Top Security News for Today
AutoPwnKey – AV Evasion via Simulated User Interaction
https://www.darknet.org.uk/2025/06/autopwnkey-av-evasion-via-simulated-user-interaction/
Largest DDoS Attack to Date
https://www.schneier.com/blog/archives/2025/06/largest-ddos-attack-to-date.html
Amazon’s Schmidt talks China, cyber traps and the battle in the cloud
https://therecord.media/amazon-cso-steve-schmidt-interview-madpot-honeypot
Novel SSRF Technique Involving HTTP Redirect Loops
https://www.reddit.com/r/netsec/comments/1lidqqw/novel_ssrf_technique_involving_http_redirect_loops/
Data of more than 740,000 stolen in ransomware attack on Michigan hospital network
https://therecord.media/mclaren-health-care-data-breach-notification-ransomware
Israeli officials say Iran exploiting security cameras to guide missile strikes
https://therecord.media/iran-espionage-israeli-security-cameras-missile-attacks
Iran-linked cyberattack reportedly disrupts public services in Albania’s capital
https://therecord.media/tirana-albania-government-cyberattack-iran-linked-group
Navigating cyber risks with Microsoft Security Exposure Management eBook
https://www.microsoft.com/en-us/security/blog/2025/06/23/navigating-cyber-risks-with-microsoft-security-exposure-management-ebook/
Remote Code Execution on 40,000 WiFi alarm clocks
https://www.reddit.com/r/netsec/comments/1lirrc6/remote_code_execution_on_40000_wifi_alarm_clocks/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
AutoPwnKey – AV Evasion via Simulated User Interaction
https://www.darknet.org.uk/2025/06/autopwnkey-av-evasion-via-simulated-user-interaction/
Largest DDoS Attack to Date
https://www.schneier.com/blog/archives/2025/06/largest-ddos-attack-to-date.html
Amazon’s Schmidt talks China, cyber traps and the battle in the cloud
https://therecord.media/amazon-cso-steve-schmidt-interview-madpot-honeypot
Novel SSRF Technique Involving HTTP Redirect Loops
https://www.reddit.com/r/netsec/comments/1lidqqw/novel_ssrf_technique_involving_http_redirect_loops/
Data of more than 740,000 stolen in ransomware attack on Michigan hospital network
https://therecord.media/mclaren-health-care-data-breach-notification-ransomware
Israeli officials say Iran exploiting security cameras to guide missile strikes
https://therecord.media/iran-espionage-israeli-security-cameras-missile-attacks
Iran-linked cyberattack reportedly disrupts public services in Albania’s capital
https://therecord.media/tirana-albania-government-cyberattack-iran-linked-group
Navigating cyber risks with Microsoft Security Exposure Management eBook
https://www.microsoft.com/en-us/security/blog/2025/06/23/navigating-cyber-risks-with-microsoft-security-exposure-management-ebook/
Remote Code Execution on 40,000 WiFi alarm clocks
https://www.reddit.com/r/netsec/comments/1lirrc6/remote_code_execution_on_40000_wifi_alarm_clocks/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Darknet - Hacking Tools, Hacker News & Cyber Security
AutoPwnKey - AV Evasion via Simulated User Interaction
AutoPwnKey is an open-source AV evasion tool that uses AutoHotKey to simulate user interaction and execute payloads without triggering antivirus or EDR detection. Learn how it works and how to use it safely.
Top Security News for Today
Revenge, Fame, and Fun: The Motives Behind Modern Cyberattacks
https://www.tripwire.com/state-of-security/revenge-fame-and-fun-motives-behind-modern-cyberattacks
Here’s a Subliminal Channel You Haven’t Considered Before
https://www.schneier.com/blog/archives/2025/06/heres-a-subliminal-channel-you-havent-considered-before.html
NATO Summit in The Hague hit by potential sabotage as rail cables set on fire
https://therecord.media/nato-summit-the-hague-rail-cables-set-on-fire
Social engineering and Signal chats led to new Russian malware attacks, Ukraine says
https://therecord.media/ukraine-new-russian-malware-social-engineering-signal-chats
Russia releases REvil members after convictions for payment card fraud
https://therecord.media/revil-cybercrime-gang-members-released-russia
Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent
https://www.trendmicro.com/en_us/research/25/f/why-a-classic-mcp-server-vulnerability-can-undermine-your-entire-ai-agent.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Revenge, Fame, and Fun: The Motives Behind Modern Cyberattacks
https://www.tripwire.com/state-of-security/revenge-fame-and-fun-motives-behind-modern-cyberattacks
Here’s a Subliminal Channel You Haven’t Considered Before
https://www.schneier.com/blog/archives/2025/06/heres-a-subliminal-channel-you-havent-considered-before.html
NATO Summit in The Hague hit by potential sabotage as rail cables set on fire
https://therecord.media/nato-summit-the-hague-rail-cables-set-on-fire
Social engineering and Signal chats led to new Russian malware attacks, Ukraine says
https://therecord.media/ukraine-new-russian-malware-social-engineering-signal-chats
Russia releases REvil members after convictions for payment card fraud
https://therecord.media/revil-cybercrime-gang-members-released-russia
Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent
https://www.trendmicro.com/en_us/research/25/f/why-a-classic-mcp-server-vulnerability-can-undermine-your-entire-ai-agent.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Revenge, Fame, and Fun: The Motives Behind Modern Cyberattacks
Explore the surprising motives behind cyberattacks, from revenge to thrill-seeking, and how they shape today’s digital threat landscape.
