Top Security News for Today
Stealthy Persistence With Non-Existent Executable File
https://www.reddit.com/r/netsec/comments/1n9sygh/stealthy_persistence_with_nonexistent_executable/
A Comprehensive Survey on Trustworthiness in Reasoning with Large Language Models
https://arxiv.org/abs/2509.03871
High Boy Gadget for Hackers
https://www.reddit.com/r/netsec/comments/1na0kcf/high_boy_gadget_for_hackers/
Minimal Webserver in a 4KiB Binary
https://www.reddit.com/r/lowlevel/comments/1na9tjn/minimal_webserver_in_a_4kib_binary/
From Theory to Practice: How Small Language Models Are Revolutionizing Human Risk Psychology
https://www.reddit.com/r/netsec/comments/1nad9wm/from_theory_to_practice_how_small_language_models/
Worldcoin Advances Quantum-Secure AMPC With UTEC Peru
https://www.reddit.com/r/netsec/comments/1namhbg/worldcoin_advances_quantumsecure_ampc_with_utec/
The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025
https://www.reddit.com/r/netsec/comments/1namtpn/the_salesloftdrift_breach_analyzing_the_biggest/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Stealthy Persistence With Non-Existent Executable File
https://www.reddit.com/r/netsec/comments/1n9sygh/stealthy_persistence_with_nonexistent_executable/
A Comprehensive Survey on Trustworthiness in Reasoning with Large Language Models
https://arxiv.org/abs/2509.03871
High Boy Gadget for Hackers
https://www.reddit.com/r/netsec/comments/1na0kcf/high_boy_gadget_for_hackers/
Minimal Webserver in a 4KiB Binary
https://www.reddit.com/r/lowlevel/comments/1na9tjn/minimal_webserver_in_a_4kib_binary/
From Theory to Practice: How Small Language Models Are Revolutionizing Human Risk Psychology
https://www.reddit.com/r/netsec/comments/1nad9wm/from_theory_to_practice_how_small_language_models/
Worldcoin Advances Quantum-Secure AMPC With UTEC Peru
https://www.reddit.com/r/netsec/comments/1namhbg/worldcoin_advances_quantumsecure_ampc_with_utec/
The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025
https://www.reddit.com/r/netsec/comments/1namtpn/the_salesloftdrift_breach_analyzing_the_biggest/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Stealthy Persistence With Non-Existent Executable File
Explore this post and more from the netsec community
Top Security News for Today
The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025
https://www.reddit.com/r/netsec/comments/1namtpn/the_salesloftdrift_breach_analyzing_the_biggest/
New OpenSecurityTraining2 class: "Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting" (~8 hours)
https://www.reddit.com/r/netsec/comments/1natzsl/new_opensecuritytraining2_class_bluetooth_2222/
New iOS/macOS Critical DNG Image Processing Memory Corruption Exploitation Tutorial
https://www.reddit.com/r/netsec/comments/1nb4a2v/new_iosmacos_critical_dng_image_processing_memory/
Using AI Agents for Code Auditing: Full Walkthrough on Finding Security Bugs in a Rust REST Server with Hound
https://www.reddit.com/r/netsec/comments/1nbclku/using_ai_agents_for_code_auditing_full/
killerPID-BOF
https://www.reddit.com/r/netsec/comments/1nbbdyh/killerpidbof/
GitHub Actions: A Cloudy Day for Security - Part 1
https://www.reddit.com/r/netsec/comments/1nbgj2h/github_actions_a_cloudy_day_for_security_part_1/
PRREACH: Probabilistic Risk Assessment Using Reachability for UAV Control
https://arxiv.org/abs/2509.04451
INSEva: A Comprehensive Chinese Benchmark for Large Language Models in Insurance
https://arxiv.org/abs/2509.04455
Mentalic Net: Development of RAG-based Conversational AI and Evaluation Framework for Mental Health Support
https://arxiv.org/abs/2509.04456
Automotive Privacy in California: The UX Benchmark That Could Change Everything
https://www.tripwire.com/state-of-security/automotive-privacy-california-ux-benchmark-could-change-everything
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025
https://www.reddit.com/r/netsec/comments/1namtpn/the_salesloftdrift_breach_analyzing_the_biggest/
New OpenSecurityTraining2 class: "Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting" (~8 hours)
https://www.reddit.com/r/netsec/comments/1natzsl/new_opensecuritytraining2_class_bluetooth_2222/
New iOS/macOS Critical DNG Image Processing Memory Corruption Exploitation Tutorial
https://www.reddit.com/r/netsec/comments/1nb4a2v/new_iosmacos_critical_dng_image_processing_memory/
Using AI Agents for Code Auditing: Full Walkthrough on Finding Security Bugs in a Rust REST Server with Hound
https://www.reddit.com/r/netsec/comments/1nbclku/using_ai_agents_for_code_auditing_full/
killerPID-BOF
https://www.reddit.com/r/netsec/comments/1nbbdyh/killerpidbof/
GitHub Actions: A Cloudy Day for Security - Part 1
https://www.reddit.com/r/netsec/comments/1nbgj2h/github_actions_a_cloudy_day_for_security_part_1/
PRREACH: Probabilistic Risk Assessment Using Reachability for UAV Control
https://arxiv.org/abs/2509.04451
INSEva: A Comprehensive Chinese Benchmark for Large Language Models in Insurance
https://arxiv.org/abs/2509.04455
Mentalic Net: Development of RAG-based Conversational AI and Evaluation Framework for Mental Health Support
https://arxiv.org/abs/2509.04456
Automotive Privacy in California: The UX Benchmark That Could Change Everything
https://www.tripwire.com/state-of-security/automotive-privacy-california-ux-benchmark-could-change-everything
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025
Explore this post and more from the netsec community
Top Security News for Today
Nepal social media ban sparks protests, dozens injured
https://therecord.media/nepal-social-media-ban-protests
Kazakh oil giant denies cyberattack, says incident was 'planned' phishing drill
https://therecord.media/kazakstan-oil-company-kazmunaygas-phishing-simulation-not-cyberattack
US sanctions companies behind cyber scam centers in Cambodia, Myanmar
https://therecord.media/us-sanctions-companies-southeast-asia-scam-compounds
Cyberattack on Jaguar Land Rover threatens to hit British economic growth
https://therecord.media/cyberattack-jaguar-land-rover-economic-growth-uk-government
Hacker broke into Salesloft systems in March through GitHub account
https://therecord.media/salesloft-hacker-broke-into-github
18 Popular Code Packages Hacked, Rigged to Steal Crypto
https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/
AI in Government
https://www.schneier.com/blog/archives/2025/09/ai-in-government.html
8th September – Threat Intelligence Report
https://research.checkpoint.com/2025/8th-september-threat-intelligence-report/
Manipulating Transformer-Based Models: Controllability, Steerability, and Robust Interventions
https://arxiv.org/abs/2509.04549
Persona Vectors: Monitoring and Controlling Character Traits in Language Models
https://arxiv.org/abs/2507.21509
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Nepal social media ban sparks protests, dozens injured
https://therecord.media/nepal-social-media-ban-protests
Kazakh oil giant denies cyberattack, says incident was 'planned' phishing drill
https://therecord.media/kazakstan-oil-company-kazmunaygas-phishing-simulation-not-cyberattack
US sanctions companies behind cyber scam centers in Cambodia, Myanmar
https://therecord.media/us-sanctions-companies-southeast-asia-scam-compounds
Cyberattack on Jaguar Land Rover threatens to hit British economic growth
https://therecord.media/cyberattack-jaguar-land-rover-economic-growth-uk-government
Hacker broke into Salesloft systems in March through GitHub account
https://therecord.media/salesloft-hacker-broke-into-github
18 Popular Code Packages Hacked, Rigged to Steal Crypto
https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/
AI in Government
https://www.schneier.com/blog/archives/2025/09/ai-in-government.html
8th September – Threat Intelligence Report
https://research.checkpoint.com/2025/8th-september-threat-intelligence-report/
Manipulating Transformer-Based Models: Controllability, Steerability, and Robust Interventions
https://arxiv.org/abs/2509.04549
Persona Vectors: Monitoring and Controlling Character Traits in Language Models
https://arxiv.org/abs/2507.21509
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Nepal social media ban sparks protests, dozens injured
The "Gen Z protest" against Nepal's restrictions on 26 major social media platforms turned deadly as police clashed with demonstrators.
