Top Security News for Today
Critical Security Risks Facing COBOL Mainframes
https://www.tripwire.com/state-of-security/critical-security-risks-facing-cobol-mainframes
Iranian Blackout Affected Misinformation Campaigns
https://www.schneier.com/blog/archives/2025/07/iranian-blackout-affected-misinformation-campaigns.html
International Criminal Court targeted by new ‘sophisticated’ attack
https://therecord.media/international-criminal-court-cyberattack-2025
Spanish police arrest five over $542 million crypto investment scheme
https://therecord.media/spain-europol-cryptocurrency-investment-scheme-takedown
How we got persistent XSS on every AEM cloud site
https://www.reddit.com/r/netsec/comments/1lovolp/how_we_got_persistent_xss_on_every_aem_cloud_site/
Trump’s national cyber director nominee clears Senate committee
https://therecord.media/trump-national-cyber-director-pick-clears-senate-panel
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Critical Security Risks Facing COBOL Mainframes
https://www.tripwire.com/state-of-security/critical-security-risks-facing-cobol-mainframes
Iranian Blackout Affected Misinformation Campaigns
https://www.schneier.com/blog/archives/2025/07/iranian-blackout-affected-misinformation-campaigns.html
International Criminal Court targeted by new ‘sophisticated’ attack
https://therecord.media/international-criminal-court-cyberattack-2025
Spanish police arrest five over $542 million crypto investment scheme
https://therecord.media/spain-europol-cryptocurrency-investment-scheme-takedown
How we got persistent XSS on every AEM cloud site
https://www.reddit.com/r/netsec/comments/1lovolp/how_we_got_persistent_xss_on_every_aem_cloud_site/
Trump’s national cyber director nominee clears Senate committee
https://therecord.media/trump-national-cyber-director-pick-clears-senate-panel
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tripwire
5 Critical Security Risks Facing COBOL Mainframes
Discover COBOL’s critical role in legacy systems and the top 5 security risks threatening mainframe stability and data integrity.
Top Security News for Today
Ubuntu Disables Spectre/Meltdown Protections
https://www.schneier.com/blog/archives/2025/07/ubuntu-disables-spectre-meltdown-protections.html
From Web Dog's Perspective on OSEE — Advanced Windows Exploitation from 0.1
https://devco.re/blog/2025/07/02/webdog-view-on-osee-advanced-windows-exploitation-from-0.1/
French cybersecurity agency confirms government affected by Ivanti hacks
https://therecord.media/france-anssi-report-ivanti-bugs-exploited
"Schizophrenic" zip files. Different contents depending on your archive reader.
https://www.reddit.com/r/netsec/comments/1lpurc5/schizophrenic_zip_files_different_contents/
Ransomware gang attacks German charity that feeds starving children
https://therecord.media/welthungerhilfe-german-hunger-relief-charity-ransomware-attack
‘Significant’ amount of customer data accessed during cyberattack on Qantas airline
https://therecord.media/qantas-airline-data-breach
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Ubuntu Disables Spectre/Meltdown Protections
https://www.schneier.com/blog/archives/2025/07/ubuntu-disables-spectre-meltdown-protections.html
From Web Dog's Perspective on OSEE — Advanced Windows Exploitation from 0.1
https://devco.re/blog/2025/07/02/webdog-view-on-osee-advanced-windows-exploitation-from-0.1/
French cybersecurity agency confirms government affected by Ivanti hacks
https://therecord.media/france-anssi-report-ivanti-bugs-exploited
"Schizophrenic" zip files. Different contents depending on your archive reader.
https://www.reddit.com/r/netsec/comments/1lpurc5/schizophrenic_zip_files_different_contents/
Ransomware gang attacks German charity that feeds starving children
https://therecord.media/welthungerhilfe-german-hunger-relief-charity-ransomware-attack
‘Significant’ amount of customer data accessed during cyberattack on Qantas airline
https://therecord.media/qantas-airline-data-breach
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Ubuntu Disables Spectre/Meltdown Protections - Schneier on Security
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant…
Top Security News for Today
Surveillance Used by a Drug Cartel
https://www.schneier.com/blog/archives/2025/07/surveillance_used_by_a_drug_cartel.html
Hunters International ransomware group claims to be shutting down
https://therecord.media/hunters-international-ransomware-extortion-group-claims-shutdown
How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reddit.com/r/netsec/comments/1lqk78h/how_coinbases_400m_problem_started_in_an_indian/
Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure
https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks
Microsoft shuts down 3,000 email accounts created by North Korean IT workers
https://therecord.media/microsoft-shuts-down-3000-north-korea-it-worker-email
Interpol identifies West Africa as potential new hotspot for cybercrime compounds
https://therecord.media/interpol-west-africa-cybercrime-compounds
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Surveillance Used by a Drug Cartel
https://www.schneier.com/blog/archives/2025/07/surveillance_used_by_a_drug_cartel.html
Hunters International ransomware group claims to be shutting down
https://therecord.media/hunters-international-ransomware-extortion-group-claims-shutdown
How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reddit.com/r/netsec/comments/1lqk78h/how_coinbases_400m_problem_started_in_an_indian/
Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure
https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks
Microsoft shuts down 3,000 email accounts created by North Korean IT workers
https://therecord.media/microsoft-shuts-down-3000-north-korea-it-worker-email
Interpol identifies West Africa as potential new hotspot for cybercrime compounds
https://therecord.media/interpol-west-africa-cybercrime-compounds
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
Web Metadata search - search for headers, web apps, CMSs, and their versions
https://www.reddit.com/r/netsec/comments/1lr9c1q/web_metadata_search_search_for_headers_web_apps/
