Top Security News for Today
The Ramifications of Ukraine’s Drone Attack
https://www.schneier.com/blog/archives/2025/06/the-ramifications-of-ukraines-drone-attack.html
So you want to rapidly run a BOF? Let's look at this 'cli4bofs' thing then
https://www.reddit.com/r/netsec/comments/1l33fxt/so_you_want_to_rapidly_run_a_bof_lets_look_at/
The Ultimate Guide to Windows Coercion Techniques in 2025
https://www.reddit.com/r/netsec/comments/1l3079i/the_ultimate_guide_to_windows_coercion_techniques/
Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities
https://www.reddit.com/r/netsec/comments/1l39v5s/multiple_cves_in_infoblox_netmri_rce_auth_bypass/
2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation
https://bishopfox.com/blog/2025-red-team-tools-c2-frameworks-active-directory-network-exploitation
Detailed research for Roundcube ≤ 1.6.10 Post-Auth RCE is out
https://www.reddit.com/r/netsec/comments/1l3o04q/detailed_research_for_roundcube_1610_postauth_rce/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Ramifications of Ukraine’s Drone Attack
https://www.schneier.com/blog/archives/2025/06/the-ramifications-of-ukraines-drone-attack.html
So you want to rapidly run a BOF? Let's look at this 'cli4bofs' thing then
https://www.reddit.com/r/netsec/comments/1l33fxt/so_you_want_to_rapidly_run_a_bof_lets_look_at/
The Ultimate Guide to Windows Coercion Techniques in 2025
https://www.reddit.com/r/netsec/comments/1l3079i/the_ultimate_guide_to_windows_coercion_techniques/
Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities
https://www.reddit.com/r/netsec/comments/1l39v5s/multiple_cves_in_infoblox_netmri_rce_auth_bypass/
2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation
https://bishopfox.com/blog/2025-red-team-tools-c2-frameworks-active-directory-network-exploitation
Detailed research for Roundcube ≤ 1.6.10 Post-Auth RCE is out
https://www.reddit.com/r/netsec/comments/1l3o04q/detailed_research_for_roundcube_1610_postauth_rce/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
The Ramifications of Ukraine's Drone Attack - Schneier on Security
You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare: If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing…
Top Security News for Today
IT threat evolution in Q1 2025. Non-mobile statistics
https://securelist.com/malware-report-q1-2025-pc-iot-statistics/116686/
IT threat evolution in Q1 2025. Mobile statistics
https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
Analysis of Spyware That Helped to Compromise a Syrian Army from Within
https://www.reddit.com/r/netsec/comments/1l3trgn/analysis_of_spyware_that_helped_to_compromise_a/
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3
https://www.microsoft.com/en-us/security/blog/2025/06/05/meet-the-deputy-cisos-who-help-shape-microsofts-approach-to-cybersecurity-part-3/
Tnok - Next Generation Port Security
https://www.reddit.com/r/netsec/comments/1l466co/tnok_next_generation_port_security/
Vulnerabilities in Anthropic’s MCP: Full-Schema Poisoning + Secret-Leaking Tool Attacks (PoC Inside)
https://www.reddit.com/r/netsec/comments/1l43aqc/vulnerabilities_in_anthropics_mcp_fullschema/
Proxy Services Feast on Ukraine’s IP Address Exodus
https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/
DroidGround: Elevate your Android CTF Challenges
https://www.reddit.com/r/netsec/comments/1l4am2x/droidground_elevate_your_android_ctf_challenges/
Cards Are Still the Weakest Link
https://www.reddit.com/r/netsec/comments/1l4brpy/cards_are_still_the_weakest_link/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
IT threat evolution in Q1 2025. Non-mobile statistics
https://securelist.com/malware-report-q1-2025-pc-iot-statistics/116686/
IT threat evolution in Q1 2025. Mobile statistics
https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
Analysis of Spyware That Helped to Compromise a Syrian Army from Within
https://www.reddit.com/r/netsec/comments/1l3trgn/analysis_of_spyware_that_helped_to_compromise_a/
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3
https://www.microsoft.com/en-us/security/blog/2025/06/05/meet-the-deputy-cisos-who-help-shape-microsofts-approach-to-cybersecurity-part-3/
Tnok - Next Generation Port Security
https://www.reddit.com/r/netsec/comments/1l466co/tnok_next_generation_port_security/
Vulnerabilities in Anthropic’s MCP: Full-Schema Poisoning + Secret-Leaking Tool Attacks (PoC Inside)
https://www.reddit.com/r/netsec/comments/1l43aqc/vulnerabilities_in_anthropics_mcp_fullschema/
Proxy Services Feast on Ukraine’s IP Address Exodus
https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/
DroidGround: Elevate your Android CTF Challenges
https://www.reddit.com/r/netsec/comments/1l4am2x/droidground_elevate_your_android_ctf_challenges/
Cards Are Still the Weakest Link
https://www.reddit.com/r/netsec/comments/1l4brpy/cards_are_still_the_weakest_link/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Desktop and IoT threat statistics for Q1 2025
The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q1 2025.
Top Security News for Today
Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
https://securelist.com/mirai-botnet-variant-targets-dvr-devices-with-cve-2024-3721/116742/
US Offers $10 Million Reward for Tips About State-Linked RedLine Cybercriminals
https://www.tripwire.com/state-of-security/us-offers-10-million-reward-tips-about-state-linked-redline-cybercriminals
NEOM McLaren Formula E Team & Trend Micro Innovation History
https://www.trendmicro.com/en_us/research/25/f/neom-mclaren-innovation-history.html
Report on the Malicious Uses of AI
https://www.schneier.com/blog/archives/2025/06/report-on-the-malicious-uses-of-ai.html
Hearing on the Federal Government and AI
https://www.schneier.com/blog/archives/2025/06/hearing_on_the_federal_government_and_ai.html
Hello, won't you tell me your name?: Investigating Anonymity Abuse in IPFS
https://arxiv.org/abs/2506.04307
Learning to Diagnose Privately: DP-Powered LLMs for Radiology Report Classification
https://arxiv.org/abs/2506.04556
Possible Malware in Official MicroDicom Installer (PDF + Hashes + Scan Results Included)
https://www.reddit.com/r/netsec/comments/1l52z1k/possible_malware_in_official_microdicom_installer/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
https://securelist.com/mirai-botnet-variant-targets-dvr-devices-with-cve-2024-3721/116742/
US Offers $10 Million Reward for Tips About State-Linked RedLine Cybercriminals
https://www.tripwire.com/state-of-security/us-offers-10-million-reward-tips-about-state-linked-redline-cybercriminals
NEOM McLaren Formula E Team & Trend Micro Innovation History
https://www.trendmicro.com/en_us/research/25/f/neom-mclaren-innovation-history.html
Report on the Malicious Uses of AI
https://www.schneier.com/blog/archives/2025/06/report-on-the-malicious-uses-of-ai.html
Hearing on the Federal Government and AI
https://www.schneier.com/blog/archives/2025/06/hearing_on_the_federal_government_and_ai.html
Hello, won't you tell me your name?: Investigating Anonymity Abuse in IPFS
https://arxiv.org/abs/2506.04307
Learning to Diagnose Privately: DP-Powered LLMs for Radiology Report Classification
https://arxiv.org/abs/2506.04556
Possible Malware in Official MicroDicom Installer (PDF + Hashes + Scan Results Included)
https://www.reddit.com/r/netsec/comments/1l52z1k/possible_malware_in_official_microdicom_installer/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
New Mirai botnet campaign targets DVR devices
Kaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721.
