Top Security News for Today
Dero miner zombies biting through Docker APIs to build a cryptojacking horde
https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/
EvilWorker: a new AiTM attack framework leveraging service workers — much more effective, autonomous, and adaptable than Evilginx2? 🎣
https://www.reddit.com/r/netsec/comments/1krtrht/evilworker_a_new_aitm_attack_framework_leveraging/
Humans are Insecure Password Generators
https://www.reddit.com/r/netsec/comments/1krqom1/humans_are_insecure_password_generators/
BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory
https://www.reddit.com/r/netsec/comments/1ks1i9g/badsuccessor_abusing_dmsa_to_escalate_privileges/
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
https://www.microsoft.com/en-us/security/blog/2025/05/21/lumma-stealer-breaking-down-the-delivery-techniques-and-capabilities-of-a-prolific-infostealer/
AI-Powered Malware – The Next Evolution in Cyber Threats
https://www.darknet.org.uk/2025/05/ai-powered-malware-the-next-evolution-in-cyber-threats/
CVE-2024-45332 brings back branch target injection attacks on Intel
https://www.reddit.com/r/netsec/comments/1ksc31c/cve202445332_brings_back_branch_target_injection/
ZathuraDbg: Open-Source GUI tool for learning assembly
https://www.reddit.com/r/lowlevel/comments/1ks4em6/zathuradbg_opensource_gui_tool_for_learning/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Dero miner zombies biting through Docker APIs to build a cryptojacking horde
https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/
EvilWorker: a new AiTM attack framework leveraging service workers — much more effective, autonomous, and adaptable than Evilginx2? 🎣
https://www.reddit.com/r/netsec/comments/1krtrht/evilworker_a_new_aitm_attack_framework_leveraging/
Humans are Insecure Password Generators
https://www.reddit.com/r/netsec/comments/1krqom1/humans_are_insecure_password_generators/
BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory
https://www.reddit.com/r/netsec/comments/1ks1i9g/badsuccessor_abusing_dmsa_to_escalate_privileges/
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
https://www.microsoft.com/en-us/security/blog/2025/05/21/lumma-stealer-breaking-down-the-delivery-techniques-and-capabilities-of-a-prolific-infostealer/
AI-Powered Malware – The Next Evolution in Cyber Threats
https://www.darknet.org.uk/2025/05/ai-powered-malware-the-next-evolution-in-cyber-threats/
CVE-2024-45332 brings back branch target injection attacks on Intel
https://www.reddit.com/r/netsec/comments/1ksc31c/cve202445332_brings_back_branch_target_injection/
ZathuraDbg: Open-Source GUI tool for learning assembly
https://www.reddit.com/r/lowlevel/comments/1ks4em6/zathuradbg_opensource_gui_tool_for_learning/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Dero miner spreads inside containerized Linux environments
Kaspersky experts break down an updated cryptojacking campaign targeting containerized environments: a Dero crypto miner abuses the Docker API.
Top Security News for Today
Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817)
https://www.reddit.com/r/netsec/comments/1kslcpa/authenticated_remote_code_execution_in_netwrix/
EXP-401 (OSEE):用五天課程訓練通透十年的知識體
https://devco.re/blog/2025/05/22/exp-401-osee-five-days-to-master-a-decade-of-knowledge/
The Voter Experience
https://www.schneier.com/blog/archives/2025/05/the-voter-experience.html
How to Enumerate and Exploit CefSharp Thick Clients Using CefEnum
https://www.reddit.com/r/netsec/comments/1kskq0k/how_to_enumerate_and_exploit_cefsharp_thick/
Automating MS-RPC vulnerability research
https://www.reddit.com/r/netsec/comments/1ksp4m2/automating_msrpc_vulnerability_research/
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428)
https://www.reddit.com/r/netsec/comments/1ksufxv/live_forensic_collection_from_ivanti_epmm/
Oops: DanaBot Malware Devs Infected Their Own PCs
https://krebsonsecurity.com/2025/05/oops-danabot-malware-devs-infected-their-own-pcs/
CVE-2025-32756: Write-Up of a Buffer Overflow in Various Fortinet Products
https://www.reddit.com/r/netsec/comments/1kszzx6/cve202532756_writeup_of_a_buffer_overflow_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817)
https://www.reddit.com/r/netsec/comments/1kslcpa/authenticated_remote_code_execution_in_netwrix/
EXP-401 (OSEE):用五天課程訓練通透十年的知識體
https://devco.re/blog/2025/05/22/exp-401-osee-five-days-to-master-a-decade-of-knowledge/
The Voter Experience
https://www.schneier.com/blog/archives/2025/05/the-voter-experience.html
How to Enumerate and Exploit CefSharp Thick Clients Using CefEnum
https://www.reddit.com/r/netsec/comments/1kskq0k/how_to_enumerate_and_exploit_cefsharp_thick/
Automating MS-RPC vulnerability research
https://www.reddit.com/r/netsec/comments/1ksp4m2/automating_msrpc_vulnerability_research/
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428)
https://www.reddit.com/r/netsec/comments/1ksufxv/live_forensic_collection_from_ivanti_epmm/
Oops: DanaBot Malware Devs Infected Their Own PCs
https://krebsonsecurity.com/2025/05/oops-danabot-malware-devs-infected-their-own-pcs/
CVE-2025-32756: Write-Up of a Buffer Overflow in Various Fortinet Products
https://www.reddit.com/r/netsec/comments/1kszzx6/cve202532756_writeup_of_a_buffer_overflow_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817)
Explore this post and more from the netsec community
