Top Security News for Today
錯過五年,我終於踏進 OSEE 的世界
https://devco.re/blog/2025/07/12/finally-stepping-into-the-world-of-osee-after-five-years/
EXP-401 課程 & 第二次考試心得
https://devco.re/blog/2025/07/11/exp-401-course-and-second-exam-thoughts/
I built a tool to track web exposure — screenshots, HTML/JS diff, and alerts
https://www.reddit.com/r/netsec/comments/1lxwhpd/i_built_a_tool_to_track_web_exposure_screenshots/
From Blind XSS to RCE: When Headers Became My Terminal
https://www.reddit.com/r/netsec/comments/1lyfkpu/from_blind_xss_to_rce_when_headers_became_my/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
錯過五年,我終於踏進 OSEE 的世界
https://devco.re/blog/2025/07/12/finally-stepping-into-the-world-of-osee-after-five-years/
EXP-401 課程 & 第二次考試心得
https://devco.re/blog/2025/07/11/exp-401-course-and-second-exam-thoughts/
I built a tool to track web exposure — screenshots, HTML/JS diff, and alerts
https://www.reddit.com/r/netsec/comments/1lxwhpd/i_built_a_tool_to_track_web_exposure_screenshots/
From Blind XSS to RCE: When Headers Became My Terminal
https://www.reddit.com/r/netsec/comments/1lyfkpu/from_blind_xss_to_rce_when_headers_became_my/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
DEVCORE 戴夫寇爾
錯過五年,我終於踏進 OSEE 的世界 | DEVCORE 戴夫寇爾
這邊主要是以平常有在碰 Windows 的人的角度出發。老實說,大約在 5 年前就對 OSEE 這張證照略有所聞,而當時也剛好開始學一些 Windows Pwn 的相關知識,出一些 CTF 題目給大家玩玩,順便增進 Windows 知識,當時也學了一些有關 Windows Kernel 的利用技巧,不過剛開時學時也處處碰壁,花了好一段時間才慢慢學會怎麼去好好搞一個 Windows Kernel Exploit。在得知有這張證照之後,便下定決心未來某一天一定要拿到這張證照。
Top Security News for Today
Historical Analysis of Reflected Vulnerabilities: The Evolution of Windows Defender Defenses
https://www.reddit.com/r/netsec/comments/1lyprla/historical_analysis_of_reflected_vulnerabilities/
LLM crawlers continue to DDoS SourceHut
https://www.reddit.com/r/netsec/comments/1lyoser/llm_crawlers_continue_to_ddos_sourcehut/
KongTuke FileFix Leads to New Interlock RAT Variant
https://www.reddit.com/r/netsec/comments/1lz9tg8/kongtuke_filefix_leads_to_new_interlock_rat/
[CVE-2024-58258] SugarCRM <=14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More
https://www.darknet.org.uk/2025/07/trevorspray-credential-spray-toolkit-for-azure-okta-owa-more/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Historical Analysis of Reflected Vulnerabilities: The Evolution of Windows Defender Defenses
https://www.reddit.com/r/netsec/comments/1lyprla/historical_analysis_of_reflected_vulnerabilities/
LLM crawlers continue to DDoS SourceHut
https://www.reddit.com/r/netsec/comments/1lyoser/llm_crawlers_continue_to_ddos_sourcehut/
KongTuke FileFix Leads to New Interlock RAT Variant
https://www.reddit.com/r/netsec/comments/1lz9tg8/kongtuke_filefix_leads_to_new_interlock_rat/
[CVE-2024-58258] SugarCRM <=14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More
https://www.darknet.org.uk/2025/07/trevorspray-credential-spray-toolkit-for-azure-okta-owa-more/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
[deleted by user] : r/netsec
549K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to…
Top Security News for Today
Revisiting automating MS-RPC vulnerability research and making the tool open source
https://www.reddit.com/r/netsec/comments/1lzh1t5/revisiting_automating_msrpc_vulnerability/
Forensic journey: Breaking down the UserAssist artifact structure
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/
Securing Against Phishing Beyond Email
https://www.tripwire.com/state-of-security/securing-against-phishing-beyond-email
Fooling the Sandbox: A Chrome-atic Escape
https://www.reddit.com/r/netsec/comments/1lzj3jt/fooling_the_sandbox_a_chromeatic_escape/
Romanian police arrest 13 scammers targeting UK’s tax authority
https://therecord.media/romania-arrests-tax-fraud-ring-britain-hmrc
14th July – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-july-threat-intelligence-report/
[CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
Watch the on-demand webinar: Shift left without the strain
https://portswigger.net/blog/watch-the-on-demand-webinar-shift-left-without-the-strain
Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra
https://www.microsoft.com/en-us/security/blog/2025/07/14/improving-it-efficiency-with-microsoft-security-copilot-in-microsoft-intune-and-microsoft-entra/
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Revisiting automating MS-RPC vulnerability research and making the tool open source
https://www.reddit.com/r/netsec/comments/1lzh1t5/revisiting_automating_msrpc_vulnerability/
Forensic journey: Breaking down the UserAssist artifact structure
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/
Securing Against Phishing Beyond Email
https://www.tripwire.com/state-of-security/securing-against-phishing-beyond-email
Fooling the Sandbox: A Chrome-atic Escape
https://www.reddit.com/r/netsec/comments/1lzj3jt/fooling_the_sandbox_a_chromeatic_escape/
Romanian police arrest 13 scammers targeting UK’s tax authority
https://therecord.media/romania-arrests-tax-fraud-ring-britain-hmrc
14th July – Threat Intelligence Report
https://research.checkpoint.com/2025/14th-july-threat-intelligence-report/
[CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1lzgkiv/cve202458258_sugarcrm_1400_csspreview_less_code/
Watch the on-demand webinar: Shift left without the strain
https://portswigger.net/blog/watch-the-on-demand-webinar-shift-left-without-the-strain
Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra
https://www.microsoft.com/en-us/security/blog/2025/07/14/improving-it-efficiency-with-microsoft-security-copilot-in-microsoft-intune-and-microsoft-entra/
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Revisiting automating MS-RPC vulnerability research and making the tool open source
Explore this post and more from the netsec community
Top Security News for Today
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches
https://therecord.media/louis-vuitton-says-customers-impacted-by-data-breaches
CISA's NIMBUS 2000 Initiative: Understanding Key Findings and Strengthening Cloud Identity Security
https://www.trendmicro.com/en_us/research/25/g/nimbus-2000-initiative-findings.html
NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure
https://therecord.media/china-typhoon-hackers-nsa-fbi-response
Google says ‘Big Sleep’ AI tool found bug hackers planned to use
https://therecord.media/google-big-sleep-ai-tool-found-bug
Homebrew Malware Campaign
https://www.reddit.com/r/netsec/comments/1m0i0cw/homebrew_malware_campaign/
Weaponizing Windows Drivers: A Hacker's Guide for Beginners
https://www.reddit.com/r/netsec/comments/1m0h8np/weaponizing_windows_drivers_a_hackers_guide_for/
RAG Safety: Exploring Knowledge Poisoning Attacks to Retrieval-Augmented Generation
https://arxiv.org/abs/2507.08862
Tangma: A Tanh-Guided Activation Function with Learnable Parameters
https://arxiv.org/abs/2507.10560
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)
https://www.reddit.com/r/netsec/comments/1lzo9wz/cve20255333_cvss_95_remote_code_execution_in/
Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches
https://therecord.media/louis-vuitton-says-customers-impacted-by-data-breaches
CISA's NIMBUS 2000 Initiative: Understanding Key Findings and Strengthening Cloud Identity Security
https://www.trendmicro.com/en_us/research/25/g/nimbus-2000-initiative-findings.html
NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure
https://therecord.media/china-typhoon-hackers-nsa-fbi-response
Google says ‘Big Sleep’ AI tool found bug hackers planned to use
https://therecord.media/google-big-sleep-ai-tool-found-bug
Homebrew Malware Campaign
https://www.reddit.com/r/netsec/comments/1m0i0cw/homebrew_malware_campaign/
Weaponizing Windows Drivers: A Hacker's Guide for Beginners
https://www.reddit.com/r/netsec/comments/1m0h8np/weaponizing_windows_drivers_a_hackers_guide_for/
RAG Safety: Exploring Knowledge Poisoning Attacks to Retrieval-Augmented Generation
https://arxiv.org/abs/2507.08862
Tangma: A Tanh-Guided Activation Function with Learnable Parameters
https://arxiv.org/abs/2507.10560
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite…
Explore this post and more from the netsec community
Top Security News for Today
Code Execution Through Email: How I Used Claude to Hack Itself
https://www.reddit.com/r/netsec/comments/1m17ec3/code_execution_through_email_how_i_used_claude_to/
Does Your Organization Need Deepfake Defenses?
https://www.tripwire.com/state-of-security/does-your-organization-need-deepfake-defenses
Enterprise RAID Data Recovery Solution – Comprehensive Technical Evaluation
https://www.reddit.com/r/netsec/comments/1m17ent/enterprise_raid_data_recovery_solution/
21-year-old former US soldier pleads guilty to hacking, extorting telecoms
https://therecord.media/cameron-john-wagenius-former-us-soldier-guilty-plea-hacking
Ukraine-aligned hackers claim cyberattack on major Russian drone supplier
https://therecord.media/ukraine-hackers-claim-attack-russia-gaskar-group-drone-maker
Senate panel passes Intelligence Authorization Act that takes aim at telecom hacks
https://therecord.media/senate-panel-passes-intel-act-salt-typhoon-china
PSA: CrystalDiskInfo & CrystalDiskMark now embeds adwares /!\
https://www.reddit.com/r/netsec/comments/1m19cp1/psa_crystaldiskinfo_crystaldiskmark_now_embeds/
New MITRE framework takes aim at crypto threats
https://www.reddit.com/r/netsec/comments/1m1b46y/new_mitre_framework_takes_aim_at_crypto_threats/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Code Execution Through Email: How I Used Claude to Hack Itself
https://www.reddit.com/r/netsec/comments/1m17ec3/code_execution_through_email_how_i_used_claude_to/
Does Your Organization Need Deepfake Defenses?
https://www.tripwire.com/state-of-security/does-your-organization-need-deepfake-defenses
Enterprise RAID Data Recovery Solution – Comprehensive Technical Evaluation
https://www.reddit.com/r/netsec/comments/1m17ent/enterprise_raid_data_recovery_solution/
21-year-old former US soldier pleads guilty to hacking, extorting telecoms
https://therecord.media/cameron-john-wagenius-former-us-soldier-guilty-plea-hacking
Ukraine-aligned hackers claim cyberattack on major Russian drone supplier
https://therecord.media/ukraine-hackers-claim-attack-russia-gaskar-group-drone-maker
Senate panel passes Intelligence Authorization Act that takes aim at telecom hacks
https://therecord.media/senate-panel-passes-intel-act-salt-typhoon-china
PSA: CrystalDiskInfo & CrystalDiskMark now embeds adwares /!\
https://www.reddit.com/r/netsec/comments/1m19cp1/psa_crystaldiskinfo_crystaldiskmark_now_embeds/
New MITRE framework takes aim at crypto threats
https://www.reddit.com/r/netsec/comments/1m1b46y/new_mitre_framework_takes_aim_at_crypto_threats/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Code Execution Through Email: How I Used Claude to Hack Itself
Explore this post and more from the netsec community
Top Security News for Today
Security Vulnerabilities in ICEBlock
https://www.schneier.com/blog/archives/2025/07/security-vulnerabilities-in-iceblock.html
Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks
https://therecord.media/chainalysis-crypto-stolen-billions
Automated Function ID Database Generation in Ghidra on Windows
https://www.reddit.com/r/netsec/comments/1m254kt/automated_function_id_database_generation_in/
FCC wants to ban Chinese tech from undersea cables
https://therecord.media/fcc-plans-to-ban-chinese-tech-undersea-cables
Bypassing root detection and RASP in sensitive Android apps
https://www.reddit.com/r/netsec/comments/1m26i6a/bypassing_root_detection_and_rasp_in_sensitive/
Elite Russian university launches degree program on sanctions evasion
https://therecord.media/russian-university-sanctions-evasion-degree
UK NCA officer jailed for stealing bitcoin from darknet criminal he previously helped investigate
https://therecord.media/former-uk-nca-officer-jailed-stealing-bitcoin-from-criminal
Roblox introduces age estimation technology for unfiltered chats
https://therecord.media/roblox-age-verification-technology-unfiltered-chats
Transparency on Microsoft Defender for Office 365 email security effectiveness
https://www.microsoft.com/en-us/security/blog/2025/07/17/transparency-on-microsoft-defender-for-office-365-email-security-effectiveness/