Top Security News for Today
A masochist’s guide to web development
https://www.reddit.com/r/lowlevel/comments/1l5gsf4/a_masochists_guide_to_web_development/
Weaponizing Dependabot – Exploiting GitHub Automation for Supply Chain Attacks
https://www.darknet.org.uk/2025/06/weaponizing-dependabot-exploiting-github-automation-for-supply-chain-attacks/
Riding The Time Machine: Journey Through An Old vBulletin PHP Object Injection
https://www.reddit.com/r/netsec/comments/1l5lj9b/riding_the_time_machine_journey_through_an_old/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
A masochist’s guide to web development
https://www.reddit.com/r/lowlevel/comments/1l5gsf4/a_masochists_guide_to_web_development/
Weaponizing Dependabot – Exploiting GitHub Automation for Supply Chain Attacks
https://www.darknet.org.uk/2025/06/weaponizing-dependabot-exploiting-github-automation-for-supply-chain-attacks/
Riding The Time Machine: Journey Through An Old vBulletin PHP Object Injection
https://www.reddit.com/r/netsec/comments/1l5lj9b/riding_the_time_machine_journey_through_an_old/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: A masochist’s guide to web development
Posted by FoxInTheRedBox - 2 votes and 0 comments
Top Security News for Today
ProxyBlob – SOCKS5 Over Azure Blob Storage for Covert Network Tunneling
https://www.darknet.org.uk/2025/06/proxyblob-socks5-over-azure-blob-storage-for-covert-network-tunneling/
LLM App Security: Risk & Prevent for GenAI Development
https://www.reddit.com/r/netsec/comments/1l40ufu/llm_app_security_risk_prevent_for_genai/
HMAS Canberra accidentally blocks wireless internet and radio services in New Zealand
https://www.reddit.com/r/netsec/comments/1l6pdv7/hmas_canberra_accidentally_blocks_wireless/
Monkey365 – PowerShell Security Scanner for Microsoft 365, Azure, and Entra ID
https://www.darknet.org.uk/2025/06/monkey365-powershell-security-scanner-for-microsoft-365-azure-and-entra-id/
9th June – Threat Intelligence Report
https://research.checkpoint.com/2025/9th-june-threat-intelligence-report/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
ProxyBlob – SOCKS5 Over Azure Blob Storage for Covert Network Tunneling
https://www.darknet.org.uk/2025/06/proxyblob-socks5-over-azure-blob-storage-for-covert-network-tunneling/
LLM App Security: Risk & Prevent for GenAI Development
https://www.reddit.com/r/netsec/comments/1l40ufu/llm_app_security_risk_prevent_for_genai/
HMAS Canberra accidentally blocks wireless internet and radio services in New Zealand
https://www.reddit.com/r/netsec/comments/1l6pdv7/hmas_canberra_accidentally_blocks_wireless/
Monkey365 – PowerShell Security Scanner for Microsoft 365, Azure, and Entra ID
https://www.darknet.org.uk/2025/06/monkey365-powershell-security-scanner-for-microsoft-365-azure-and-entra-id/
9th June – Threat Intelligence Report
https://research.checkpoint.com/2025/9th-june-threat-intelligence-report/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
Expanding on ADHICS v2.0: A Closer Look at Healthcare Cybersecurity in the UAE
https://www.tripwire.com/state-of-security/expanding-adhics-v20-closer-look-healthcare-cybersecurity-uae
Sleep with one eye open: how Librarian Ghouls steal data by night
https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/
HMAS Canberra accidentally blocks wireless internet and radio services in New Zealand
https://www.reddit.com/r/netsec/comments/1l6pdv7/hmas_canberra_accidentally_blocks_wireless/
New Way to Track Covertly Android Users
https://www.schneier.com/blog/archives/2025/06/new-way-to-track-covertly-android-users.html
Preventing Prompt Injection Attacks at Scale
https://www.reddit.com/r/netsec/comments/1l79xay/preventing_prompt_injection_attacks_at_scale/
A bit more on Twitter/X’s new encrypted messaging
https://www.reddit.com/r/netsec/comments/1l7cgwa/a_bit_more_on_twitterxs_new_encrypted_messaging/
Bruteforcing the phone number of any Google user
https://www.reddit.com/r/netsec/comments/1l7e972/bruteforcing_the_phone_number_of_any_google_user/
How Google’s Wiz Acquisition Impacts CNAPP
https://www.trendmicro.com/en_us/research/25/f/google-wiz-acquisition-cnapp.html
Mexico’s Digital Growth Comes with Cybersecurity Challenges
https://www.tripwire.com/state-of-security/mexicos-digital-growth-comes-cybersecurity-challenges
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Expanding on ADHICS v2.0: A Closer Look at Healthcare Cybersecurity in the UAE
https://www.tripwire.com/state-of-security/expanding-adhics-v20-closer-look-healthcare-cybersecurity-uae
Sleep with one eye open: how Librarian Ghouls steal data by night
https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/
HMAS Canberra accidentally blocks wireless internet and radio services in New Zealand
https://www.reddit.com/r/netsec/comments/1l6pdv7/hmas_canberra_accidentally_blocks_wireless/
New Way to Track Covertly Android Users
https://www.schneier.com/blog/archives/2025/06/new-way-to-track-covertly-android-users.html
Preventing Prompt Injection Attacks at Scale
https://www.reddit.com/r/netsec/comments/1l79xay/preventing_prompt_injection_attacks_at_scale/
A bit more on Twitter/X’s new encrypted messaging
https://www.reddit.com/r/netsec/comments/1l7cgwa/a_bit_more_on_twitterxs_new_encrypted_messaging/
Bruteforcing the phone number of any Google user
https://www.reddit.com/r/netsec/comments/1l7e972/bruteforcing_the_phone_number_of_any_google_user/
How Google’s Wiz Acquisition Impacts CNAPP
https://www.trendmicro.com/en_us/research/25/f/google-wiz-acquisition-cnapp.html
Mexico’s Digital Growth Comes with Cybersecurity Challenges
https://www.tripwire.com/state-of-security/mexicos-digital-growth-comes-cybersecurity-challenges
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Expanding on ADHICS v2.0: A Closer Look at Healthcare Cybersecurity in the UAE
Explore ADHICS v2.0 and how it strengthens UAE healthcare cybersecurity with six pillars for resilience, compliance, and innovation.
