Top Security News for Today
How Each Pillar of the 1st Amendment is Under Attack
https://krebsonsecurity.com/2025/03/how-each-pillar-of-the-1st-amendment-is-under-attack/
Cross-modal Information Flow in Multimodal Large Language Models
https://arxiv.org/abs/2411.18620
Federal Desktop Core Configuration (FDCC/USGCB) Compliance
https://www.tripwire.com/state-of-security/federal-desktop-core-configuration-fdccusgcb-compliance
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How Each Pillar of the 1st Amendment is Under Attack
https://krebsonsecurity.com/2025/03/how-each-pillar-of-the-1st-amendment-is-under-attack/
Cross-modal Information Flow in Multimodal Large Language Models
https://arxiv.org/abs/2411.18620
Federal Desktop Core Configuration (FDCC/USGCB) Compliance
https://www.tripwire.com/state-of-security/federal-desktop-core-configuration-fdccusgcb-compliance
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Krebs on Security
How Each Pillar of the 1st Amendment is Under Attack
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists,…
Top Security News for Today
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html
Feberis Pro: As one of the first, I had an opportunity to test new 4-in-1 Expansion Board for Flipper Zero
https://www.reddit.com/r/netsec/comments/1jo0eww/feberis_pro_as_one_of_first_i_had_and_an/
The Signal Chat Leak and the NSA
https://www.schneier.com/blog/archives/2025/03/the-signal-chat-leak-and-the-nsa.html
Welcome to the next generation of Burp Suite: elevate your testing with Burp AI
https://portswigger.net/blog/welcome-to-the-next-generation-of-burp-suite-elevate-your-testing-with-burp-ai
Anatomy of an LLM RCE
https://www.reddit.com/r/netsec/comments/1jo1w9n/anatomy_of_an_llm_rce/
Oracle attempt to hide serious security incident from customers in Oracle SaaS service
https://www.reddit.com/r/netsec/comments/1jo2s5g/oracle_attempt_to_hide_serious_security_incident/
New innovations in Microsoft Purview for protected, AI-ready data
https://www.microsoft.com/en-us/security/blog/2025/03/31/new-innovations-in-microsoft-purview-for-protected-ai-ready-data/
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai/
Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood
https://bishopfox.com/blog/epic-fails-heist-tales-red-teamers
🛡️ DoD Sentinel Skills Challenge – compete, win, and gain access to job opportunities!
https://www.reddit.com/r/netsec/comments/1jo6yht/dod_sentinel_skills_challenge_compete_win_and/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html
Feberis Pro: As one of the first, I had an opportunity to test new 4-in-1 Expansion Board for Flipper Zero
https://www.reddit.com/r/netsec/comments/1jo0eww/feberis_pro_as_one_of_first_i_had_and_an/
The Signal Chat Leak and the NSA
https://www.schneier.com/blog/archives/2025/03/the-signal-chat-leak-and-the-nsa.html
Welcome to the next generation of Burp Suite: elevate your testing with Burp AI
https://portswigger.net/blog/welcome-to-the-next-generation-of-burp-suite-elevate-your-testing-with-burp-ai
Anatomy of an LLM RCE
https://www.reddit.com/r/netsec/comments/1jo1w9n/anatomy_of_an_llm_rce/
Oracle attempt to hide serious security incident from customers in Oracle SaaS service
https://www.reddit.com/r/netsec/comments/1jo2s5g/oracle_attempt_to_hide_serious_security_incident/
New innovations in Microsoft Purview for protected, AI-ready data
https://www.microsoft.com/en-us/security/blog/2025/03/31/new-innovations-in-microsoft-purview-for-protected-ai-ready-data/
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai/
Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood
https://bishopfox.com/blog/epic-fails-heist-tales-red-teamers
🛡️ DoD Sentinel Skills Challenge – compete, win, and gain access to job opportunities!
https://www.reddit.com/r/netsec/comments/1jo6yht/dod_sentinel_skills_challenge_compete_win_and/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Trend Micro
The Espionage Toolkit of Earth Alux A Closer Look at its Advanced Techniques
The cyberespionage techniques of Earth Alux, a China-linked APT group, are putting critical industries at risk. The attacks, aimed at the APAC and Latin American regions, leverage powerful tools and techniques to remain hidden while stealing sensitive data.
Top Security News for Today
Japan Passes Active Cyber Defense Bill
https://www.tripwire.com/state-of-security/japan-passes-active-cyber-defense-bill
Top Cybersecurity Considerations When Moving Commercial Premises
https://www.tripwire.com/state-of-security/top-cybersecurity-considerations-when-moving-commercial-premises
Reforging Sliver: How Simple Code Edits Can Outmaneuver EDR
https://www.reddit.com/r/netsec/comments/1joqvup/reforging_sliver_how_simple_code_edits_can/
Harnessing the Power of Named Pipes
https://www.reddit.com/r/netsec/comments/1jor8nr/harnessing_the_power_of_named_pipes/
CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog
https://www.reddit.com/r/netsec/comments/1jopz93/crushftp_authentication_bypass_cve20252825/
Cell Phone OPSEC for Border Crossings
https://www.schneier.com/blog/archives/2025/04/cell-phone-opsec-for-border-crossings.html
XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1jos2z2/xss_to_rce_by_abusing_custom_file_handlers/
When Parameterization Fails: SQL Injection in Nim's db_postgres Module Using Parameterized Queries
https://www.reddit.com/r/netsec/comments/1joth41/when_parameterization_fails_sql_injection_in_nims/
Transforming Public Sector Security Operations in the AI Era
https://www.microsoft.com/en-us/security/blog/2025/04/01/transforming-public-sector-security-operations-in-the-ai-era/
Improved Detection Signature for the K8s IngressNightmare Vulnerability
https://www.reddit.com/r/netsec/comments/1jp9cmt/improved_detection_signature_for_the_k8s/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Japan Passes Active Cyber Defense Bill
https://www.tripwire.com/state-of-security/japan-passes-active-cyber-defense-bill
Top Cybersecurity Considerations When Moving Commercial Premises
https://www.tripwire.com/state-of-security/top-cybersecurity-considerations-when-moving-commercial-premises
Reforging Sliver: How Simple Code Edits Can Outmaneuver EDR
https://www.reddit.com/r/netsec/comments/1joqvup/reforging_sliver_how_simple_code_edits_can/
Harnessing the Power of Named Pipes
https://www.reddit.com/r/netsec/comments/1jor8nr/harnessing_the_power_of_named_pipes/
CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog
https://www.reddit.com/r/netsec/comments/1jopz93/crushftp_authentication_bypass_cve20252825/
Cell Phone OPSEC for Border Crossings
https://www.schneier.com/blog/archives/2025/04/cell-phone-opsec-for-border-crossings.html
XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1jos2z2/xss_to_rce_by_abusing_custom_file_handlers/
When Parameterization Fails: SQL Injection in Nim's db_postgres Module Using Parameterized Queries
https://www.reddit.com/r/netsec/comments/1joth41/when_parameterization_fails_sql_injection_in_nims/
Transforming Public Sector Security Operations in the AI Era
https://www.microsoft.com/en-us/security/blog/2025/04/01/transforming-public-sector-security-operations-in-the-ai-era/
Improved Detection Signature for the K8s IngressNightmare Vulnerability
https://www.reddit.com/r/netsec/comments/1jp9cmt/improved_detection_signature_for_the_k8s/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Japan Passes Active Cyber Defense Bill
Japan's Active Cyber Defense Bill empowers military and law enforcement to take preemptive action against cyber threats, enhancing national security.