Top Security News for Today
Signal Blocks Windows Recall
https://www.schneier.com/blog/archives/2025/05/signal-blocks-windows-recall.html
3AM Ransomware Attackers Pose as IT Support to Compromise Networks
https://www.tripwire.com/state-of-security/3am-ransomware-attackers-pose-it-support-compromise-networks
Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE
https://www.reddit.com/r/netsec/comments/1ktjoa8/dont_call_that_protected_method_dissecting_an/
Prime Path Coverage in the GNU Compiler Collection
https://arxiv.org/abs/2505.14694
RoboCulture: A Robotics Platform for Automated Biological Experimentation
https://arxiv.org/abs/2505.14941
Diffusion vs. Autoregressive Language Models: A Text Embedding Perspective
https://arxiv.org/abs/2505.15045
Text Generation Beyond Discrete Token Sampling
https://arxiv.org/abs/2505.14827
One-Layer Transformers are Provably Optimal for In-context Reasoning and Distributional Association Learning in Next-Token Prediction Tasks
https://arxiv.org/abs/2505.15009
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Signal Blocks Windows Recall
https://www.schneier.com/blog/archives/2025/05/signal-blocks-windows-recall.html
3AM Ransomware Attackers Pose as IT Support to Compromise Networks
https://www.tripwire.com/state-of-security/3am-ransomware-attackers-pose-it-support-compromise-networks
Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE
https://www.reddit.com/r/netsec/comments/1ktjoa8/dont_call_that_protected_method_dissecting_an/
Prime Path Coverage in the GNU Compiler Collection
https://arxiv.org/abs/2505.14694
RoboCulture: A Robotics Platform for Automated Biological Experimentation
https://arxiv.org/abs/2505.14941
Diffusion vs. Autoregressive Language Models: A Text Embedding Perspective
https://arxiv.org/abs/2505.15045
Text Generation Beyond Discrete Token Sampling
https://arxiv.org/abs/2505.14827
One-Layer Transformers are Provably Optimal for In-context Reasoning and Distributional Association Learning in Next-Token Prediction Tasks
https://arxiv.org/abs/2505.15009
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Signal Blocks Windows Recall - Schneier on Security
This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data.
Top Security News for Today
BadUSB Attack Explained: From Principles to Practice and Defense
https://www.reddit.com/r/netsec/comments/1kuuvzz/badusb_attack_explained_from_principles_to/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
BadUSB Attack Explained: From Principles to Practice and Defense
https://www.reddit.com/r/netsec/comments/1kuuvzz/badusb_attack_explained_from_principles_to/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: BadUSB Attack Explained: From Principles to Practice and Defense
Explore this post and more from the netsec community
Top Security News for Today
BadUSB Attack Explained: From Principles to Practice and Defense
https://www.reddit.com/r/netsec/comments/1kuuvzz/badusb_attack_explained_from_principles_to/
AIDE – Lightweight Linux Host Intrusion Detection
https://www.darknet.org.uk/2025/05/aide-lightweight-linux-host-intrusion-detection/
What the UK’s New Cyber Resilience Bill Means for Businesses—and How to Stay Ahead
https://www.tripwire.com/state-of-security/what-uks-new-cyber-resilience-bill-means-businesses-and-how-stay-ahead
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
BadUSB Attack Explained: From Principles to Practice and Defense
https://www.reddit.com/r/netsec/comments/1kuuvzz/badusb_attack_explained_from_principles_to/
AIDE – Lightweight Linux Host Intrusion Detection
https://www.darknet.org.uk/2025/05/aide-lightweight-linux-host-intrusion-detection/
What the UK’s New Cyber Resilience Bill Means for Businesses—and How to Stay Ahead
https://www.tripwire.com/state-of-security/what-uks-new-cyber-resilience-bill-means-businesses-and-how-stay-ahead
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: BadUSB Attack Explained: From Principles to Practice and Defense
Explore this post and more from the netsec community
Top Security News for Today
Threat of TCC Bypasses on macOS
https://www.reddit.com/r/netsec/comments/1kvr057/threat_of_tcc_bypasses_on_macos/
26th May – Threat Intelligence Report
https://research.checkpoint.com/2025/26th-may-threat-intelligence-report/
Unauthenticated RCE on Smartbedded MeteoBridge (CVE-2025-4008)
https://www.reddit.com/r/netsec/comments/1kvtr2i/unauthenticated_rce_on_smartbedded_meteobridge/
Windows namespace traversal
https://www.reddit.com/r/lowlevel/comments/1kvtv22/windows_namespace_traversal/
Preparing for the Post Quantum Era: Quantum Ready Architecture for Security and Risk Management (QUASAR) -- A Strategic Framework for Cybersecurity
https://arxiv.org/abs/2505.17084
Improving LLM Outputs Against Jailbreak Attacks with Expert Model Integration
https://arxiv.org/abs/2505.17066
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Threat of TCC Bypasses on macOS
https://www.reddit.com/r/netsec/comments/1kvr057/threat_of_tcc_bypasses_on_macos/
26th May – Threat Intelligence Report
https://research.checkpoint.com/2025/26th-may-threat-intelligence-report/
Unauthenticated RCE on Smartbedded MeteoBridge (CVE-2025-4008)
https://www.reddit.com/r/netsec/comments/1kvtr2i/unauthenticated_rce_on_smartbedded_meteobridge/
Windows namespace traversal
https://www.reddit.com/r/lowlevel/comments/1kvtv22/windows_namespace_traversal/