Estonia’s cyber ambassador on digitalization, punching upwards and outing GRU spies
https://therecord.media/estonia-cyber-ambassador-interview
CVE-2025-32462: sudo: LPE via host option
https://www.reddit.com/r/netsec/comments/1lrdqbu/cve202532462_sudo_lpe_via_host_option/
Friday Squid Blogging: How Squid Skin Distorts Light
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-how-squid-skin-distorts-light.html
MGC: A Compiler Framework Exploiting Compositional Blindness in Aligned LLMs for Malware Generation
https://arxiv.org/abs/2507.02057
Can Artificial Intelligence solve the blockchain oracle problem? Unpacking the Challenges and Possibilities
https://arxiv.org/abs/2507.02125
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1lrr23e/how_much_more_must_we_bleed_citrix_netscaler/
Tokyo Ghoul — TryHackMe CTF Walkthrough | Web Exploitation & Privilege Escalation
https://www.reddit.com/r/netsec/comments/1lrj974/tokyo_ghoul_tryhackme_ctf_walkthrough_web/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Web Metadata search - search for headers, web apps, CMSs, and their versions
https://www.reddit.com/r/netsec/comments/1lr9c1q/web_metadata_search_search_for_headers_web_apps/
Estonia’s cyber ambassador on digitalization, punching upwards and outing GRU spies
https://therecord.media/estonia-cyber-ambassador-interview
CVE-2025-32462: sudo: LPE via host option
https://www.reddit.com/r/netsec/comments/1lrdqbu/cve202532462_sudo_lpe_via_host_option/
Friday Squid Blogging: How Squid Skin Distorts Light
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-how-squid-skin-distorts-light.html
MGC: A Compiler Framework Exploiting Compositional Blindness in Aligned LLMs for Malware Generation
https://arxiv.org/abs/2507.02057
Can Artificial Intelligence solve the blockchain oracle problem? Unpacking the Challenges and Possibilities
https://arxiv.org/abs/2507.02125
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1lrr23e/how_much_more_must_we_bleed_citrix_netscaler/
Tokyo Ghoul — TryHackMe CTF Walkthrough | Web Exploitation & Privilege Escalation
https://www.reddit.com/r/netsec/comments/1lrj974/tokyo_ghoul_tryhackme_ctf_walkthrough_web/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Web Metadata search - search for headers, web apps, CMSs, and their versions
Posted by rmddos - 4 votes and 0 comments
Top Security News for Today
Schizophrenic ZIP file - Yet Another ZIP Trick Writeup
https://www.reddit.com/r/netsec/comments/1lt4dht/schizophrenic_zip_file_yet_another_zip_trick/
Help🙂🙏
https://www.reddit.com/r/lowlevel/comments/1lt9gsp/help/
This Linux boot flaw bypasses Secure Boot and full disk encryption but the fix is easy
https://www.reddit.com/r/netsec/comments/1lt9wgx/this_linux_boot_flaw_bypasses_secure_boot_and/
État de l’art sur le phishing Azure en 2025 (partie 2) – Étendre l’accès
https://www.reddit.com/r/netsec/comments/1ltcvcs/état_de_lart_sur_le_phishing_azure_en_2025_partie/
Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation
https://www.darknet.org.uk/2025/07/caracal-rust-ebpf-rootkit-for-stealthy-post-exploitation/
Aligning Software Security Practices with the EU CRA Requirements
https://www.tripwire.com/state-of-security/aligning-software-security-practices-eu-cra-requirements
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schizophrenic ZIP file - Yet Another ZIP Trick Writeup
https://www.reddit.com/r/netsec/comments/1lt4dht/schizophrenic_zip_file_yet_another_zip_trick/
Help🙂🙏
https://www.reddit.com/r/lowlevel/comments/1lt9gsp/help/
This Linux boot flaw bypasses Secure Boot and full disk encryption but the fix is easy
https://www.reddit.com/r/netsec/comments/1lt9wgx/this_linux_boot_flaw_bypasses_secure_boot_and/
État de l’art sur le phishing Azure en 2025 (partie 2) – Étendre l’accès
https://www.reddit.com/r/netsec/comments/1ltcvcs/état_de_lart_sur_le_phishing_azure_en_2025_partie/
Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation
https://www.darknet.org.uk/2025/07/caracal-rust-ebpf-rootkit-for-stealthy-post-exploitation/
Aligning Software Security Practices with the EU CRA Requirements
https://www.tripwire.com/state-of-security/aligning-software-security-practices-eu-cra-requirements
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Schizophrenic ZIP file - Yet Another ZIP Trick Writeup
Explore this post and more from the netsec community
Top Security News for Today
Batavia spyware steals data from Russian organizations
https://securelist.com/batavia-spyware-steals-data-from-russian-organizations/116866/
DEVCORE 2025 第八屆實習生計畫
https://devco.re/blog/2025/07/07/8th-internship-program-recruit/
6th July – Threat Intelligence Report
https://research.checkpoint.com/2025/6th-july-threat-intelligence-report/
BERT Ransomware Group Targets Asia and Europe on Multiple Platforms
https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html
Hiding Prompt Injections in Academic Papers
https://www.schneier.com/blog/archives/2025/07/hiding-prompt-injections-in-academic-papers.html
TikTok recruits senior UK privacy regulator as it battles fine and investigation
https://therecord.media/tiktok-uk-stephen-bonner-ico
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Batavia spyware steals data from Russian organizations
https://securelist.com/batavia-spyware-steals-data-from-russian-organizations/116866/
DEVCORE 2025 第八屆實習生計畫
https://devco.re/blog/2025/07/07/8th-internship-program-recruit/
6th July – Threat Intelligence Report
https://research.checkpoint.com/2025/6th-july-threat-intelligence-report/
BERT Ransomware Group Targets Asia and Europe on Multiple Platforms
https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html
Hiding Prompt Injections in Academic Papers
https://www.schneier.com/blog/archives/2025/07/hiding-prompt-injections-in-academic-papers.html
TikTok recruits senior UK privacy regulator as it battles fine and investigation
https://therecord.media/tiktok-uk-stephen-bonner-ico
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
How the Batavia spyware targeting Russian organizations works
Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices.
