_for_you_a_comprehensive/
PentestGPT – AI-Powered Penetration Testing Assistant
https://www.darknet.org.uk/2025/04/pentestgpt-ai-powered-penetration-testing-assistant/
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://www.reddit.com/r/netsec/comments/1jypjxk/edv_endpoint_detection_vibes_from_vibe_coding_to/
Looking for Elite Malware & Exploit Developers to Join a High-Level Development Group
https://0x00sec.org/t/looking-for-elite-malware-exploit-developers-to-join-a-high-level-development-group/43574
Article 7 of GDPR: Preserving Data Integrity in Image Publication
https://www.tripwire.com/state-of-security/article-7-gdpr-preserving-data-integrity-image-publication
Energy Under Siege: How the Industry is Fighting Against Cyber Attacks
https://www.tripwire.com/state-of-security/energy-under-siege-how-industry-fighting-against-cyber-attacks
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Consolidated View of Security Data: CVEs, Breaches, Ransomware & EOL Tracking
Posted by Electrical-Wish-4221 - 13 votes and 0 comments
Top Security News for Today
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://www.reddit.com/r/netsec/comments/1jypjxk/edv_endpoint_detection_vibes_from_vibe_coding_to/
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html
China Sort of Admits to Being Behind Volt Typhoon
https://www.schneier.com/blog/archives/2025/04/china-sort-of-admits-to-being-behind-volt-typhoon.html
Security Analysis: Potential AI Agent Hijacking via MCP and A2A Protocol Insights
https://www.reddit.com/r/netsec/comments/1jyvlzh/security_analysis_potential_ai_agent_hijacking/
14th April – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-april-threat-intelligence-report/
Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking
https://research.checkpoint.com/2025/waiting-thread-hijacking/
Explore how to secure AI by attending our Learn Live Series
https://techcommunity.microsoft.com/blog/microsoft-security-blog/explore-how-to-secure-ai-by-attending-our-learn-live-series/4399703
GenXSS: an AI-Driven Framework for Automated Detection of XSS Attacks in WAFs
https://arxiv.org/abs/2504.08176
The AI Risk Repository: A Comprehensive Meta-Review, Database, and Taxonomy of Risks From Artificial Intelligence
https://arxiv.org/abs/2504.08264
You Can't Trust Your Tag Neither: Privacy Leaks and Potential Legal Violations within the Google Tag Manager
https://arxiv.org/abs/2504.07982
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://www.reddit.com/r/netsec/comments/1jypjxk/edv_endpoint_detection_vibes_from_vibe_coding_to/
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html
China Sort of Admits to Being Behind Volt Typhoon
https://www.schneier.com/blog/archives/2025/04/china-sort-of-admits-to-being-behind-volt-typhoon.html
Security Analysis: Potential AI Agent Hijacking via MCP and A2A Protocol Insights
https://www.reddit.com/r/netsec/comments/1jyvlzh/security_analysis_potential_ai_agent_hijacking/
14th April – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-april-threat-intelligence-report/
Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking
https://research.checkpoint.com/2025/waiting-thread-hijacking/
Explore how to secure AI by attending our Learn Live Series
https://techcommunity.microsoft.com/blog/microsoft-security-blog/explore-how-to-secure-ai-by-attending-our-learn-live-series/4399703
GenXSS: an AI-Driven Framework for Automated Detection of XSS Attacks in WAFs
https://arxiv.org/abs/2504.08176
The AI Risk Repository: A Comprehensive Meta-Review, Database, and Taxonomy of Risks From Artificial Intelligence
https://arxiv.org/abs/2504.08264
You Can't Trust Your Tag Neither: Privacy Leaks and Potential Legal Violations within the Google Tag Manager
https://arxiv.org/abs/2504.07982
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
Explore this post and more from the netsec community
Top Security News for Today
Best Practices for Transitioning from Security to Privacy
https://www.tripwire.com/state-of-security/best-practices-transitioning-security-privacy
Aiding reverse engineering with Rust and a local LLM
https://www.reddit.com/r/netsec/comments/1jzjcm9/aiding_reverse_engineering_with_rust_and_a_local/
They’re Everywhere! Why Non-Human Identities (and Their Security) Should Be Your Top Priority – Ben DH Kim
https://www.reddit.com/r/netsec/comments/1jzoxr7/theyre_everywhere_why_nonhuman_identities_and/
Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/
Meet Burp Suite DAST: A clearer name for the industry's leading DAST solution
https://portswigger.net/blog/meet-burp-suite-dast-a-clearer-name-for-the-industrys-leading-dast-solution
Transforming security with Microsoft Security Exposure Management initiatives