Top Security News for Today
[New Cryptanalysis of the Fiat-Shamir Protocol](https://www.schneier.com/blog/archives/2025/09/new-cryptanalysis-of-the-fiat-shamir-protocol.html)
[ASNiP – ASN Reconnaissance via Domain and IP Mapping](https://www.darknet.org.uk/2025/09/asnip-asn-reconnaissance-via-domain-and-ip-mapping/)
[Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed](https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html)
[Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat'](https://therecord.media/cyber-command-nsa-dual-hat-single-leader-trump-administration)
[Mitsubishi Electric to acquire Nozomi Networks for $883 million](https://therecord.media/nozomi-networks-mitsubishi-electric-acquisition)
[Brazil lesbian dating app shuts down after security flaw exposes sensitive user data](https://therecord.media/brazil-lesbian-dating-app-shuts-down-vulnerability)
[Major blood center says thousands had data leaked in January ransomware attack](https://therecord.media/blood-center-discloses-details-on--january-ransomware-attack)
[Microsoft Patch Tuesday, September 2025 Security Update Review](https://blog.qualys.com/vulnerabilities-threat-research/2025/09/09/microsoft-patch-tuesday-september-2025-security-update-review)
[Apple Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research](https://www.reddit.com/r/netsec/comments/1ncw817/apple_memory_integrity_enforcement_a_complete/)
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
[New Cryptanalysis of the Fiat-Shamir Protocol](https://www.schneier.com/blog/archives/2025/09/new-cryptanalysis-of-the-fiat-shamir-protocol.html)
[ASNiP – ASN Reconnaissance via Domain and IP Mapping](https://www.darknet.org.uk/2025/09/asnip-asn-reconnaissance-via-domain-and-ip-mapping/)
[Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed](https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html)
[Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat'](https://therecord.media/cyber-command-nsa-dual-hat-single-leader-trump-administration)
[Mitsubishi Electric to acquire Nozomi Networks for $883 million](https://therecord.media/nozomi-networks-mitsubishi-electric-acquisition)
[Brazil lesbian dating app shuts down after security flaw exposes sensitive user data](https://therecord.media/brazil-lesbian-dating-app-shuts-down-vulnerability)
[Major blood center says thousands had data leaked in January ransomware attack](https://therecord.media/blood-center-discloses-details-on--january-ransomware-attack)
[Microsoft Patch Tuesday, September 2025 Security Update Review](https://blog.qualys.com/vulnerabilities-threat-research/2025/09/09/microsoft-patch-tuesday-september-2025-security-update-review)
[Apple Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research](https://www.reddit.com/r/netsec/comments/1ncw817/apple_memory_integrity_enforcement_a_complete/)
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
New Cryptanalysis of the Fiat-Shamir Protocol - Schneier on Security
A couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation. Quanta published a good article that explains the results. This is a pretty exciting paper from a theoretical perspective, but I don’t see it leading…
Top Security News for Today
European crypto platform SwissBorg to reimburse users after $41 million theft
https://therecord.media/swissborg-platform-solana-cryptocurrency-stolen
Nepal lifts social media ban after deadly youth protests
https://therecord.media/nepal-social-media-ban-lifted-after-deadly-protests
Chinese companies and bosses to face major fines over cybersecurity incidents
https://therecord.media/china-cybersecurity-law-update-penalties-companies-executives
Researchers find spyware on phones belonging to Kenyan filmmakers
https://therecord.media/researchers-spyware-kenya-filmmaker-phone
US investors in spyware firms nearly tripled in 2024: report
https://therecord.media/us-investors-in-spyware-tripled-in-2024
Pwn My Ride: Apple CarPlay RCE - iAP2 protocol and CVE-2025-24132 Explained
https://www.reddit.com/r/netsec/comments/1nd8u5h/pwn_my_ride_apple_carplay_rce_iap2_protocol_and/
Kerberoasting
https://www.reddit.com/r/netsec/comments/1ndc7v1/kerberoasting/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
European crypto platform SwissBorg to reimburse users after $41 million theft
https://therecord.media/swissborg-platform-solana-cryptocurrency-stolen
Nepal lifts social media ban after deadly youth protests
https://therecord.media/nepal-social-media-ban-lifted-after-deadly-protests
Chinese companies and bosses to face major fines over cybersecurity incidents
https://therecord.media/china-cybersecurity-law-update-penalties-companies-executives
Researchers find spyware on phones belonging to Kenyan filmmakers
https://therecord.media/researchers-spyware-kenya-filmmaker-phone
US investors in spyware firms nearly tripled in 2024: report
https://therecord.media/us-investors-in-spyware-tripled-in-2024
Pwn My Ride: Apple CarPlay RCE - iAP2 protocol and CVE-2025-24132 Explained
https://www.reddit.com/r/netsec/comments/1nd8u5h/pwn_my_ride_apple_carplay_rce_iap2_protocol_and/
Kerberoasting
https://www.reddit.com/r/netsec/comments/1ndc7v1/kerberoasting/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
European crypto platform SwissBorg to reimburse users after $41 million theft
Nearly 200,000 Solana coins were stolen from SwissBorg, or about 2% of its assets, according to the platform's CEO. The company pledged to pay users back.