Top Security News for Today
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
https://securelist.com/zos-mainframe-pentesting-resource-access-control-facility/116873/
Lateral Movement with code execution in the context of active user sessions
https://www.reddit.com/r/netsec/comments/1lunnbw/lateral_movement_with_code_execution_in_the/
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)
https://www.reddit.com/r/netsec/comments/1luix11/abusing_windows_net_quirks_and_unicode/
[CVE-2025-32461] Tiki Wiki CMS Groupware <= 28.3 Two SSTI Vulnerabilities
https://www.reddit.com/r/netsec/comments/1lukohx/cve202532461_tiki_wiki_cms_groupware_283_two_ssti/
New Attack on TLS: Opossum attack
https://www.reddit.com/r/netsec/comments/1lunm8t/new_attack_on_tls_opossum_attack/
New spyware strain steals data from Russian industrial companies
https://therecord.media/spyware-strain-steals-data-russian-industrial-sector
Bitchat MITM Flaw
https://www.reddit.com/r/netsec/comments/1lus5jg/bitchat_mitm_flaw/
Iranian ransomware group offers bigger payouts for attacks on Israel, US
https://therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
https://securelist.com/zos-mainframe-pentesting-resource-access-control-facility/116873/
Lateral Movement with code execution in the context of active user sessions
https://www.reddit.com/r/netsec/comments/1lunnbw/lateral_movement_with_code_execution_in_the/
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)
https://www.reddit.com/r/netsec/comments/1luix11/abusing_windows_net_quirks_and_unicode/
[CVE-2025-32461] Tiki Wiki CMS Groupware <= 28.3 Two SSTI Vulnerabilities
https://www.reddit.com/r/netsec/comments/1lukohx/cve202532461_tiki_wiki_cms_groupware_283_two_ssti/
New Attack on TLS: Opossum attack
https://www.reddit.com/r/netsec/comments/1lunm8t/new_attack_on_tls_opossum_attack/
New spyware strain steals data from Russian industrial companies
https://therecord.media/spyware-strain-steals-data-russian-industrial-sector
Bitchat MITM Flaw
https://www.reddit.com/r/netsec/comments/1lus5jg/bitchat_mitm_flaw/
Iranian ransomware group offers bigger payouts for attacks on Israel, US
https://therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Deconstructing RACF in z/OS and uncovering security issues
We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.
Top Security News for Today
Yet Another Strava Privacy Leak
https://www.schneier.com/blog/archives/2025/07/yet-another-strava-privacy-leak.html
Fake CNN and BBC sites used to push investment scams
https://therecord.media/news-websites-faked-to-spread-investment-scams
Jack Dorsey Unveils Offline Messaging App ‘Bitchat’ with No Internet, Servers, or Accounts
https://www.reddit.com/r/netsec/comments/1lvk3j9/jack_dorsey_unveils_offline_messaging_app_bitchat/
French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe
https://therecord.media/french-intelligence-chief-russia-threat
Uncovering Privilege Escalation Bugs in Lenovo Vantage — Atredis Partners
https://www.reddit.com/r/netsec/comments/1lvmj5p/uncovering_privilege_escalation_bugs_in_lenovo/
Microsoft expands Zero Trust workshop to cover network, SecOps, and more
https://www.microsoft.com/en-us/security/blog/2025/07/09/microsoft-expands-zero-trust-workshop-to-cover-network-secops-and-more/
More than $40 million stolen from GMX crypto platform
https://therecord.media/gmx-exchange-cryptocurrency-stolen
Driver's license numbers, addresses leaked in 2024 bitcoin ATM company breach
https://therecord.media/bitcoin-depot-cryptocurrency-atm-company-data-breach
German court rules Meta tracking technology violates European privacy laws
https://www.reddit.com/r/netsec/comments/1lvmj5p/uncovering_privilege_escalation_bugs_in_lenovo/
You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough
https://bishopfox.com/blog/youre-pen-testing-ai-wrong-why-prompt-engineering-isnt-enough
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Yet Another Strava Privacy Leak
https://www.schneier.com/blog/archives/2025/07/yet-another-strava-privacy-leak.html
Fake CNN and BBC sites used to push investment scams
https://therecord.media/news-websites-faked-to-spread-investment-scams
Jack Dorsey Unveils Offline Messaging App ‘Bitchat’ with No Internet, Servers, or Accounts
https://www.reddit.com/r/netsec/comments/1lvk3j9/jack_dorsey_unveils_offline_messaging_app_bitchat/
French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe
https://therecord.media/french-intelligence-chief-russia-threat
Uncovering Privilege Escalation Bugs in Lenovo Vantage — Atredis Partners
https://www.reddit.com/r/netsec/comments/1lvmj5p/uncovering_privilege_escalation_bugs_in_lenovo/
Microsoft expands Zero Trust workshop to cover network, SecOps, and more
https://www.microsoft.com/en-us/security/blog/2025/07/09/microsoft-expands-zero-trust-workshop-to-cover-network-secops-and-more/
More than $40 million stolen from GMX crypto platform
https://therecord.media/gmx-exchange-cryptocurrency-stolen
Driver's license numbers, addresses leaked in 2024 bitcoin ATM company breach
https://therecord.media/bitcoin-depot-cryptocurrency-atm-company-data-breach
German court rules Meta tracking technology violates European privacy laws
https://www.reddit.com/r/netsec/comments/1lvmj5p/uncovering_privilege_escalation_bugs_in_lenovo/
You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough
https://bishopfox.com/blog/youre-pen-testing-ai-wrong-why-prompt-engineering-isnt-enough
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Yet Another Strava Privacy Leak - Schneier on Security
This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public?