https://www.microsoft.com/en-us/security/blog/2025/04/15/transforming-security-with-microsoft-security-exposure-management-initiatives/
Threat actors misuse Node.js to deliver malware and other malicious payloads
https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/
Super Bowl 2025- Behind the Scenes of the Cybersecurity Blitz
https://www.darknet.org.uk/2025/04/super-bowl-2025-behind-the-scenes-of-the-cybersecurity-blitz/
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability | HackSys Inc
https://www.reddit.com/r/netsec/comments/1k07ee7/microsoft_windows_dxkrnl_untrusted_pointer/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Best Practices for Transitioning from Security to Privacy
https://www.tripwire.com/state-of-security/best-practices-transitioning-security-privacy
Aiding reverse engineering with Rust and a local LLM
https://www.reddit.com/r/netsec/comments/1jzjcm9/aiding_reverse_engineering_with_rust_and_a_local/
They’re Everywhere! Why Non-Human Identities (and Their Security) Should Be Your Top Priority – Ben DH Kim
https://www.reddit.com/r/netsec/comments/1jzoxr7/theyre_everywhere_why_nonhuman_identities_and/
Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/
Meet Burp Suite DAST: A clearer name for the industry's leading DAST solution
https://portswigger.net/blog/meet-burp-suite-dast-a-clearer-name-for-the-industrys-leading-dast-solution
Transforming security with Microsoft Security Exposure Management initiatives
https://www.microsoft.com/en-us/security/blog/2025/04/15/transforming-security-with-microsoft-security-exposure-management-initiatives/
Threat actors misuse Node.js to deliver malware and other malicious payloads
https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/
Super Bowl 2025- Behind the Scenes of the Cybersecurity Blitz
https://www.darknet.org.uk/2025/04/super-bowl-2025-behind-the-scenes-of-the-cybersecurity-blitz/
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability | HackSys Inc
https://www.reddit.com/r/netsec/comments/1k07ee7/microsoft_windows_dxkrnl_untrusted_pointer/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Best Practices for Transitioning from Security to Privacy
Learn key lessons for information security professionals transitioning to privacy programs, including understanding PII and collaborating with legal teams.
Top Security News for Today
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542)
https://www.reddit.com/r/netsec/comments/1k0flpj/sap_emarsys_sdk_for_android_sensitive_data_leak/
Streamlining Detection Engineering in Security Operation Centers
https://securelist.com/streamlining-detection-engineering/116186/
MITRE Support for the CVE Program is Due to Expire Today!
https://www.reddit.com/r/netsec/comments/1k0dodx/mitre_support_for_the_cve_program_is_due_to/
Cyber Signals Issue 9 | AI-Powered Deception: Emerging Fraud Threats and Countermeasures
https://www.microsoft.com/en-us/security/blog/2025/04/16/cyber-signals-issue-9-ai-powered-deception-emerging-fraud-threats-and-countermeasures/
CVE-2025-24054, NTLM Exploit in the Wild
https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
Oracle Critical Patch Update, April 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/04/16/oracle-critical-patch-update-april-2025-security-update-review
CVE Program Almost Unfunded
https://www.schneier.com/blog/archives/2025/04/cve-program-almost-unfunded.html
SPRING ISSUE OF 2600 RELEASED
https://www.2600.com/content/spring-issue-2600-released-19
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542)
https://www.reddit.com/r/netsec/comments/1k0flpj/sap_emarsys_sdk_for_android_sensitive_data_leak/
Streamlining Detection Engineering in Security Operation Centers
https://securelist.com/streamlining-detection-engineering/116186/
MITRE Support for the CVE Program is Due to Expire Today!
https://www.reddit.com/r/netsec/comments/1k0dodx/mitre_support_for_the_cve_program_is_due_to/
Cyber Signals Issue 9 | AI-Powered Deception: Emerging Fraud Threats and Countermeasures
https://www.microsoft.com/en-us/security/blog/2025/04/16/cyber-signals-issue-9-ai-powered-deception-emerging-fraud-threats-and-countermeasures/
CVE-2025-24054, NTLM Exploit in the Wild
https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
Oracle Critical Patch Update, April 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/04/16/oracle-critical-patch-update-april-2025-security-update-review
CVE Program Almost Unfunded
https://www.schneier.com/blog/archives/2025/04/cve-program-almost-unfunded.html
SPRING ISSUE OF 2600 RELEASED
https://www.2600.com/content/spring-issue-2600-released-19
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542)
Posted by MrTuxracer - 1 vote and 0 comments