Top Security News for Today
Security Benchmarking Authorization Policy Engines
https://www.reddit.com/r/netsec/comments/1lk0v0y/security_benchmarking_authorization_policy_engines/
AI and collaboration tools: how cyberattackers are targeting SMBs in 2025
https://securelist.com/smb-threat-report-2025/116830/
What LLMs Know About Their Users
https://www.schneier.com/blog/archives/2025/06/what-llms-know-about-their-users.html
In the Wild: Malware Prototype with Embedded Prompt Injection
https://research.checkpoint.com/2025/ai-evasion-prompt-injection/
Glasgow City Council impacted by ‘cyber incident’
https://therecord.media/glasgow-city-council-cyber-incident
Ransomware attack contributed to patient’s death, says Britain’s NHS
https://therecord.media/ransomware-attack-contributed-patient-death-uk-nhs
French police reportedly arrest suspected BreachForums administrators
https://therecord.media/france-breachforums-suspects-arrests
Citrix warns of exploitation of Netscaler devices through new bugs
https://therecord.media/citrix-warns-netscaler-exploitation-bug
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Security Benchmarking Authorization Policy Engines
https://www.reddit.com/r/netsec/comments/1lk0v0y/security_benchmarking_authorization_policy_engines/
AI and collaboration tools: how cyberattackers are targeting SMBs in 2025
https://securelist.com/smb-threat-report-2025/116830/
What LLMs Know About Their Users
https://www.schneier.com/blog/archives/2025/06/what-llms-know-about-their-users.html
In the Wild: Malware Prototype with Embedded Prompt Injection
https://research.checkpoint.com/2025/ai-evasion-prompt-injection/
Glasgow City Council impacted by ‘cyber incident’
https://therecord.media/glasgow-city-council-cyber-incident
Ransomware attack contributed to patient’s death, says Britain’s NHS
https://therecord.media/ransomware-attack-contributed-patient-death-uk-nhs
French police reportedly arrest suspected BreachForums administrators
https://therecord.media/france-breachforums-suspects-arrests
Citrix warns of exploitation of Netscaler devices through new bugs
https://therecord.media/citrix-warns-netscaler-exploitation-bug
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Security Benchmarking Authorization Policy Engines
Posted by nibblesec - 4 votes and 0 comments
Top Security News for Today
Outdated Routers: The Hidden Threat to Network Security, FBI Warns
https://www.tripwire.com/state-of-security/outdated-routers-hidden-threat-network-security-fbi-warns
White House Bans WhatsApp
https://www.schneier.com/blog/archives/2025/06/white-house-bans-whatsapp.html
We built a smart, searchable infosec library indexing 20+ years of resources
https://www.reddit.com/r/netsec/comments/1lkraj4/we_built_a_smart_searchable_infosec_library/
Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork - Putting Millions at Risk
https://www.reddit.com/r/netsec/comments/1lkxg85/marketplace_takeover_how_we_couldve_taken_over/
Read “Windows Registry Manipulation“ by ONESithuation
https://www.reddit.com/r/netsec/comments/1lkr55r/read_windows_registry_manipulation_by/
British hacker 'IntelBroker' charged in US over spree of company breaches
https://therecord.media/british-hacker-intelbroker-spree-breaches
Felicity Oswald, chief operating officer at UK’s NCSC, set to leave cyber agency
https://therecord.media/felicity-oswald-ncsc-coo-uk
The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction
https://devco.re/blog/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction/
Building security that lasts: Microsoft’s journey towards durability at scale
https://www.microsoft.com/en-us/security/blog/2025/06/26/building-security-that-lasts-microsofts-journey-towards-durability-at-scale/
Bipartisan bill seeks to ban federal agencies from using DeepSeek, AI tools from ‘foreign adversaries’
https://therecord.media/bipartisan-bill-ban-deepseek-federal
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Outdated Routers: The Hidden Threat to Network Security, FBI Warns
https://www.tripwire.com/state-of-security/outdated-routers-hidden-threat-network-security-fbi-warns
White House Bans WhatsApp
https://www.schneier.com/blog/archives/2025/06/white-house-bans-whatsapp.html
We built a smart, searchable infosec library indexing 20+ years of resources
https://www.reddit.com/r/netsec/comments/1lkraj4/we_built_a_smart_searchable_infosec_library/
Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork - Putting Millions at Risk
https://www.reddit.com/r/netsec/comments/1lkxg85/marketplace_takeover_how_we_couldve_taken_over/
Read “Windows Registry Manipulation“ by ONESithuation
https://www.reddit.com/r/netsec/comments/1lkr55r/read_windows_registry_manipulation_by/
British hacker 'IntelBroker' charged in US over spree of company breaches
https://therecord.media/british-hacker-intelbroker-spree-breaches
Felicity Oswald, chief operating officer at UK’s NCSC, set to leave cyber agency
https://therecord.media/felicity-oswald-ncsc-coo-uk
The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction
https://devco.re/blog/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction/
Building security that lasts: Microsoft’s journey towards durability at scale
https://www.microsoft.com/en-us/security/blog/2025/06/26/building-security-that-lasts-microsofts-journey-towards-durability-at-scale/
Bipartisan bill seeks to ban federal agencies from using DeepSeek, AI tools from ‘foreign adversaries’
https://therecord.media/bipartisan-bill-ban-deepseek-federal
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
Outdated Routers: The Hidden Threat to Network Security, FBI Warns
FBI warns of TheMoon malware hijacking outdated routers. Learn how to secure your network and replace end-of-life devices.