Preparing for the Post Quantum Era: Quantum Ready Architecture for Security and Risk Management (QUASAR) -- A Strategic Framework for Cybersecurity
https://arxiv.org/abs/2505.17084
Improving LLM Outputs Against Jailbreak Attacks with Expert Model Integration
https://arxiv.org/abs/2505.17066
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Threat of TCC Bypasses on macOS
Explore this post and more from the netsec community
Top Security News for Today
New graph capabilities and MCP server for CTI / OSINT analysis
https://www.reddit.com/r/netsec/comments/1kwjc7w/new_graph_capabilities_and_mcp_server_for_cti/
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/
Chinese-Owned VPNs
https://www.schneier.com/blog/archives/2025/05/chinese-owned-vpns.html
OSEE Exam Uncovered: Cracking OSEE in Taipei
https://devco.re/blog/2025/05/27/osee-exam-uncovered-cracking-osee-in-taipei/
GitHub MCP Exploited: Accessing private repositories via MCP
https://www.reddit.com/r/netsec/comments/1kwhjaz/github_mcp_exploited_accessing_private/
Firefox Security Response to pwn2own 2025
https://www.reddit.com/r/netsec/comments/1kwgp8p/firefox_security_response_to_pwn2own_2025/
Have I Been Squatted — Analyze (open beta, free)
https://www.reddit.com/r/netsec/comments/1kwm3nv/have_i_been_squatted_analyze_open_beta_free/
Trend Micro Leading the Fight to Secure AI
https://www.trendmicro.com/en_us/research/25/e/mitre-atlas-secure-ai.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
New graph capabilities and MCP server for CTI / OSINT analysis
https://www.reddit.com/r/netsec/comments/1kwjc7w/new_graph_capabilities_and_mcp_server_for_cti/
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/
Chinese-Owned VPNs
https://www.schneier.com/blog/archives/2025/05/chinese-owned-vpns.html
OSEE Exam Uncovered: Cracking OSEE in Taipei
https://devco.re/blog/2025/05/27/osee-exam-uncovered-cracking-osee-in-taipei/
GitHub MCP Exploited: Accessing private repositories via MCP
https://www.reddit.com/r/netsec/comments/1kwhjaz/github_mcp_exploited_accessing_private/
Firefox Security Response to pwn2own 2025
https://www.reddit.com/r/netsec/comments/1kwgp8p/firefox_security_response_to_pwn2own_2025/
Have I Been Squatted — Analyze (open beta, free)
https://www.reddit.com/r/netsec/comments/1kwm3nv/have_i_been_squatted_analyze_open_beta_free/
Trend Micro Leading the Fight to Secure AI
https://www.trendmicro.com/en_us/research/25/e/mitre-atlas-secure-ai.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: New graph capabilities and MCP server for CTI / OSINT analysis
Posted by stan_frbd - 0 votes and 0 comments
Top Security News for Today
Remote Code Execution on Evertz SDVN (CVE-2025-4009 - Full Disclosure)
https://www.reddit.com/r/netsec/comments/1kxcit3/remote_code_execution_on_evertz_sdvn_cve20254009/
Zanubis in motion: Tracing the active evolution of the Android banking malware
https://securelist.com/evolution-of-zanubis-banking-trojan-for-android/116588/
Proposed HIPAA Update Makes Yearly Pen Testing Mandatory
https://www.tripwire.com/state-of-security/proposed-hipaa-update-makes-yearly-pen-testing-mandatory
Location Tracking App for Foreigners in Moscow
https://www.schneier.com/blog/archives/2025/05/location-tracking-app-for-foreigners-in-moscow.html
Pakistan Arrests 21 in ‘Heartsender’ Malware Service
https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/
Decoding TCP SYN for Stronger Network Security
https://www.reddit.com/r/netsec/comments/1kxhgwo/decoding_tcp_syn_for_stronger_network_security/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Remote Code Execution on Evertz SDVN (CVE-2025-4009 - Full Disclosure)
https://www.reddit.com/r/netsec/comments/1kxcit3/remote_code_execution_on_evertz_sdvn_cve20254009/
Zanubis in motion: Tracing the active evolution of the Android banking malware
https://securelist.com/evolution-of-zanubis-banking-trojan-for-android/116588/
Proposed HIPAA Update Makes Yearly Pen Testing Mandatory
https://www.tripwire.com/state-of-security/proposed-hipaa-update-makes-yearly-pen-testing-mandatory
Location Tracking App for Foreigners in Moscow
https://www.schneier.com/blog/archives/2025/05/location-tracking-app-for-foreigners-in-moscow.html
Pakistan Arrests 21 in ‘Heartsender’ Malware Service
https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/
Decoding TCP SYN for Stronger Network Security
https://www.reddit.com/r/netsec/comments/1kxhgwo/decoding_tcp_syn_for_stronger_network_security/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Remote Code Execution on Evertz SDVN (CVE-2025-4009 - Full Disclosure)
Explore this post and more from the netsec community
Top Security News for Today
Meet Burp Suite DAST: Your questions answered
https://portswigger.net/blog/meet-burp-suite-dast-your-questions-answered
Deguard: turning a T480 into a coreboot laptop (10-min talk + live demo)
https://www.reddit.com/r/netsec/comments/1ky7bng/deguard_turning_a_t480_into_a_coreboot_laptop/
Surveillance Via Smart Toothbrush
https://www.schneier.com/blog/archives/2025/05/surveillance-via-smart-toothbrush.html
Learning AMD Zen 3 (Family 19h) microarchitecture
https://www.reddit.com/r/lowlevel/comments/1ky4e2u/learning_amd_zen_3_family_19h_microarchitecture/
How to deploy AI safely
https://www.microsoft.com/en-us/security/blog/2025/05/29/how-to-deploy-ai-safely/
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