Top Security News for Today
Why Open Source ≠ Secure Code
https://www.reddit.com/r/netsec/comments/1l7usj1/why_open_source_secure_code/
New ISPConfig Authenticated Remote Code Execution Vulnerability
https://www.reddit.com/r/netsec/comments/1l7vrmd/new_ispconfig_authenticated_remote_code_execution/
CVE-2025-47934 - Spoofing OpenPGP.js signature verification
https://www.reddit.com/r/netsec/comments/1l7z99n/cve202547934_spoofing_openpgpjs_signature/
Feedback - new secure doc sharing platform GetSafeDocs.com
https://www.reddit.com/r/netsec/comments/1l83dmz/feedback_new_secure_doc_sharing_platform/
Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage
https://research.checkpoint.com/2025/stealth-falcon-zero-day/
Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/06/10/microsoft-and-adobe-patch-tuesday-june-2025-security-update-review
Patch Tuesday, June 2025 Edition
https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/
Argusee and Agentic AI in Cybersecurity
https://www.darknet.org.uk/2025/06/argusee-and-agentic-ai-in-cybersecurity/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Why Open Source ≠ Secure Code
https://www.reddit.com/r/netsec/comments/1l7usj1/why_open_source_secure_code/
New ISPConfig Authenticated Remote Code Execution Vulnerability
https://www.reddit.com/r/netsec/comments/1l7vrmd/new_ispconfig_authenticated_remote_code_execution/
CVE-2025-47934 - Spoofing OpenPGP.js signature verification
https://www.reddit.com/r/netsec/comments/1l7z99n/cve202547934_spoofing_openpgpjs_signature/
Feedback - new secure doc sharing platform GetSafeDocs.com
https://www.reddit.com/r/netsec/comments/1l83dmz/feedback_new_secure_doc_sharing_platform/
Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage
https://research.checkpoint.com/2025/stealth-falcon-zero-day/
Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/06/10/microsoft-and-adobe-patch-tuesday-june-2025-security-update-review
Patch Tuesday, June 2025 Edition
https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/
Argusee and Agentic AI in Cybersecurity
https://www.darknet.org.uk/2025/06/argusee-and-agentic-ai-in-cybersecurity/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Why Open Source ≠ Secure Code
Posted by kobsoN - 0 votes and 8 comments
Top Security News for Today
Toxic trend: Another malware threat targets DeepSeek
https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728/
AI-Powered Attacks and Lack of Cyber Readiness. How Mexico Can Respond
https://www.tripwire.com/state-of-security/ai-powered-attacks-and-lack-cyber-readiness-how-mexico-can-respond
Enabling Secure AI Inference: Trend Cybertron Leverages NVIDIA Universal LLM NIM Microservices
https://www.trendmicro.com/en_us/research/25/f/cybertron-nvidia-universal-llm-nim-microservices.html
CVE-2025-33073: A Look in the Mirror - The Reflective Kerberos Relay Attack
https://www.reddit.com/r/netsec/comments/1l8n3r0/cve202533073_a_look_in_the_mirror_the_reflective/
Weaponized Google OAuth Triggers Malicious WebSocket
https://www.reddit.com/r/netsec/comments/1l8st38/weaponized_google_oauth_triggers_malicious/
Innovation in the Fast Lane: Lessons from Motorsport and Cybersecurity
https://www.trendmicro.com/en_us/research/25/f/motorsport-cybersecurity.html
Operation Secure: Trend Micro's Threat Intelligence Fuels INTERPOL's Infostealer Infrastructure Takedown
https://www.trendmicro.com/en_us/research/25/f/interpol-operation-secure.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Toxic trend: Another malware threat targets DeepSeek
https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728/
AI-Powered Attacks and Lack of Cyber Readiness. How Mexico Can Respond
https://www.tripwire.com/state-of-security/ai-powered-attacks-and-lack-cyber-readiness-how-mexico-can-respond
Enabling Secure AI Inference: Trend Cybertron Leverages NVIDIA Universal LLM NIM Microservices
https://www.trendmicro.com/en_us/research/25/f/cybertron-nvidia-universal-llm-nim-microservices.html
CVE-2025-33073: A Look in the Mirror - The Reflective Kerberos Relay Attack
https://www.reddit.com/r/netsec/comments/1l8n3r0/cve202533073_a_look_in_the_mirror_the_reflective/
Weaponized Google OAuth Triggers Malicious WebSocket
https://www.reddit.com/r/netsec/comments/1l8st38/weaponized_google_oauth_triggers_malicious/
Innovation in the Fast Lane: Lessons from Motorsport and Cybersecurity
https://www.trendmicro.com/en_us/research/25/f/motorsport-cybersecurity.html
Operation Secure: Trend Micro's Threat Intelligence Fuels INTERPOL's Infostealer Infrastructure Takedown
https://www.trendmicro.com/en_us/research/25/f/interpol-operation-secure.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
New BrowserVenom malware being distributed via fake DeepSeek phishing website
Kaspersky GReAT experts discovered a new malicious implant: BrowserVenom. It enables a proxy in browsers like Chrome and Mozilla and spreads through a DeepSeek-mimicking phishing website.