Top Security News for Today
Practice spotting typo squatted domains (Browser game: Typosquat Detective)
https://www.reddit.com/r/netsec/comments/1ne4f2u/practice_spotting_typo_squatted_domains_browser/
Why File Integrity Monitoring (FIM) Is a Must for Compliance — And How to Pick the Right Solution
https://www.tripwire.com/state-of-security/file-integrity-monitoring-fim-compliance-right-solution
Dark Web Search Engines in 2025 – Rankings, Risks & Ethical Trade-offs
https://www.darknet.org.uk/2025/09/dark-web-search-engines-in-2025-rankings-risks-ethical-trade-offs/
UK delays introducing new cybersecurity legislation, again
https://therecord.media/uk-cybersecurity-law-update-csrb-delayed-again
EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks
https://www.trendmicro.com/en_us/research/25/i/evilai.html
FTC should investigate Microsoft after Ascension ransomware attack, senator says
https://therecord.media/ascension-ransomware-attack-wyden-seeks-ftc-microsoft-investigation
Cyberattacks against schools driven by a rise in student hackers, ICO warns
https://therecord.media/cyberattacks-against-schools-driven-by-student-hackers
Inboxfuscation - a free, open-source obfuscation and detection framework to help security teams detect and stop Unicode-obfuscated Microsoft Exchange inbox rules
https://www.reddit.com/r/netsec/comments/1neaop8/inboxfuscation_a_free_opensource_obfuscation_and/
FTC opens inquiry into how AI chatbots impact child safety, privacy
https://therecord.media/ftc-opens-inquiry-ai-chatbots-kids
Bulletproof Host Stark Industries Evades EU Sanctions
https://krebsonsecurity.com/2025/09/bulletproof-host-stark-industries-evades-eu-sanctions/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Practice spotting typo squatted domains (Browser game: Typosquat Detective)
https://www.reddit.com/r/netsec/comments/1ne4f2u/practice_spotting_typo_squatted_domains_browser/
Why File Integrity Monitoring (FIM) Is a Must for Compliance — And How to Pick the Right Solution
https://www.tripwire.com/state-of-security/file-integrity-monitoring-fim-compliance-right-solution
Dark Web Search Engines in 2025 – Rankings, Risks & Ethical Trade-offs
https://www.darknet.org.uk/2025/09/dark-web-search-engines-in-2025-rankings-risks-ethical-trade-offs/
UK delays introducing new cybersecurity legislation, again
https://therecord.media/uk-cybersecurity-law-update-csrb-delayed-again
EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks
https://www.trendmicro.com/en_us/research/25/i/evilai.html
FTC should investigate Microsoft after Ascension ransomware attack, senator says
https://therecord.media/ascension-ransomware-attack-wyden-seeks-ftc-microsoft-investigation
Cyberattacks against schools driven by a rise in student hackers, ICO warns
https://therecord.media/cyberattacks-against-schools-driven-by-student-hackers
Inboxfuscation - a free, open-source obfuscation and detection framework to help security teams detect and stop Unicode-obfuscated Microsoft Exchange inbox rules
https://www.reddit.com/r/netsec/comments/1neaop8/inboxfuscation_a_free_opensource_obfuscation_and/
FTC opens inquiry into how AI chatbots impact child safety, privacy
https://therecord.media/ftc-opens-inquiry-ai-chatbots-kids
Bulletproof Host Stark Industries Evades EU Sanctions
https://krebsonsecurity.com/2025/09/bulletproof-host-stark-industries-evades-eu-sanctions/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Practice spotting typo squatted domains (Browser game: Typosquat Detective)
Posted by unknownhad - 6 votes and 4 comments
Top Security News for Today
Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal
https://therecord.media/finland-vastaamo-hacker-free-during-appeal-conviction
How this seasoned bug bounty hunter combines Burp Suite and HackerOne to uncover high-impact vulnerabilities
https://portswigger.net/blog/how-this-seasoned-bug-bounty-hunter-combines-burp-suite-and-hackerone-to-uncover-high-impact-vulnerabilities
Yurei & The Ghost of Open Source Ransomware
https://research.checkpoint.com/2025/yurei-the-ghost-of-open-source-ransomware/
CISA official calls on lawmakers to extend cyber info-sharing law
https://therecord.media/cisa-official-calls-on-lawmakers-renew-cisa2015
Vietnam, Panama governments suffer incidents leaking citizen data
https://therecord.media/vietnam-cic-panama-finance-ministry-cyberattacks
DHS inspector general: CISA mismanaged multimillion-dollar employee incentives program
https://therecord.media/cisa-cybersecurity-retention-incentives-dhs-ig-audit
Philippine military company spied upon with new China-linked malware
https://therecord.media/philippines-military-company-suspected-china-espionage-eggstreme-malware
A Cyberattack Victim Notification Framework
https://www.schneier.com/blog/archives/2025/09/a-cyberattack-victim-notification-framework.html
Fine-grained HTTP filtering for Claude Code
https://www.reddit.com/r/netsec/comments/1nff57n/finegrained_http_filtering_for_claude_code/
WSASS - Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11
https://www.reddit.com/r/netsec/comments/1nfrgc1/wsass_old_but_gold_dumping_lsass_with_windows/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal
https://therecord.media/finland-vastaamo-hacker-free-during-appeal-conviction
How this seasoned bug bounty hunter combines Burp Suite and HackerOne to uncover high-impact vulnerabilities
https://portswigger.net/blog/how-this-seasoned-bug-bounty-hunter-combines-burp-suite-and-hackerone-to-uncover-high-impact-vulnerabilities
Yurei & The Ghost of Open Source Ransomware
https://research.checkpoint.com/2025/yurei-the-ghost-of-open-source-ransomware/
CISA official calls on lawmakers to extend cyber info-sharing law
https://therecord.media/cisa-official-calls-on-lawmakers-renew-cisa2015
Vietnam, Panama governments suffer incidents leaking citizen data
https://therecord.media/vietnam-cic-panama-finance-ministry-cyberattacks
DHS inspector general: CISA mismanaged multimillion-dollar employee incentives program
https://therecord.media/cisa-cybersecurity-retention-incentives-dhs-ig-audit
Philippine military company spied upon with new China-linked malware
https://therecord.media/philippines-military-company-suspected-china-espionage-eggstreme-malware
A Cyberattack Victim Notification Framework
https://www.schneier.com/blog/archives/2025/09/a-cyberattack-victim-notification-framework.html
Fine-grained HTTP filtering for Claude Code
https://www.reddit.com/r/netsec/comments/1nff57n/finegrained_http_filtering_for_claude_code/
WSASS - Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11
https://www.reddit.com/r/netsec/comments/1nfrgc1/wsass_old_but_gold_dumping_lsass_with_windows/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal
A Finnish judge set free Aleksanteri "Julius" Kivimäki, convicted of extorting victims of the Vastaamo psychotherapy center's data breach, as his appeal in the case continues.
Top Security News for Today
🛡️ I’ve started a Pentesting Weekly Digest — would love your feedback & thoughts!
https://www.reddit.com/r/netsec/comments/1nfpp7o/ive_started_a_pentesting_weekly_digest_would_love/
WSASS - Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11
https://www.reddit.com/r/netsec/comments/1nfrgc1/wsass_old_but_gold_dumping_lsass_with_windows/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
🛡️ I’ve started a Pentesting Weekly Digest — would love your feedback & thoughts!
https://www.reddit.com/r/netsec/comments/1nfpp7o/ive_started_a_pentesting_weekly_digest_would_love/
WSASS - Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11
https://www.reddit.com/r/netsec/comments/1nfrgc1/wsass_old_but_gold_dumping_lsass_with_windows/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: 🛡️ I’ve started a Pentesting Weekly Digest — would love your feedback & thoughts!