https://krebsonsecurity.com/2025/05/u-s-sanctions-cloud-provider-funnull-as-top-source-of-pig-butchering-scams/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Meet Burp Suite DAST: Your questions answered
https://portswigger.net/blog/meet-burp-suite-dast-your-questions-answered
Deguard: turning a T480 into a coreboot laptop (10-min talk + live demo)
https://www.reddit.com/r/netsec/comments/1ky7bng/deguard_turning_a_t480_into_a_coreboot_laptop/
Surveillance Via Smart Toothbrush
https://www.schneier.com/blog/archives/2025/05/surveillance-via-smart-toothbrush.html
Learning AMD Zen 3 (Family 19h) microarchitecture
https://www.reddit.com/r/lowlevel/comments/1ky4e2u/learning_amd_zen_3_family_19h_microarchitecture/
How to deploy AI safely
https://www.microsoft.com/en-us/security/blog/2025/05/29/how-to-deploy-ai-safely/
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
https://krebsonsecurity.com/2025/05/u-s-sanctions-cloud-provider-funnull-as-top-source-of-pig-butchering-scams/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
PortSwigger Blog
Meet Burp Suite DAST: Your questions answered
We recently hosted a webinar to introduce Burp Suite DAST, the new name for Burp Suite Enterprise Edition, the best-in-class, automated web application and API security scanning solution for modern Ap
Top Security News for Today
PortSwigger Honored with the King's Award for Enterprise in International Trade
https://portswigger.net/blog/portswigger-honored-with-the-kings-award-for-enterprise-in-international-trade
Finding SSRFs in Azure DevOps - Part 2
https://www.reddit.com/r/netsec/comments/1kz0nci/finding_ssrfs_in_azure_devops_part_2/
A detailed guide to Stealth syscall and EDR Bypass
https://www.reddit.com/r/netsec/comments/1kz06v8/a_detailed_guide_to_stealth_syscall_and_edr_bypass/
Why Take9 Won’t Improve Cybersecurity
https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html
Exploits and vulnerabilities in Q1 2025
https://securelist.com/vulnerabilities-and-exploits-in-q1-2025/116624/
B-XAIC Dataset: Benchmarking Explainable AI for Graph Neural Networks Using Chemical Data
https://arxiv.org/abs/2505.22252
TensorShield: Safeguarding On-Device Inference by Shielding Critical DNN Tensors with TEE
https://arxiv.org/abs/2505.22843
Azure Arc - C2aaS
https://www.reddit.com/r/netsec/comments/1kzfqty/azure_arc_c2aas/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
PortSwigger Honored with the King's Award for Enterprise in International Trade
https://portswigger.net/blog/portswigger-honored-with-the-kings-award-for-enterprise-in-international-trade
Finding SSRFs in Azure DevOps - Part 2
https://www.reddit.com/r/netsec/comments/1kz0nci/finding_ssrfs_in_azure_devops_part_2/
A detailed guide to Stealth syscall and EDR Bypass
https://www.reddit.com/r/netsec/comments/1kz06v8/a_detailed_guide_to_stealth_syscall_and_edr_bypass/
Why Take9 Won’t Improve Cybersecurity
https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html
Exploits and vulnerabilities in Q1 2025
https://securelist.com/vulnerabilities-and-exploits-in-q1-2025/116624/
B-XAIC Dataset: Benchmarking Explainable AI for Graph Neural Networks Using Chemical Data
https://arxiv.org/abs/2505.22252
TensorShield: Safeguarding On-Device Inference by Shielding Critical DNN Tensors with TEE
https://arxiv.org/abs/2505.22843
Azure Arc - C2aaS
https://www.reddit.com/r/netsec/comments/1kzfqty/azure_arc_c2aas/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
PortSwigger Blog
PortSwigger Honored with the King's Award for Enterprise in International Trade
We’re proud to announce that PortSwigger has been awarded the prestigious King’s Award for Enterprise in the category of International Trade - a recognition that reflects our sustained international s
Top Security News for Today
Wireless Pivots: How Trusted Networks Become Invisible Threat Vectors
https://www.reddit.com/r/netsec/comments/1kzttw0/wireless_pivots_how_trusted_networks_become/
Experimenting with USB-Based Attacks: Can a Standard USB Become a Bad USB? (Write-up)
https://www.reddit.com/r/netsec/comments/1l02exx/experimenting_with_usbbased_attacks_can_a/
Beyond HTTP: InterceptSuite for TCP/TLS Traffic Interception in Windows
https://www.reddit.com/r/netsec/comments/1l02jra/beyond_http_interceptsuite_for_tcptls_traffic/
Thought netsec people might enjoy this read - the ultimate guide to different types of wireless signals and what they are used for.
https://www.reddit.com/r/netsec/comments/1l06tm8/thought_netsec_people_might_enjoy_this_read_the/
Reverse Engineer Android Apps for API Key
https://www.reddit.com/r/netsec/comments/1l09vab/reverse_engineer_android_apps_for_api_key/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Wireless Pivots: How Trusted Networks Become Invisible Threat Vectors
https://www.reddit.com/r/netsec/comments/1kzttw0/wireless_pivots_how_trusted_networks_become/
Experimenting with USB-Based Attacks: Can a Standard USB Become a Bad USB? (Write-up)
https://www.reddit.com/r/netsec/comments/1l02exx/experimenting_with_usbbased_attacks_can_a/
Beyond HTTP: InterceptSuite for TCP/TLS Traffic Interception in Windows
https://www.reddit.com/r/netsec/comments/1l02jra/beyond_http_interceptsuite_for_tcptls_traffic/
Thought netsec people might enjoy this read - the ultimate guide to different types of wireless signals and what they are used for.