Top Security News for Today
Stryker - Android pentesting app with premium access is now free until 2050
https://www.reddit.com/r/netsec/comments/1l9iee8/stryker_android_pentesting_app_with_premium/
Meta is able to track its users via WebRTC on Android including private mode and behind VPN
https://www.reddit.com/r/netsec/comments/1l9kxjm/meta_is_able_to_track_its_users_via_webrtc_on/
From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery
https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/
An Open Source agent hacked Mercado Libre
https://www.reddit.com/r/netsec/comments/1l9n9oi/an_open_source_agent_hacked_mercado_libre/
Millions of Vulnerabilities: One Checklist to Kill The Noise
https://www.reddit.com/r/netsec/comments/1l9pblf/millions_of_vulnerabilities_one_checklist_to_kill/
Airlines Secretly Selling Passenger Data to the Government
https://www.schneier.com/blog/archives/2025/06/airlines-secretly-selling-passenger-data-to-the-government.html
Introducing: GitHub Device Code Phishing
https://www.reddit.com/r/netsec/comments/1l9qo58/introducing_github_device_code_phishing/
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Stryker - Android pentesting app with premium access is now free until 2050
https://www.reddit.com/r/netsec/comments/1l9iee8/stryker_android_pentesting_app_with_premium/
Meta is able to track its users via WebRTC on Android including private mode and behind VPN
https://www.reddit.com/r/netsec/comments/1l9kxjm/meta_is_able_to_track_its_users_via_webrtc_on/
From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery
https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/
An Open Source agent hacked Mercado Libre
https://www.reddit.com/r/netsec/comments/1l9n9oi/an_open_source_agent_hacked_mercado_libre/
Millions of Vulnerabilities: One Checklist to Kill The Noise
https://www.reddit.com/r/netsec/comments/1l9pblf/millions_of_vulnerabilities_one_checklist_to_kill/
Airlines Secretly Selling Passenger Data to the Government
https://www.schneier.com/blog/archives/2025/06/airlines-secretly-selling-passenger-data-to-the-government.html
Introducing: GitHub Device Code Phishing
https://www.reddit.com/r/netsec/comments/1l9qo58/introducing_github_device_code_phishing/
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Stryker - Android pentesting app with premium access is now free until 2050
Explore this post and more from the netsec community
Top Security News for Today
Paragon Spyware used to Spy on European Journalists
https://www.schneier.com/blog/archives/2025/06/paragon-spyware-used-to-spy-on-european-journalists.html
Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper
https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html
Envilder – Secure AWS SSM CLI for Environment Variable Management
https://www.darknet.org.uk/2025/06/envilder-secure-aws-ssm-cli-for-environment-variable-management/
IoTGeM: Generalizable Models for Behaviour-Based IoT Attack Detection
https://arxiv.org/abs/2401.01343
A Unified Framework to Enforce, Discover, and Promote Symmetry in Machine Learning
https://arxiv.org/abs/2311.00212
Two months of Burp AI: empowering security testers with the future of AppSec
https://portswigger.net/blog/two-months-of-burp-ai-empowering-security-testers-with-the-future-of-appsec
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Paragon Spyware used to Spy on European Journalists
https://www.schneier.com/blog/archives/2025/06/paragon-spyware-used-to-spy-on-european-journalists.html
Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper
https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html
Envilder – Secure AWS SSM CLI for Environment Variable Management
https://www.darknet.org.uk/2025/06/envilder-secure-aws-ssm-cli-for-environment-variable-management/
IoTGeM: Generalizable Models for Behaviour-Based IoT Attack Detection
https://arxiv.org/abs/2401.01343
A Unified Framework to Enforce, Discover, and Promote Symmetry in Machine Learning
https://arxiv.org/abs/2311.00212
Two months of Burp AI: empowering security testers with the future of AppSec
https://portswigger.net/blog/two-months-of-burp-ai-empowering-security-testers-with-the-future-of-appsec
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Paragon Spyware used to Spy on European Journalists - Schneier on Security
Paragon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of their product. Citizen Lab caught them spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025…
Top Security News for Today
Make Self-XSS Great Again
https://www.reddit.com/r/netsec/comments/1lb3wfp/make_selfxss_great_again/
GIMP Heap Overflow Re-Discovery and Exploitation (CVE-2025–6035)
https://www.reddit.com/r/netsec/comments/1lbcbap/gimp_heap_overflow_rediscovery_and_exploitation/
Upcoming Speaking Engagements
https://www.schneier.com/blog/archives/2025/06/upcoming-speaking-engagements-47.html
Input on using the ROT and network connection to hack voting and tabulating software and hardware.
https://www.reddit.com/r/netsec/comments/1lbs0a8/input_on_using_the_rot_and_network_connection_to/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Make Self-XSS Great Again
https://www.reddit.com/r/netsec/comments/1lb3wfp/make_selfxss_great_again/
GIMP Heap Overflow Re-Discovery and Exploitation (CVE-2025–6035)
https://www.reddit.com/r/netsec/comments/1lbcbap/gimp_heap_overflow_rediscovery_and_exploitation/
Upcoming Speaking Engagements
https://www.schneier.com/blog/archives/2025/06/upcoming-speaking-engagements-47.html
Input on using the ROT and network connection to hack voting and tabulating software and hardware.
https://www.reddit.com/r/netsec/comments/1lbs0a8/input_on_using_the_rot_and_network_connection_to/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Make Self-XSS Great Again
Posted by AlmondOffSec - 14 votes and 4 comments
Top Security News for Today
Danish government agency to ditch Microsoft software in push for digital independence
https://therecord.media/denmark-digital-agency-microsoft-digital-independence
GoClipC2 - Clipboard for C2 on Windows in Go
https://www.reddit.com/r/netsec/comments/1lbxw0l/goclipc2_clipboard_for_c2_on_windows_in_go/
Government offices in North Carolina, Georgia disrupted by cyberattacks
https://therecord.media/thomasville-nc-government-ogeechee-ga-district-cyberattacks
CISA warns of SimpleHelp ransomware compromises after string of retail attacks
https://www.record.media/cisa-warns-of-simplehelp-ransomware-compromises
Hosting images inside DNS records using TXT
https://www.reddit.com/r/netsec/comments/1lca5o6/hosting_images_inside_dns_records_using_txt/
claws – GitHub Actions Workflow Linter for Secure CI/CD Pipelines
https://www.darknet.org.uk/2025/06/claws-github-actions-workflow-linter-for-secure-ci-cd-pipelines/
Brace Yourselves: The Game-Changing Impact of India's DPDP Act, 2023
https://www.tripwire.com/state-of-security/brace-yourselves-game-changing-impact-indias-dpdp-act
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Danish government agency to ditch Microsoft software in push for digital independence
https://therecord.media/denmark-digital-agency-microsoft-digital-independence
GoClipC2 - Clipboard for C2 on Windows in Go
https://www.reddit.com/r/netsec/comments/1lbxw0l/goclipc2_clipboard_for_c2_on_windows_in_go/
Government offices in North Carolina, Georgia disrupted by cyberattacks
https://therecord.media/thomasville-nc-government-ogeechee-ga-district-cyberattacks
CISA warns of SimpleHelp ransomware compromises after string of retail attacks
https://www.record.media/cisa-warns-of-simplehelp-ransomware-compromises
Hosting images inside DNS records using TXT
https://www.reddit.com/r/netsec/comments/1lca5o6/hosting_images_inside_dns_records_using_txt/
claws – GitHub Actions Workflow Linter for Secure CI/CD Pipelines
https://www.darknet.org.uk/2025/06/claws-github-actions-workflow-linter-for-secure-ci-cd-pipelines/
Brace Yourselves: The Game-Changing Impact of India's DPDP Act, 2023
https://www.tripwire.com/state-of-security/brace-yourselves-game-changing-impact-indias-dpdp-act
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Danish government agency to ditch Microsoft software in push for digital independence
Denmark's digital affairs ministry says it plans to switch to the open source LibreOffice software and away from Microsoft products as part of an effort to make the government more digitally independent.