Real-time CVE feed with filters, summaries, and email alerts
https://www.reddit.com/r/netsec/comments/1m296mp/realtime_cve_feed_with_filters_summaries_and/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Security Vulnerabilities in ICEBlock
https://www.schneier.com/blog/archives/2025/07/security-vulnerabilities-in-iceblock.html
Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks
https://therecord.media/chainalysis-crypto-stolen-billions
Automated Function ID Database Generation in Ghidra on Windows
https://www.reddit.com/r/netsec/comments/1m254kt/automated_function_id_database_generation_in/
FCC wants to ban Chinese tech from undersea cables
https://therecord.media/fcc-plans-to-ban-chinese-tech-undersea-cables
Bypassing root detection and RASP in sensitive Android apps
https://www.reddit.com/r/netsec/comments/1m26i6a/bypassing_root_detection_and_rasp_in_sensitive/
Elite Russian university launches degree program on sanctions evasion
https://therecord.media/russian-university-sanctions-evasion-degree
UK NCA officer jailed for stealing bitcoin from darknet criminal he previously helped investigate
https://therecord.media/former-uk-nca-officer-jailed-stealing-bitcoin-from-criminal
Roblox introduces age estimation technology for unfiltered chats
https://therecord.media/roblox-age-verification-technology-unfiltered-chats
Transparency on Microsoft Defender for Office 365 email security effectiveness
https://www.microsoft.com/en-us/security/blog/2025/07/17/transparency-on-microsoft-defender-for-office-365-email-security-effectiveness/
Real-time CVE feed with filters, summaries, and email alerts
https://www.reddit.com/r/netsec/comments/1m296mp/realtime_cve_feed_with_filters_summaries_and/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Security Vulnerabilities in ICEBlock - Schneier on Security
The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim…
Top Security News for Today
Breaking: UK sanctions Russian cyber spies accused of facilitating murders
https://therecord.media/uk-sanctions-gru-personnel-accused-murder-civilians-ukraine
New Mobile Phone Forensics Tool
https://www.schneier.com/blog/archives/2025/07/new-mobile-phone-forensics-tool.html
Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense
https://techcommunity.microsoft.com/blog/microsoft-security-blog/%e2%80%8b%e2%80%8bmicrosoft-at-black-hat-usa-2025-a-unified-approach-to-modern-cyber-defense%e2%80%8b%e2%80%8b/4434292
Japanese police release decryptor for Phobos ransomware after February takedown
https://therecord.media/decryptor-phobos-8base-ransomware-japan-national-police
Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks
https://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks
Securing Tomorrow: An Interview with Trend Micro VP of Product Management Michael Habibi
https://www.trendmicro.com/en_us/research/25/g/endpoint-protection-epp-gartner-magic-quadrant-july-2025.html
Friday Squid Blogging: The Giant Squid Nebula
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-the-giant-squid-nebula.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Breaking: UK sanctions Russian cyber spies accused of facilitating murders
https://therecord.media/uk-sanctions-gru-personnel-accused-murder-civilians-ukraine
New Mobile Phone Forensics Tool
https://www.schneier.com/blog/archives/2025/07/new-mobile-phone-forensics-tool.html
Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense
https://techcommunity.microsoft.com/blog/microsoft-security-blog/%e2%80%8b%e2%80%8bmicrosoft-at-black-hat-usa-2025-a-unified-approach-to-modern-cyber-defense%e2%80%8b%e2%80%8b/4434292
Japanese police release decryptor for Phobos ransomware after February takedown
https://therecord.media/decryptor-phobos-8base-ransomware-japan-national-police
Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks
https://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks
Securing Tomorrow: An Interview with Trend Micro VP of Product Management Michael Habibi
https://www.trendmicro.com/en_us/research/25/g/endpoint-protection-epp-gartner-magic-quadrant-july-2025.html
Friday Squid Blogging: The Giant Squid Nebula
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-the-giant-squid-nebula.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK sanctions Russian cyber spies accused of facilitating murders
Eighteen members of Russia's GRU have been sanctioned by the British government for various operations, including military strikes that killed hundreds of civilians in Ukraine.
Top Security News for Today
Looking for a C and x64 NASM asm (linux) study buddy. Complete beginners welcome, I also included all the steps for setting up Debian 12 in a VM for accessibility. malware analysis after foundations learned
https://www.reddit.com/r/lowlevel/comments/1m48nv2/looking_for_a_c_and_x64_nasm_asm_linux_study/
Legless: IPv6 Penetration Testing – Real Attacks via RA, RDNSS, and DHCPv6 Spoofing
https://www.reddit.com/r/netsec/comments/1m4jllp/legless_ipv6_penetration_testing_real_attacks_via/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Looking for a C and x64 NASM asm (linux) study buddy. Complete beginners welcome, I also included all the steps for setting up Debian 12 in a VM for accessibility. malware analysis after foundations learned
https://www.reddit.com/r/lowlevel/comments/1m48nv2/looking_for_a_c_and_x64_nasm_asm_linux_study/
Legless: IPv6 Penetration Testing – Real Attacks via RA, RDNSS, and DHCPv6 Spoofing
https://www.reddit.com/r/netsec/comments/1m4jllp/legless_ipv6_penetration_testing_real_attacks_via/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: Looking for a C and x64 NASM asm (linux) study buddy. Complete beginners welcome, I also…
Posted by Ok-Substance-9929 - 4 votes and 2 comments
Top Security News for Today
Copy-Paste Pitfalls: Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy
https://www.reddit.com/r/netsec/comments/1m4pism/copypaste_pitfalls_revealing_the_applocker_bypass/
WebSecDojo - Free Web Application Challenges
https://www.reddit.com/r/netsec/comments/1m4uhcc/websecdojo_free_web_application_challenges/