Top Security News for Today
Advanced computer vision for extracting georeferenced vehicle trajectories from drone imagery
https://arxiv.org/abs/2411.02136
The Age of Integrity
https://www.schneier.com/blog/archives/2025/06/the-age-of-integrity.html
Sububy – A Modular Ruby Suite for Subdomain Enumeration
https://www.darknet.org.uk/2025/06/sububy-a-modular-ruby-suite-for-subdomain-enumeration/
United Natural Foods says week-long cyber incident will impact quarterly income
https://therecord.media/united-natural-foods-cyber-incident-q4-impact
Hawaiian Airlines flights operating safely after cyberattack affects some IT systems
https://therecord.media/hawaiian-airlines-cyberattack-flights-safe
Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains
https://therecord.media/hackers-cyberattack-grocery-chain
NATO members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber
https://therecord.media/nato-agreement-5percent-gdp-defense-spending-cyber
Demystifying MCP (Model Context Protocol): 3 Common Misconceptions
https://www.reddit.com/r/netsec/comments/1lltr7o/demystifying_mcp_model_context_protocol_3_common/
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
https://www.microsoft.com/en-us/security/blog/2025/06/27/unveiling-rift-enhancing-rust-malware-analysis-through-pattern-matching/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Advanced computer vision for extracting georeferenced vehicle trajectories from drone imagery
https://arxiv.org/abs/2411.02136
The Age of Integrity
https://www.schneier.com/blog/archives/2025/06/the-age-of-integrity.html
Sububy – A Modular Ruby Suite for Subdomain Enumeration
https://www.darknet.org.uk/2025/06/sububy-a-modular-ruby-suite-for-subdomain-enumeration/
United Natural Foods says week-long cyber incident will impact quarterly income
https://therecord.media/united-natural-foods-cyber-incident-q4-impact
Hawaiian Airlines flights operating safely after cyberattack affects some IT systems
https://therecord.media/hawaiian-airlines-cyberattack-flights-safe
Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains
https://therecord.media/hackers-cyberattack-grocery-chain
NATO members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber
https://therecord.media/nato-agreement-5percent-gdp-defense-spending-cyber
Demystifying MCP (Model Context Protocol): 3 Common Misconceptions
https://www.reddit.com/r/netsec/comments/1lltr7o/demystifying_mcp_model_context_protocol_3_common/
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
https://www.microsoft.com/en-us/security/blog/2025/06/27/unveiling-rift-enhancing-rust-malware-analysis-through-pattern-matching/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Advanced computer vision for extracting georeferenced vehicle...
This paper presents a framework for extracting georeferenced vehicle trajectories from high-altitude drone imagery, addressing key challenges in urban traffic monitoring and the limitations of...
Top Security News for Today
The Ideation-Execution Gap: Execution Outcomes of LLM-Generated versus Human Research Ideas
https://arxiv.org/abs/2506.20803
Leveraging Google's Agent Development Kit for Automated Threat Analysis
https://www.reddit.com/r/netsec/comments/1ln2xn0/leveraging_googles_agent_development_kit_for/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Ideation-Execution Gap: Execution Outcomes of LLM-Generated versus Human Research Ideas
https://arxiv.org/abs/2506.20803
Leveraging Google's Agent Development Kit for Automated Threat Analysis
https://www.reddit.com/r/netsec/comments/1ln2xn0/leveraging_googles_agent_development_kit_for/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
The Ideation-Execution Gap: Execution Outcomes of LLM-Generated...
Large Language Models (LLMs) have shown promise in accelerating the scientific research pipeline. A key capability for this process is the ability to generate novel research ideas, and prior...
Top Security News for Today
Structuralist Approach to AI Literary Criticism: Leveraging Greimas Semiotic Square for Large Language Models
https://arxiv.org/abs/2506.21360
Scalable Bayesian Low-Rank Adaptation of Large Language Models via Stochastic Variational Subspace Inference
https://arxiv.org/abs/2506.21408
Potemkin Understanding in Large Language Models
https://arxiv.org/abs/2506.21521
Bridging Offline and Online Reinforcement Learning for LLMs
https://arxiv.org/abs/2506.21495
SceneGenAgent: Precise Industrial Scene Generation with Coding Agent
https://arxiv.org/abs/2506.21555
Efficient Multilingual ASR Finetuning via LoRA Language Experts
https://arxiv.org/abs/2506.21556
VAT-KG: Knowledge-Intensive Multimodal Knowledge Graph Dataset for Retrieval-Augmented Generation
https://arxiv.org/abs/2506.21557
Debunk and Infer: Multimodal Fake News Detection via Diffusion-Generated Evidence and LLM Reasoning
https://arxiv.org/abs/2506.21558
Bench to the Future: A Pastcasting Benchmark for Forecasting Agents
https://arxiv.org/abs/2506.21559
Essential Features to Look for in a VM Solution
https://www.tripwire.com/state-of-security/essential-features-look-vm-solution
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Structuralist Approach to AI Literary Criticism: Leveraging Greimas Semiotic Square for Large Language Models
https://arxiv.org/abs/2506.21360
Scalable Bayesian Low-Rank Adaptation of Large Language Models via Stochastic Variational Subspace Inference
https://arxiv.org/abs/2506.21408
Potemkin Understanding in Large Language Models
https://arxiv.org/abs/2506.21521
Bridging Offline and Online Reinforcement Learning for LLMs
https://arxiv.org/abs/2506.21495
SceneGenAgent: Precise Industrial Scene Generation with Coding Agent
https://arxiv.org/abs/2506.21555
Efficient Multilingual ASR Finetuning via LoRA Language Experts
https://arxiv.org/abs/2506.21556
VAT-KG: Knowledge-Intensive Multimodal Knowledge Graph Dataset for Retrieval-Augmented Generation
https://arxiv.org/abs/2506.21557
Debunk and Infer: Multimodal Fake News Detection via Diffusion-Generated Evidence and LLM Reasoning
https://arxiv.org/abs/2506.21558
Bench to the Future: A Pastcasting Benchmark for Forecasting Agents
https://arxiv.org/abs/2506.21559
Essential Features to Look for in a VM Solution
https://www.tripwire.com/state-of-security/essential-features-look-vm-solution
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Structuralist Approach to AI Literary Criticism: Leveraging...
Large Language Models (LLMs) excel in understanding and generating text but struggle with providing professional literary criticism for works with profound thoughts and complex narratives. This...