Top Security News for Today
How to run ADB and fastboot in Termux without root
https://www.reddit.com/r/netsec/comments/1lcnenw/how_to_run_adb_and_fastboot_in_termux_without_root/
Generative AI Is Moving Fast. Are Your Security Practices Keeping Up?
https://www.tripwire.com/state-of-security/generative-ai-moving-fast-are-your-security-practices-keeping
Hackers impersonating US government compromise email account of prominent Russia researcher
https://therecord.media/keir-giles-russia-researcher-email-hacked
Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks
https://therecord.media/bill-proposes-cisa-hhs-liaison-hospital-cyberattacks
UK appoints first-ever female chief of foreign intelligence service MI6
https://therecord.media/blaise-metreweli-new-mi6-chief
Whole Foods supplier making progress on restoration after cyberattack left shelves empty
https://therecord.media/unfi-groceries-supplier-cyberattack-update
8.4 million people affected by data breach at Indian car share company Zoomcar
https://therecord.media/8-million-affected-zoomcar-data-breach
US offering $10 million for info on Iranian hackers behind IOControl malware
https://therecord.media/us-offers-reward-for-iran-hacker-iocontrol-malware
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How to run ADB and fastboot in Termux without root
https://www.reddit.com/r/netsec/comments/1lcnenw/how_to_run_adb_and_fastboot_in_termux_without_root/
Generative AI Is Moving Fast. Are Your Security Practices Keeping Up?
https://www.tripwire.com/state-of-security/generative-ai-moving-fast-are-your-security-practices-keeping
Hackers impersonating US government compromise email account of prominent Russia researcher
https://therecord.media/keir-giles-russia-researcher-email-hacked
Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks
https://therecord.media/bill-proposes-cisa-hhs-liaison-hospital-cyberattacks
UK appoints first-ever female chief of foreign intelligence service MI6
https://therecord.media/blaise-metreweli-new-mi6-chief
Whole Foods supplier making progress on restoration after cyberattack left shelves empty
https://therecord.media/unfi-groceries-supplier-cyberattack-update
8.4 million people affected by data breach at Indian car share company Zoomcar
https://therecord.media/8-million-affected-zoomcar-data-breach
US offering $10 million for info on Iranian hackers behind IOControl malware
https://therecord.media/us-offers-reward-for-iran-hacker-iocontrol-malware
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: How to run ADB and fastboot in Termux without root
Explore this post and more from the netsec community
Top Security News for Today
How Human Behavior Can Strengthen Healthcare Cybersecurity
https://www.tripwire.com/state-of-security/how-human-behavior-can-strengthen-healthcare-cybersecurity
Are WAFs Obsolete? Pros, Cons, and What the Future Holds
https://www.tripwire.com/state-of-security/are-wafs-obsolete-pros-cons-and-what-future-holds
Where AI Provides Value
https://www.schneier.com/blog/archives/2025/06/where_ai_provides_value.html
Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform
https://www.reddit.com/r/netsec/comments/1ldjdo8/is_b_for_backdoor_preauth_rce_chain_in_sitecore/
Security Analysis: MCP Protocol Vulnerabilities in AI Toolchains
https://www.reddit.com/r/netsec/comments/1ldiilv/security_analysis_mcp_protocol_vulnerabilities_in/
UK data privacy regulator fines 23andMe over cyber practices in wake of hack
https://therecord.media/uk-data-privacy-regulator-fines-23andme
Russia detects first SuperCard malware attacks skimming bank data via NFC
https://therecord.media/supercard-nfc-banking-malware-russia
Scattered Spider hackers targeting insurance industry following retail hits
https://therecord.media/scattered-spider-targeting-insurance-sector-following-retail-attacks
Wallet apps aren’t safe either — here’s how attackers exploit their flawed security models
https://www.reddit.com/r/netsec/comments/1le0n3j/wallet_apps_arent_safe_either_heres_how_attackers/
Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks
https://blog.qualys.com/vulnerabilities-threat-research/2025/06/17/qualys-tru-uncovers-chained-lpe-suse-15-pam-to-full-root-via-libblockdev-udisks
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How Human Behavior Can Strengthen Healthcare Cybersecurity
https://www.tripwire.com/state-of-security/how-human-behavior-can-strengthen-healthcare-cybersecurity
Are WAFs Obsolete? Pros, Cons, and What the Future Holds
https://www.tripwire.com/state-of-security/are-wafs-obsolete-pros-cons-and-what-future-holds
Where AI Provides Value
https://www.schneier.com/blog/archives/2025/06/where_ai_provides_value.html
Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform
https://www.reddit.com/r/netsec/comments/1ldjdo8/is_b_for_backdoor_preauth_rce_chain_in_sitecore/
Security Analysis: MCP Protocol Vulnerabilities in AI Toolchains
https://www.reddit.com/r/netsec/comments/1ldiilv/security_analysis_mcp_protocol_vulnerabilities_in/
UK data privacy regulator fines 23andMe over cyber practices in wake of hack
https://therecord.media/uk-data-privacy-regulator-fines-23andme
Russia detects first SuperCard malware attacks skimming bank data via NFC
https://therecord.media/supercard-nfc-banking-malware-russia
Scattered Spider hackers targeting insurance industry following retail hits
https://therecord.media/scattered-spider-targeting-insurance-sector-following-retail-attacks
Wallet apps aren’t safe either — here’s how attackers exploit their flawed security models
https://www.reddit.com/r/netsec/comments/1le0n3j/wallet_apps_arent_safe_either_heres_how_attackers/
Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks
https://blog.qualys.com/vulnerabilities-threat-research/2025/06/17/qualys-tru-uncovers-chained-lpe-suse-15-pam-to-full-root-via-libblockdev-udisks
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
How Human Behavior Can Strengthen Healthcare Cybersecurity
Explore how empowering healthcare staff through culture and training can transform them into a powerful frontline defense against cyber threats.