Path traversal in vim (tar archive) CVE-2025-53905
https://www.reddit.com/r/netsec/comments/1m4yeqf/path_traversal_in_vim_tar_archive_cve202553905/
Need help running SPEC2006 on gem5 (SPARC, SE mode) — Getting panic error
https://www.reddit.com/r/lowlevel/comments/1m4la6s/need_help_running_spec2006_on_gem5_sparc_se_mode/
CredMaster – Anonymous AWS‑Backed Password Spraying Toolkit
https://www.darknet.org.uk/2025/07/credmaster-anonymous-aws‑backed-password-spraying-toolkit/
TransEvalnia: Reasoning-based Evaluation and Ranking of Translations
https://arxiv.org/abs/2507.12724
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Copy-Paste Pitfalls: Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy
https://www.reddit.com/r/netsec/comments/1m4pism/copypaste_pitfalls_revealing_the_applocker_bypass/
WebSecDojo - Free Web Application Challenges
https://www.reddit.com/r/netsec/comments/1m4uhcc/websecdojo_free_web_application_challenges/
Path traversal in vim (tar archive) CVE-2025-53905
https://www.reddit.com/r/netsec/comments/1m4yeqf/path_traversal_in_vim_tar_archive_cve202553905/
Need help running SPEC2006 on gem5 (SPARC, SE mode) — Getting panic error
https://www.reddit.com/r/lowlevel/comments/1m4la6s/need_help_running_spec2006_on_gem5_sparc_se_mode/
CredMaster – Anonymous AWS‑Backed Password Spraying Toolkit
https://www.darknet.org.uk/2025/07/credmaster-anonymous-aws‑backed-password-spraying-toolkit/
TransEvalnia: Reasoning-based Evaluation and Ranking of Translations
https://arxiv.org/abs/2507.12724
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Copy-Paste Pitfalls: Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy
Explore this post and more from the netsec community
Top Security News for Today
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
https://reporter.deepspecter.com/the-internet-red-button-a-2016-bug-still-lets-anyone-kill-solar-farms-in-3-clicks-042eeca7df33
Warnings issued as hackers actively exploit critical zero-day in Microsoft SharePoint
https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
Another Supply Chain Vulnerability
https://www.schneier.com/blog/archives/2025/07/another-supply-chain-vulnerability.html
A Novel Technique for SQL Injection in PDO’s Prepared Statements
https://arxiv.org/abs/2507.14139
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
https://www.reddit.com/r/netsec/comments/1m5g4ok/the_internet_red_button_a_2016_bug_still_lets/
Understanding the Impact of Scattered Spider on the Airline & Transportation Industry
https://blog.qualys.com/product-tech/2025/07/21/understanding-the-impact-of-scattered-spider-on-the-airline-transportation-industry
New malware samples exfiltrate WhatsApp data to target Iran regime’s enemies
https://therecord.media/malware-exfiltrates-whatsapp-iran-muddywater
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
https://reporter.deepspecter.com/the-internet-red-button-a-2016-bug-still-lets-anyone-kill-solar-farms-in-3-clicks-042eeca7df33
Warnings issued as hackers actively exploit critical zero-day in Microsoft SharePoint
https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
Another Supply Chain Vulnerability
https://www.schneier.com/blog/archives/2025/07/another-supply-chain-vulnerability.html
A Novel Technique for SQL Injection in PDO’s Prepared Statements
https://arxiv.org/abs/2507.14139
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
https://www.reddit.com/r/netsec/comments/1m5g4ok/the_internet_red_button_a_2016_bug_still_lets/
Understanding the Impact of Scattered Spider on the Airline & Transportation Industry
https://blog.qualys.com/product-tech/2025/07/21/understanding-the-impact-of-scattered-spider-on-the-airline-transportation-industry
New malware samples exfiltrate WhatsApp data to target Iran regime’s enemies
https://therecord.media/malware-exfiltrates-whatsapp-iran-muddywater
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Medium
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
Spain’s April 2025 blackout cost €1.6 B. Keep ignoring firmware updates and you’re volunteering to be the sequel.
Top Security News for Today
Hungarian police arrest suspect in cyberattacks on independent media
https://therecord.media/hungary-arrest-suspect-hacking-independent-media
UK moves forward with plans for mandatory reporting of ransomware attacks
https://therecord.media/mandatory-reporting-ransomware-attacks-uk-proposal
Back to Business: Lumma Stealer Returns with Stealthier Methods
https://www.trendmicro.com/en_us/research/25/g/lumma-stealer-returns.html
Disrupting active exploitation of on-premises SharePoint vulnerabilities
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
https://www.microsoft.com/en-us/security/blog/2025/07/22/microsoft-sentinel-data-lake-unify-signals-cut-costs-and-power-agentic-ai/
Autofill Phishing: The Silent Scam That Nobody Warned You About
https://therecord.media/russia-hacker-group-disrupted-local-researchers
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hungarian police arrest suspect in cyberattacks on independent media
https://therecord.media/hungary-arrest-suspect-hacking-independent-media
UK moves forward with plans for mandatory reporting of ransomware attacks
https://therecord.media/mandatory-reporting-ransomware-attacks-uk-proposal
Back to Business: Lumma Stealer Returns with Stealthier Methods
https://www.trendmicro.com/en_us/research/25/g/lumma-stealer-returns.html
Disrupting active exploitation of on-premises SharePoint vulnerabilities
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
https://www.microsoft.com/en-us/security/blog/2025/07/22/microsoft-sentinel-data-lake-unify-signals-cut-costs-and-power-agentic-ai/
Autofill Phishing: The Silent Scam That Nobody Warned You About
https://therecord.media/russia-hacker-group-disrupted-local-researchers
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Hungarian police arrest suspect in cyberattacks on independent media
Authorities said they raided the Budapest residence of a man believed to be "Hano," the suspect in a series of cyberattacks on independent media outlets.