Top Security News for Today
Consolidated View of Security Data: CVEs, Breaches, Ransomware & EOL Tracking
https://www.reddit.com/r/netsec/comments/1jyd734/consolidated_view_of_security_data_cves_breaches/
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs
https://www.reddit.com/r/netsec/comments/1jyihpn/we_have_a_package_for_you_a_comprehensive/
PentestGPT – AI-Powered Penetration Testing Assistant
https://www.darknet.org.uk/2025/04/pentestgpt-ai-powered-penetration-testing-assistant/
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://www.reddit.com/r/netsec/comments/1jypjxk/edv_endpoint_detection_vibes_from_vibe_coding_to/
Looking for Elite Malware & Exploit Developers to Join a High-Level Development Group
https://0x00sec.org/t/looking-for-elite-malware-exploit-developers-to-join-a-high-level-development-group/43574
Article 7 of GDPR: Preserving Data Integrity in Image Publication
https://www.tripwire.com/state-of-security/article-7-gdpr-preserving-data-integrity-image-publication
Energy Under Siege: How the Industry is Fighting Against Cyber Attacks
https://www.tripwire.com/state-of-security/energy-under-siege-how-industry-fighting-against-cyber-attacks
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Consolidated View of Security Data: CVEs, Breaches, Ransomware & EOL Tracking
https://www.reddit.com/r/netsec/comments/1jyd734/consolidated_view_of_security_data_cves_breaches/
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs
https://www.reddit.com/r/netsec/comments/1jyihpn/we_have_a_package_for_you_a_comprehensive/
PentestGPT – AI-Powered Penetration Testing Assistant
https://www.darknet.org.uk/2025/04/pentestgpt-ai-powered-penetration-testing-assistant/
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://www.reddit.com/r/netsec/comments/1jypjxk/edv_endpoint_detection_vibes_from_vibe_coding_to/
Looking for Elite Malware & Exploit Developers to Join a High-Level Development Group
https://0x00sec.org/t/looking-for-elite-malware-exploit-developers-to-join-a-high-level-development-group/43574
Article 7 of GDPR: Preserving Data Integrity in Image Publication
https://www.tripwire.com/state-of-security/article-7-gdpr-preserving-data-integrity-image-publication
Energy Under Siege: How the Industry is Fighting Against Cyber Attacks
https://www.tripwire.com/state-of-security/energy-under-siege-how-industry-fighting-against-cyber-attacks
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Consolidated View of Security Data: CVEs, Breaches, Ransomware & EOL Tracking
Posted by Electrical-Wish-4221 - 13 votes and 0 comments
Top Security News for Today
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://www.reddit.com/r/netsec/comments/1jypjxk/edv_endpoint_detection_vibes_from_vibe_coding_to/
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html
China Sort of Admits to Being Behind Volt Typhoon
https://www.schneier.com/blog/archives/2025/04/china-sort-of-admits-to-being-behind-volt-typhoon.html
Security Analysis: Potential AI Agent Hijacking via MCP and A2A Protocol Insights
https://www.reddit.com/r/netsec/comments/1jyvlzh/security_analysis_potential_ai_agent_hijacking/
14th April – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-april-threat-intelligence-report/
Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking
https://research.checkpoint.com/2025/waiting-thread-hijacking/
Explore how to secure AI by attending our Learn Live Series
https://techcommunity.microsoft.com/blog/microsoft-security-blog/explore-how-to-secure-ai-by-attending-our-learn-live-series/4399703
GenXSS: an AI-Driven Framework for Automated Detection of XSS Attacks in WAFs
https://arxiv.org/abs/2504.08176
The AI Risk Repository: A Comprehensive Meta-Review, Database, and Taxonomy of Risks From Artificial Intelligence
https://arxiv.org/abs/2504.08264
You Can't Trust Your Tag Neither: Privacy Leaks and Potential Legal Violations within the Google Tag Manager
https://arxiv.org/abs/2504.07982
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://www.reddit.com/r/netsec/comments/1jypjxk/edv_endpoint_detection_vibes_from_vibe_coding_to/
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html
China Sort of Admits to Being Behind Volt Typhoon
https://www.schneier.com/blog/archives/2025/04/china-sort-of-admits-to-being-behind-volt-typhoon.html
Security Analysis: Potential AI Agent Hijacking via MCP and A2A Protocol Insights
https://www.reddit.com/r/netsec/comments/1jyvlzh/security_analysis_potential_ai_agent_hijacking/
14th April – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-april-threat-intelligence-report/
Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking
https://research.checkpoint.com/2025/waiting-thread-hijacking/
Explore how to secure AI by attending our Learn Live Series
https://techcommunity.microsoft.com/blog/microsoft-security-blog/explore-how-to-secure-ai-by-attending-our-learn-live-series/4399703
GenXSS: an AI-Driven Framework for Automated Detection of XSS Attacks in WAFs
https://arxiv.org/abs/2504.08176