Top Security News for Today
Fault Injection - Follow the White Rabbit
https://www.reddit.com/r/netsec/comments/1lebtyd/fault_injection_follow_the_white_rabbit/
Exploring Netstalking – Mapping the Hidden Corners of the Internet
https://www.darknet.org.uk/2025/06/exploring-netstalking-mapping-the-hidden-corners-of-the-internet/
Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data
https://research.checkpoint.com/2025/minecraft-mod-malware-stargazers/
She Won. They Didn't Just Change the Machines. They Rewired the Election.
https://www.reddit.com/r/netsec/comments/1legjch/she_won_they_didnt_just_change_the_machines_they/
Ghostwriting Scam
https://www.schneier.com/blog/archives/2025/06/ghostwriting-scam.html
Lessons from Qilin: What the Industry’s Most Efficient Ransomware Teaches Us
https://blog.qualys.com/vulnerabilities-threat-research/2025/06/18/qilin-ransomware-explained-threats-risks-defenses
More than 5 million affected by data breach at healthcare tech firm Episource
https://therecord.media/5-million-affected-episource-data-breach
North Korea targeting Indian crypto job applicants with malware
https://therecord.media/north-korea-india-crypto-applicants
2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries
https://bishopfox.com/blog/2025-red-team-tools-cloud-identity-exploitation-evasion-developer-libraries
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Fault Injection - Follow the White Rabbit
https://www.reddit.com/r/netsec/comments/1lebtyd/fault_injection_follow_the_white_rabbit/
Exploring Netstalking – Mapping the Hidden Corners of the Internet
https://www.darknet.org.uk/2025/06/exploring-netstalking-mapping-the-hidden-corners-of-the-internet/
Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data
https://research.checkpoint.com/2025/minecraft-mod-malware-stargazers/
She Won. They Didn't Just Change the Machines. They Rewired the Election.
https://www.reddit.com/r/netsec/comments/1legjch/she_won_they_didnt_just_change_the_machines_they/
Ghostwriting Scam
https://www.schneier.com/blog/archives/2025/06/ghostwriting-scam.html
Lessons from Qilin: What the Industry’s Most Efficient Ransomware Teaches Us
https://blog.qualys.com/vulnerabilities-threat-research/2025/06/18/qilin-ransomware-explained-threats-risks-defenses
More than 5 million affected by data breach at healthcare tech firm Episource
https://therecord.media/5-million-affected-episource-data-breach
North Korea targeting Indian crypto job applicants with malware
https://therecord.media/north-korea-india-crypto-applicants
2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries
https://bishopfox.com/blog/2025-red-team-tools-cloud-identity-exploitation-evasion-developer-libraries
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Fault Injection - Follow the White Rabbit
Explore this post and more from the netsec community
Top Security News for Today
Self-Driving Car Video Footage
https://www.schneier.com/blog/archives/2025/06/self-driving-car-video-footage.html
Sleepless Strings - Template Injection in Insomnia
https://www.reddit.com/r/netsec/comments/1lf40wc/sleepless_strings_template_injection_in_insomnia/
Finland could charge Russia-linked ship’s officers over cable breaks by ‘August at the latest’
https://therecord.media/finland-could-charge-eagle-s-ship-officers-cable-breaks
Argentina uncovers suspected Russian spy ring behind disinformation campaigns
https://therecord.media/argentina-russia-spies-disinformation-project-lakhta
Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US
https://therecord.media/alleged-ryuk-member-arrest-ukraine-extradited-us
DOJ moves to seize $225 million in crypto stolen by scammers
https://therecord.media/doj-moves-to-seize-225-million-in-stolen-crypto
AntiDot Android Malware Analysis
https://www.reddit.com/r/netsec/comments/1lfjatl/antidot_android_malware_analysis/
Frida 17.2.0 Released
https://www.reddit.com/r/netsec/comments/1lfnwgq/frida_1720_released/
GitPhish – OAuth Device Code Phishing for GitHub Repos, Secrets, and CI/CD
https://www.darknet.org.uk/2025/06/gitphish-oauth-device-code-phishing-for-github-repos-secrets-and-ci-cd/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Self-Driving Car Video Footage
https://www.schneier.com/blog/archives/2025/06/self-driving-car-video-footage.html
Sleepless Strings - Template Injection in Insomnia
https://www.reddit.com/r/netsec/comments/1lf40wc/sleepless_strings_template_injection_in_insomnia/
Finland could charge Russia-linked ship’s officers over cable breaks by ‘August at the latest’
https://therecord.media/finland-could-charge-eagle-s-ship-officers-cable-breaks
Argentina uncovers suspected Russian spy ring behind disinformation campaigns
https://therecord.media/argentina-russia-spies-disinformation-project-lakhta
Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US
https://therecord.media/alleged-ryuk-member-arrest-ukraine-extradited-us
DOJ moves to seize $225 million in crypto stolen by scammers
https://therecord.media/doj-moves-to-seize-225-million-in-stolen-crypto
AntiDot Android Malware Analysis
https://www.reddit.com/r/netsec/comments/1lfjatl/antidot_android_malware_analysis/
Frida 17.2.0 Released
https://www.reddit.com/r/netsec/comments/1lfnwgq/frida_1720_released/
GitPhish – OAuth Device Code Phishing for GitHub Repos, Secrets, and CI/CD
https://www.darknet.org.uk/2025/06/gitphish-oauth-device-code-phishing-for-github-repos-secrets-and-ci-cd/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Self-Driving Car Video Footage - Schneier on Security
Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots…
Top Security News for Today
Qilin Offers "Call a lawyer" Button For Affiliates Attempting To Extort Ransoms From Victims Who Won't Pay
https://www.tripwire.com/state-of-security/qilin-offers-call-lawyer-button-affiliates-attempting-extort-ransoms-victims
Surveillance in the US
https://www.schneier.com/blog/archives/2025/06/surveillance-in-the-us.html
Aflac says it stopped ransomware attack launched by ‘sophisticated cybercrime group’
https://therecord.media/aflac-cyberattack-potential-data-breach