Top Security News for Today
New York unveils new cyber regulations, $2.5 million grant program for water systems
https://therecord.media/new-york-cyber-regulations-water-grants
Google Sues the Badbox Botnet Operators
https://www.schneier.com/blog/archives/2025/07/google-sues-the-badbox-botnet-operators.html
[CVE-2025-48932] Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1m757kw/cve202548932_invision_community_4720/
The Guest Who Could: Exploiting LPE in VMWare Tools
https://www.reddit.com/r/netsec/comments/1m77439/the_guest_who_could_exploiting_lpe_in_vmware_tools/
Clorox lawsuit says help-desk contractors handed over passwords in 2023 cyberattack
https://therecord.media/clorox-cyberattack-lawsuit-cognizant-it-contractor
Suspected admin of major dark web cybercrime forum arrested in Ukraine
https://therecord.media/suspected-xss-cybercrime-marketplace-admin-arrested
Active Exploitation of Microsoft SharePoint Vulnerabilities
https://www.reddit.com/r/netsec/comments/1m7bv48/active_exploitation_of_microsoft_sharepoint/
Hijacking Cursor’s Agent: How We Took Over an EC2 Instance
https://www.reddit.com/r/netsec/comments/1m7dbjp/hijacking_cursors_agent_how_we_took_over_an_ec2/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
New York unveils new cyber regulations, $2.5 million grant program for water systems
https://therecord.media/new-york-cyber-regulations-water-grants
Google Sues the Badbox Botnet Operators
https://www.schneier.com/blog/archives/2025/07/google-sues-the-badbox-botnet-operators.html
[CVE-2025-48932] Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability
https://www.reddit.com/r/netsec/comments/1m757kw/cve202548932_invision_community_4720/
The Guest Who Could: Exploiting LPE in VMWare Tools
https://www.reddit.com/r/netsec/comments/1m77439/the_guest_who_could_exploiting_lpe_in_vmware_tools/
Clorox lawsuit says help-desk contractors handed over passwords in 2023 cyberattack
https://therecord.media/clorox-cyberattack-lawsuit-cognizant-it-contractor
Suspected admin of major dark web cybercrime forum arrested in Ukraine
https://therecord.media/suspected-xss-cybercrime-marketplace-admin-arrested
Active Exploitation of Microsoft SharePoint Vulnerabilities
https://www.reddit.com/r/netsec/comments/1m7bv48/active_exploitation_of_microsoft_sharepoint/
Hijacking Cursor’s Agent: How We Took Over an EC2 Instance
https://www.reddit.com/r/netsec/comments/1m7dbjp/hijacking_cursors_agent_how_we_took_over_an_ec2/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
New York unveils new cyber regulations, $2.5 million grant program for water systems
New York Gov. Kathy Hochul unveiled proposed cyber regulations for the state's water sector intended to fend off increasing threats to public infrastructure from hackers.
Top Security News for Today
How Solid Protocol Restores Digital Agency
https://www.schneier.com/blog/archives/2025/07/how-solid-protocol-restores-digital-agency.html
SharePoint ToolShell – One Request PreAuth RCE Chain
https://www.reddit.com/r/netsec/comments/1m826b7/sharepoint_toolshell_one_request_preauth_rce_chain/
FBI: Thousands of people involved in 'The Com' targeting victims with ransomware, swatting
https://therecord.media/fbi-the-com-ransomware-swatting-alert
Stealthy cyber spies linked to China compromising virtualization software globally
https://therecord.media/stealthy-china-spies-fire-ant-virtualization-software
Ukraine's deputy defense minister for digital affairs steps down
https://therecord.media/ukraine-deputy-defense-minister-digital-affairs-kateryna-chernohorenko-steps-down
Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble
https://therecord.media/microsoft-says-warlock-ransomware-deployed-in-sharepoint-attacks
Phishers Target Aviation Execs to Scam Customers
https://krebsonsecurity.com/2025/07/phishers-target-aviation-execs-to-scam-customers/
Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks
https://blog.qualys.com/vulnerabilities-threat-research/2025/07/24/fortifying-your-cloud-against-cross-service-confused-deputy-attacks
CastleLoader Malware: Fake GitHub and Phishing Attack Hits 469 Devices
https://www.reddit.com/r/netsec/comments/1m8fw3d/castleloader_malware_fake_github_and_phishing/
Proactive Email Security: The Power of AI
https://www.trendmicro.com/en_us/research/25/g/proactive-email-security.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How Solid Protocol Restores Digital Agency
https://www.schneier.com/blog/archives/2025/07/how-solid-protocol-restores-digital-agency.html
SharePoint ToolShell – One Request PreAuth RCE Chain
https://www.reddit.com/r/netsec/comments/1m826b7/sharepoint_toolshell_one_request_preauth_rce_chain/
FBI: Thousands of people involved in 'The Com' targeting victims with ransomware, swatting
https://therecord.media/fbi-the-com-ransomware-swatting-alert
Stealthy cyber spies linked to China compromising virtualization software globally
https://therecord.media/stealthy-china-spies-fire-ant-virtualization-software
Ukraine's deputy defense minister for digital affairs steps down
https://therecord.media/ukraine-deputy-defense-minister-digital-affairs-kateryna-chernohorenko-steps-down
Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble
https://therecord.media/microsoft-says-warlock-ransomware-deployed-in-sharepoint-attacks
Phishers Target Aviation Execs to Scam Customers
https://krebsonsecurity.com/2025/07/phishers-target-aviation-execs-to-scam-customers/
Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks
https://blog.qualys.com/vulnerabilities-threat-research/2025/07/24/fortifying-your-cloud-against-cross-service-confused-deputy-attacks
CastleLoader Malware: Fake GitHub and Phishing Attack Hits 469 Devices
https://www.reddit.com/r/netsec/comments/1m8fw3d/castleloader_malware_fake_github_and_phishing/
Proactive Email Security: The Power of AI
https://www.trendmicro.com/en_us/research/25/g/proactive-email-security.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
How the Solid Protocol Restores Digital Agency - Schneier on Security
The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you’ve never heard of. These…
Top Security News for Today
BlackSuit ransomware gang’s darknet websites seized by police
https://therecord.media/blacksuit-ransomware-gang-website-takedown
Subliminal Learning in AIs
https://www.schneier.com/blog/archives/2025/07/subliminal-learning-in-ais.html
How we Rooted Copilot
https://www.reddit.com/r/netsec/comments/1m8wqdd/how_we_rooted_copilot/
Arizona woman sentenced to 8.5 years for running North Korean laptop farm
https://therecord.media/arizona-woman-sentenced-north-korean-laptop-farm
Despite changes, crisis pregnancy centers still attract scrutiny over HIPAA promises
https://therecord.media/crisis-pregnancy-centers-hipaa-data-privacy
How We Gained Full Access to a $100M Zero-Trust Startup
https://www.reddit.com/r/netsec/comments/1m908uy/how_we_gained_full_access_to_a_100m_zerotrust/
NASCAR confirms data breach after March cyberattack
https://therecord.media/nascar-confirms-data-breach
Friday Squid Blogging: Stable Quasi-Isodynamic Designs
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-stable-quasi-isodynamic-designs.html
The average ransomware attack payment increased nearly 500% from 2023 to 2024.