The AI Risk Repository: A Comprehensive Meta-Review, Database, and Taxonomy of Risks From Artificial Intelligence
https://arxiv.org/abs/2504.08264
You Can't Trust Your Tag Neither: Privacy Leaks and Potential Legal Violations within the Google Tag Manager
https://arxiv.org/abs/2504.07982
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
Explore this post and more from the netsec community
Top Security News for Today
Best Practices for Transitioning from Security to Privacy
https://www.tripwire.com/state-of-security/best-practices-transitioning-security-privacy
Aiding reverse engineering with Rust and a local LLM
https://www.reddit.com/r/netsec/comments/1jzjcm9/aiding_reverse_engineering_with_rust_and_a_local/
They’re Everywhere! Why Non-Human Identities (and Their Security) Should Be Your Top Priority – Ben DH Kim
https://www.reddit.com/r/netsec/comments/1jzoxr7/theyre_everywhere_why_nonhuman_identities_and/
Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/
Meet Burp Suite DAST: A clearer name for the industry's leading DAST solution
https://portswigger.net/blog/meet-burp-suite-dast-a-clearer-name-for-the-industrys-leading-dast-solution
Transforming security with Microsoft Security Exposure Management initiatives
https://www.microsoft.com/en-us/security/blog/2025/04/15/transforming-security-with-microsoft-security-exposure-management-initiatives/
Threat actors misuse Node.js to deliver malware and other malicious payloads
https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/
Super Bowl 2025- Behind the Scenes of the Cybersecurity Blitz
https://www.darknet.org.uk/2025/04/super-bowl-2025-behind-the-scenes-of-the-cybersecurity-blitz/
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability | HackSys Inc
https://www.reddit.com/r/netsec/comments/1k07ee7/microsoft_windows_dxkrnl_untrusted_pointer/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Best Practices for Transitioning from Security to Privacy
https://www.tripwire.com/state-of-security/best-practices-transitioning-security-privacy
Aiding reverse engineering with Rust and a local LLM
https://www.reddit.com/r/netsec/comments/1jzjcm9/aiding_reverse_engineering_with_rust_and_a_local/
They’re Everywhere! Why Non-Human Identities (and Their Security) Should Be Your Top Priority – Ben DH Kim
https://www.reddit.com/r/netsec/comments/1jzoxr7/theyre_everywhere_why_nonhuman_identities_and/
Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/
Meet Burp Suite DAST: A clearer name for the industry's leading DAST solution
https://portswigger.net/blog/meet-burp-suite-dast-a-clearer-name-for-the-industrys-leading-dast-solution
Transforming security with Microsoft Security Exposure Management initiatives
https://www.microsoft.com/en-us/security/blog/2025/04/15/transforming-security-with-microsoft-security-exposure-management-initiatives/
Threat actors misuse Node.js to deliver malware and other malicious payloads
https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/
Super Bowl 2025- Behind the Scenes of the Cybersecurity Blitz
https://www.darknet.org.uk/2025/04/super-bowl-2025-behind-the-scenes-of-the-cybersecurity-blitz/
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability | HackSys Inc
https://www.reddit.com/r/netsec/comments/1k07ee7/microsoft_windows_dxkrnl_untrusted_pointer/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Best Practices for Transitioning from Security to Privacy
Learn key lessons for information security professionals transitioning to privacy programs, including understanding PII and collaborating with legal teams.
Top Security News for Today
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542)
https://www.reddit.com/r/netsec/comments/1k0flpj/sap_emarsys_sdk_for_android_sensitive_data_leak/
Streamlining Detection Engineering in Security Operation Centers
https://securelist.com/streamlining-detection-engineering/116186/
MITRE Support for the CVE Program is Due to Expire Today!
https://www.reddit.com/r/netsec/comments/1k0dodx/mitre_support_for_the_cve_program_is_due_to/
Cyber Signals Issue 9 | AI-Powered Deception: Emerging Fraud Threats and Countermeasures
https://www.microsoft.com/en-us/security/blog/2025/04/16/cyber-signals-issue-9-ai-powered-deception-emerging-fraud-threats-and-countermeasures/
CVE-2025-24054, NTLM Exploit in the Wild
https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
Oracle Critical Patch Update, April 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/04/16/oracle-critical-patch-update-april-2025-security-update-review
CVE Program Almost Unfunded
https://www.schneier.com/blog/archives/2025/04/cve-program-almost-unfunded.html
SPRING ISSUE OF 2600 RELEASED
https://www.2600.com/content/spring-issue-2600-released-19
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542)
https://www.reddit.com/r/netsec/comments/1k0flpj/sap_emarsys_sdk_for_android_sensitive_data_leak/
Streamlining Detection Engineering in Security Operation Centers
https://securelist.com/streamlining-detection-engineering/116186/
MITRE Support for the CVE Program is Due to Expire Today!