Explore this post and more from the netsec community
Top Security News for Today
On the Security of SSH Client Signatures
https://reporter.deepspecter.com/
2025 Supabase Security Best Practices Guide - Common Misconfigs from Recent Pentests.
https://www.reddit.com/r/netsec/comments/1ngzvfi/2025_supabase_security_best_practices_guide/
New OpenSecurityTraining2 class: "TPM 2.0 Programming using Python and the tpm2-pytss libraries" (~13 hours)
https://www.reddit.com/r/netsec/comments/1nh52qm/new_opensecuritytraining2_class_tpm_20/
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic…
https://www.reddit.com/r/netsec/comments/1nh7yuo/strategies_for_analyzing_native_code_in_android/
pyLDAPGui - Python based GUI for browsing LDAP
https://www.reddit.com/r/netsec/comments/1nh8qvn/pyldapgui_python_based_gui_for_browsing_ldap/
DB3 Team's Solution For Meta KDD Cup' 25
https://arxiv.org/abs/2509.09684
Faster and Memory-Efficient Training of Sequential Recommendation Models for Large Catalogs
https://arxiv.org/abs/2509.09681
Forecasting Clicks in Digital Advertising: Multimodal Inputs and Interpretable Outputs
https://arxiv.org/abs/2509.09682
Text-to-SQL Oriented to the Process Mining Domain: A PT-EN Dataset for Query Translation
https://arxiv.org/abs/2509.09683
TalkPlayData 2: An Agentic Synthetic Data Pipeline for Multimodal Conversational Music Recommendation
https://arxiv.org/abs/2509.09331
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
On the Security of SSH Client Signatures
https://reporter.deepspecter.com/
2025 Supabase Security Best Practices Guide - Common Misconfigs from Recent Pentests.
https://www.reddit.com/r/netsec/comments/1ngzvfi/2025_supabase_security_best_practices_guide/
New OpenSecurityTraining2 class: "TPM 2.0 Programming using Python and the tpm2-pytss libraries" (~13 hours)
https://www.reddit.com/r/netsec/comments/1nh52qm/new_opensecuritytraining2_class_tpm_20/
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic…
https://www.reddit.com/r/netsec/comments/1nh7yuo/strategies_for_analyzing_native_code_in_android/
pyLDAPGui - Python based GUI for browsing LDAP
https://www.reddit.com/r/netsec/comments/1nh8qvn/pyldapgui_python_based_gui_for_browsing_ldap/
DB3 Team's Solution For Meta KDD Cup' 25
https://arxiv.org/abs/2509.09684
Faster and Memory-Efficient Training of Sequential Recommendation Models for Large Catalogs
https://arxiv.org/abs/2509.09681
Forecasting Clicks in Digital Advertising: Multimodal Inputs and Interpretable Outputs
https://arxiv.org/abs/2509.09682
Text-to-SQL Oriented to the Process Mining Domain: A PT-EN Dataset for Query Translation
https://arxiv.org/abs/2509.09683
TalkPlayData 2: An Agentic Synthetic Data Pipeline for Multimodal Conversational Music Recommendation
https://arxiv.org/abs/2509.09331
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Medium
Deep Specter Research – Medium
Read writing from Deep Specter Research on Medium. Exposing digital fraud, regulatory evasion, and corporate manipulation through cyber intelligence.
https://deepspecter.com
https://deepspecter.com
Top Security News for Today
Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers
https://securelist.com/model-context-protocol-for-ai-integration-abused-in-supply-chain-attacks/117473/
Lawsuit About WhatsApp Security
https://www.schneier.com/blog/archives/2025/09/lawsuit-about-whatsapp-security.html
15th September – Threat Intelligence Report
https://research.checkpoint.com/2025/15th-september-threat-intelligence-report/
US national charged in Finnish psychotherapy center extortion
https://therecord.media/finland-vastaamo-hack-us-national-charged
New Zealand sanctions Russian military hackers over cyberattacks on Ukraine
https://therecord.media/new-zealand-russia-gru-ukraine
Europol adds Spanish academic suspected of aiding pro-Russian hackers to most wanted list
https://therecord.media/europol-adds-spanish-academic-most-wanted-russia-hack
FBI warns of Scattered Spider and ShinyHunters attacks on Salesforce platforms
https://therecord.media/fbi-warns-scattered-spider-salesforce
Ukraine claims cyberattacks on Russian election systems; Moscow confirms disruptions
https://therecord.media/ukraine-claims-ddos-attack-russian-election-system
Uvalde school district says ransomware attack forcing closure until Thursday
https://therecord.media/uvalde-texas-school-district-temporarily-closing-ransomware
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers
https://securelist.com/model-context-protocol-for-ai-integration-abused-in-supply-chain-attacks/117473/
Lawsuit About WhatsApp Security
https://www.schneier.com/blog/archives/2025/09/lawsuit-about-whatsapp-security.html
15th September – Threat Intelligence Report
https://research.checkpoint.com/2025/15th-september-threat-intelligence-report/
US national charged in Finnish psychotherapy center extortion
https://therecord.media/finland-vastaamo-hack-us-national-charged
New Zealand sanctions Russian military hackers over cyberattacks on Ukraine
https://therecord.media/new-zealand-russia-gru-ukraine
Europol adds Spanish academic suspected of aiding pro-Russian hackers to most wanted list
https://therecord.media/europol-adds-spanish-academic-most-wanted-russia-hack
FBI warns of Scattered Spider and ShinyHunters attacks on Salesforce platforms
https://therecord.media/fbi-warns-scattered-spider-salesforce
Ukraine claims cyberattacks on Russian election systems; Moscow confirms disruptions
https://therecord.media/ukraine-claims-ddos-attack-russian-election-system
Uvalde school district says ransomware attack forcing closure until Thursday
https://therecord.media/uvalde-texas-school-district-temporarily-closing-ransomware
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Malicious MCP servers used in supply chain attacks
Kaspersky experts discuss the Model Context Protocol used for AI integration. We describe the MCP's architecture, attack vectors and follow a proof of concept to see how it can be abused.