Top Security News for Today
The GPS Leak No One Talked About: Uffizio’s Silent Exposure
https://reporter.deepspecter.com/the-gps-leak-no-one-talked-about-uffizios-silent-exposure-03b5dfb23556
Four arrested by UK police over ransomware attacks on M&S, Co-op and Harrods
https://therecord.media/uk-arrests-four-ransomware-ms-harrods-co-op
Code highlighting with Cursor AI for $500,000
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
Using Signal Groups for Activism
https://www.schneier.com/blog/archives/2025/07/using-signal-groups-for-activism.html
Iranian APTs increased activity against US industries in late spring, researchers say
https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025
Qantas says 5.7 million affected by breach, leaked info not enough to access frequent flyer accounts
https://therecord.media/qantas-airline-data-breach-frequent-flyer-numbers
The head of the California Privacy Protection Agency on the future of data privacy regulation
https://therecord.media/california-privacy-protection-agency-tom-kemp-interview
Russian basketball player arrested in France over alleged ransomware ties
https://therecord.media/russian-basketball-player-arrested-in-france-ransomware
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The GPS Leak No One Talked About: Uffizio’s Silent Exposure
https://reporter.deepspecter.com/the-gps-leak-no-one-talked-about-uffizios-silent-exposure-03b5dfb23556
Four arrested by UK police over ransomware attacks on M&S, Co-op and Harrods
https://therecord.media/uk-arrests-four-ransomware-ms-harrods-co-op
Code highlighting with Cursor AI for $500,000
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
Using Signal Groups for Activism
https://www.schneier.com/blog/archives/2025/07/using-signal-groups-for-activism.html
Iranian APTs increased activity against US industries in late spring, researchers say
https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025
Qantas says 5.7 million affected by breach, leaked info not enough to access frequent flyer accounts
https://therecord.media/qantas-airline-data-breach-frequent-flyer-numbers
The head of the California Privacy Protection Agency on the future of data privacy regulation
https://therecord.media/california-privacy-protection-agency-tom-kemp-interview
Russian basketball player arrested in France over alleged ransomware ties
https://therecord.media/russian-basketball-player-arrested-in-france-ransomware
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Medium
The GPS Leak No One Talked About: Uffizio’s Silent Exposure
Executive Summary
Top Security News for Today
Spain awards Huawei contracts to manage intelligence agency wiretaps
https://therecord.media/spain-awards-contracts-huawei-intelligence-agency-wiretaps
DeepSeek a threat to national security, warns Czech cyber agency
https://therecord.media/deepseek-security-czech-cyber-agency-warning
Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1lx360q/preauth_sql_injection_to_rce_fortinet_fortiweb/
Indonesia extradites Russian accused of selling personal data on Telegram
https://therecord.media/indonesia-extradites-russian-telegram-sale
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
https://therecord.media/cisa-orders-agencies-patch-citrix-bleed-2
Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment
https://therecord.media/hacker-returns-stolen-gmx-bounty
Airline executive agrees to dismiss litigation around alleged hack-for-hire scheme
https://therecord.media/airline-exec-agrees-to-dismiss-hack-for-hire-lawsuit
Albemarle latest Virginia county hit with ransomware
https://therecord.media/albemarle-virginia-ransomware-attack
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Spain awards Huawei contracts to manage intelligence agency wiretaps
https://therecord.media/spain-awards-contracts-huawei-intelligence-agency-wiretaps
DeepSeek a threat to national security, warns Czech cyber agency
https://therecord.media/deepseek-security-czech-cyber-agency-warning
Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1lx360q/preauth_sql_injection_to_rce_fortinet_fortiweb/
Indonesia extradites Russian accused of selling personal data on Telegram
https://therecord.media/indonesia-extradites-russian-telegram-sale
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
https://therecord.media/cisa-orders-agencies-patch-citrix-bleed-2
Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment
https://therecord.media/hacker-returns-stolen-gmx-bounty
Airline executive agrees to dismiss litigation around alleged hack-for-hire scheme
https://therecord.media/airline-exec-agrees-to-dismiss-hack-for-hire-lawsuit
Albemarle latest Virginia county hit with ransomware
https://therecord.media/albemarle-virginia-ransomware-attack
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Spain awards Huawei contracts to manage intelligence agency wiretaps
Huawei will manage and store judicially authorized wiretaps in Spain, under a contract that bucks the trend of Western governments restricting use of the Chinese tech company's products and services.