https://www.reddit.com/r/netsec/comments/1l06tm8/thought_netsec_people_might_enjoy_this_read_the/
Reverse Engineer Android Apps for API Key
https://www.reddit.com/r/netsec/comments/1l09vab/reverse_engineer_android_apps_for_api_key/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Wireless Pivots: How Trusted Networks Become Invisible Threat Vectors
Posted by thexerocouk - 1 vote and 0 comments
Top Security News for Today
Canada, Australia or Netherlands
https://www.reddit.com/r/netsec/comments/1l0lssn/canada_australia_or_netherlands/
r/netsec monthly discussion & tool thread
https://www.reddit.com/r/netsec/comments/1l0ozt4/rnetsec_monthly_discussion_tool_thread/
Certification roadmap please
https://www.reddit.com/r/netsec/comments/1l1bsrz/certification_roadmap_please/
Is Continuous Deployment Too Risky? Security Concerns and Mitigations
https://www.tripwire.com/state-of-security/continuous-deployment-too-risky-security-concerns-and-mitigations
The Evolution of Phishing Attacks: Why Traditional Detection Methods Are Failing
https://www.tripwire.com/state-of-security/evolution-phishing-attacks-why-traditional-detection-methods-are-failing
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Canada, Australia or Netherlands
https://www.reddit.com/r/netsec/comments/1l0lssn/canada_australia_or_netherlands/
r/netsec monthly discussion & tool thread
https://www.reddit.com/r/netsec/comments/1l0ozt4/rnetsec_monthly_discussion_tool_thread/
Certification roadmap please
https://www.reddit.com/r/netsec/comments/1l1bsrz/certification_roadmap_please/
Is Continuous Deployment Too Risky? Security Concerns and Mitigations
https://www.tripwire.com/state-of-security/continuous-deployment-too-risky-security-concerns-and-mitigations
The Evolution of Phishing Attacks: Why Traditional Detection Methods Are Failing
https://www.tripwire.com/state-of-security/evolution-phishing-attacks-why-traditional-detection-methods-are-failing
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Canada, Australia or Netherlands
Posted by ash347799 - 1 vote and 1 comment
Top Security News for Today
Certification Roadmap Please
https://www.reddit.com/r/netsec/comments/1l1bsrz/certification_roadmap_please/
Australia Requires Ransomware Victims to Declare Payments
https://www.schneier.com/blog/archives/2025/06/australia-requires-ransomware-victims-to-declare-payments.html
Vulnerabilities Found in Preinstalled Apps on Android Smartphones Could Perform Factory Reset of Device, Exfiltrate PIN Code or Inject an Arbitrary Intent with System-Level Privileges
https://www.reddit.com/r/netsec/comments/1l1fh52/vulnerabilities_found_in_preinstalled_apps_on/
Seeking Insights from Network Security Leaders at Large Companies on Vendor Selection and Challenges
https://www.reddit.com/r/netsec/comments/1l1io63/seeking_insights_from_network_security_leaders_at/
2nd June – Threat Intelligence Report
https://research.checkpoint.com/2025/2nd-june-threat-intelligence-report/
Announcing a New Strategic Collaboration to Bring Clarity to Threat Actor Naming
https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Certification Roadmap Please
https://www.reddit.com/r/netsec/comments/1l1bsrz/certification_roadmap_please/
Australia Requires Ransomware Victims to Declare Payments
https://www.schneier.com/blog/archives/2025/06/australia-requires-ransomware-victims-to-declare-payments.html
Vulnerabilities Found in Preinstalled Apps on Android Smartphones Could Perform Factory Reset of Device, Exfiltrate PIN Code or Inject an Arbitrary Intent with System-Level Privileges
https://www.reddit.com/r/netsec/comments/1l1fh52/vulnerabilities_found_in_preinstalled_apps_on/
Seeking Insights from Network Security Leaders at Large Companies on Vendor Selection and Challenges
https://www.reddit.com/r/netsec/comments/1l1io63/seeking_insights_from_network_security_leaders_at/
2nd June – Threat Intelligence Report
https://research.checkpoint.com/2025/2nd-june-threat-intelligence-report/
Announcing a New Strategic Collaboration to Bring Clarity to Threat Actor Naming
https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Certification roadmap please
Explore this post and more from the netsec community
Top Security News for Today
Host-based logs, container-based threats: How to tell where an attack began
https://securelist.com/host-based-logs-container-based-threats/116643/
New Linux Vulnerabilities
https://www.schneier.com/blog/archives/2025/06/new-linux-vulnerabilities.html
How to build a high-performance network fuzzer with LibAFL and libdesock
https://www.reddit.com/r/netsec/comments/1l29uvp/how_to_build_a_highperformance_network_fuzzer/
Bypassing tamper protection and getting root shell access on a Worldline Yomani XR credit card terminal
https://www.reddit.com/r/netsec/comments/1l2ef65/bypassing_tamper_protection_and_getting_root/
How Microsoft Defender for Endpoint is redefining endpoint security
https://www.microsoft.com/en-us/security/blog/2025/06/03/how-microsoft-defender-for-endpoint-is-redefining-endpoint-security/
OSSEC – Open Source Host-Based Intrusion Detection for Linux, Windows and Unix Systems
https://www.darknet.org.uk/2025/06/ossec-open-source-host-based-intrusion-detection-for-linux-windows-and-unix-systems/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Host-based logs, container-based threats: How to tell where an attack began
https://securelist.com/host-based-logs-container-based-threats/116643/
New Linux Vulnerabilities
https://www.schneier.com/blog/archives/2025/06/new-linux-vulnerabilities.html
How to build a high-performance network fuzzer with LibAFL and libdesock
https://www.reddit.com/r/netsec/comments/1l29uvp/how_to_build_a_highperformance_network_fuzzer/
Bypassing tamper protection and getting root shell access on a Worldline Yomani XR credit card terminal
https://www.reddit.com/r/netsec/comments/1l2ef65/bypassing_tamper_protection_and_getting_root/
How Microsoft Defender for Endpoint is redefining endpoint security
https://www.microsoft.com/en-us/security/blog/2025/06/03/how-microsoft-defender-for-endpoint-is-redefining-endpoint-security/
OSSEC – Open Source Host-Based Intrusion Detection for Linux, Windows and Unix Systems
https://www.darknet.org.uk/2025/06/ossec-open-source-host-based-intrusion-detection-for-linux-windows-and-unix-systems/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
How to find container-based threats in host-based logs
Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility.