Top Security News for Today
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
https://securelist.com/revengehotels-attacks-with-ai-and-venomrat-across-latin-america/117493/
Microsoft Still Uses RC4
https://www.schneier.com/blog/archives/2025/09/microsoft-still-uses-rc4.html
Building a compiler custom programming language
https://www.reddit.com/r/lowlevel/comments/1nierls/building_a_compiler_custom_programming_language/
New LG Vulnerability - LG WebOS TV Path Traversal, Authentication Bypass and Full Device Takeover
https://www.reddit.com/r/netsec/comments/1nif05t/new_lg_vulnerability_lg_webos_tv_path_traversal/
Jaguar Land Rover says cyberattack shutdown to last 'at least' another week
https://therecord.media/jaguar-land-rover-another-week-shutdown-cyberattack
Windows 10 Retirement: A Reminder for Managing Legacy Industrial Control Systems (ICS)
https://www.tripwire.com/state-of-security/windows-10-retirement-reminder-managing-legacy-industrial-control-systems-ics
Under the Pure Curtain: From RAT to Builder to Coder
https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/
Self-Replicating Worm Hits 180+ Software Packages
https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
https://securelist.com/revengehotels-attacks-with-ai-and-venomrat-across-latin-america/117493/
Microsoft Still Uses RC4
https://www.schneier.com/blog/archives/2025/09/microsoft-still-uses-rc4.html
Building a compiler custom programming language
https://www.reddit.com/r/lowlevel/comments/1nierls/building_a_compiler_custom_programming_language/
New LG Vulnerability - LG WebOS TV Path Traversal, Authentication Bypass and Full Device Takeover
https://www.reddit.com/r/netsec/comments/1nif05t/new_lg_vulnerability_lg_webos_tv_path_traversal/
Jaguar Land Rover says cyberattack shutdown to last 'at least' another week
https://therecord.media/jaguar-land-rover-another-week-shutdown-cyberattack
Windows 10 Retirement: A Reminder for Managing Legacy Industrial Control Systems (ICS)
https://www.tripwire.com/state-of-security/windows-10-retirement-reminder-managing-legacy-industrial-control-systems-ics
Under the Pure Curtain: From RAT to Builder to Coder
https://research.checkpoint.com/2025/under-the-pure-curtain-from-rat-to-builder-to-coder/
Self-Replicating Worm Hits 180+ Software Packages
https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
Labour politician charged over 'honey trap' WhatsApp messages sent to MPs
https://therecord.media/oliver-steadman-charged-alleged-honeypot-blackmail-britain-politicians
North Korean operation uses ChatGPT to forge military IDs as part of cyberattack
https://therecord.media/north-korea-kimsuky-hackers-phishing-fake-military-ids-chatgpt
JLR ‘cyber shockwave ripping through UK industry’ as supplier share price plummets by 55%
https://therecord.media/jlr-cyber-shockwave-auto-sector
Hackers steal hotel guests’ payment data in new AI-driven campaign
https://therecord.media/hackers-payment-data-guests-steal
Judge rejects Meta attempt to overturn Flo privacy verdict
https://therecord.media/judge-rejects-meta-attempt-overturn-flo-privacy-lawsuit
Practical guide for hunters: how leaked webhooks are abused and how to defend them
https://www.reddit.com/r/netsec/comments/1njbx3q/practical_guide_for_hunters_how_leaked_webhooks/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Labour politician charged over 'honey trap' WhatsApp messages sent to MPs
https://therecord.media/oliver-steadman-charged-alleged-honeypot-blackmail-britain-politicians
North Korean operation uses ChatGPT to forge military IDs as part of cyberattack
https://therecord.media/north-korea-kimsuky-hackers-phishing-fake-military-ids-chatgpt
JLR ‘cyber shockwave ripping through UK industry’ as supplier share price plummets by 55%
https://therecord.media/jlr-cyber-shockwave-auto-sector
Hackers steal hotel guests’ payment data in new AI-driven campaign
https://therecord.media/hackers-payment-data-guests-steal
Judge rejects Meta attempt to overturn Flo privacy verdict
https://therecord.media/judge-rejects-meta-attempt-overturn-flo-privacy-lawsuit
Practical guide for hunters: how leaked webhooks are abused and how to defend them
https://www.reddit.com/r/netsec/comments/1njbx3q/practical_guide_for_hunters_how_leaked_webhooks/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Labour politician charged over 'honey trap' WhatsApp messages sent to MPs
Former local British elected official Oliver Steadman has been charged with blackmail in a case involving attempts to acquire compromising photographs from politicians.
Top Security News for Today
Two teenage suspected Scattered Spider members charged in UK over TfL hack
https://therecord.media/scattered-spider-teenage-suspects-arrested-britain-nca
Taliban bans fiber-optic internet in several Afghan provinces to curb ‘immorality’
https://therecord.media/taliban-bans-fiber-optic-internet
Russian regional airline disrupted by suspected cyberattack
https://therecord.media/russia-krasavia-airline-disrupted-suspected-cyberattack
Brazil enacts sweeping bill requiring online age verification, safeguards for children’s data
https://therecord.media/brazil-enacts-sweeping-children-data-law
Time-of-Check Time-of-Use Attacks Against LLMs
https://www.schneier.com/blog/archives/2025/09/time-of-check-time-of-use-attacks-against-llms.html
How to join the desync endgame: Practical tips from pentester Tom Stacey
https://portswigger.net/blog/how-to-join-the-desync-endgame-practical-tips-from-pentester-tom-stacey
Microsoft Defender delivered 242% return on investment over three years
https://www.microsoft.com/en-us/security/blog/2025/09/18/microsoft-defender-delivered-242-return-on-investment-over-three-years/
SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework
https://arxiv.org/abs/2509.13048
AQUA-LLM: Evaluating Accuracy, Quantization, and Adversarial Robustness Trade-offs in LLMs for Cybersecurity Question Answering
https://arxiv.org/abs/2509.13514
LIGHT-HIDS: A Lightweight and Effective Machine Learning-Based Framework for Robust Host Intrusion Detection
https://arxiv.org/abs/2509.13561
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Two teenage suspected Scattered Spider members charged in UK over TfL hack
https://therecord.media/scattered-spider-teenage-suspects-arrested-britain-nca
Taliban bans fiber-optic internet in several Afghan provinces to curb ‘immorality’
https://therecord.media/taliban-bans-fiber-optic-internet
Russian regional airline disrupted by suspected cyberattack
https://therecord.media/russia-krasavia-airline-disrupted-suspected-cyberattack
Brazil enacts sweeping bill requiring online age verification, safeguards for children’s data
https://therecord.media/brazil-enacts-sweeping-children-data-law
Time-of-Check Time-of-Use Attacks Against LLMs
https://www.schneier.com/blog/archives/2025/09/time-of-check-time-of-use-attacks-against-llms.html
How to join the desync endgame: Practical tips from pentester Tom Stacey
https://portswigger.net/blog/how-to-join-the-desync-endgame-practical-tips-from-pentester-tom-stacey
Microsoft Defender delivered 242% return on investment over three years
https://www.microsoft.com/en-us/security/blog/2025/09/18/microsoft-defender-delivered-242-return-on-investment-over-three-years/
SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework
https://arxiv.org/abs/2509.13048
AQUA-LLM: Evaluating Accuracy, Quantization, and Adversarial Robustness Trade-offs in LLMs for Cybersecurity Question Answering
https://arxiv.org/abs/2509.13514
LIGHT-HIDS: A Lightweight and Effective Machine Learning-Based Framework for Robust Host Intrusion Detection
https://arxiv.org/abs/2509.13561
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Two teenage suspected Scattered Spider members charged in UK over TfL hack
A 19-year-old and an 18-year-old have been arrested and charged in the hack of London's transport agency in 2024 — an attack attributed to the Scattered Spider cybercrime collective.