Top Security News for Today
錯過五年,我終於踏進 OSEE 的世界
https://devco.re/blog/2025/07/12/finally-stepping-into-the-world-of-osee-after-five-years/
EXP-401 課程 & 第二次考試心得
https://devco.re/blog/2025/07/11/exp-401-course-and-second-exam-thoughts/
I built a tool to track web exposure — screenshots, HTML/JS diff, and alerts
https://www.reddit.com/r/netsec/comments/1lxwhpd/i_built_a_tool_to_track_web_exposure_screenshots/
From Blind XSS to RCE: When Headers Became My Terminal
https://www.reddit.com/r/netsec/comments/1lyfkpu/from_blind_xss_to_rce_when_headers_became_my/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
錯過五年,我終於踏進 OSEE 的世界
https://devco.re/blog/2025/07/12/finally-stepping-into-the-world-of-osee-after-five-years/
EXP-401 課程 & 第二次考試心得
https://devco.re/blog/2025/07/11/exp-401-course-and-second-exam-thoughts/
I built a tool to track web exposure — screenshots, HTML/JS diff, and alerts
https://www.reddit.com/r/netsec/comments/1lxwhpd/i_built_a_tool_to_track_web_exposure_screenshots/
From Blind XSS to RCE: When Headers Became My Terminal
https://www.reddit.com/r/netsec/comments/1lyfkpu/from_blind_xss_to_rce_when_headers_became_my/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
DEVCORE 戴夫寇爾
錯過五年,我終於踏進 OSEE 的世界 | DEVCORE 戴夫寇爾
這邊主要是以平常有在碰 Windows 的人的角度出發。老實說,大約在 5 年前就對 OSEE 這張證照略有所聞,而當時也剛好開始學一些 Windows Pwn 的相關知識,出一些 CTF 題目給大家玩玩,順便增進 Windows 知識,當時也學了一些有關 Windows Kernel 的利用技巧,不過剛開時學時也處處碰壁,花了好一段時間才慢慢學會怎麼去好好搞一個 Windows Kernel Exploit。在得知有這張證照之後,便下定決心未來某一天一定要拿到這張證照。
Top Security News for Today
Historical Analysis of Reflected Vulnerabilities: The Evolution of Windows Defender Defenses
https://www.reddit.com/r/netsec/comments/1lyprla/historical_analysis_of_reflected_vulnerabilities/
LLM crawlers continue to DDoS SourceHut
https://www.reddit.com/r/netsec/comments/1lyoser/llm_crawlers_continue_to_ddos_sourcehut/
KongTuke FileFix Leads to New Interlock RAT Variant
https://www.reddit.com/r/netsec/comments/1lz9tg8/kongtuke_filefix_leads_to_new_interlock_rat/
[CVE-2024-58258] SugarCRM <=14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More
https://www.darknet.org.uk/2025/07/trevorspray-credential-spray-toolkit-for-azure-okta-owa-more/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Historical Analysis of Reflected Vulnerabilities: The Evolution of Windows Defender Defenses
https://www.reddit.com/r/netsec/comments/1lyprla/historical_analysis_of_reflected_vulnerabilities/
LLM crawlers continue to DDoS SourceHut
https://www.reddit.com/r/netsec/comments/1lyoser/llm_crawlers_continue_to_ddos_sourcehut/
KongTuke FileFix Leads to New Interlock RAT Variant
https://www.reddit.com/r/netsec/comments/1lz9tg8/kongtuke_filefix_leads_to_new_interlock_rat/
[CVE-2024-58258] SugarCRM <=14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More
https://www.darknet.org.uk/2025/07/trevorspray-credential-spray-toolkit-for-azure-okta-owa-more/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
[deleted by user] : r/netsec
549K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to…
Top Security News for Today
Revisiting automating MS-RPC vulnerability research and making the tool open source
https://www.reddit.com/r/netsec/comments/1lzh1t5/revisiting_automating_msrpc_vulnerability/
Forensic journey: Breaking down the UserAssist artifact structure
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/
Securing Against Phishing Beyond Email
https://www.tripwire.com/state-of-security/securing-against-phishing-beyond-email
Fooling the Sandbox: A Chrome-atic Escape
https://www.reddit.com/r/netsec/comments/1lzj3jt/fooling_the_sandbox_a_chromeatic_escape/
Romanian police arrest 13 scammers targeting UK’s tax authority
https://therecord.media/romania-arrests-tax-fraud-ring-britain-hmrc
14th July – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-july-threat-intelligence-report/
[CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
Watch the on-demand webinar: Shift left without the strain
https://portswigger.net/blog/watch-the-on-demand-webinar-shift-left-without-the-strain
Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra
https://www.microsoft.com/en-us/security/blog/2025/07/14/improving-it-efficiency-with-microsoft-security-copilot-in-microsoft-intune-and-microsoft-entra/
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Revisiting automating MS-RPC vulnerability research and making the tool open source
https://www.reddit.com/r/netsec/comments/1lzh1t5/revisiting_automating_msrpc_vulnerability/
Forensic journey: Breaking down the UserAssist artifact structure
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/
Securing Against Phishing Beyond Email
https://www.tripwire.com/state-of-security/securing-against-phishing-beyond-email
Fooling the Sandbox: A Chrome-atic Escape
https://www.reddit.com/r/netsec/comments/1lzj3jt/fooling_the_sandbox_a_chromeatic_escape/
Romanian police arrest 13 scammers targeting UK’s tax authority
https://therecord.media/romania-arrests-tax-fraud-ring-britain-hmrc
14th July – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-july-threat-intelligence-report/
[CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
Watch the on-demand webinar: Shift left without the strain
https://portswigger.net/blog/watch-the-on-demand-webinar-shift-left-without-the-strain
Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra
https://www.microsoft.com/en-us/security/blog/2025/07/14/improving-it-efficiency-with-microsoft-security-copilot-in-microsoft-intune-and-microsoft-entra/
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Revisiting automating MS-RPC vulnerability research and making the tool open source
Explore this post and more from the netsec community
Top Security News for Today
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches
https://therecord.media/louis-vuitton-says-customers-impacted-by-data-breaches
CISA's NIMBUS 2000 Initiative: Understanding Key Findings and Strengthening Cloud Identity Security
https://www.trendmicro.com/en_us/research/25/g/nimbus-2000-initiative-findings.html
NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure
https://therecord.media/china-typhoon-hackers-nsa-fbi-response
Google says ‘Big Sleep’ AI tool found bug hackers planned to use
https://therecord.media/google-big-sleep-ai-tool-found-bug
Homebrew Malware Campaign
https://www.reddit.com/r/netsec/comments/1m0i0cw/homebrew_malware_campaign/
Weaponizing Windows Drivers: A Hacker's Guide for Beginners
https://www.reddit.com/r/netsec/comments/1m0h8np/weaponizing_windows_drivers_a_hackers_guide_for/
RAG Safety: Exploring Knowledge Poisoning Attacks to Retrieval-Augmented Generation
https://arxiv.org/abs/2507.08862
Tangma: A Tanh-Guided Activation Function with Learnable Parameters
https://arxiv.org/abs/2507.10560
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches
https://therecord.media/louis-vuitton-says-customers-impacted-by-data-breaches
CISA's NIMBUS 2000 Initiative: Understanding Key Findings and Strengthening Cloud Identity Security
https://www.trendmicro.com/en_us/research/25/g/nimbus-2000-initiative-findings.html
NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure
https://therecord.media/china-typhoon-hackers-nsa-fbi-response
Google says ‘Big Sleep’ AI tool found bug hackers planned to use
https://therecord.media/google-big-sleep-ai-tool-found-bug
Homebrew Malware Campaign
https://www.reddit.com/r/netsec/comments/1m0i0cw/homebrew_malware_campaign/
Weaponizing Windows Drivers: A Hacker's Guide for Beginners
https://www.reddit.com/r/netsec/comments/1m0h8np/weaponizing_windows_drivers_a_hackers_guide_for/
RAG Safety: Exploring Knowledge Poisoning Attacks to Retrieval-Augmented Generation
https://arxiv.org/abs/2507.08862
Tangma: A Tanh-Guided Activation Function with Learnable Parameters
https://arxiv.org/abs/2507.10560
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite…
Explore this post and more from the netsec community
Top Security News for Today
Code Execution Through Email: How I Used Claude to Hack Itself
https://www.reddit.com/r/netsec/comments/1m17ec3/code_execution_through_email_how_i_used_claude_to/
Does Your Organization Need Deepfake Defenses?