https://www.reddit.com/r/netsec/comments/1k0dodx/mitre_support_for_the_cve_program_is_due_to/
Cyber Signals Issue 9 | AI-Powered Deception: Emerging Fraud Threats and Countermeasures
https://www.microsoft.com/en-us/security/blog/2025/04/16/cyber-signals-issue-9-ai-powered-deception-emerging-fraud-threats-and-countermeasures/
CVE-2025-24054, NTLM Exploit in the Wild
https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
Oracle Critical Patch Update, April 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/04/16/oracle-critical-patch-update-april-2025-security-update-review
CVE Program Almost Unfunded
https://www.schneier.com/blog/archives/2025/04/cve-program-almost-unfunded.html
SPRING ISSUE OF 2600 RELEASED
https://www.2600.com/content/spring-issue-2600-released-19
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542)
Posted by MrTuxracer - 1 vote and 0 comments
Top Security News for Today
New writeup: a vulnerability in PHP's extract() function allows attackers to trigger a double-free, which in turn allows arbitrary code execution (native code)
https://www.reddit.com/r/netsec/comments/1k16vep/new_writeup_a_vulnerability_in_phps_extract/
[Project] I built a tool that tracks AWS documentation changes and analyzes security implications
https://www.reddit.com/r/netsec/comments/1k17yrm/project_i_built_a_tool_that_tracks_aws/
Age Verification Using Facial Scans
https://www.schneier.com/blog/archives/2025/04/age-verification-using-facial-scans.html
Microsoft’s Secure by Design journey: One year of success
https://www.microsoft.com/en-us/security/blog/2025/04/17/microsofts-secure-by-design-journey-one-year-of-success/
Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog
https://www.reddit.com/r/netsec/comments/1k1ob9c/crosssite_websocket_hijacking_exploitation_in/
Nebula – Autonomous AI Pentesting Tool
https://www.darknet.org.uk/2025/04/nebula-autonomous-ai-pentesting-tool/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
New writeup: a vulnerability in PHP's extract() function allows attackers to trigger a double-free, which in turn allows arbitrary code execution (native code)
https://www.reddit.com/r/netsec/comments/1k16vep/new_writeup_a_vulnerability_in_phps_extract/
[Project] I built a tool that tracks AWS documentation changes and analyzes security implications
https://www.reddit.com/r/netsec/comments/1k17yrm/project_i_built_a_tool_that_tracks_aws/
Age Verification Using Facial Scans
https://www.schneier.com/blog/archives/2025/04/age-verification-using-facial-scans.html
Microsoft’s Secure by Design journey: One year of success
https://www.microsoft.com/en-us/security/blog/2025/04/17/microsofts-secure-by-design-journey-one-year-of-success/
Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog
https://www.reddit.com/r/netsec/comments/1k1ob9c/crosssite_websocket_hijacking_exploitation_in/
Nebula – Autonomous AI Pentesting Tool
https://www.darknet.org.uk/2025/04/nebula-autonomous-ai-pentesting-tool/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: New writeup: a vulnerability in PHP's extract() function allows attackers to trigger a double…
Posted by SSDisclosure - 1 vote and 0 comments
Top Security News for Today
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation | Cleafy
https://www.reddit.com/r/netsec/comments/1k21cf9/supercard_x_exposing_a_chinesespeaker_maas_for/
AES & ChaCha — A Case for Simplicity in Cryptography
https://www.reddit.com/r/netsec/comments/1k1y676/aes_chacha_a_case_for_simplicity_in_cryptography/
CVE-2025-25364: Speedify VPN MacOS privilege Escalation
https://www.reddit.com/r/netsec/comments/1k2bpp5/cve202525364_speedify_vpn_macos_privilege/
Friday Squid Blogging: Live Colossal Squid Filmed
https://www.schneier.com/blog/archives/2025/04/friday-squid-blogging-live-colossal-squid-filmed.html
A Dark Reading Panel - "The Promise and Perils of AI: Navigating Emerging Cyber Threats"
https://bishopfox.com/blog/dark-reading-panel-promise-perils-ai-navigating-emerging-cyber-threats-blog
Decentralised collaborative action: cryptoeconomics in space
https://arxiv.org/abs/2504.12465
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation | Cleafy
https://www.reddit.com/r/netsec/comments/1k21cf9/supercard_x_exposing_a_chinesespeaker_maas_for/
AES & ChaCha — A Case for Simplicity in Cryptography
https://www.reddit.com/r/netsec/comments/1k1y676/aes_chacha_a_case_for_simplicity_in_cryptography/
CVE-2025-25364: Speedify VPN MacOS privilege Escalation
https://www.reddit.com/r/netsec/comments/1k2bpp5/cve202525364_speedify_vpn_macos_privilege/
Friday Squid Blogging: Live Colossal Squid Filmed
https://www.schneier.com/blog/archives/2025/04/friday-squid-blogging-live-colossal-squid-filmed.html
A Dark Reading Panel - "The Promise and Perils of AI: Navigating Emerging Cyber Threats"
https://bishopfox.com/blog/dark-reading-panel-promise-perils-ai-navigating-emerging-cyber-threats-blog
Decentralised collaborative action: cryptoeconomics in space
https://arxiv.org/abs/2504.12465
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation | Cleafy
Explore this post and more from the netsec community
Top Security News for Today
Need Help Extracting Firmware from a VR Headset
https://www.reddit.com/r/netsec/comments/1k2ret4/need_help_extracting_firmware_from_a_vr_headset/
Speculative Thinking: Enhancing Small-Model Reasoning with Large Model Guidance at Inference Time
https://arxiv.org/abs/2504.12329
b3rito/b3acon: b3acon - a mail-based C2 that communicates via an in-memory C# IMAP client dynamically compiled in memory using PowerShell.
https://www.reddit.com/r/netsec/comments/1k3677a/b3ritob3acon_b3acon_a_mailbased_c2_that/
BBRadar.io - The Bug Bounty Program Aggregator - Find the latest bug bounty programs from all major platforms.
https://www.reddit.com/r/netsec/comments/1k37153/bbradario_the_bug_bounty_program_aggregator_find/
Everything You Need to Know About VPNs—Without the "affiliates"
https://www.reddit.com/r/netsec/comments/1k3fuyo/everything_you_need_to_know_about_vpnswithout_the/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Need Help Extracting Firmware from a VR Headset
https://www.reddit.com/r/netsec/comments/1k2ret4/need_help_extracting_firmware_from_a_vr_headset/
Speculative Thinking: Enhancing Small-Model Reasoning with Large Model Guidance at Inference Time
https://arxiv.org/abs/2504.12329
b3rito/b3acon: b3acon - a mail-based C2 that communicates via an in-memory C# IMAP client dynamically compiled in memory using PowerShell.
https://www.reddit.com/r/netsec/comments/1k3677a/b3ritob3acon_b3acon_a_mailbased_c2_that/
BBRadar.io - The Bug Bounty Program Aggregator - Find the latest bug bounty programs from all major platforms.