https://www.reddit.com/r/netsec/comments/1m9bhd5/the_average_ransomware_attack_payment_increased/
Admin Emails & Passwords Exposed via HTTP Method Change
https://www.reddit.com/r/netsec/comments/1m9gwr0/admin_emails_passwords_exposed_via_http_method/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
BlackSuit ransomware gang’s darknet websites seized by police
https://therecord.media/blacksuit-ransomware-gang-website-takedown
Subliminal Learning in AIs
https://www.schneier.com/blog/archives/2025/07/subliminal-learning-in-ais.html
How we Rooted Copilot
https://www.reddit.com/r/netsec/comments/1m8wqdd/how_we_rooted_copilot/
Arizona woman sentenced to 8.5 years for running North Korean laptop farm
https://therecord.media/arizona-woman-sentenced-north-korean-laptop-farm
Despite changes, crisis pregnancy centers still attract scrutiny over HIPAA promises
https://therecord.media/crisis-pregnancy-centers-hipaa-data-privacy
How We Gained Full Access to a $100M Zero-Trust Startup
https://www.reddit.com/r/netsec/comments/1m908uy/how_we_gained_full_access_to_a_100m_zerotrust/
NASCAR confirms data breach after March cyberattack
https://therecord.media/nascar-confirms-data-breach
Friday Squid Blogging: Stable Quasi-Isodynamic Designs
https://www.schneier.com/blog/archives/2025/07/friday-squid-blogging-stable-quasi-isodynamic-designs.html
The average ransomware attack payment increased nearly 500% from 2023 to 2024.
https://www.reddit.com/r/netsec/comments/1m9bhd5/the_average_ransomware_attack_payment_increased/
Admin Emails & Passwords Exposed via HTTP Method Change
https://www.reddit.com/r/netsec/comments/1m9gwr0/admin_emails_passwords_exposed_via_http_method/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
BlackSuit ransomware gang’s darknet websites seized by police
The BlackSuit gang, which is believed to have been operational since April/May 2023, was a private ransomware group that did not license its tooling to other criminals like ransomware-as-a-service (RaaS) schemes.
Top Security News for Today
How to find the blackhat and defcon paper
https://www.reddit.com/r/netsec/comments/1m9otjm/how_to_find_the_blackhat_and_defcon_paper/
Deepfakes, Vishing, and GPT Scams: Phishing Just Levelled Up
https://www.reddit.com/r/netsec/comments/1ma4ks3/deepfakes_vishing_and_gpt_scams_phishing_just/
Created a Penetration Testing Guide to Help the Community, Feedback Welcome!
https://www.reddit.com/r/netsec/comments/1mad4u1/created_a_penetration_testing_guide_to_help_the/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How to find the blackhat and defcon paper
https://www.reddit.com/r/netsec/comments/1m9otjm/how_to_find_the_blackhat_and_defcon_paper/
Deepfakes, Vishing, and GPT Scams: Phishing Just Levelled Up
https://www.reddit.com/r/netsec/comments/1ma4ks3/deepfakes_vishing_and_gpt_scams_phishing_just/
Created a Penetration Testing Guide to Help the Community, Feedback Welcome!
https://www.reddit.com/r/netsec/comments/1mad4u1/created_a_penetration_testing_guide_to_help_the/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: How to find the blackhat and defcon paper
Explore this post and more from the netsec community
Top Security News for Today
A Simulated Reconstruction and Reidentification Attack on the 2010 U.S. Census: Full Technical Report
https://arxiv.org/abs/2507.18640
The Geometry of LLM Quantization: GPTQ as Babai's Nearest Plane Algorithm
https://arxiv.org/abs/2507.18553
Higher-order transmissibility and its linear approximation for in-service crack identification in train wheelset axles
https://arxiv.org/abs/2507.18636
More Expert-like Eye Gaze Movement Patterns are Related to Better X-ray Reading
https://arxiv.org/abs/2507.18637
Prompt Engineering and the Effectiveness of Large Language Models in Enhancing Human Productivity
https://arxiv.org/abs/2507.18968
People Are Highly Cooperative with Large Language Models, Especially When Communication Is Possible or Following Human Interaction
https://arxiv.org/abs/2507.18638
How good are humans at detecting AI-generated images? Learnings from an experiment
https://arxiv.org/abs/2507.18639
Fourier Spectral Methods for Block Copolymer Systems on Sphere
https://arxiv.org/abs/2507.18640
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
A Simulated Reconstruction and Reidentification Attack on the 2010 U.S. Census: Full Technical Report
https://arxiv.org/abs/2507.18640
The Geometry of LLM Quantization: GPTQ as Babai's Nearest Plane Algorithm
https://arxiv.org/abs/2507.18553
Higher-order transmissibility and its linear approximation for in-service crack identification in train wheelset axles
https://arxiv.org/abs/2507.18636
More Expert-like Eye Gaze Movement Patterns are Related to Better X-ray Reading
https://arxiv.org/abs/2507.18637
Prompt Engineering and the Effectiveness of Large Language Models in Enhancing Human Productivity
https://arxiv.org/abs/2507.18968
People Are Highly Cooperative with Large Language Models, Especially When Communication Is Possible or Following Human Interaction
https://arxiv.org/abs/2507.18638
How good are humans at detecting AI-generated images? Learnings from an experiment
https://arxiv.org/abs/2507.18639
Fourier Spectral Methods for Block Copolymer Systems on Sphere
https://arxiv.org/abs/2507.18640
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
How good are humans at detecting AI-generated images? Learnings...
As AI-powered image generation improves, a key question is how well human beings can differentiate between "real" and AI-generated or modified images. Using data collected from the online game...