Top Security News for Today
Industrial Threat Report Q2 2025
https://securelist.com/industrial-threat-report-q2-2025/117532/
CISOs Concerned of AI Adoption in Business Environments
https://www.tripwire.com/state-of-security/cisos-concerned-ai-adoption-business-environments
Surveying the Global Spyware Market
https://www.schneier.com/blog/archives/2025/09/surveying-the-global-spyware-market.html
MI6 launches darkweb portal to recruit foreign spies
https://therecord.media/mi6-darkweb-portal-recruit-foreign-spies
The GoLaxy papers: Inside China’s AI persona army
https://therecord.media/golaxy-china-artificial-intelligence-papers
Russia's main airport in St. Petersburg says its website was hacked
https://therecord.media/russia-pulkovo-airport-st-petersburg-website-hacked
How AI-Native Development Platforms Enable Fake Captcha Pages
https://www.trendmicro.com/en_us/research/25/i/ai-development-platforms-enable-fake-captcha-pages.html
Russian spy groups Turla, Gamaredon join forces to hack Ukraine, researchers say
https://therecord.media/russian-spy-groups-turla-gamaredon-target-ukraine
Watchdog finds MrBeast improperly collected children’s data
https://therecord.media/watchdog-mrbeast-youtube-privacy-colection
DOJ: Scattered Spider took $115 million in ransoms, breached a US court system
https://therecord.media/scattered-spider-unsealed-charges-115million-extortion-breached-courts-system
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Industrial Threat Report Q2 2025
https://securelist.com/industrial-threat-report-q2-2025/117532/
CISOs Concerned of AI Adoption in Business Environments
https://www.tripwire.com/state-of-security/cisos-concerned-ai-adoption-business-environments
Surveying the Global Spyware Market
https://www.schneier.com/blog/archives/2025/09/surveying-the-global-spyware-market.html
MI6 launches darkweb portal to recruit foreign spies
https://therecord.media/mi6-darkweb-portal-recruit-foreign-spies
The GoLaxy papers: Inside China’s AI persona army
https://therecord.media/golaxy-china-artificial-intelligence-papers
Russia's main airport in St. Petersburg says its website was hacked
https://therecord.media/russia-pulkovo-airport-st-petersburg-website-hacked
How AI-Native Development Platforms Enable Fake Captcha Pages
https://www.trendmicro.com/en_us/research/25/i/ai-development-platforms-enable-fake-captcha-pages.html
Russian spy groups Turla, Gamaredon join forces to hack Ukraine, researchers say
https://therecord.media/russian-spy-groups-turla-gamaredon-target-ukraine
Watchdog finds MrBeast improperly collected children’s data
https://therecord.media/watchdog-mrbeast-youtube-privacy-colection
DOJ: Scattered Spider took $115 million in ransoms, breached a US court system
https://therecord.media/scattered-spider-unsealed-charges-115million-extortion-breached-courts-system
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Threat landscape for industrial automation systems in Q2 2025
Kaspersky industrial threat report contains statistics on various malicious objects detected and blocked on ICS computers by Kaspersky solutions in Q2 2025.
Top Security News for Today
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
https://www.reddit.com/r/netsec/comments/1nmhg29/edrfreeze_a_tool_that_puts_edrs_and_antivirus/
Linux Kernel Runtime Guard (LKRG) 1.0 first mature release + talk slides
https://www.reddit.com/r/netsec/comments/1nmctnd/linux_kernel_runtime_guard_lkrg_10_first_mature/
Pentesting Weekly Digest second version
https://www.reddit.com/r/netsec/comments/1nmfed6/pentesting_weekly_digest_second_version/
Ayuda
https://www.reddit.com/r/lowlevel/comments/1nlzw7n/ayuda/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
https://www.reddit.com/r/netsec/comments/1nmhg29/edrfreeze_a_tool_that_puts_edrs_and_antivirus/
Linux Kernel Runtime Guard (LKRG) 1.0 first mature release + talk slides
https://www.reddit.com/r/netsec/comments/1nmctnd/linux_kernel_runtime_guard_lkrg_10_first_mature/
Pentesting Weekly Digest second version
https://www.reddit.com/r/netsec/comments/1nmfed6/pentesting_weekly_digest_second_version/
Ayuda
https://www.reddit.com/r/lowlevel/comments/1nlzw7n/ayuda/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
Explore this post and more from the netsec community
Top Security News for Today
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
https://research.checkpoint.com/2025/22nd-september-threat-intelligence-report/
New Infostealer Campaign Targeting Mac Users via GitHub Pages Claiming to Offer LastPass Premium
https://www.reddit.com/r/netsec/comments/1nnb1tw/new_infostealer_campaign_targeting_mac_users_via/
The God Mode Vulnerability That Should Kill “Trust Microsoft” Forever
https://www.reddit.com/r/netsec/comments/1nndpz7/the_god_mode_vulnerability_that_should_kill_trust/
Electron App Vulnerabilities testcases
https://www.reddit.com/r/netsec/comments/1nne01o/electron_app_vulnerabilities_testcases/
Video2Roleplay: A Multimodal Dataset and Framework for Video-Guided Role-playing Agents
https://arxiv.org/abs/2509.15233
Pre-Forgettable Models: Prompt Learning as a Native Mechanism for Unlearning
https://arxiv.org/abs/2509.15230
Exploring the Capabilities of LLM Encoders for Image-Text Retrieval in Chest X-rays
https://arxiv.org/abs/2509.15234
ViSpec: Accelerating Vision-Language Models with Vision-Aware Speculative Decoding
https://arxiv.org/abs/2509.15235
ChannelFlow-Tools: A Standardized Dataset Creation Pipeline for 3D Obstructed Channel Flows
https://arxiv.org/abs/2509.15236
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
https://research.checkpoint.com/2025/22nd-september-threat-intelligence-report/
New Infostealer Campaign Targeting Mac Users via GitHub Pages Claiming to Offer LastPass Premium
https://www.reddit.com/r/netsec/comments/1nnb1tw/new_infostealer_campaign_targeting_mac_users_via/
The God Mode Vulnerability That Should Kill “Trust Microsoft” Forever
https://www.reddit.com/r/netsec/comments/1nndpz7/the_god_mode_vulnerability_that_should_kill_trust/
Electron App Vulnerabilities testcases
https://www.reddit.com/r/netsec/comments/1nne01o/electron_app_vulnerabilities_testcases/
Video2Roleplay: A Multimodal Dataset and Framework for Video-Guided Role-playing Agents
https://arxiv.org/abs/2509.15233
Pre-Forgettable Models: Prompt Learning as a Native Mechanism for Unlearning
https://arxiv.org/abs/2509.15230
Exploring the Capabilities of LLM Encoders for Image-Text Retrieval in Chest X-rays
https://arxiv.org/abs/2509.15234
ViSpec: Accelerating Vision-Language Models with Vision-Aware Speculative Decoding
https://arxiv.org/abs/2509.15235
ChannelFlow-Tools: A Standardized Dataset Creation Pipeline for 3D Obstructed Channel Flows
https://arxiv.org/abs/2509.15236
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Check Point Research
22nd September – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 22nd September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Several major European airports including Heathrow, Berlin, Brussels, Dublin, and Cork have experienced…
Top Security News for Today
Neural Data Privacy: Brain Implants
https://therecord.media/neural-data-privacy-brain-implants
Details About Chinese Surveillance and Propaganda Companies
https://www.schneier.com/blog/archives/2025/09/details-about-chinese-surveillance-and-propaganda-companies.html
Major European Airports Work to Restore Services After Cyberattack on Check-in Systems
https://therecord.media/europe-airports-delays-ransomware-attack-checkin-systems
Nimbus Manticore Deploys New Malware Targeting Europe
https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/
HexStrike AI – Multi-Agent LLM Orchestration for Automated Offensive Security
https://www.darknet.org.uk/2025/09/hexstrike-ai-multi-agent-llm-orchestration-for-automated-offensive-security/
BlackLock Ransomware: From Meteoric Rise to Sudden Disruption
https://www.reddit.com/r/netsec/comments/1nob3s7/blacklock_ransomware_from_meteoric_rise_to_sudden/
What Does “Good” Look Like in Red Teaming
https://bishopfox.com/blog/what-does-good-look-like-in-red-teaming
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Neural Data Privacy: Brain Implants
https://therecord.media/neural-data-privacy-brain-implants
Details About Chinese Surveillance and Propaganda Companies
https://www.schneier.com/blog/archives/2025/09/details-about-chinese-surveillance-and-propaganda-companies.html
Major European Airports Work to Restore Services After Cyberattack on Check-in Systems
https://therecord.media/europe-airports-delays-ransomware-attack-checkin-systems
Nimbus Manticore Deploys New Malware Targeting Europe
https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/
HexStrike AI – Multi-Agent LLM Orchestration for Automated Offensive Security
https://www.darknet.org.uk/2025/09/hexstrike-ai-multi-agent-llm-orchestration-for-automated-offensive-security/
BlackLock Ransomware: From Meteoric Rise to Sudden Disruption
https://www.reddit.com/r/netsec/comments/1nob3s7/blacklock_ransomware_from_meteoric_rise_to_sudden/
What Does “Good” Look Like in Red Teaming
https://bishopfox.com/blog/what-does-good-look-like-in-red-teaming
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
As scientists show they can read inner speech, brain implant ‘pioneers’ fight for neural data privacy, access rights
With scientists now demonstrating that they can decode attempted speech based on the neural data they collect from Brain Computer Interface (BCI) research subjects with implants, patients and advocates say the importance of adequate data protections has grown.