Top Security News for Today
Comparing Semgrep Community and Code for Static Analysis
https://www.reddit.com/r/netsec/comments/1lo32y7/comparing_semgrep_community_and_code_for_static/
How Cybersecurity Fears Affect Confidence in Voting Systems
https://www.schneier.com/blog/archives/2025/06/cyberattacks-shake-voters-trust-in-elections.html
29th June – Threat Intelligence Report
https://research.checkpoint.com/2025/29th-june-threat-intelligence-report/
New free 7h OpenSecurityTraining2 class: "Fuzzing 1001: Introductory white-box fuzzing with AFL++" by Francesco Pollicino is now released
https://www.reddit.com/r/netsec/comments/1lo4kwu/new_free_7h_opensecuritytraining2_class_fuzzing/
Disgruntled British IT worker jailed for hacking employer after being suspended
https://therecord.media/uk-it-worker-jailed-hacking-former-employer
État de l’art sur le phishing Azure en 2025 (partie 1) – Device code flow
https://www.reddit.com/r/netsec/comments/1lo8r1y/état_de_lart_sur_le_phishing_azure_en_2025_partie/
OnionC2 – Tor Powered Rust Command and Control Framework
https://www.darknet.org.uk/2025/06/onionc2-tor-powered-rust-command-and-control-framework/
Senator Chides FBI for Weak Advice on Mobile Security
https://krebsonsecurity.com/2025/06/senator-chides-fbi-for-weak-advice-on-mobile-security/
Canada suspends Hikvision operations over national security concerns
https://therecord.media/canada-suspends-hikvision-operations-national-security
C4 Bomb: Blowing Up Chrome’s AppBound Cookie Encryption
https://www.reddit.com/r/netsec/comments/1lod5nx/c4_bomb_blowing_up_chromes_appbound_cookie/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Comparing Semgrep Community and Code for Static Analysis
https://www.reddit.com/r/netsec/comments/1lo32y7/comparing_semgrep_community_and_code_for_static/
How Cybersecurity Fears Affect Confidence in Voting Systems
https://www.schneier.com/blog/archives/2025/06/cyberattacks-shake-voters-trust-in-elections.html
29th June – Threat Intelligence Report
https://research.checkpoint.com/2025/29th-june-threat-intelligence-report/
New free 7h OpenSecurityTraining2 class: "Fuzzing 1001: Introductory white-box fuzzing with AFL++" by Francesco Pollicino is now released
https://www.reddit.com/r/netsec/comments/1lo4kwu/new_free_7h_opensecuritytraining2_class_fuzzing/
Disgruntled British IT worker jailed for hacking employer after being suspended
https://therecord.media/uk-it-worker-jailed-hacking-former-employer
État de l’art sur le phishing Azure en 2025 (partie 1) – Device code flow
https://www.reddit.com/r/netsec/comments/1lo8r1y/état_de_lart_sur_le_phishing_azure_en_2025_partie/
OnionC2 – Tor Powered Rust Command and Control Framework
https://www.darknet.org.uk/2025/06/onionc2-tor-powered-rust-command-and-control-framework/
Senator Chides FBI for Weak Advice on Mobile Security
https://krebsonsecurity.com/2025/06/senator-chides-fbi-for-weak-advice-on-mobile-security/
Canada suspends Hikvision operations over national security concerns
https://therecord.media/canada-suspends-hikvision-operations-national-security
C4 Bomb: Blowing Up Chrome’s AppBound Cookie Encryption
https://www.reddit.com/r/netsec/comments/1lod5nx/c4_bomb_blowing_up_chromes_appbound_cookie/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Comparing Semgrep Community and Code for Static Analysis
Posted by nibblesec - 14 votes and 3 comments
Top Security News for Today
Critical Security Risks Facing COBOL Mainframes
https://www.tripwire.com/state-of-security/critical-security-risks-facing-cobol-mainframes
Iranian Blackout Affected Misinformation Campaigns
https://www.schneier.com/blog/archives/2025/07/iranian-blackout-affected-misinformation-campaigns.html
International Criminal Court targeted by new ‘sophisticated’ attack
https://therecord.media/international-criminal-court-cyberattack-2025
Spanish police arrest five over $542 million crypto investment scheme
https://therecord.media/spain-europol-cryptocurrency-investment-scheme-takedown
How we got persistent XSS on every AEM cloud site
https://www.reddit.com/r/netsec/comments/1lovolp/how_we_got_persistent_xss_on_every_aem_cloud_site/
Trump’s national cyber director nominee clears Senate committee
https://therecord.media/trump-national-cyber-director-pick-clears-senate-panel
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Critical Security Risks Facing COBOL Mainframes
https://www.tripwire.com/state-of-security/critical-security-risks-facing-cobol-mainframes
Iranian Blackout Affected Misinformation Campaigns
https://www.schneier.com/blog/archives/2025/07/iranian-blackout-affected-misinformation-campaigns.html
International Criminal Court targeted by new ‘sophisticated’ attack
https://therecord.media/international-criminal-court-cyberattack-2025
Spanish police arrest five over $542 million crypto investment scheme
https://therecord.media/spain-europol-cryptocurrency-investment-scheme-takedown
How we got persistent XSS on every AEM cloud site
https://www.reddit.com/r/netsec/comments/1lovolp/how_we_got_persistent_xss_on_every_aem_cloud_site/
Trump’s national cyber director nominee clears Senate committee
https://therecord.media/trump-national-cyber-director-pick-clears-senate-panel
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
5 Critical Security Risks Facing COBOL Mainframes
Discover COBOL’s critical role in legacy systems and the top 5 security risks threatening mainframe stability and data integrity.
Top Security News for Today
Ubuntu Disables Spectre/Meltdown Protections
https://www.schneier.com/blog/archives/2025/07/ubuntu-disables-spectre-meltdown-protections.html
From Web Dog's Perspective on OSEE — Advanced Windows Exploitation from 0.1
https://devco.re/blog/2025/07/02/webdog-view-on-osee-advanced-windows-exploitation-from-0.1/
French cybersecurity agency confirms government affected by Ivanti hacks
https://therecord.media/france-anssi-report-ivanti-bugs-exploited
"Schizophrenic" zip files. Different contents depending on your archive reader.
https://www.reddit.com/r/netsec/comments/1lpurc5/schizophrenic_zip_files_different_contents/
Ransomware gang attacks German charity that feeds starving children
https://therecord.media/welthungerhilfe-german-hunger-relief-charity-ransomware-attack
‘Significant’ amount of customer data accessed during cyberattack on Qantas airline
https://therecord.media/qantas-airline-data-breach
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Ubuntu Disables Spectre/Meltdown Protections
https://www.schneier.com/blog/archives/2025/07/ubuntu-disables-spectre-meltdown-protections.html
From Web Dog's Perspective on OSEE — Advanced Windows Exploitation from 0.1
https://devco.re/blog/2025/07/02/webdog-view-on-osee-advanced-windows-exploitation-from-0.1/
French cybersecurity agency confirms government affected by Ivanti hacks
https://therecord.media/france-anssi-report-ivanti-bugs-exploited
"Schizophrenic" zip files. Different contents depending on your archive reader.