Krispy Kreme: Over 160,000 people had data stolen during November 2024 cyberattack
https://therecord.media/krispy-kreme-reports-data-breach-from-2024-attack
Russian dairy supply disrupted by cyberattack on animal certification system
https://therecord.media/russia-dairy-supply-disrupted-cyberattack
Tonga Ministry of Health hit with cyberattack affecting website, IT systems
https://therecord.media/tonga-ministry-of-health-hit-with-cyberattack
Steam Phishing: popular as ever
https://bartblaze.blogspot.com/2025/06/steam-phishing-popular-as-ever.html
Judge overturns Biden-era HHS rule on HIPAA protections for those seeking reproductive care
https://therecord.media/judge-overtuns-biden-era-hhs-rule-hipaa-reproductive-care
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Qilin Offers "Call a lawyer" Button For Affiliates Attempting To Extort Ransoms From Victims Who Won't Pay
https://www.tripwire.com/state-of-security/qilin-offers-call-lawyer-button-affiliates-attempting-extort-ransoms-victims
Surveillance in the US
https://www.schneier.com/blog/archives/2025/06/surveillance-in-the-us.html
Aflac says it stopped ransomware attack launched by ‘sophisticated cybercrime group’
https://therecord.media/aflac-cyberattack-potential-data-breach
Krispy Kreme: Over 160,000 people had data stolen during November 2024 cyberattack
https://therecord.media/krispy-kreme-reports-data-breach-from-2024-attack
Russian dairy supply disrupted by cyberattack on animal certification system
https://therecord.media/russia-dairy-supply-disrupted-cyberattack
Tonga Ministry of Health hit with cyberattack affecting website, IT systems
https://therecord.media/tonga-ministry-of-health-hit-with-cyberattack
Steam Phishing: popular as ever
https://bartblaze.blogspot.com/2025/06/steam-phishing-popular-as-ever.html
Judge overturns Biden-era HHS rule on HIPAA protections for those seeking reproductive care
https://therecord.media/judge-overtuns-biden-era-hhs-rule-hipaa-reproductive-care
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Qilin Offers "Call a lawyer" Button For Affiliates Attempting To Extort Ransoms From Victims Who Won't Pay
Qilin ransomware adds a “Call a Lawyer” button to aid affiliates in ransom negotiations, mimicking legit business tactics.
Top Security News for Today
CoinMarketCap Client-Side Attack: A Comprehensive Analysis by c/side
https://www.reddit.com/r/netsec/comments/1lgu3g6/coinmarketcap_clientside_attack_a_comprehensive/
Unexpected security footguns in Go's parsers
https://www.reddit.com/r/netsec/comments/1lgvxon/unexpected_security_footguns_in_gos_parsers/
Series 2: Implementing the WPA in RAWPA - Part 2
https://www.reddit.com/r/netsec/comments/1lh9lw5/series_2_implementing_the_wpa_in_rawpa_part_2/
🚨 Hack Our Smart Contract, Keep the ETH – $500K Open-Source Heist Challenge Is Live
https://www.reddit.com/r/netsec/comments/1lh2zmu/hack_our_smart_contract_keep_the_eth_500k/
Just casually broke bunq’s sandbox with 0day-level spoofing, and nobody seems to care 🇳🇱
https://www.reddit.com/r/netsec/comments/1lhdhmt/just_casually_broke_bunqs_sandbox_with_0daylevel/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
CoinMarketCap Client-Side Attack: A Comprehensive Analysis by c/side
https://www.reddit.com/r/netsec/comments/1lgu3g6/coinmarketcap_clientside_attack_a_comprehensive/
Unexpected security footguns in Go's parsers
https://www.reddit.com/r/netsec/comments/1lgvxon/unexpected_security_footguns_in_gos_parsers/
Series 2: Implementing the WPA in RAWPA - Part 2
https://www.reddit.com/r/netsec/comments/1lh9lw5/series_2_implementing_the_wpa_in_rawpa_part_2/
🚨 Hack Our Smart Contract, Keep the ETH – $500K Open-Source Heist Challenge Is Live
https://www.reddit.com/r/netsec/comments/1lh2zmu/hack_our_smart_contract_keep_the_eth_500k/
Just casually broke bunq’s sandbox with 0day-level spoofing, and nobody seems to care 🇳🇱
https://www.reddit.com/r/netsec/comments/1lhdhmt/just_casually_broke_bunqs_sandbox_with_0daylevel/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: CoinMarketCap Client-Side Attack: A Comprehensive Analysis by c/side
Explore this post and more from the netsec community
Top Security News for Today
RAWPA - hierarchical methodology, comprehensive toolkits, and guided workflows
https://www.reddit.com/r/netsec/comments/1li2kkk/rawpa_hierarchical_methodology_comprehensive/
Introduction to SIMD
https://www.reddit.com/r/lowlevel/comments/1li557q/introduction_to_simd/
Ignition Phase : Standard Training for Fast Adversarial Robustness
https://arxiv.org/abs/2506.15685
Learning from M-Tuple Dominant Positive and Unlabeled Data
https://arxiv.org/abs/2506.15686
S$^2$GPT-PINNs: Sparse and Small models for PDEs
https://arxiv.org/abs/2506.15687
Cellular Traffic Prediction via Deep State Space Models with Attention Mechanism
https://arxiv.org/abs/2506.15688
BASE-Q: Bias and Asymmetric Scaling Enhanced Rotational Quantization for Large Language Models
https://arxiv.org/abs/2506.15689
SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
https://securelist.com/sparkkitty-ios-android-malware/116793/
Rethinking LLM Training through Information Geometry and Quantum Metrics
https://arxiv.org/abs/2506.15830
Clean Up in the Cybersecurity Aisle: Cybercriminals and Groceries
https://www.tripwire.com/state-of-security/clean-cybersecurity-aisle-cybercriminals-and-groceries
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
RAWPA - hierarchical methodology, comprehensive toolkits, and guided workflows
https://www.reddit.com/r/netsec/comments/1li2kkk/rawpa_hierarchical_methodology_comprehensive/
Introduction to SIMD
https://www.reddit.com/r/lowlevel/comments/1li557q/introduction_to_simd/
Ignition Phase : Standard Training for Fast Adversarial Robustness
https://arxiv.org/abs/2506.15685
Learning from M-Tuple Dominant Positive and Unlabeled Data
https://arxiv.org/abs/2506.15686
S$^2$GPT-PINNs: Sparse and Small models for PDEs
https://arxiv.org/abs/2506.15687
Cellular Traffic Prediction via Deep State Space Models with Attention Mechanism
https://arxiv.org/abs/2506.15688
BASE-Q: Bias and Asymmetric Scaling Enhanced Rotational Quantization for Large Language Models