https://www.reddit.com/r/netsec/comments/1k37153/bbradario_the_bug_bounty_program_aggregator_find/
Everything You Need to Know About VPNs—Without the "affiliates"
https://www.reddit.com/r/netsec/comments/1k3fuyo/everything_you_need_to_know_about_vpnswithout_the/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: need help extracting firmware from a vr headset in a working state
Posted by Shot_Morning2815 - 0 votes and 4 comments
Top Security News for Today
Everything You Need to Know About VPNs—Without the "affiliates"
https://www.reddit.com/r/netsec/comments/1k3fuyo/everything_you_need_to_know_about_vpnswithout_the/
Elkeid – A Modern, Scalable HIDS for Cloud-Native Infrastructure
https://www.darknet.org.uk/2025/04/elkeid-a-modern-scalable-hids-for-cloud-native-infrastructure/
FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE
https://www.trendmicro.com/en_us/research/25/d/fog-ransomware-concealed-within-binary-loaders-linking-themselve.html
Assessing LLMs in Art Contexts: Critique Generation and Theory of Mind Evaluation
https://arxiv.org/abs/2504.12805
Understanding the Limits of Vision Language Models Through the Lens of the Binding Problem
https://arxiv.org/abs/2411.00238
Phishing attacks leveraging HTML code inside SVG files
https://securelist.com/svg-phishing/116256/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Everything You Need to Know About VPNs—Without the "affiliates"
https://www.reddit.com/r/netsec/comments/1k3fuyo/everything_you_need_to_know_about_vpnswithout_the/
Elkeid – A Modern, Scalable HIDS for Cloud-Native Infrastructure
https://www.darknet.org.uk/2025/04/elkeid-a-modern-scalable-hids-for-cloud-native-infrastructure/
FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE
https://www.trendmicro.com/en_us/research/25/d/fog-ransomware-concealed-within-binary-loaders-linking-themselve.html
Assessing LLMs in Art Contexts: Critique Generation and Theory of Mind Evaluation
https://arxiv.org/abs/2504.12805
Understanding the Limits of Vision Language Models Through the Lens of the Binding Problem
https://arxiv.org/abs/2411.00238
Phishing attacks leveraging HTML code inside SVG files
https://securelist.com/svg-phishing/116256/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
Everything You Need to Know About VPNs—Without the "affiliates" : r/netsec
531K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers…
Top Security News for Today
21st April – Threat Intelligence Report
https://research.checkpoint.com/2025/21st-april-threat-intelligence-report/
IoT Network Security: Analyzing Decrypted Zigbee Traffic Data
https://www.reddit.com/r/netsec/comments/1k4awln/iot_network_security_analyzing_decrypted_zigbee/
Lumma Stealer – Tracking distribution channels
https://securelist.com/lumma-fake-captcha-attacks-analysis/116274/
Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative
https://www.microsoft.com/en-us/security/blog/2025/04/21/securing-our-future-april-2025-progress-report-on-microsofts-secure-future-initiative/
Investigating cybersecurity incidents using large language models in latest-generation wireless networks
https://arxiv.org/abs/2504.13196
Whistleblower: DOGE Siphoned NLRB Case Data
https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
21st April – Threat Intelligence Report
https://research.checkpoint.com/2025/21st-april-threat-intelligence-report/
IoT Network Security: Analyzing Decrypted Zigbee Traffic Data
https://www.reddit.com/r/netsec/comments/1k4awln/iot_network_security_analyzing_decrypted_zigbee/
Lumma Stealer – Tracking distribution channels
https://securelist.com/lumma-fake-captcha-attacks-analysis/116274/
Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative
https://www.microsoft.com/en-us/security/blog/2025/04/21/securing-our-future-april-2025-progress-report-on-microsofts-secure-future-initiative/
Investigating cybersecurity incidents using large language models in latest-generation wireless networks
https://arxiv.org/abs/2504.13196
Whistleblower: DOGE Siphoned NLRB Case Data
https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Check Point Research
21st April – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 21st April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Retail giant Ahold Delhaize has suffered a cyber-attack resulting in data theft of customer information from…
Top Security News for Today
Attacking My Landlord's Boiler
https://www.reddit.com/r/netsec/comments/1k5023x/attacking_my_landlords_boiler/
Windows Defender antivirus bypass in 2025 - Part 2
https://www.reddit.com/r/netsec/comments/1k50npg/windows_defender_antivirus_bypass_in_2025_part_2/
Line jumping: The silent backdoor in MCP
https://www.reddit.com/r/netsec/comments/1k4j7u5/line_jumping_the_silent_backdoor_in_mcp/
Russian organizations targeted by backdoor masquerading as secure networking software updates
https://securelist.com/new-backdoor-mimics-security-software-update/116246/
How I made $64k from deleted files — a bug bounty story
https://www.reddit.com/r/netsec/comments/1k59mtf/how_i_made_64k_from_deleted_files_a_bug_bounty/
Glitching STM32 Read Out Protection - Anvil Secure
https://www.reddit.com/r/netsec/comments/1k5e3we/glitching_stm32_read_out_protection_anvil_secure/
Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)
https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Attacking My Landlord's Boiler
https://www.reddit.com/r/netsec/comments/1k5023x/attacking_my_landlords_boiler/
Windows Defender antivirus bypass in 2025 - Part 2
https://www.reddit.com/r/netsec/comments/1k50npg/windows_defender_antivirus_bypass_in_2025_part_2/
Line jumping: The silent backdoor in MCP
https://www.reddit.com/r/netsec/comments/1k4j7u5/line_jumping_the_silent_backdoor_in_mcp/
Russian organizations targeted by backdoor masquerading as secure networking software updates
https://securelist.com/new-backdoor-mimics-security-software-update/116246/
How I made $64k from deleted files — a bug bounty story
https://www.reddit.com/r/netsec/comments/1k59mtf/how_i_made_64k_from_deleted_files_a_bug_bounty/
Glitching STM32 Read Out Protection - Anvil Secure
https://www.reddit.com/r/netsec/comments/1k5e3we/glitching_stm32_read_out_protection_anvil_secure/
Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)
https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Attacking My Landlord's Boiler
Explore this post and more from the netsec community
Top Security News for Today
Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)
https://www.reddit.com/r/netsec/comments/1k5roqe/local_privilege_escalation_on_zyxel_usg_flex_h/
Regulating AI Behavior with a Hypervisor
https://www.schneier.com/blog/archives/2025/04/regulating-ai-behavior-with-a-hypervisor.html
Understanding the threat landscape for Kubernetes and containerized assets
https://www.microsoft.com/en-us/security/blog/2025/04/23/understanding-the-threat-landscape-for-kubernetes-and-containerized-assets/