https://www.reddit.com/r/netsec/comments/1lpurc5/schizophrenic_zip_files_different_contents/
Ransomware gang attacks German charity that feeds starving children
https://therecord.media/welthungerhilfe-german-hunger-relief-charity-ransomware-attack
‘Significant’ amount of customer data accessed during cyberattack on Qantas airline
https://therecord.media/qantas-airline-data-breach
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Ubuntu Disables Spectre/Meltdown Protections - Schneier on Security
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant…
Top Security News for Today
Surveillance Used by a Drug Cartel
https://www.schneier.com/blog/archives/2025/07/surveillance_used_by_a_drug_cartel.html
Hunters International ransomware group claims to be shutting down
https://therecord.media/hunters-international-ransomware-extortion-group-claims-shutdown
How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reddit.com/r/netsec/comments/1lqk78h/how_coinbases_400m_problem_started_in_an_indian/
Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure
https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks
Microsoft shuts down 3,000 email accounts created by North Korean IT workers
https://therecord.media/microsoft-shuts-down-3000-north-korea-it-worker-email
Interpol identifies West Africa as potential new hotspot for cybercrime compounds
https://therecord.media/interpol-west-africa-cybercrime-compounds
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Surveillance Used by a Drug Cartel
https://www.schneier.com/blog/archives/2025/07/surveillance_used_by_a_drug_cartel.html
Hunters International ransomware group claims to be shutting down
https://therecord.media/hunters-international-ransomware-extortion-group-claims-shutdown
How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reddit.com/r/netsec/comments/1lqk78h/how_coinbases_400m_problem_started_in_an_indian/
Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure
https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks
Microsoft shuts down 3,000 email accounts created by North Korean IT workers
https://therecord.media/microsoft-shuts-down-3000-north-korea-it-worker-email
Interpol identifies West Africa as potential new hotspot for cybercrime compounds
https://therecord.media/interpol-west-africa-cybercrime-compounds
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
Web Metadata search - search for headers, web apps, CMSs, and their versions
https://www.reddit.com/r/netsec/comments/1lr9c1q/web_metadata_search_search_for_headers_web_apps/
Estonia’s cyber ambassador on digitalization, punching upwards and outing GRU spies
https://therecord.media/estonia-cyber-ambassador-interview
CVE-2025-32462: sudo: LPE via host option
https://www.reddit.com/r/netsec/comments/1lrdqbu/cve202532462_sudo_lpe_via_host_option/
Friday Squid Blogging: How Squid Skin Distorts Light
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-how-squid-skin-distorts-light.html
MGC: A Compiler Framework Exploiting Compositional Blindness in Aligned LLMs for Malware Generation
https://arxiv.org/abs/2507.02057
Can Artificial Intelligence solve the blockchain oracle problem? Unpacking the Challenges and Possibilities
https://arxiv.org/abs/2507.02125
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1lrr23e/how_much_more_must_we_bleed_citrix_netscaler/
Tokyo Ghoul — TryHackMe CTF Walkthrough | Web Exploitation & Privilege Escalation
https://www.reddit.com/r/netsec/comments/1lrj974/tokyo_ghoul_tryhackme_ctf_walkthrough_web/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Web Metadata search - search for headers, web apps, CMSs, and their versions
https://www.reddit.com/r/netsec/comments/1lr9c1q/web_metadata_search_search_for_headers_web_apps/
Estonia’s cyber ambassador on digitalization, punching upwards and outing GRU spies
https://therecord.media/estonia-cyber-ambassador-interview
CVE-2025-32462: sudo: LPE via host option
https://www.reddit.com/r/netsec/comments/1lrdqbu/cve202532462_sudo_lpe_via_host_option/
Friday Squid Blogging: How Squid Skin Distorts Light
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-how-squid-skin-distorts-light.html
MGC: A Compiler Framework Exploiting Compositional Blindness in Aligned LLMs for Malware Generation
https://arxiv.org/abs/2507.02057
Can Artificial Intelligence solve the blockchain oracle problem? Unpacking the Challenges and Possibilities
https://arxiv.org/abs/2507.02125
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1lrr23e/how_much_more_must_we_bleed_citrix_netscaler/
Tokyo Ghoul — TryHackMe CTF Walkthrough | Web Exploitation & Privilege Escalation
https://www.reddit.com/r/netsec/comments/1lrj974/tokyo_ghoul_tryhackme_ctf_walkthrough_web/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Web Metadata search - search for headers, web apps, CMSs, and their versions
Posted by rmddos - 4 votes and 0 comments
Top Security News for Today
Schizophrenic ZIP file - Yet Another ZIP Trick Writeup
https://www.reddit.com/r/netsec/comments/1lt4dht/schizophrenic_zip_file_yet_another_zip_trick/
Help🙂🙏
https://www.reddit.com/r/lowlevel/comments/1lt9gsp/help/
This Linux boot flaw bypasses Secure Boot and full disk encryption but the fix is easy
https://www.reddit.com/r/netsec/comments/1lt9wgx/this_linux_boot_flaw_bypasses_secure_boot_and/
État de l’art sur le phishing Azure en 2025 (partie 2) – Étendre l’accès
https://www.reddit.com/r/netsec/comments/1ltcvcs/état_de_lart_sur_le_phishing_azure_en_2025_partie/
Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation
https://www.darknet.org.uk/2025/07/caracal-rust-ebpf-rootkit-for-stealthy-post-exploitation/
Aligning Software Security Practices with the EU CRA Requirements
https://www.tripwire.com/state-of-security/aligning-software-security-practices-eu-cra-requirements
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schizophrenic ZIP file - Yet Another ZIP Trick Writeup
https://www.reddit.com/r/netsec/comments/1lt4dht/schizophrenic_zip_file_yet_another_zip_trick/
Help🙂🙏
https://www.reddit.com/r/lowlevel/comments/1lt9gsp/help/
This Linux boot flaw bypasses Secure Boot and full disk encryption but the fix is easy
https://www.reddit.com/r/netsec/comments/1lt9wgx/this_linux_boot_flaw_bypasses_secure_boot_and/
État de l’art sur le phishing Azure en 2025 (partie 2) – Étendre l’accès
https://www.reddit.com/r/netsec/comments/1ltcvcs/état_de_lart_sur_le_phishing_azure_en_2025_partie/
Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation
https://www.darknet.org.uk/2025/07/caracal-rust-ebpf-rootkit-for-stealthy-post-exploitation/
Aligning Software Security Practices with the EU CRA Requirements
https://www.tripwire.com/state-of-security/aligning-software-security-practices-eu-cra-requirements
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Schizophrenic ZIP file - Yet Another ZIP Trick Writeup
Explore this post and more from the netsec community
Top Security News for Today
Batavia spyware steals data from Russian organizations
https://securelist.com/batavia-spyware-steals-data-from-russian-organizations/116866/
DEVCORE 2025 第八屆實習生計畫
https://devco.re/blog/2025/07/07/8th-internship-program-recruit/
6th July – Threat Intelligence Report
https://research.checkpoint.com/2025/6th-july-threat-intelligence-report/
BERT Ransomware Group Targets Asia and Europe on Multiple Platforms
https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html
Hiding Prompt Injections in Academic Papers
https://www.schneier.com/blog/archives/2025/07/hiding-prompt-injections-in-academic-papers.html
TikTok recruits senior UK privacy regulator as it battles fine and investigation
https://therecord.media/tiktok-uk-stephen-bonner-ico
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Batavia spyware steals data from Russian organizations
https://securelist.com/batavia-spyware-steals-data-from-russian-organizations/116866/
DEVCORE 2025 第八屆實習生計畫
https://devco.re/blog/2025/07/07/8th-internship-program-recruit/
6th July – Threat Intelligence Report
https://research.checkpoint.com/2025/6th-july-threat-intelligence-report/
BERT Ransomware Group Targets Asia and Europe on Multiple Platforms
https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html
Hiding Prompt Injections in Academic Papers
https://www.schneier.com/blog/archives/2025/07/hiding-prompt-injections-in-academic-papers.html
TikTok recruits senior UK privacy regulator as it battles fine and investigation
https://therecord.media/tiktok-uk-stephen-bonner-ico
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
How the Batavia spyware targeting Russian organizations works
Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices.
Top Security News for Today
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
https://securelist.com/zos-mainframe-pentesting-resource-access-control-facility/116873/
Lateral Movement with code execution in the context of active user sessions
https://www.reddit.com/r/netsec/comments/1lunnbw/lateral_movement_with_code_execution_in_the/
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)
https://www.reddit.com/r/netsec/comments/1luix11/abusing_windows_net_quirks_and_unicode/
[CVE-2025-32461] Tiki Wiki CMS Groupware <= 28.3 Two SSTI Vulnerabilities
https://www.reddit.com/r/netsec/comments/1lukohx/cve202532461_tiki_wiki_cms_groupware_283_two_ssti/
New Attack on TLS: Opossum attack
https://www.reddit.com/r/netsec/comments/1lunm8t/new_attack_on_tls_opossum_attack/
New spyware strain steals data from Russian industrial companies
https://therecord.media/spyware-strain-steals-data-russian-industrial-sector
Bitchat MITM Flaw
https://www.reddit.com/r/netsec/comments/1lus5jg/bitchat_mitm_flaw/
Iranian ransomware group offers bigger payouts for attacks on Israel, US
https://therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
https://securelist.com/zos-mainframe-pentesting-resource-access-control-facility/116873/
Lateral Movement with code execution in the context of active user sessions
https://www.reddit.com/r/netsec/comments/1lunnbw/lateral_movement_with_code_execution_in_the/
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)
https://www.reddit.com/r/netsec/comments/1luix11/abusing_windows_net_quirks_and_unicode/
[CVE-2025-32461] Tiki Wiki CMS Groupware <= 28.3 Two SSTI Vulnerabilities
https://www.reddit.com/r/netsec/comments/1lukohx/cve202532461_tiki_wiki_cms_groupware_283_two_ssti/
New Attack on TLS: Opossum attack
https://www.reddit.com/r/netsec/comments/1lunm8t/new_attack_on_tls_opossum_attack/
New spyware strain steals data from Russian industrial companies
https://therecord.media/spyware-strain-steals-data-russian-industrial-sector
Bitchat MITM Flaw
https://www.reddit.com/r/netsec/comments/1lus5jg/bitchat_mitm_flaw/
Iranian ransomware group offers bigger payouts for attacks on Israel, US
https://therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Deconstructing RACF in z/OS and uncovering security issues
We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.