https://arxiv.org/abs/2506.15689
SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
https://securelist.com/sparkkitty-ios-android-malware/116793/
Rethinking LLM Training through Information Geometry and Quantum Metrics
https://arxiv.org/abs/2506.15830
Clean Up in the Cybersecurity Aisle: Cybercriminals and Groceries
https://www.tripwire.com/state-of-security/clean-cybersecurity-aisle-cybercriminals-and-groceries
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: RAWPA - hierarchical methodology, comprehensive toolkits, and guided workflows
Posted by Dark-stash - 3 votes and 0 comments
Top Security News for Today
AutoPwnKey – AV Evasion via Simulated User Interaction
https://www.darknet.org.uk/2025/06/autopwnkey-av-evasion-via-simulated-user-interaction/
Largest DDoS Attack to Date
https://www.schneier.com/blog/archives/2025/06/largest-ddos-attack-to-date.html
Amazon’s Schmidt talks China, cyber traps and the battle in the cloud
https://therecord.media/amazon-cso-steve-schmidt-interview-madpot-honeypot
Novel SSRF Technique Involving HTTP Redirect Loops
https://www.reddit.com/r/netsec/comments/1lidqqw/novel_ssrf_technique_involving_http_redirect_loops/
Data of more than 740,000 stolen in ransomware attack on Michigan hospital network
https://therecord.media/mclaren-health-care-data-breach-notification-ransomware
Israeli officials say Iran exploiting security cameras to guide missile strikes
https://therecord.media/iran-espionage-israeli-security-cameras-missile-attacks
Iran-linked cyberattack reportedly disrupts public services in Albania’s capital
https://therecord.media/tirana-albania-government-cyberattack-iran-linked-group
Navigating cyber risks with Microsoft Security Exposure Management eBook
https://www.microsoft.com/en-us/security/blog/2025/06/23/navigating-cyber-risks-with-microsoft-security-exposure-management-ebook/
Remote Code Execution on 40,000 WiFi alarm clocks
https://www.reddit.com/r/netsec/comments/1lirrc6/remote_code_execution_on_40000_wifi_alarm_clocks/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
AutoPwnKey – AV Evasion via Simulated User Interaction
https://www.darknet.org.uk/2025/06/autopwnkey-av-evasion-via-simulated-user-interaction/
Largest DDoS Attack to Date
https://www.schneier.com/blog/archives/2025/06/largest-ddos-attack-to-date.html
Amazon’s Schmidt talks China, cyber traps and the battle in the cloud
https://therecord.media/amazon-cso-steve-schmidt-interview-madpot-honeypot
Novel SSRF Technique Involving HTTP Redirect Loops
https://www.reddit.com/r/netsec/comments/1lidqqw/novel_ssrf_technique_involving_http_redirect_loops/
Data of more than 740,000 stolen in ransomware attack on Michigan hospital network
https://therecord.media/mclaren-health-care-data-breach-notification-ransomware
Israeli officials say Iran exploiting security cameras to guide missile strikes
https://therecord.media/iran-espionage-israeli-security-cameras-missile-attacks
Iran-linked cyberattack reportedly disrupts public services in Albania’s capital
https://therecord.media/tirana-albania-government-cyberattack-iran-linked-group
Navigating cyber risks with Microsoft Security Exposure Management eBook
https://www.microsoft.com/en-us/security/blog/2025/06/23/navigating-cyber-risks-with-microsoft-security-exposure-management-ebook/
Remote Code Execution on 40,000 WiFi alarm clocks
https://www.reddit.com/r/netsec/comments/1lirrc6/remote_code_execution_on_40000_wifi_alarm_clocks/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Darknet - Hacking Tools, Hacker News & Cyber Security
AutoPwnKey - AV Evasion via Simulated User Interaction
AutoPwnKey is an open-source AV evasion tool that uses AutoHotKey to simulate user interaction and execute payloads without triggering antivirus or EDR detection. Learn how it works and how to use it safely.
Top Security News for Today
Revenge, Fame, and Fun: The Motives Behind Modern Cyberattacks
https://www.tripwire.com/state-of-security/revenge-fame-and-fun-motives-behind-modern-cyberattacks
Here’s a Subliminal Channel You Haven’t Considered Before
https://www.schneier.com/blog/archives/2025/06/heres-a-subliminal-channel-you-havent-considered-before.html
NATO Summit in The Hague hit by potential sabotage as rail cables set on fire
https://therecord.media/nato-summit-the-hague-rail-cables-set-on-fire
Social engineering and Signal chats led to new Russian malware attacks, Ukraine says
https://therecord.media/ukraine-new-russian-malware-social-engineering-signal-chats
Russia releases REvil members after convictions for payment card fraud
https://therecord.media/revil-cybercrime-gang-members-released-russia
Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent
https://www.trendmicro.com/en_us/research/25/f/why-a-classic-mcp-server-vulnerability-can-undermine-your-entire-ai-agent.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Revenge, Fame, and Fun: The Motives Behind Modern Cyberattacks
https://www.tripwire.com/state-of-security/revenge-fame-and-fun-motives-behind-modern-cyberattacks
Here’s a Subliminal Channel You Haven’t Considered Before
https://www.schneier.com/blog/archives/2025/06/heres-a-subliminal-channel-you-havent-considered-before.html
NATO Summit in The Hague hit by potential sabotage as rail cables set on fire
https://therecord.media/nato-summit-the-hague-rail-cables-set-on-fire
Social engineering and Signal chats led to new Russian malware attacks, Ukraine says
https://therecord.media/ukraine-new-russian-malware-social-engineering-signal-chats
Russia releases REvil members after convictions for payment card fraud
https://therecord.media/revil-cybercrime-gang-members-released-russia
Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent
https://www.trendmicro.com/en_us/research/25/f/why-a-classic-mcp-server-vulnerability-can-undermine-your-entire-ai-agent.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Revenge, Fame, and Fun: The Motives Behind Modern Cyberattacks
Explore the surprising motives behind cyberattacks, from revenge to thrill-seeking, and how they shape today’s digital threat landscape.