https://www.tripwire.com/state-of-security/does-your-organization-need-deepfake-defenses
Enterprise RAID Data Recovery Solution – Comprehensive Technical Evaluation
https://www.reddit.com/r/netsec/comments/1m17ent/enterprise_raid_data_recovery_solution/
21-year-old former US soldier pleads guilty to hacking, extorting telecoms
https://therecord.media/cameron-john-wagenius-former-us-soldier-guilty-plea-hacking
Ukraine-aligned hackers claim cyberattack on major Russian drone supplier
https://therecord.media/ukraine-hackers-claim-attack-russia-gaskar-group-drone-maker
Senate panel passes Intelligence Authorization Act that takes aim at telecom hacks
https://therecord.media/senate-panel-passes-intel-act-salt-typhoon-china
PSA: CrystalDiskInfo & CrystalDiskMark now embeds adwares /!\
https://www.reddit.com/r/netsec/comments/1m19cp1/psa_crystaldiskinfo_crystaldiskmark_now_embeds/
New MITRE framework takes aim at crypto threats
https://www.reddit.com/r/netsec/comments/1m1b46y/new_mitre_framework_takes_aim_at_crypto_threats/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Code Execution Through Email: How I Used Claude to Hack Itself
https://www.reddit.com/r/netsec/comments/1m17ec3/code_execution_through_email_how_i_used_claude_to/
Does Your Organization Need Deepfake Defenses?
https://www.tripwire.com/state-of-security/does-your-organization-need-deepfake-defenses
Enterprise RAID Data Recovery Solution – Comprehensive Technical Evaluation
https://www.reddit.com/r/netsec/comments/1m17ent/enterprise_raid_data_recovery_solution/
21-year-old former US soldier pleads guilty to hacking, extorting telecoms
https://therecord.media/cameron-john-wagenius-former-us-soldier-guilty-plea-hacking
Ukraine-aligned hackers claim cyberattack on major Russian drone supplier
https://therecord.media/ukraine-hackers-claim-attack-russia-gaskar-group-drone-maker
Senate panel passes Intelligence Authorization Act that takes aim at telecom hacks
https://therecord.media/senate-panel-passes-intel-act-salt-typhoon-china
PSA: CrystalDiskInfo & CrystalDiskMark now embeds adwares /!\
https://www.reddit.com/r/netsec/comments/1m19cp1/psa_crystaldiskinfo_crystaldiskmark_now_embeds/
New MITRE framework takes aim at crypto threats
https://www.reddit.com/r/netsec/comments/1m1b46y/new_mitre_framework_takes_aim_at_crypto_threats/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Code Execution Through Email: How I Used Claude to Hack Itself
Explore this post and more from the netsec community
Top Security News for Today
Security Vulnerabilities in ICEBlock
https://www.schneier.com/blog/archives/2025/07/security-vulnerabilities-in-iceblock.html
Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks
https://therecord.media/chainalysis-crypto-stolen-billions
Automated Function ID Database Generation in Ghidra on Windows
https://www.reddit.com/r/netsec/comments/1m254kt/automated_function_id_database_generation_in/
FCC wants to ban Chinese tech from undersea cables
https://therecord.media/fcc-plans-to-ban-chinese-tech-undersea-cables
Bypassing root detection and RASP in sensitive Android apps
https://www.reddit.com/r/netsec/comments/1m26i6a/bypassing_root_detection_and_rasp_in_sensitive/
Elite Russian university launches degree program on sanctions evasion
https://therecord.media/russian-university-sanctions-evasion-degree
UK NCA officer jailed for stealing bitcoin from darknet criminal he previously helped investigate
https://therecord.media/former-uk-nca-officer-jailed-stealing-bitcoin-from-criminal
Roblox introduces age estimation technology for unfiltered chats
https://therecord.media/roblox-age-verification-technology-unfiltered-chats
Transparency on Microsoft Defender for Office 365 email security effectiveness
https://www.microsoft.com/en-us/security/blog/2025/07/17/transparency-on-microsoft-defender-for-office-365-email-security-effectiveness/
Real-time CVE feed with filters, summaries, and email alerts
https://www.reddit.com/r/netsec/comments/1m296mp/realtime_cve_feed_with_filters_summaries_and/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Security Vulnerabilities in ICEBlock
https://www.schneier.com/blog/archives/2025/07/security-vulnerabilities-in-iceblock.html
Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks
https://therecord.media/chainalysis-crypto-stolen-billions
Automated Function ID Database Generation in Ghidra on Windows
https://www.reddit.com/r/netsec/comments/1m254kt/automated_function_id_database_generation_in/
FCC wants to ban Chinese tech from undersea cables
https://therecord.media/fcc-plans-to-ban-chinese-tech-undersea-cables
Bypassing root detection and RASP in sensitive Android apps
https://www.reddit.com/r/netsec/comments/1m26i6a/bypassing_root_detection_and_rasp_in_sensitive/
Elite Russian university launches degree program on sanctions evasion
https://therecord.media/russian-university-sanctions-evasion-degree
UK NCA officer jailed for stealing bitcoin from darknet criminal he previously helped investigate
https://therecord.media/former-uk-nca-officer-jailed-stealing-bitcoin-from-criminal
Roblox introduces age estimation technology for unfiltered chats
https://therecord.media/roblox-age-verification-technology-unfiltered-chats
Transparency on Microsoft Defender for Office 365 email security effectiveness