Top Security News for Today
Microsoft SharePoint Zero-Day
https://www.schneier.com/blog/archives/2025/07/microsoft-sharepoint-zero-day.html
Social engineering attack obtains data on ‘majority’ of Allianz Life customers
https://therecord.media/allianz-life-social-engineering-data-breach
BadSuccessor – Purple Team
https://www.reddit.com/r/netsec/comments/1mben1v/badsuccessor_purple_team/
An inside look into how a coalition of state legislators plan to take on data brokers
https://therecord.media/state-coalition-lawmakers-data-broker-rules
28th July – Threat Intelligence Report
https://research.checkpoint.com/2025/28th-july-threat-intelligence-report/
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
https://therecord.media/tea-app-data-breach-stolen-ids-leaked
Cyberattack on Aeroflot causing mass flight disruptions, Russia says
https://therecord.media/cyberattack-aeroflot-russia-delays
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
https://www.microsoft.com/en-us/security/blog/2025/07/28/sploitlight-analyzing-a-spotlight-based-macos-tcc-vulnerability/
Argus – Ultimate Reconnaissance Toolkit for Offensive Recon Operations
https://www.darknet.org.uk/2025/07/argus-ultimate-reconnaissance-toolkit-for-offensive-recon-operations/
Revisiting UNC3886 Tactics to Defend Against Present Risk
https://www.trendmicro.com/en_us/research/25/g/revisiting-unc3886-tactics-to-defend-against-present-risk.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Microsoft SharePoint Zero-Day
https://www.schneier.com/blog/archives/2025/07/microsoft-sharepoint-zero-day.html
Social engineering attack obtains data on ‘majority’ of Allianz Life customers
https://therecord.media/allianz-life-social-engineering-data-breach
BadSuccessor – Purple Team
https://www.reddit.com/r/netsec/comments/1mben1v/badsuccessor_purple_team/
An inside look into how a coalition of state legislators plan to take on data brokers
https://therecord.media/state-coalition-lawmakers-data-broker-rules
28th July – Threat Intelligence Report
https://research.checkpoint.com/2025/28th-july-threat-intelligence-report/
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
https://therecord.media/tea-app-data-breach-stolen-ids-leaked
Cyberattack on Aeroflot causing mass flight disruptions, Russia says
https://therecord.media/cyberattack-aeroflot-russia-delays
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
https://www.microsoft.com/en-us/security/blog/2025/07/28/sploitlight-analyzing-a-spotlight-based-macos-tcc-vulnerability/
Argus – Ultimate Reconnaissance Toolkit for Offensive Recon Operations
https://www.darknet.org.uk/2025/07/argus-ultimate-reconnaissance-toolkit-for-offensive-recon-operations/
Revisiting UNC3886 Tactics to Defend Against Present Risk
https://www.trendmicro.com/en_us/research/25/g/revisiting-unc3886-tactics-to-defend-against-present-risk.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Microsoft SharePoint Zero-Day - Schneier on Security
Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint…
Top Security News for Today
Attacking GenAI applications and LLMs – Sometimes all it takes is to ask nicely!
https://security.humanativaspa.it/attacking-genai-applications-and-llms-sometimes-all-it-takes-is-to-ask-nicely/
Gunra Ransomware Group Unveils Efficient Linux Variant
https://www.trendmicro.com/en_us/research/25/g/gunra-ransomware-linux-variant.html
Aeroflot Hacked
https://www.schneier.com/blog/archives/2025/07/aeroflot-hacked.html
Google Gemini AI CLI Hijack - Code Execution Through Deception
https://www.reddit.com/r/netsec/comments/1mc5pdm/google_gemini_ai_cli_hijack_code_execution/
Struts Devmode in 2025? Critical Pre-Auth Vulnerabilities in Adobe Experience Manager Forms
https://www.reddit.com/r/netsec/comments/1mc5t7b/struts_devmode_in_2025_critical_preauth/
Orange, France’s largest telecoms company, hit by cyberattack
https://therecord.media/orange-telecom-france-cyberattack
Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration
https://therecord.media/scattered-spider-targeting-snowflake-access-data-exfiltration
Minnesota governor activates National Guard after cyberattack on state capital
https://therecord.media/minnesota-governor-activates-national-guard-st-paul-cyber-attack
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Attacking GenAI applications and LLMs – Sometimes all it takes is to ask nicely!
https://security.humanativaspa.it/attacking-genai-applications-and-llms-sometimes-all-it-takes-is-to-ask-nicely/
Gunra Ransomware Group Unveils Efficient Linux Variant
https://www.trendmicro.com/en_us/research/25/g/gunra-ransomware-linux-variant.html
Aeroflot Hacked
https://www.schneier.com/blog/archives/2025/07/aeroflot-hacked.html
Google Gemini AI CLI Hijack - Code Execution Through Deception
https://www.reddit.com/r/netsec/comments/1mc5pdm/google_gemini_ai_cli_hijack_code_execution/
Struts Devmode in 2025? Critical Pre-Auth Vulnerabilities in Adobe Experience Manager Forms
https://www.reddit.com/r/netsec/comments/1mc5t7b/struts_devmode_in_2025_critical_preauth/
Orange, France’s largest telecoms company, hit by cyberattack
https://therecord.media/orange-telecom-france-cyberattack
Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration
https://therecord.media/scattered-spider-targeting-snowflake-access-data-exfiltration
Minnesota governor activates National Guard after cyberattack on state capital
https://therecord.media/minnesota-governor-activates-national-guard-st-paul-cyber-attack
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
HN Security
HN Security Attacking GenAI applications and LLMs - Sometimes all it takes is to ask nicely!
Real-world attack examples against GenAI and LLMs, highlighting attack techniques and often-overlooked security risks.
Top Security News for Today
Leveraging OSINT from the Dark Web – A Practical How-To
https://www.darknet.org.uk/2025/07/leveraging-osint-from-the-dark-web-a-practical-how-to/
Decryptor released for FunkSec ransomware; Avast works with law enforcement to help victims
https://therecord.media/funksec-ransomware-decryptor-avast
Palo Alto Networks to acquire identity security provider CyberArk in $25 billion deal
https://therecord.media/palo-alto-networks-cyberark-acquisition
Cyberattack shuts down hundreds of Russian pharmacies, disrupts healthcare services
https://therecord.media/cyberattack-shuts-down-russian-pharmacies
IBM: Average cost of a data breach in US shoots to record $10 million
https://therecord.media/ibm-data-breach-report-us-losses
Russia blocks popular US-made internet speed test tool over national security concerns
https://therecord.media/russia-bans-speedtest-ookla
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Leveraging OSINT from the Dark Web – A Practical How-To
https://www.darknet.org.uk/2025/07/leveraging-osint-from-the-dark-web-a-practical-how-to/
Decryptor released for FunkSec ransomware; Avast works with law enforcement to help victims
https://therecord.media/funksec-ransomware-decryptor-avast
Palo Alto Networks to acquire identity security provider CyberArk in $25 billion deal
https://therecord.media/palo-alto-networks-cyberark-acquisition
Cyberattack shuts down hundreds of Russian pharmacies, disrupts healthcare services
https://therecord.media/cyberattack-shuts-down-russian-pharmacies
IBM: Average cost of a data breach in US shoots to record $10 million
https://therecord.media/ibm-data-breach-report-us-losses
Russia blocks popular US-made internet speed test tool over national security concerns
https://therecord.media/russia-bans-speedtest-ookla
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Darknet - Hacking Tools, Hacker News & Cyber Security
Leveraging OSINT from the Dark Web - A Practical How-To
Learn how to gather dark web OSINT using tools like DarkSearch, SpiderFoot, and Maltego. Practical tactics for verifying leaked data and actor chatter.