Top Security News for Today
The Ramifications of Ukraine’s Drone Attack
https://www.schneier.com/blog/archives/2025/06/the-ramifications-of-ukraines-drone-attack.html
So you want to rapidly run a BOF? Let's look at this 'cli4bofs' thing then
https://www.reddit.com/r/netsec/comments/1l33fxt/so_you_want_to_rapidly_run_a_bof_lets_look_at/
The Ultimate Guide to Windows Coercion Techniques in 2025
https://www.reddit.com/r/netsec/comments/1l3079i/the_ultimate_guide_to_windows_coercion_techniques/
Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities
https://www.reddit.com/r/netsec/comments/1l39v5s/multiple_cves_in_infoblox_netmri_rce_auth_bypass/
2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation
https://bishopfox.com/blog/2025-red-team-tools-c2-frameworks-active-directory-network-exploitation
Detailed research for Roundcube ≤ 1.6.10 Post-Auth RCE is out
https://www.reddit.com/r/netsec/comments/1l3o04q/detailed_research_for_roundcube_1610_postauth_rce/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Ramifications of Ukraine’s Drone Attack
https://www.schneier.com/blog/archives/2025/06/the-ramifications-of-ukraines-drone-attack.html
So you want to rapidly run a BOF? Let's look at this 'cli4bofs' thing then
https://www.reddit.com/r/netsec/comments/1l33fxt/so_you_want_to_rapidly_run_a_bof_lets_look_at/
The Ultimate Guide to Windows Coercion Techniques in 2025
https://www.reddit.com/r/netsec/comments/1l3079i/the_ultimate_guide_to_windows_coercion_techniques/
Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities
https://www.reddit.com/r/netsec/comments/1l39v5s/multiple_cves_in_infoblox_netmri_rce_auth_bypass/
2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation
https://bishopfox.com/blog/2025-red-team-tools-c2-frameworks-active-directory-network-exploitation
Detailed research for Roundcube ≤ 1.6.10 Post-Auth RCE is out
https://www.reddit.com/r/netsec/comments/1l3o04q/detailed_research_for_roundcube_1610_postauth_rce/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
The Ramifications of Ukraine's Drone Attack - Schneier on Security
You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare: If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing…
Top Security News for Today
IT threat evolution in Q1 2025. Non-mobile statistics
https://securelist.com/malware-report-q1-2025-pc-iot-statistics/116686/
IT threat evolution in Q1 2025. Mobile statistics
https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
Analysis of Spyware That Helped to Compromise a Syrian Army from Within
https://www.reddit.com/r/netsec/comments/1l3trgn/analysis_of_spyware_that_helped_to_compromise_a/
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3
https://www.microsoft.com/en-us/security/blog/2025/06/05/meet-the-deputy-cisos-who-help-shape-microsofts-approach-to-cybersecurity-part-3/
Tnok - Next Generation Port Security
https://www.reddit.com/r/netsec/comments/1l466co/tnok_next_generation_port_security/
Vulnerabilities in Anthropic’s MCP: Full-Schema Poisoning + Secret-Leaking Tool Attacks (PoC Inside)
https://www.reddit.com/r/netsec/comments/1l43aqc/vulnerabilities_in_anthropics_mcp_fullschema/
Proxy Services Feast on Ukraine’s IP Address Exodus
https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/
DroidGround: Elevate your Android CTF Challenges
https://www.reddit.com/r/netsec/comments/1l4am2x/droidground_elevate_your_android_ctf_challenges/
Cards Are Still the Weakest Link
https://www.reddit.com/r/netsec/comments/1l4brpy/cards_are_still_the_weakest_link/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
IT threat evolution in Q1 2025. Non-mobile statistics
https://securelist.com/malware-report-q1-2025-pc-iot-statistics/116686/
IT threat evolution in Q1 2025. Mobile statistics
https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
Analysis of Spyware That Helped to Compromise a Syrian Army from Within
https://www.reddit.com/r/netsec/comments/1l3trgn/analysis_of_spyware_that_helped_to_compromise_a/
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3
https://www.microsoft.com/en-us/security/blog/2025/06/05/meet-the-deputy-cisos-who-help-shape-microsofts-approach-to-cybersecurity-part-3/
Tnok - Next Generation Port Security
https://www.reddit.com/r/netsec/comments/1l466co/tnok_next_generation_port_security/
Vulnerabilities in Anthropic’s MCP: Full-Schema Poisoning + Secret-Leaking Tool Attacks (PoC Inside)
https://www.reddit.com/r/netsec/comments/1l43aqc/vulnerabilities_in_anthropics_mcp_fullschema/
Proxy Services Feast on Ukraine’s IP Address Exodus
https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/
DroidGround: Elevate your Android CTF Challenges
https://www.reddit.com/r/netsec/comments/1l4am2x/droidground_elevate_your_android_ctf_challenges/
Cards Are Still the Weakest Link
https://www.reddit.com/r/netsec/comments/1l4brpy/cards_are_still_the_weakest_link/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Desktop and IoT threat statistics for Q1 2025
The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q1 2025.