Top Security News for Today
Ransomware Payments vs Rising Incident Counts in 2025 – What’s Changing in RaaS Economics
https://www.darknet.org.uk/2025/09/ransomware-payments-vs-rising-incident-counts-in-2025-whats-changing-in-raas-economics/
Apple’s New Memory Integrity Enforcement
https://www.schneier.com/blog/archives/2025/09/apples-new-memory-integrity-enforcement.html
Microsoft Purview delivered 30% reduction in data breach likelihood
https://www.microsoft.com/en-us/security/blog/2025/09/23/microsoft-purview-delivered-30-reduction-in-data-breach-likelihood/
Jaguar Land Rover extends shutdown again following cyberattack
https://therecord.media/jaguar-land-rover-extends-shutdown-again-cyberattack
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html
South Korea probes credit card company data breach affecting 3 million customers
https://therecord.media/south-korea-probes-credit-card-data-breach
Secret Service says it disrupted illicit cellular network threatening UN conference
https://therecord.media/secret-service-cellular-network-disruption
Suspected cyberattack disrupts Circle K chain’s operations in Hong Kong
https://therecord.media/circle-k-hong-kong-suspected-cyberattack-convience-stores
Image Forensics: Detecting AI Fakes with Compression Artifacts
https://www.reddit.com/r/netsec/comments/1noml13/image_forensics_detecting_ai_fakes_with/
Tea continued - Unauthenticated access to 150+ Firebase databases, storage buckets and secrets
https://www.reddit.com/r/netsec/comments/1noppeo/tea_continued_unauthenticated_access_to_150/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Ransomware Payments vs Rising Incident Counts in 2025 – What’s Changing in RaaS Economics
https://www.darknet.org.uk/2025/09/ransomware-payments-vs-rising-incident-counts-in-2025-whats-changing-in-raas-economics/
Apple’s New Memory Integrity Enforcement
https://www.schneier.com/blog/archives/2025/09/apples-new-memory-integrity-enforcement.html
Microsoft Purview delivered 30% reduction in data breach likelihood
https://www.microsoft.com/en-us/security/blog/2025/09/23/microsoft-purview-delivered-30-reduction-in-data-breach-likelihood/
Jaguar Land Rover extends shutdown again following cyberattack
https://therecord.media/jaguar-land-rover-extends-shutdown-again-cyberattack
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html
South Korea probes credit card company data breach affecting 3 million customers
https://therecord.media/south-korea-probes-credit-card-data-breach
Secret Service says it disrupted illicit cellular network threatening UN conference
https://therecord.media/secret-service-cellular-network-disruption
Suspected cyberattack disrupts Circle K chain’s operations in Hong Kong
https://therecord.media/circle-k-hong-kong-suspected-cyberattack-convience-stores
Image Forensics: Detecting AI Fakes with Compression Artifacts
https://www.reddit.com/r/netsec/comments/1noml13/image_forensics_detecting_ai_fakes_with/
Tea continued - Unauthenticated access to 150+ Firebase databases, storage buckets and secrets
https://www.reddit.com/r/netsec/comments/1noppeo/tea_continued_unauthenticated_access_to_150/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Darknet - Hacking Tools, Hacker News & Cyber Security
Ransomware Payments vs Rising Incident Counts in 2025 - What’s Changing in RaaS Economics
Ransomware payments dropped 35% in 2024 even as incidents rose in 2025. Explore RaaS economics, case studies, and CISO defense strategies.
Top Security News for Today
Casino company Boyd Gaming hacked, employee data stolen
https://therecord.media/casino-company-boyd-gaming-reports-data-breach
UK authorities announce arrest in cyberattack that disrupted European airports
https://therecord.media/uk-arrest-cyberattack-disruption-european-airports
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
https://krebsonsecurity.com/2025/09/feds-tie-scattered-spider-duo-to-115m-in-ransoms/
AI vs. AI: Detecting an AI-obfuscated phishing campaign
https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/
New macOS threat abuses ads and social media to spread malware
https://www.reddit.com/r/netsec/comments/1npcera/new_macos_threat_abuses_ads_and_social_media_to/
International anti-fraud crackdown recovers more than $400 million, Interpol says
https://therecord.media/anti-fraud-interpol-crackdown-recovers-over-400-million
Senators introduce bill directing FTC to establish standards for protecting consumers’ neural data
https://therecord.media/senators-introduce-bill-ftc-brain-data-privacy
Retail at risk: How one alert uncovered a persistent cyberthreat
https://www.microsoft.com/en-us/security/blog/2025/09/24/retail-at-risk-how-one-alert-uncovered-a-persistent-cyberthreat/
Turning Hearsay into Discovery: Industrial 3D Printer Side Channel Information Translated to Stealing the Object Design
https://arxiv.org/abs/2509.18341
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Casino company Boyd Gaming hacked, employee data stolen
https://therecord.media/casino-company-boyd-gaming-reports-data-breach
UK authorities announce arrest in cyberattack that disrupted European airports
https://therecord.media/uk-arrest-cyberattack-disruption-european-airports
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
https://krebsonsecurity.com/2025/09/feds-tie-scattered-spider-duo-to-115m-in-ransoms/
AI vs. AI: Detecting an AI-obfuscated phishing campaign
https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/
New macOS threat abuses ads and social media to spread malware
https://www.reddit.com/r/netsec/comments/1npcera/new_macos_threat_abuses_ads_and_social_media_to/
International anti-fraud crackdown recovers more than $400 million, Interpol says
https://therecord.media/anti-fraud-interpol-crackdown-recovers-over-400-million
Senators introduce bill directing FTC to establish standards for protecting consumers’ neural data
https://therecord.media/senators-introduce-bill-ftc-brain-data-privacy
Retail at risk: How one alert uncovered a persistent cyberthreat
https://www.microsoft.com/en-us/security/blog/2025/09/24/retail-at-risk-how-one-alert-uncovered-a-persistent-cyberthreat/
Turning Hearsay into Discovery: Industrial 3D Printer Side Channel Information Translated to Stealing the Object Design
https://arxiv.org/abs/2509.18341
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Casino company Boyd Gaming hacked, employee data stolen
Casino and hotel operator Boyd Gaming reported a data breach to federal regulators, saying that an intruder accessed information on employees and “a limited number of other individuals."