Top Security News for Today
Engineered to Fail: The DNA of Negligent Cyber Defenses
https://reporter.deepspecter.com/engineered-to-fail-the-dna-of-negligent-cyber-defenses-22466a034b28
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/
CISA unveils free Thorium malware analysis platform
https://therecord.media/cisa-unveils-free-malware-analysis-tool
Espionage costing Australia $8 billion each year, warns intelligence chief
https://therecord.media/espionage-costing-australia-8-billion
North Korean hackers targeting open-source repositories in new espionage campaign
https://therecord.media/north-korean-hackers-targeting-open-source-repositories
The State of Ransomware – Q2 2025
https://research.checkpoint.com/2025/the-state-of-ransomware-q2-2025/
Cheating on Quantum Computing Benchmarks
https://www.schneier.com/blog/archives/2025/07/cheating-on-quantum-computing-benchmarks.html
Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations
https://research.checkpoint.com/2025/before-toolshell-exploring-storm-2603s-previous-ransomware-operations/
Biotech contractor settles for $9.8 million with DOJ over alleged cybersecurity lapses
https://therecord.media/illumina-false-claims-act-doj-cybersecurity-settlement
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Engineered to Fail: The DNA of Negligent Cyber Defenses
https://reporter.deepspecter.com/engineered-to-fail-the-dna-of-negligent-cyber-defenses-22466a034b28
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/
CISA unveils free Thorium malware analysis platform
https://therecord.media/cisa-unveils-free-malware-analysis-tool
Espionage costing Australia $8 billion each year, warns intelligence chief
https://therecord.media/espionage-costing-australia-8-billion
North Korean hackers targeting open-source repositories in new espionage campaign
https://therecord.media/north-korean-hackers-targeting-open-source-repositories
The State of Ransomware – Q2 2025
https://research.checkpoint.com/2025/the-state-of-ransomware-q2-2025/
Cheating on Quantum Computing Benchmarks
https://www.schneier.com/blog/archives/2025/07/cheating-on-quantum-computing-benchmarks.html
Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations
https://research.checkpoint.com/2025/before-toolshell-exploring-storm-2603s-previous-ransomware-operations/
Biotech contractor settles for $9.8 million with DOJ over alleged cybersecurity lapses
https://therecord.media/illumina-false-claims-act-doj-cybersecurity-settlement
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Medium
Engineered to Fail: The DNA of Negligent Cyber Defenses
Intro
Top Security News for Today
Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage
https://therecord.media/luxembourg-telecom-outage-reported-cyberattack-huawei-tech
Russia’s mobile internet shutdowns hit record high amid Ukrainian drone attacks
https://therecord.media/russia-mobile-internet-shutdowns-record
Spying on People Through Airportr Luggage Delivery Service
https://www.schneier.com/blog/archives/2025/08/spying-on-people-through-airportr-luggage-delivery-service.html
Flo settles class action lawsuit alleging improper data sharing
https://therecord.media/flo-app-settlement-class-action-suit-data-sharing-meta
Hackers leak purported Aeroflot data as Russia denies breach
https://therecord.media/hackers-leak-purported-aeroflot-data
EU preps biometric checks for foreign visitors
https://therecord.media/eu-preps-biometric-checks-travel
It opened the free, online, practical 'Introduction to Security' class from the Czech Technical University.
https://www.reddit.com/r/netsec/comments/1mf29r9/it_opened_the_free_online_practical_introduction/
What the Top 20 OSS Vulnerabilities Reveal About the Real Challenges in Security Governance
https://www.reddit.com/r/netsec/comments/1mfh9ol/what_the_top_20_oss_vulnerabilities_reveal_about/
Friday Squid Blogging: A Case of Squid Fossil Misidentification
https://www.schneier.com/blog/archives/2025/08/friday-squid-blogging-a-case-of-squid-fossil-misidentification.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage
https://therecord.media/luxembourg-telecom-outage-reported-cyberattack-huawei-tech
Russia’s mobile internet shutdowns hit record high amid Ukrainian drone attacks
https://therecord.media/russia-mobile-internet-shutdowns-record
Spying on People Through Airportr Luggage Delivery Service
https://www.schneier.com/blog/archives/2025/08/spying-on-people-through-airportr-luggage-delivery-service.html
Flo settles class action lawsuit alleging improper data sharing
https://therecord.media/flo-app-settlement-class-action-suit-data-sharing-meta
Hackers leak purported Aeroflot data as Russia denies breach
https://therecord.media/hackers-leak-purported-aeroflot-data
EU preps biometric checks for foreign visitors
https://therecord.media/eu-preps-biometric-checks-travel
It opened the free, online, practical 'Introduction to Security' class from the Czech Technical University.
https://www.reddit.com/r/netsec/comments/1mf29r9/it_opened_the_free_online_practical_introduction/
What the Top 20 OSS Vulnerabilities Reveal About the Real Challenges in Security Governance
https://www.reddit.com/r/netsec/comments/1mfh9ol/what_the_top_20_oss_vulnerabilities_reveal_about/
Friday Squid Blogging: A Case of Squid Fossil Misidentification
https://www.schneier.com/blog/archives/2025/08/friday-squid-blogging-a-case-of-squid-fossil-misidentification.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage
Authorities in Luxembourg said a nationwide telecommunications outage in July was caused by a deliberately disruptive cyberattack. Huawei networking products were reportedly the target.