Top Security News for Today
Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
https://securelist.com/mirai-botnet-variant-targets-dvr-devices-with-cve-2024-3721/116742/
US Offers $10 Million Reward for Tips About State-Linked RedLine Cybercriminals
https://www.tripwire.com/state-of-security/us-offers-10-million-reward-tips-about-state-linked-redline-cybercriminals
NEOM McLaren Formula E Team & Trend Micro Innovation History
https://www.trendmicro.com/en_us/research/25/f/neom-mclaren-innovation-history.html
Report on the Malicious Uses of AI
https://www.schneier.com/blog/archives/2025/06/report-on-the-malicious-uses-of-ai.html
Hearing on the Federal Government and AI
https://www.schneier.com/blog/archives/2025/06/hearing_on_the_federal_government_and_ai.html
Hello, won't you tell me your name?: Investigating Anonymity Abuse in IPFS
https://arxiv.org/abs/2506.04307
Learning to Diagnose Privately: DP-Powered LLMs for Radiology Report Classification
https://arxiv.org/abs/2506.04556
Possible Malware in Official MicroDicom Installer (PDF + Hashes + Scan Results Included)
https://www.reddit.com/r/netsec/comments/1l52z1k/possible_malware_in_official_microdicom_installer/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
https://securelist.com/mirai-botnet-variant-targets-dvr-devices-with-cve-2024-3721/116742/
US Offers $10 Million Reward for Tips About State-Linked RedLine Cybercriminals
https://www.tripwire.com/state-of-security/us-offers-10-million-reward-tips-about-state-linked-redline-cybercriminals
NEOM McLaren Formula E Team & Trend Micro Innovation History
https://www.trendmicro.com/en_us/research/25/f/neom-mclaren-innovation-history.html
Report on the Malicious Uses of AI
https://www.schneier.com/blog/archives/2025/06/report-on-the-malicious-uses-of-ai.html
Hearing on the Federal Government and AI
https://www.schneier.com/blog/archives/2025/06/hearing_on_the_federal_government_and_ai.html
Hello, won't you tell me your name?: Investigating Anonymity Abuse in IPFS
https://arxiv.org/abs/2506.04307
Learning to Diagnose Privately: DP-Powered LLMs for Radiology Report Classification
https://arxiv.org/abs/2506.04556
Possible Malware in Official MicroDicom Installer (PDF + Hashes + Scan Results Included)
https://www.reddit.com/r/netsec/comments/1l52z1k/possible_malware_in_official_microdicom_installer/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
New Mirai botnet campaign targets DVR devices
Kaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721.
Top Security News for Today
A masochist’s guide to web development
https://www.reddit.com/r/lowlevel/comments/1l5gsf4/a_masochists_guide_to_web_development/
Weaponizing Dependabot – Exploiting GitHub Automation for Supply Chain Attacks
https://www.darknet.org.uk/2025/06/weaponizing-dependabot-exploiting-github-automation-for-supply-chain-attacks/
Riding The Time Machine: Journey Through An Old vBulletin PHP Object Injection
https://www.reddit.com/r/netsec/comments/1l5lj9b/riding_the_time_machine_journey_through_an_old/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
A masochist’s guide to web development
https://www.reddit.com/r/lowlevel/comments/1l5gsf4/a_masochists_guide_to_web_development/
Weaponizing Dependabot – Exploiting GitHub Automation for Supply Chain Attacks
https://www.darknet.org.uk/2025/06/weaponizing-dependabot-exploiting-github-automation-for-supply-chain-attacks/
Riding The Time Machine: Journey Through An Old vBulletin PHP Object Injection
https://www.reddit.com/r/netsec/comments/1l5lj9b/riding_the_time_machine_journey_through_an_old/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: A masochist’s guide to web development
Posted by FoxInTheRedBox - 2 votes and 0 comments
Top Security News for Today
ProxyBlob – SOCKS5 Over Azure Blob Storage for Covert Network Tunneling
https://www.darknet.org.uk/2025/06/proxyblob-socks5-over-azure-blob-storage-for-covert-network-tunneling/
LLM App Security: Risk & Prevent for GenAI Development
https://www.reddit.com/r/netsec/comments/1l40ufu/llm_app_security_risk_prevent_for_genai/
HMAS Canberra accidentally blocks wireless internet and radio services in New Zealand
https://www.reddit.com/r/netsec/comments/1l6pdv7/hmas_canberra_accidentally_blocks_wireless/
Monkey365 – PowerShell Security Scanner for Microsoft 365, Azure, and Entra ID
https://www.darknet.org.uk/2025/06/monkey365-powershell-security-scanner-for-microsoft-365-azure-and-entra-id/
9th June – Threat Intelligence Report
https://research.checkpoint.com/2025/9th-june-threat-intelligence-report/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
ProxyBlob – SOCKS5 Over Azure Blob Storage for Covert Network Tunneling
https://www.darknet.org.uk/2025/06/proxyblob-socks5-over-azure-blob-storage-for-covert-network-tunneling/
LLM App Security: Risk & Prevent for GenAI Development
https://www.reddit.com/r/netsec/comments/1l40ufu/llm_app_security_risk_prevent_for_genai/
HMAS Canberra accidentally blocks wireless internet and radio services in New Zealand
https://www.reddit.com/r/netsec/comments/1l6pdv7/hmas_canberra_accidentally_blocks_wireless/
Monkey365 – PowerShell Security Scanner for Microsoft 365, Azure, and Entra ID
https://www.darknet.org.uk/2025/06/monkey365-powershell-security-scanner-for-microsoft-365-azure-and-entra-id/
9th June – Threat Intelligence Report