XRP Supplychain attack: Official NPM package infected with crypto stealing backdoor
https://www.reddit.com/r/netsec/comments/1k54dna/xrp_supplychain_attack_official_npm_package/
DOGE Worker’s Code Supports NLRB Whistleblower
https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/
Authenticated Remote Code Execution on USG FLEX H Series (CVE-2025-1731 / CVE-2025-1732)
https://www.reddit.com/r/netsec/comments/1k6f52p/authenticated_remote_code_execution_on_usg_flex_h/
Operation SyncHole: Lazarus APT goes back to the well
https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326/
Scams 2.0: How Technology Is Powering the Next Generation of Fraud
https://www.tripwire.com/state-of-security/scams-how-technology-powering-next-generation-fraud
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)
https://www.reddit.com/r/netsec/comments/1k5roqe/local_privilege_escalation_on_zyxel_usg_flex_h/
Regulating AI Behavior with a Hypervisor
https://www.schneier.com/blog/archives/2025/04/regulating-ai-behavior-with-a-hypervisor.html
Understanding the threat landscape for Kubernetes and containerized assets
https://www.microsoft.com/en-us/security/blog/2025/04/23/understanding-the-threat-landscape-for-kubernetes-and-containerized-assets/
XRP Supplychain attack: Official NPM package infected with crypto stealing backdoor
https://www.reddit.com/r/netsec/comments/1k54dna/xrp_supplychain_attack_official_npm_package/
DOGE Worker’s Code Supports NLRB Whistleblower
https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/
Authenticated Remote Code Execution on USG FLEX H Series (CVE-2025-1731 / CVE-2025-1732)
https://www.reddit.com/r/netsec/comments/1k6f52p/authenticated_remote_code_execution_on_usg_flex_h/
Operation SyncHole: Lazarus APT goes back to the well
https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326/
Scams 2.0: How Technology Is Powering the Next Generation of Fraud
https://www.tripwire.com/state-of-security/scams-how-technology-powering-next-generation-fraud
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)
Explore this post and more from the netsec community
Top Security News for Today
Certifying Knowledge Comprehension in LLMs
https://arxiv.org/abs/2402.15929
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1k6ogjy/fire_in_the_hole_were_breaching_the_vault/
GitHub potential leaking of private emails and Hacker One
https://www.reddit.com/r/netsec/comments/1k6owdl/github_potential_leaking_of_private_emails_and/
SonicWall Sonicos Versions 7.1.x and 8.0.x
https://bishopfox.com/blog/sonicwall-sonicos-versions-7-1-x-and-8-0-x
New whitepaper outlines the taxonomy of failure modes in AI agents
https://www.microsoft.com/en-us/security/blog/2025/04/24/new-whitepaper-outlines-the-taxonomy-of-failure-modes-in-ai-agents/
2 New UAF Vulnerabilities in Chrome
https://www.reddit.com/r/netsec/comments/1k6r7r8/2_new_uaf_vulnerabilities_in_chrome/
New Linux Rootkit
https://www.schneier.com/blog/archives/2025/04/new-linux-rootkit.html
io_uring Is Back, This Time as a Rootkit
https://www.reddit.com/r/netsec/comments/1k73fcr/io_uring_is_back_this_time_as_a_rootkit/
Tyton – Kernel-Mode Rootkit Hunter for Linux
https://www.darknet.org.uk/2025/04/tyton-kernel-mode-rootkit-hunter-for-linux/
Addressing a Large-Scale Data Breach: Seeking Network Security Expertise
https://www.reddit.com/r/netsec/comments/1k77q6j/addressing_a_largescale_data_breach_seeking/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Certifying Knowledge Comprehension in LLMs
https://arxiv.org/abs/2402.15929
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1k6ogjy/fire_in_the_hole_were_breaching_the_vault/
GitHub potential leaking of private emails and Hacker One
https://www.reddit.com/r/netsec/comments/1k6owdl/github_potential_leaking_of_private_emails_and/
SonicWall Sonicos Versions 7.1.x and 8.0.x
https://bishopfox.com/blog/sonicwall-sonicos-versions-7-1-x-and-8-0-x
New whitepaper outlines the taxonomy of failure modes in AI agents
https://www.microsoft.com/en-us/security/blog/2025/04/24/new-whitepaper-outlines-the-taxonomy-of-failure-modes-in-ai-agents/
2 New UAF Vulnerabilities in Chrome
https://www.reddit.com/r/netsec/comments/1k6r7r8/2_new_uaf_vulnerabilities_in_chrome/
New Linux Rootkit
https://www.schneier.com/blog/archives/2025/04/new-linux-rootkit.html
io_uring Is Back, This Time as a Rootkit
https://www.reddit.com/r/netsec/comments/1k73fcr/io_uring_is_back_this_time_as_a_rootkit/
Tyton – Kernel-Mode Rootkit Hunter for Linux
https://www.darknet.org.uk/2025/04/tyton-kernel-mode-rootkit-hunter-for-linux/
Addressing a Large-Scale Data Breach: Seeking Network Security Expertise
https://www.reddit.com/r/netsec/comments/1k77q6j/addressing_a_largescale_data_breach_seeking/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Certifying Knowledge Comprehension in LLMs
Large Language Models (LLMs) are increasingly deployed in safety-critical systems where they provide answers based on in-context information derived from knowledge bases. As LLMs are increasingly...
Top Security News for Today
Triada strikes back
https://securelist.com/triada-trojan-modules-analysis/116380/
5 CVEs and a CISA Advisory for Planet Technology industrial switches
https://www.reddit.com/r/netsec/comments/1k7hcog/5_cves_and_a_cisa_advisory_for_planet_technology/
Cryptocurrency Thefts Get Physical
https://www.schneier.com/blog/archives/2025/04/cryptocurrency-thefts-get-physical.html
Three new vulnerabilities found related to IXON VPN client resulting in Local Privilege Escalation (LPE)
https://www.reddit.com/r/netsec/comments/1k7ilys/three_new_vulnerabilities_found_related_to_ixon/
Is airplane mode lying? A browser behavior demo that messes with expectations.
https://www.reddit.com/r/netsec/comments/1k7il8o/is_airplane_mode_lying_a_browser_behavior_demo/
Remote Code Execution on Viasat Modems (CVE-2024-6198)
https://www.reddit.com/r/netsec/comments/1k7knmy/remote_code_execution_on_viasat_modems_cve20246198/
Explore practical best practices to secure your data with Microsoft Purview
https://www.microsoft.com/en-us/security/blog/2025/04/25/explore-practical-best-practices-to-secure-your-data-with-microsoft-purview/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Triada strikes back
https://securelist.com/triada-trojan-modules-analysis/116380/
5 CVEs and a CISA Advisory for Planet Technology industrial switches
https://www.reddit.com/r/netsec/comments/1k7hcog/5_cves_and_a_cisa_advisory_for_planet_technology/
Cryptocurrency Thefts Get Physical
https://www.schneier.com/blog/archives/2025/04/cryptocurrency-thefts-get-physical.html
Three new vulnerabilities found related to IXON VPN client resulting in Local Privilege Escalation (LPE)
https://www.reddit.com/r/netsec/comments/1k7ilys/three_new_vulnerabilities_found_related_to_ixon/
Is airplane mode lying? A browser behavior demo that messes with expectations.