Top Security News for Today
Yet Another Strava Privacy Leak
https://www.schneier.com/blog/archives/2025/07/yet-another-strava-privacy-leak.html
Fake CNN and BBC sites used to push investment scams
https://therecord.media/news-websites-faked-to-spread-investment-scams
Jack Dorsey Unveils Offline Messaging App ‘Bitchat’ with No Internet, Servers, or Accounts
https://www.reddit.com/r/netsec/comments/1lvk3j9/jack_dorsey_unveils_offline_messaging_app_bitchat/
French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe
https://therecord.media/french-intelligence-chief-russia-threat
Uncovering Privilege Escalation Bugs in Lenovo Vantage — Atredis Partners
https://www.reddit.com/r/netsec/comments/1lvmj5p/uncovering_privilege_escalation_bugs_in_lenovo/
Microsoft expands Zero Trust workshop to cover network, SecOps, and more
https://www.microsoft.com/en-us/security/blog/2025/07/09/microsoft-expands-zero-trust-workshop-to-cover-network-secops-and-more/
More than $40 million stolen from GMX crypto platform
https://therecord.media/gmx-exchange-cryptocurrency-stolen
Driver's license numbers, addresses leaked in 2024 bitcoin ATM company breach
https://therecord.media/bitcoin-depot-cryptocurrency-atm-company-data-breach
German court rules Meta tracking technology violates European privacy laws
https://www.reddit.com/r/netsec/comments/1lvmj5p/uncovering_privilege_escalation_bugs_in_lenovo/
You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough
https://bishopfox.com/blog/youre-pen-testing-ai-wrong-why-prompt-engineering-isnt-enough
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Yet Another Strava Privacy Leak
https://www.schneier.com/blog/archives/2025/07/yet-another-strava-privacy-leak.html
Fake CNN and BBC sites used to push investment scams
https://therecord.media/news-websites-faked-to-spread-investment-scams
Jack Dorsey Unveils Offline Messaging App ‘Bitchat’ with No Internet, Servers, or Accounts
https://www.reddit.com/r/netsec/comments/1lvk3j9/jack_dorsey_unveils_offline_messaging_app_bitchat/
French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe
https://therecord.media/french-intelligence-chief-russia-threat
Uncovering Privilege Escalation Bugs in Lenovo Vantage — Atredis Partners
https://www.reddit.com/r/netsec/comments/1lvmj5p/uncovering_privilege_escalation_bugs_in_lenovo/
Microsoft expands Zero Trust workshop to cover network, SecOps, and more
https://www.microsoft.com/en-us/security/blog/2025/07/09/microsoft-expands-zero-trust-workshop-to-cover-network-secops-and-more/
More than $40 million stolen from GMX crypto platform
https://therecord.media/gmx-exchange-cryptocurrency-stolen
Driver's license numbers, addresses leaked in 2024 bitcoin ATM company breach
https://therecord.media/bitcoin-depot-cryptocurrency-atm-company-data-breach
German court rules Meta tracking technology violates European privacy laws
https://www.reddit.com/r/netsec/comments/1lvmj5p/uncovering_privilege_escalation_bugs_in_lenovo/
You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough
https://bishopfox.com/blog/youre-pen-testing-ai-wrong-why-prompt-engineering-isnt-enough
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Yet Another Strava Privacy Leak - Schneier on Security
This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public?
Top Security News for Today
The GPS Leak No One Talked About: Uffizio’s Silent Exposure
https://reporter.deepspecter.com/the-gps-leak-no-one-talked-about-uffizios-silent-exposure-03b5dfb23556
Four arrested by UK police over ransomware attacks on M&S, Co-op and Harrods
https://therecord.media/uk-arrests-four-ransomware-ms-harrods-co-op
Code highlighting with Cursor AI for $500,000
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
Using Signal Groups for Activism
https://www.schneier.com/blog/archives/2025/07/using-signal-groups-for-activism.html
Iranian APTs increased activity against US industries in late spring, researchers say
https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025
Qantas says 5.7 million affected by breach, leaked info not enough to access frequent flyer accounts
https://therecord.media/qantas-airline-data-breach-frequent-flyer-numbers
The head of the California Privacy Protection Agency on the future of data privacy regulation
https://therecord.media/california-privacy-protection-agency-tom-kemp-interview
Russian basketball player arrested in France over alleged ransomware ties
https://therecord.media/russian-basketball-player-arrested-in-france-ransomware
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The GPS Leak No One Talked About: Uffizio’s Silent Exposure
https://reporter.deepspecter.com/the-gps-leak-no-one-talked-about-uffizios-silent-exposure-03b5dfb23556
Four arrested by UK police over ransomware attacks on M&S, Co-op and Harrods
https://therecord.media/uk-arrests-four-ransomware-ms-harrods-co-op
Code highlighting with Cursor AI for $500,000
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
Using Signal Groups for Activism
https://www.schneier.com/blog/archives/2025/07/using-signal-groups-for-activism.html
Iranian APTs increased activity against US industries in late spring, researchers say
https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025
Qantas says 5.7 million affected by breach, leaked info not enough to access frequent flyer accounts
https://therecord.media/qantas-airline-data-breach-frequent-flyer-numbers
The head of the California Privacy Protection Agency on the future of data privacy regulation
https://therecord.media/california-privacy-protection-agency-tom-kemp-interview
Russian basketball player arrested in France over alleged ransomware ties
https://therecord.media/russian-basketball-player-arrested-in-france-ransomware
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Medium
The GPS Leak No One Talked About: Uffizio’s Silent Exposure
Executive Summary
Top Security News for Today
Spain awards Huawei contracts to manage intelligence agency wiretaps
https://therecord.media/spain-awards-contracts-huawei-intelligence-agency-wiretaps
DeepSeek a threat to national security, warns Czech cyber agency
https://therecord.media/deepseek-security-czech-cyber-agency-warning
Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1lx360q/preauth_sql_injection_to_rce_fortinet_fortiweb/
Indonesia extradites Russian accused of selling personal data on Telegram
https://therecord.media/indonesia-extradites-russian-telegram-sale
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
https://therecord.media/cisa-orders-agencies-patch-citrix-bleed-2
Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment
https://therecord.media/hacker-returns-stolen-gmx-bounty
Airline executive agrees to dismiss litigation around alleged hack-for-hire scheme
https://therecord.media/airline-exec-agrees-to-dismiss-hack-for-hire-lawsuit
Albemarle latest Virginia county hit with ransomware
https://therecord.media/albemarle-virginia-ransomware-attack
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Spain awards Huawei contracts to manage intelligence agency wiretaps
https://therecord.media/spain-awards-contracts-huawei-intelligence-agency-wiretaps
DeepSeek a threat to national security, warns Czech cyber agency
https://therecord.media/deepseek-security-czech-cyber-agency-warning
Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1lx360q/preauth_sql_injection_to_rce_fortinet_fortiweb/
Indonesia extradites Russian accused of selling personal data on Telegram
https://therecord.media/indonesia-extradites-russian-telegram-sale
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
https://therecord.media/cisa-orders-agencies-patch-citrix-bleed-2
Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment
https://therecord.media/hacker-returns-stolen-gmx-bounty
Airline executive agrees to dismiss litigation around alleged hack-for-hire scheme
https://therecord.media/airline-exec-agrees-to-dismiss-hack-for-hire-lawsuit
Albemarle latest Virginia county hit with ransomware
https://therecord.media/albemarle-virginia-ransomware-attack
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Spain awards Huawei contracts to manage intelligence agency wiretaps
Huawei will manage and store judicially authorized wiretaps in Spain, under a contract that bucks the trend of Western governments restricting use of the Chinese tech company's products and services.