https://research.checkpoint.com/2025/9th-june-threat-intelligence-report/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
Expanding on ADHICS v2.0: A Closer Look at Healthcare Cybersecurity in the UAE
https://www.tripwire.com/state-of-security/expanding-adhics-v20-closer-look-healthcare-cybersecurity-uae
Sleep with one eye open: how Librarian Ghouls steal data by night
https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/
HMAS Canberra accidentally blocks wireless internet and radio services in New Zealand
https://www.reddit.com/r/netsec/comments/1l6pdv7/hmas_canberra_accidentally_blocks_wireless/
New Way to Track Covertly Android Users
https://www.schneier.com/blog/archives/2025/06/new-way-to-track-covertly-android-users.html
Preventing Prompt Injection Attacks at Scale
https://www.reddit.com/r/netsec/comments/1l79xay/preventing_prompt_injection_attacks_at_scale/
A bit more on Twitter/X’s new encrypted messaging
https://www.reddit.com/r/netsec/comments/1l7cgwa/a_bit_more_on_twitterxs_new_encrypted_messaging/
Bruteforcing the phone number of any Google user
https://www.reddit.com/r/netsec/comments/1l7e972/bruteforcing_the_phone_number_of_any_google_user/
How Google’s Wiz Acquisition Impacts CNAPP
https://www.trendmicro.com/en_us/research/25/f/google-wiz-acquisition-cnapp.html
Mexico’s Digital Growth Comes with Cybersecurity Challenges
https://www.tripwire.com/state-of-security/mexicos-digital-growth-comes-cybersecurity-challenges
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Expanding on ADHICS v2.0: A Closer Look at Healthcare Cybersecurity in the UAE
https://www.tripwire.com/state-of-security/expanding-adhics-v20-closer-look-healthcare-cybersecurity-uae
Sleep with one eye open: how Librarian Ghouls steal data by night
https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/
HMAS Canberra accidentally blocks wireless internet and radio services in New Zealand
https://www.reddit.com/r/netsec/comments/1l6pdv7/hmas_canberra_accidentally_blocks_wireless/
New Way to Track Covertly Android Users
https://www.schneier.com/blog/archives/2025/06/new-way-to-track-covertly-android-users.html
Preventing Prompt Injection Attacks at Scale
https://www.reddit.com/r/netsec/comments/1l79xay/preventing_prompt_injection_attacks_at_scale/
A bit more on Twitter/X’s new encrypted messaging
https://www.reddit.com/r/netsec/comments/1l7cgwa/a_bit_more_on_twitterxs_new_encrypted_messaging/
Bruteforcing the phone number of any Google user
https://www.reddit.com/r/netsec/comments/1l7e972/bruteforcing_the_phone_number_of_any_google_user/
How Google’s Wiz Acquisition Impacts CNAPP
https://www.trendmicro.com/en_us/research/25/f/google-wiz-acquisition-cnapp.html
Mexico’s Digital Growth Comes with Cybersecurity Challenges
https://www.tripwire.com/state-of-security/mexicos-digital-growth-comes-cybersecurity-challenges
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Expanding on ADHICS v2.0: A Closer Look at Healthcare Cybersecurity in the UAE
Explore ADHICS v2.0 and how it strengthens UAE healthcare cybersecurity with six pillars for resilience, compliance, and innovation.
Top Security News for Today
Why Open Source ≠ Secure Code
https://www.reddit.com/r/netsec/comments/1l7usj1/why_open_source_secure_code/
New ISPConfig Authenticated Remote Code Execution Vulnerability
https://www.reddit.com/r/netsec/comments/1l7vrmd/new_ispconfig_authenticated_remote_code_execution/
CVE-2025-47934 - Spoofing OpenPGP.js signature verification
https://www.reddit.com/r/netsec/comments/1l7z99n/cve202547934_spoofing_openpgpjs_signature/
Feedback - new secure doc sharing platform GetSafeDocs.com
https://www.reddit.com/r/netsec/comments/1l83dmz/feedback_new_secure_doc_sharing_platform/
Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage
https://research.checkpoint.com/2025/stealth-falcon-zero-day/
Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/06/10/microsoft-and-adobe-patch-tuesday-june-2025-security-update-review
Patch Tuesday, June 2025 Edition
https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/
Argusee and Agentic AI in Cybersecurity
https://www.darknet.org.uk/2025/06/argusee-and-agentic-ai-in-cybersecurity/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Why Open Source ≠ Secure Code
https://www.reddit.com/r/netsec/comments/1l7usj1/why_open_source_secure_code/
New ISPConfig Authenticated Remote Code Execution Vulnerability
https://www.reddit.com/r/netsec/comments/1l7vrmd/new_ispconfig_authenticated_remote_code_execution/
CVE-2025-47934 - Spoofing OpenPGP.js signature verification
https://www.reddit.com/r/netsec/comments/1l7z99n/cve202547934_spoofing_openpgpjs_signature/
Feedback - new secure doc sharing platform GetSafeDocs.com
https://www.reddit.com/r/netsec/comments/1l83dmz/feedback_new_secure_doc_sharing_platform/
Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage
https://research.checkpoint.com/2025/stealth-falcon-zero-day/
Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/06/10/microsoft-and-adobe-patch-tuesday-june-2025-security-update-review
Patch Tuesday, June 2025 Edition
https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/
Argusee and Agentic AI in Cybersecurity
https://www.darknet.org.uk/2025/06/argusee-and-agentic-ai-in-cybersecurity/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Why Open Source ≠ Secure Code
Posted by kobsoN - 0 votes and 8 comments