https://www.reddit.com/r/netsec/comments/1k7il8o/is_airplane_mode_lying_a_browser_behavior_demo/
Remote Code Execution on Viasat Modems (CVE-2024-6198)
https://www.reddit.com/r/netsec/comments/1k7knmy/remote_code_execution_on_viasat_modems_cve20246198/
Explore practical best practices to secure your data with Microsoft Purview
https://www.microsoft.com/en-us/security/blog/2025/04/25/explore-practical-best-practices-to-secure-your-data-with-microsoft-purview/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
A Novel Graph Transformer Framework for Gene Regulatory Network Inference
https://arxiv.org/abs/2504.16961
RomHack 2025 Call for Papers
https://www.reddit.com/r/netsec/comments/1k8xj1s/romhack_2025_call_for_papers/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
A Novel Graph Transformer Framework for Gene Regulatory Network Inference
https://arxiv.org/abs/2504.16961
RomHack 2025 Call for Papers
https://www.reddit.com/r/netsec/comments/1k8xj1s/romhack_2025_call_for_papers/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
A Novel Graph Transformer Framework for Gene Regulatory Network Inference
The inference of gene regulatory networks (GRNs) is a foundational stride towards deciphering the fundamentals of complex biological systems. Inferring a possible regulatory link between two genes...
Top Security News for Today
RomHack 2025 Call for Papers
https://www.reddit.com/r/netsec/comments/1k8xj1s/romhack_2025_call_for_papers/
Comprehensive 2025 Report: Software Security Market Trends and User Pain Points in China
https://www.reddit.com/r/netsec/comments/1k96wqs/comprehensive_2025_report_software_security/
Symbol Database for Reverse Engineers
https://www.reddit.com/r/netsec/comments/1k9bdh2/symbol_database_for_reverse_engineers/
RSAC Freeroll Poker Tournament
https://www.reddit.com/r/netsec/comments/1k9focg/rsac_freeroll_poker_tournament/
How a Single Line Of Code Could Brick Your iPhone
https://www.reddit.com/r/netsec/comments/1k9hxj1/how_a_single_line_of_code_could_brick_your_iphone/
DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux
https://www.darknet.org.uk/2025/04/datasurgeon-fast-flexible-data-extraction-and-transformation-tool-for-linux/
NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk
https://www.trendmicro.com/en_us/research/25/d/nvidia-riva-vulnerabilities.html
28th April – Threat Intelligence Report
https://research.checkpoint.com/2025/28th-april-threat-intelligence-report/
New Bill Mandates Cybersecurity Overhaul for Federal Contractors
https://www.tripwire.com/state-of-security/new-bill-mandates-cybersecurity-overhaul-federal-contractors
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
RomHack 2025 Call for Papers
https://www.reddit.com/r/netsec/comments/1k8xj1s/romhack_2025_call_for_papers/
Comprehensive 2025 Report: Software Security Market Trends and User Pain Points in China
https://www.reddit.com/r/netsec/comments/1k96wqs/comprehensive_2025_report_software_security/
Symbol Database for Reverse Engineers
https://www.reddit.com/r/netsec/comments/1k9bdh2/symbol_database_for_reverse_engineers/
RSAC Freeroll Poker Tournament
https://www.reddit.com/r/netsec/comments/1k9focg/rsac_freeroll_poker_tournament/
How a Single Line Of Code Could Brick Your iPhone
https://www.reddit.com/r/netsec/comments/1k9hxj1/how_a_single_line_of_code_could_brick_your_iphone/
DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux
https://www.darknet.org.uk/2025/04/datasurgeon-fast-flexible-data-extraction-and-transformation-tool-for-linux/
NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk
https://www.trendmicro.com/en_us/research/25/d/nvidia-riva-vulnerabilities.html
28th April – Threat Intelligence Report
https://research.checkpoint.com/2025/28th-april-threat-intelligence-report/
New Bill Mandates Cybersecurity Overhaul for Federal Contractors
https://www.tripwire.com/state-of-security/new-bill-mandates-cybersecurity-overhaul-federal-contractors
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: RomHack 2025 Call for Papers
Explore this post and more from the netsec community
Top Security News for Today
Introducing HANAlyzer: An Open-Source Tool to Secure Your HANA databases - Anvil Secure
https://www.reddit.com/r/netsec/comments/1k9t61b/introducing_hanalyzer_an_opensource_tool_to/
Fuzzing Windows ARM64 closed-source binary with QBDI and libFuzzer
https://www.reddit.com/r/netsec/comments/1k9ui2q/fuzzing_windows_arm64_closedsource_binary_with/
Windscribe Acquitted on Charges of Not Collecting Users’ Data
https://www.schneier.com/blog/archives/2025/04/windscribe-acquitted-on-charges-of-not-collecting-users-data.html
Using an LLM with MCP for Threat Hunting
https://www.reddit.com/r/netsec/comments/1kad8eg/using_an_llm_with_mcp_for_threat_hunting/
Ransomware Attacks on Critical Infrastructure Surge, Reports FBI
https://www.tripwire.com/state-of-security/ransomware-attacks-critical-infrastructure-surge-reports-fbi
The Growing Threat of Ransomware to the Manufacturing Sector
https://www.tripwire.com/state-of-security/growing-threat-ransomware-manufacturing-sector
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Introducing HANAlyzer: An Open-Source Tool to Secure Your HANA databases - Anvil Secure
https://www.reddit.com/r/netsec/comments/1k9t61b/introducing_hanalyzer_an_opensource_tool_to/
Fuzzing Windows ARM64 closed-source binary with QBDI and libFuzzer
https://www.reddit.com/r/netsec/comments/1k9ui2q/fuzzing_windows_arm64_closedsource_binary_with/
Windscribe Acquitted on Charges of Not Collecting Users’ Data
https://www.schneier.com/blog/archives/2025/04/windscribe-acquitted-on-charges-of-not-collecting-users-data.html
Using an LLM with MCP for Threat Hunting
https://www.reddit.com/r/netsec/comments/1kad8eg/using_an_llm_with_mcp_for_threat_hunting/
Ransomware Attacks on Critical Infrastructure Surge, Reports FBI
https://www.tripwire.com/state-of-security/ransomware-attacks-critical-infrastructure-surge-reports-fbi
The Growing Threat of Ransomware to the Manufacturing Sector
https://www.tripwire.com/state-of-security/growing-threat-ransomware-manufacturing-sector