Top Security News for Today
Massive npm infection: the Shai-Hulud worm and patient zero
https://securelist.com/shai-hulud-worm-infects-500-npm-packages-in-a-supply-chain-attack/117547/
Why “contained” doesn’t mean “safe” in modern SOCs
https://www.reddit.com/r/netsec/comments/1nq1xu9/why_contained_doesnt_mean_safe_in_modern_socs/
Malicious-Looking URL Creation Service
https://www.schneier.com/blog/archives/2025/09/malicious-looking-url-creation-service.html
Yet Another Random Story. VBScript's Randomize Internals.
https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/
Hacking Furbo - A Hardware Research Project – Part 5: Exploiting BLE
https://www.reddit.com/r/netsec/comments/1nq36wg/hacking_furbo_a_hardware_research_project_part_5/
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
Google, period-tracking app to pay combined $56 million to settle privacy claims
https://therecord.media/google-flo-health-settle-privacy-class-action
Federal agencies given one day to patch exploited Cisco firewall bugs
https://therecord.media/cisco-asa-firewall-bugs-cisa-federal-agencies-warning
CNAPP is the Solution to Multi-cloud Flexibility
https://www.trendmicro.com/en_us/research/25/i/cnapp-multi-cloud.html
New LockBit 5.0 Targets Windows, Linux, ESXi
https://www.trendmicro.com/en_us/research/25/i/lockbit-5-targets-windows-linux-esxi.html
Cyberattack on British retailer Co-op shaved about $275 million from revenues, company says
https://therecord.media/retailer-the-co-op-cyberattack-lost-revenue
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2 - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1nqgbd8/it_is_bad_exploitation_of_fortra_goanywhere_mft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Massive npm infection: the Shai-Hulud worm and patient zero
https://securelist.com/shai-hulud-worm-infects-500-npm-packages-in-a-supply-chain-attack/117547/
Why “contained” doesn’t mean “safe” in modern SOCs
https://www.reddit.com/r/netsec/comments/1nq1xu9/why_contained_doesnt_mean_safe_in_modern_socs/
Malicious-Looking URL Creation Service
https://www.schneier.com/blog/archives/2025/09/malicious-looking-url-creation-service.html
Yet Another Random Story. VBScript's Randomize Internals.
https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/
Hacking Furbo - A Hardware Research Project – Part 5: Exploiting BLE
https://www.reddit.com/r/netsec/comments/1nq36wg/hacking_furbo_a_hardware_research_project_part_5/
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
Google, period-tracking app to pay combined $56 million to settle privacy claims
https://therecord.media/google-flo-health-settle-privacy-class-action
Federal agencies given one day to patch exploited Cisco firewall bugs
https://therecord.media/cisco-asa-firewall-bugs-cisa-federal-agencies-warning
CNAPP is the Solution to Multi-cloud Flexibility
https://www.trendmicro.com/en_us/research/25/i/cnapp-multi-cloud.html
New LockBit 5.0 Targets Windows, Linux, ESXi
https://www.trendmicro.com/en_us/research/25/i/lockbit-5-targets-windows-linux-esxi.html
Cyberattack on British retailer Co-op shaved about $275 million from revenues, company says
https://therecord.media/retailer-the-co-op-cyberattack-lost-revenue
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2 - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1nqgbd8/it_is_bad_exploitation_of_fortra_goanywhere_mft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Shai-Hulud worm infects npm packages
We dissect a recent incident where npm packages with millions of downloads were infected by the Shai-Hulud worm. Kaspersky experts describe the starting point for the source of the infection.
Top Security News for Today
Digital Threat Modeling Under Authoritarianism
https://www.schneier.com/blog/archives/2025/09/digital-threat-modeling-under-authoritarianism.html
As fraud surges, UK prepares to replace its broken reporting service
https://therecord.media/uk-action-fraud-replacement-report-fraud
Teens arrested by Dutch police reportedly suspected of spying for Russia
https://therecord.media/teens-arrested-netherlands-reportedly-suspected-cyber-espionage-russia
Africa cybercrime crackdown includes hundreds of arrests, Interpol says
https://therecord.media/africa-cyber-fraud-crackdown-ghana-senegal-cote-divoire-angola-interpol
Ransomware attack on Ohio county impacts over 45,000 residents, employees
https://therecord.media/ohio-ransomware-attack-impacts-45000
Pointer leaks through pointer-keyed data structures
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html
The Phantom Extension: Backdooring chrome through uncharted pathways
https://www.reddit.com/r/netsec/comments/1nr9aw5/the_phantom_extension_backdooring_chrome_through/
Supply-Chain Guardrails for npm, pnpm, and Yarn
https://www.reddit.com/r/netsec/comments/1nr727w/supplychain_guardrails_for_npm_pnpm_and_yarn/
Lightweight MobileNetV1+GRU for ECG Biometric Authentication: Federated and Adversarial Evaluation
https://arxiv.org/abs/2509.20382
Can You Trust Your Copilot? A Privacy Scorecard for AI Coding Assistants
https://arxiv.org/abs/2509.20388
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Digital Threat Modeling Under Authoritarianism
https://www.schneier.com/blog/archives/2025/09/digital-threat-modeling-under-authoritarianism.html
As fraud surges, UK prepares to replace its broken reporting service
https://therecord.media/uk-action-fraud-replacement-report-fraud
Teens arrested by Dutch police reportedly suspected of spying for Russia
https://therecord.media/teens-arrested-netherlands-reportedly-suspected-cyber-espionage-russia
Africa cybercrime crackdown includes hundreds of arrests, Interpol says
https://therecord.media/africa-cyber-fraud-crackdown-ghana-senegal-cote-divoire-angola-interpol
Ransomware attack on Ohio county impacts over 45,000 residents, employees
https://therecord.media/ohio-ransomware-attack-impacts-45000
Pointer leaks through pointer-keyed data structures
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html
The Phantom Extension: Backdooring chrome through uncharted pathways
https://www.reddit.com/r/netsec/comments/1nr9aw5/the_phantom_extension_backdooring_chrome_through/
Supply-Chain Guardrails for npm, pnpm, and Yarn
https://www.reddit.com/r/netsec/comments/1nr727w/supplychain_guardrails_for_npm_pnpm_and_yarn/
Lightweight MobileNetV1+GRU for ECG Biometric Authentication: Federated and Adversarial Evaluation
https://arxiv.org/abs/2509.20382
Can You Trust Your Copilot? A Privacy Scorecard for AI Coding Assistants
https://arxiv.org/abs/2509.20388
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Digital Threat Modeling Under Authoritarianism - Schneier on Security
Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to…