https://www.microsoft.com/en-us/security/blog/2025/07/17/transparency-on-microsoft-defender-for-office-365-email-security-effectiveness/
Real-time CVE feed with filters, summaries, and email alerts
https://www.reddit.com/r/netsec/comments/1m296mp/realtime_cve_feed_with_filters_summaries_and/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Security Vulnerabilities in ICEBlock - Schneier on Security
The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim…
Top Security News for Today
Breaking: UK sanctions Russian cyber spies accused of facilitating murders
https://therecord.media/uk-sanctions-gru-personnel-accused-murder-civilians-ukraine
New Mobile Phone Forensics Tool
https://www.schneier.com/blog/archives/2025/07/new-mobile-phone-forensics-tool.html
Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense
https://techcommunity.microsoft.com/blog/microsoft-security-blog/%e2%80%8b%e2%80%8bmicrosoft-at-black-hat-usa-2025-a-unified-approach-to-modern-cyber-defense%e2%80%8b%e2%80%8b/4434292
Japanese police release decryptor for Phobos ransomware after February takedown
https://therecord.media/decryptor-phobos-8base-ransomware-japan-national-police
Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks
https://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks
Securing Tomorrow: An Interview with Trend Micro VP of Product Management Michael Habibi
https://www.trendmicro.com/en_us/research/25/g/endpoint-protection-epp-gartner-magic-quadrant-july-2025.html
Friday Squid Blogging: The Giant Squid Nebula
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-the-giant-squid-nebula.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Breaking: UK sanctions Russian cyber spies accused of facilitating murders
https://therecord.media/uk-sanctions-gru-personnel-accused-murder-civilians-ukraine
New Mobile Phone Forensics Tool
https://www.schneier.com/blog/archives/2025/07/new-mobile-phone-forensics-tool.html
Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense
https://techcommunity.microsoft.com/blog/microsoft-security-blog/%e2%80%8b%e2%80%8bmicrosoft-at-black-hat-usa-2025-a-unified-approach-to-modern-cyber-defense%e2%80%8b%e2%80%8b/4434292
Japanese police release decryptor for Phobos ransomware after February takedown
https://therecord.media/decryptor-phobos-8base-ransomware-japan-national-police
Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks
https://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks
Securing Tomorrow: An Interview with Trend Micro VP of Product Management Michael Habibi
https://www.trendmicro.com/en_us/research/25/g/endpoint-protection-epp-gartner-magic-quadrant-july-2025.html
Friday Squid Blogging: The Giant Squid Nebula
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-the-giant-squid-nebula.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK sanctions Russian cyber spies accused of facilitating murders
Eighteen members of Russia's GRU have been sanctioned by the British government for various operations, including military strikes that killed hundreds of civilians in Ukraine.
Top Security News for Today
Looking for a C and x64 NASM asm (linux) study buddy. Complete beginners welcome, I also included all the steps for setting up Debian 12 in a VM for accessibility. malware analysis after foundations learned
https://www.reddit.com/r/lowlevel/comments/1m48nv2/looking_for_a_c_and_x64_nasm_asm_linux_study/
Legless: IPv6 Penetration Testing – Real Attacks via RA, RDNSS, and DHCPv6 Spoofing
https://www.reddit.com/r/netsec/comments/1m4jllp/legless_ipv6_penetration_testing_real_attacks_via/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Looking for a C and x64 NASM asm (linux) study buddy. Complete beginners welcome, I also included all the steps for setting up Debian 12 in a VM for accessibility. malware analysis after foundations learned
https://www.reddit.com/r/lowlevel/comments/1m48nv2/looking_for_a_c_and_x64_nasm_asm_linux_study/
Legless: IPv6 Penetration Testing – Real Attacks via RA, RDNSS, and DHCPv6 Spoofing
https://www.reddit.com/r/netsec/comments/1m4jllp/legless_ipv6_penetration_testing_real_attacks_via/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: Looking for a C and x64 NASM asm (linux) study buddy. Complete beginners welcome, I also…
Posted by Ok-Substance-9929 - 4 votes and 2 comments
Top Security News for Today
Copy-Paste Pitfalls: Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy
https://www.reddit.com/r/netsec/comments/1m4pism/copypaste_pitfalls_revealing_the_applocker_bypass/
WebSecDojo - Free Web Application Challenges
https://www.reddit.com/r/netsec/comments/1m4uhcc/websecdojo_free_web_application_challenges/
Path traversal in vim (tar archive) CVE-2025-53905
https://www.reddit.com/r/netsec/comments/1m4yeqf/path_traversal_in_vim_tar_archive_cve202553905/
Need help running SPEC2006 on gem5 (SPARC, SE mode) — Getting panic error
https://www.reddit.com/r/lowlevel/comments/1m4la6s/need_help_running_spec2006_on_gem5_sparc_se_mode/
CredMaster – Anonymous AWS‑Backed Password Spraying Toolkit
https://www.darknet.org.uk/2025/07/credmaster-anonymous-aws‑backed-password-spraying-toolkit/
TransEvalnia: Reasoning-based Evaluation and Ranking of Translations
https://arxiv.org/abs/2507.12724
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Copy-Paste Pitfalls: Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy
https://www.reddit.com/r/netsec/comments/1m4pism/copypaste_pitfalls_revealing_the_applocker_bypass/
WebSecDojo - Free Web Application Challenges
https://www.reddit.com/r/netsec/comments/1m4uhcc/websecdojo_free_web_application_challenges/
Path traversal in vim (tar archive) CVE-2025-53905
https://www.reddit.com/r/netsec/comments/1m4yeqf/path_traversal_in_vim_tar_archive_cve202553905/
Need help running SPEC2006 on gem5 (SPARC, SE mode) — Getting panic error
https://www.reddit.com/r/lowlevel/comments/1m4la6s/need_help_running_spec2006_on_gem5_sparc_se_mode/
CredMaster – Anonymous AWS‑Backed Password Spraying Toolkit
https://www.darknet.org.uk/2025/07/credmaster-anonymous-aws‑backed-password-spraying-toolkit/
TransEvalnia: Reasoning-based Evaluation and Ranking of Translations
https://arxiv.org/abs/2507.12724
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Copy-Paste Pitfalls: Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy
Explore this post and more from the netsec community
Top Security News for Today
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
https://reporter.deepspecter.com/the-internet-red-button-a-2016-bug-still-lets-anyone-kill-solar-farms-in-3-clicks-042eeca7df33
Warnings issued as hackers actively exploit critical zero-day in Microsoft SharePoint
https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
Another Supply Chain Vulnerability
https://www.schneier.com/blog/archives/2025/07/another-supply-chain-vulnerability.html
A Novel Technique for SQL Injection in PDO’s Prepared Statements
https://arxiv.org/abs/2507.14139
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
https://www.reddit.com/r/netsec/comments/1m5g4ok/the_internet_red_button_a_2016_bug_still_lets/
Understanding the Impact of Scattered Spider on the Airline & Transportation Industry
https://blog.qualys.com/product-tech/2025/07/21/understanding-the-impact-of-scattered-spider-on-the-airline-transportation-industry
New malware samples exfiltrate WhatsApp data to target Iran regime’s enemies
https://therecord.media/malware-exfiltrates-whatsapp-iran-muddywater
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
https://reporter.deepspecter.com/the-internet-red-button-a-2016-bug-still-lets-anyone-kill-solar-farms-in-3-clicks-042eeca7df33
Warnings issued as hackers actively exploit critical zero-day in Microsoft SharePoint
https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
Another Supply Chain Vulnerability
https://www.schneier.com/blog/archives/2025/07/another-supply-chain-vulnerability.html
A Novel Technique for SQL Injection in PDO’s Prepared Statements
https://arxiv.org/abs/2507.14139
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
https://www.reddit.com/r/netsec/comments/1m5g4ok/the_internet_red_button_a_2016_bug_still_lets/
Understanding the Impact of Scattered Spider on the Airline & Transportation Industry
https://blog.qualys.com/product-tech/2025/07/21/understanding-the-impact-of-scattered-spider-on-the-airline-transportation-industry
New malware samples exfiltrate WhatsApp data to target Iran regime’s enemies
https://therecord.media/malware-exfiltrates-whatsapp-iran-muddywater
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Medium
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
Spain’s April 2025 blackout cost €1.6 B. Keep ignoring firmware updates and you’re volunteering to be the sequel.
Top Security News for Today
Hungarian police arrest suspect in cyberattacks on independent media
https://therecord.media/hungary-arrest-suspect-hacking-independent-media
UK moves forward with plans for mandatory reporting of ransomware attacks
https://therecord.media/mandatory-reporting-ransomware-attacks-uk-proposal
Back to Business: Lumma Stealer Returns with Stealthier Methods
https://www.trendmicro.com/en_us/research/25/g/lumma-stealer-returns.html
Disrupting active exploitation of on-premises SharePoint vulnerabilities
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
https://www.microsoft.com/en-us/security/blog/2025/07/22/microsoft-sentinel-data-lake-unify-signals-cut-costs-and-power-agentic-ai/
Autofill Phishing: The Silent Scam That Nobody Warned You About
https://therecord.media/russia-hacker-group-disrupted-local-researchers
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hungarian police arrest suspect in cyberattacks on independent media
https://therecord.media/hungary-arrest-suspect-hacking-independent-media
UK moves forward with plans for mandatory reporting of ransomware attacks
https://therecord.media/mandatory-reporting-ransomware-attacks-uk-proposal
Back to Business: Lumma Stealer Returns with Stealthier Methods
https://www.trendmicro.com/en_us/research/25/g/lumma-stealer-returns.html
Disrupting active exploitation of on-premises SharePoint vulnerabilities
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
https://www.microsoft.com/en-us/security/blog/2025/07/22/microsoft-sentinel-data-lake-unify-signals-cut-costs-and-power-agentic-ai/
Autofill Phishing: The Silent Scam That Nobody Warned You About
https://therecord.media/russia-hacker-group-disrupted-local-researchers
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Hungarian police arrest suspect in cyberattacks on independent media
Authorities said they raided the Budapest residence of a man believed to be "Hano," the suspect in a series of cyberattacks on independent media outlets.