Top Security News for Today
錯過五年,我終於踏進 OSEE 的世界
https://devco.re/blog/2025/07/12/finally-stepping-into-the-world-of-osee-after-five-years/
EXP-401 課程 & 第二次考試心得
https://devco.re/blog/2025/07/11/exp-401-course-and-second-exam-thoughts/
I built a tool to track web exposure — screenshots, HTML/JS diff, and alerts
https://www.reddit.com/r/netsec/comments/1lxwhpd/i_built_a_tool_to_track_web_exposure_screenshots/
From Blind XSS to RCE: When Headers Became My Terminal
https://www.reddit.com/r/netsec/comments/1lyfkpu/from_blind_xss_to_rce_when_headers_became_my/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
錯過五年,我終於踏進 OSEE 的世界
https://devco.re/blog/2025/07/12/finally-stepping-into-the-world-of-osee-after-five-years/
EXP-401 課程 & 第二次考試心得
https://devco.re/blog/2025/07/11/exp-401-course-and-second-exam-thoughts/
I built a tool to track web exposure — screenshots, HTML/JS diff, and alerts
https://www.reddit.com/r/netsec/comments/1lxwhpd/i_built_a_tool_to_track_web_exposure_screenshots/
From Blind XSS to RCE: When Headers Became My Terminal
https://www.reddit.com/r/netsec/comments/1lyfkpu/from_blind_xss_to_rce_when_headers_became_my/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
DEVCORE 戴夫寇爾
錯過五年,我終於踏進 OSEE 的世界 | DEVCORE 戴夫寇爾
這邊主要是以平常有在碰 Windows 的人的角度出發。老實說,大約在 5 年前就對 OSEE 這張證照略有所聞,而當時也剛好開始學一些 Windows Pwn 的相關知識,出一些 CTF 題目給大家玩玩,順便增進 Windows 知識,當時也學了一些有關 Windows Kernel 的利用技巧,不過剛開時學時也處處碰壁,花了好一段時間才慢慢學會怎麼去好好搞一個 Windows Kernel Exploit。在得知有這張證照之後,便下定決心未來某一天一定要拿到這張證照。
Top Security News for Today
Historical Analysis of Reflected Vulnerabilities: The Evolution of Windows Defender Defenses
https://www.reddit.com/r/netsec/comments/1lyprla/historical_analysis_of_reflected_vulnerabilities/
LLM crawlers continue to DDoS SourceHut
https://www.reddit.com/r/netsec/comments/1lyoser/llm_crawlers_continue_to_ddos_sourcehut/
KongTuke FileFix Leads to New Interlock RAT Variant
https://www.reddit.com/r/netsec/comments/1lz9tg8/kongtuke_filefix_leads_to_new_interlock_rat/
[CVE-2024-58258] SugarCRM <=14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More
https://www.darknet.org.uk/2025/07/trevorspray-credential-spray-toolkit-for-azure-okta-owa-more/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Historical Analysis of Reflected Vulnerabilities: The Evolution of Windows Defender Defenses
https://www.reddit.com/r/netsec/comments/1lyprla/historical_analysis_of_reflected_vulnerabilities/
LLM crawlers continue to DDoS SourceHut
https://www.reddit.com/r/netsec/comments/1lyoser/llm_crawlers_continue_to_ddos_sourcehut/
KongTuke FileFix Leads to New Interlock RAT Variant
https://www.reddit.com/r/netsec/comments/1lz9tg8/kongtuke_filefix_leads_to_new_interlock_rat/
[CVE-2024-58258] SugarCRM <=14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More
https://www.darknet.org.uk/2025/07/trevorspray-credential-spray-toolkit-for-azure-okta-owa-more/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
[deleted by user] : r/netsec
549K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to…
Top Security News for Today
Revisiting automating MS-RPC vulnerability research and making the tool open source
https://www.reddit.com/r/netsec/comments/1lzh1t5/revisiting_automating_msrpc_vulnerability/
Forensic journey: Breaking down the UserAssist artifact structure
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/
Securing Against Phishing Beyond Email
https://www.tripwire.com/state-of-security/securing-against-phishing-beyond-email
Fooling the Sandbox: A Chrome-atic Escape
https://www.reddit.com/r/netsec/comments/1lzj3jt/fooling_the_sandbox_a_chromeatic_escape/
Romanian police arrest 13 scammers targeting UK’s tax authority
https://therecord.media/romania-arrests-tax-fraud-ring-britain-hmrc
14th July – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-july-threat-intelligence-report/
[CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
Watch the on-demand webinar: Shift left without the strain
https://portswigger.net/blog/watch-the-on-demand-webinar-shift-left-without-the-strain
Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra
https://www.microsoft.com/en-us/security/blog/2025/07/14/improving-it-efficiency-with-microsoft-security-copilot-in-microsoft-intune-and-microsoft-entra/
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Revisiting automating MS-RPC vulnerability research and making the tool open source
https://www.reddit.com/r/netsec/comments/1lzh1t5/revisiting_automating_msrpc_vulnerability/
Forensic journey: Breaking down the UserAssist artifact structure
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/
Securing Against Phishing Beyond Email
https://www.tripwire.com/state-of-security/securing-against-phishing-beyond-email
Fooling the Sandbox: A Chrome-atic Escape
https://www.reddit.com/r/netsec/comments/1lzj3jt/fooling_the_sandbox_a_chromeatic_escape/
Romanian police arrest 13 scammers targeting UK’s tax authority
https://therecord.media/romania-arrests-tax-fraud-ring-britain-hmrc
14th July – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-july-threat-intelligence-report/
[CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
Watch the on-demand webinar: Shift left without the strain
https://portswigger.net/blog/watch-the-on-demand-webinar-shift-left-without-the-strain
Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra
https://www.microsoft.com/en-us/security/blog/2025/07/14/improving-it-efficiency-with-microsoft-security-copilot-in-microsoft-intune-and-microsoft-entra/
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Revisiting automating MS-RPC vulnerability research and making the tool open source
Explore this post and more from the netsec community