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Introducing HANAlyzer: An Open-Source Tool to Secure Your HANA databases - Anvil Secure
Posted by tlxio - 8 votes and 0 comments
Top Security News for Today
Outlaw cybergang attacking targets worldwide
https://securelist.com/outlaw-botnet/116444/
Applying Security Engineering to Prompt Injection Security
https://www.schneier.com/blog/archives/2025/04/applying_security_engineering_to_prompt_injection_security.html
AirBorne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk
https://www.reddit.com/r/netsec/comments/1kapirk/airborne_wormable_zeroclick_rce_in_apple_airplay/
Microsoft announces the 2025 Security Excellence Awards winners
https://www.microsoft.com/en-us/security/blog/2025/04/29/microsoft-announces-the-2025-security-excellence-awards-winners/
Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
https://www.reddit.com/r/netsec/comments/1kas6ia/shadow_roles_aws_defaults_can_open_the_door_to/
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
https://www.reddit.com/r/netsec/comments/1kawg9i/hello_0days_my_old_friend_a_2024_zeroday/
Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)
https://www.darknet.org.uk/2025/04/understanding-the-deep-web-dark-web-and-darknet-2025-guide/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Outlaw cybergang attacking targets worldwide
https://securelist.com/outlaw-botnet/116444/
Applying Security Engineering to Prompt Injection Security
https://www.schneier.com/blog/archives/2025/04/applying_security_engineering_to_prompt_injection_security.html
AirBorne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk
https://www.reddit.com/r/netsec/comments/1kapirk/airborne_wormable_zeroclick_rce_in_apple_airplay/
Microsoft announces the 2025 Security Excellence Awards winners
https://www.microsoft.com/en-us/security/blog/2025/04/29/microsoft-announces-the-2025-security-excellence-awards-winners/
Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
https://www.reddit.com/r/netsec/comments/1kas6ia/shadow_roles_aws_defaults_can_open_the_door_to/
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
https://www.reddit.com/r/netsec/comments/1kawg9i/hello_0days_my_old_friend_a_2024_zeroday/
Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)
https://www.darknet.org.uk/2025/04/understanding-the-deep-web-dark-web-and-darknet-2025-guide/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Outlaw botnet detected in an incident contained by Kaspersky
The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet's SSH-based infection chain.
Top Security News for Today
Samsung MagicINFO Unauthenticated RCE
https://www.reddit.com/r/netsec/comments/1kbc6vd/samsung_magicinfo_unauthenticated_rce/
A Technical Review of AI-Infra-Guard V2: New MCP Server Security Analysis Tool
https://www.reddit.com/r/netsec/comments/1kbbu88/a_technical_review_of_aiinfraguard_v2_new_mcp/
WhatsApp Case Against NSO Group Progressing
https://www.schneier.com/blog/archives/2025/04/whatsapp-case-against-nso-group-progressing.html
I tried out vibe hacking with Cursor. It kinda worked and I ultimately found RCE.
https://www.reddit.com/r/netsec/comments/1kbet3a/i_tried_out_vibe_hacking_with_cursor_it_kinda/
Exploring the State of AI in Cyber Security: Past, Present, and Future
https://research.checkpoint.com/2025/sate-of-ai-in-cyber-security/
Using AI to find Web App vulnerabilities: hacking expert John Hammond takes Burp AI for a Spin
https://portswigger.net/blog/using-ai-to-find-web-app-vulnerabilities-hacking-expert-john-hammond-takes-burp-ai-for-a-spin
The Growing Threat of Ransomware-as-a-Service (RaaS) on Healthcare Infrastructure
https://www.tripwire.com/state-of-security/growing-threat-ransomware-service-raas-healthcare-infrastructure
Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI
https://www.reddit.com/r/netsec/comments/1kbfaer/supercharging_ghidra_using_local_llms_with/
14 secure coding tips: Learn from the experts at Microsoft Build
https://techcommunity.microsoft.com/blog/microsoft-security-blog/14-secure-coding-tips-learn-from-the-experts-at-build/4407147
Hijacking NodeJS’ Jenkins Agents For Code Execution and More
https://www.reddit.com/r/netsec/comments/1kbpj9h/hijacking_nodejs_jenkins_agents_for_code/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Samsung MagicINFO Unauthenticated RCE
https://www.reddit.com/r/netsec/comments/1kbc6vd/samsung_magicinfo_unauthenticated_rce/
A Technical Review of AI-Infra-Guard V2: New MCP Server Security Analysis Tool
https://www.reddit.com/r/netsec/comments/1kbbu88/a_technical_review_of_aiinfraguard_v2_new_mcp/
WhatsApp Case Against NSO Group Progressing
https://www.schneier.com/blog/archives/2025/04/whatsapp-case-against-nso-group-progressing.html
I tried out vibe hacking with Cursor. It kinda worked and I ultimately found RCE.
https://www.reddit.com/r/netsec/comments/1kbet3a/i_tried_out_vibe_hacking_with_cursor_it_kinda/
Exploring the State of AI in Cyber Security: Past, Present, and Future
https://research.checkpoint.com/2025/sate-of-ai-in-cyber-security/
Using AI to find Web App vulnerabilities: hacking expert John Hammond takes Burp AI for a Spin
https://portswigger.net/blog/using-ai-to-find-web-app-vulnerabilities-hacking-expert-john-hammond-takes-burp-ai-for-a-spin
The Growing Threat of Ransomware-as-a-Service (RaaS) on Healthcare Infrastructure
https://www.tripwire.com/state-of-security/growing-threat-ransomware-service-raas-healthcare-infrastructure
Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI
https://www.reddit.com/r/netsec/comments/1kbfaer/supercharging_ghidra_using_local_llms_with/
14 secure coding tips: Learn from the experts at Microsoft Build
https://techcommunity.microsoft.com/blog/microsoft-security-blog/14-secure-coding-tips-learn-from-the-experts-at-build/4407147
Hijacking NodeJS’ Jenkins Agents For Code Execution and More
https://www.reddit.com/r/netsec/comments/1kbpj9h/hijacking_nodejs_jenkins_agents_for_code/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Samsung MagicINFO Unauthenticated RCE
Posted by Straight-Zombie-646 - 2 votes and 0 comments