Top Security News for Today
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
https://research.checkpoint.com/2025/22nd-september-threat-intelligence-report/
New Infostealer Campaign Targeting Mac Users via GitHub Pages Claiming to Offer LastPass Premium
https://www.reddit.com/r/netsec/comments/1nnb1tw/new_infostealer_campaign_targeting_mac_users_via/
The God Mode Vulnerability That Should Kill “Trust Microsoft” Forever
https://www.reddit.com/r/netsec/comments/1nndpz7/the_god_mode_vulnerability_that_should_kill_trust/
Electron App Vulnerabilities testcases
https://www.reddit.com/r/netsec/comments/1nne01o/electron_app_vulnerabilities_testcases/
Video2Roleplay: A Multimodal Dataset and Framework for Video-Guided Role-playing Agents
https://arxiv.org/abs/2509.15233
Pre-Forgettable Models: Prompt Learning as a Native Mechanism for Unlearning
https://arxiv.org/abs/2509.15230
Exploring the Capabilities of LLM Encoders for Image-Text Retrieval in Chest X-rays
https://arxiv.org/abs/2509.15234
ViSpec: Accelerating Vision-Language Models with Vision-Aware Speculative Decoding
https://arxiv.org/abs/2509.15235
ChannelFlow-Tools: A Standardized Dataset Creation Pipeline for 3D Obstructed Channel Flows
https://arxiv.org/abs/2509.15236
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
https://research.checkpoint.com/2025/22nd-september-threat-intelligence-report/
New Infostealer Campaign Targeting Mac Users via GitHub Pages Claiming to Offer LastPass Premium
https://www.reddit.com/r/netsec/comments/1nnb1tw/new_infostealer_campaign_targeting_mac_users_via/
The God Mode Vulnerability That Should Kill “Trust Microsoft” Forever
https://www.reddit.com/r/netsec/comments/1nndpz7/the_god_mode_vulnerability_that_should_kill_trust/
Electron App Vulnerabilities testcases
https://www.reddit.com/r/netsec/comments/1nne01o/electron_app_vulnerabilities_testcases/
Video2Roleplay: A Multimodal Dataset and Framework for Video-Guided Role-playing Agents
https://arxiv.org/abs/2509.15233
Pre-Forgettable Models: Prompt Learning as a Native Mechanism for Unlearning
https://arxiv.org/abs/2509.15230
Exploring the Capabilities of LLM Encoders for Image-Text Retrieval in Chest X-rays
https://arxiv.org/abs/2509.15234
ViSpec: Accelerating Vision-Language Models with Vision-Aware Speculative Decoding
https://arxiv.org/abs/2509.15235
ChannelFlow-Tools: A Standardized Dataset Creation Pipeline for 3D Obstructed Channel Flows
https://arxiv.org/abs/2509.15236
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Check Point Research
22nd September – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 22nd September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Several major European airports including Heathrow, Berlin, Brussels, Dublin, and Cork have experienced…
Top Security News for Today
Neural Data Privacy: Brain Implants
https://therecord.media/neural-data-privacy-brain-implants
Details About Chinese Surveillance and Propaganda Companies
https://www.schneier.com/blog/archives/2025/09/details-about-chinese-surveillance-and-propaganda-companies.html
Major European Airports Work to Restore Services After Cyberattack on Check-in Systems
https://therecord.media/europe-airports-delays-ransomware-attack-checkin-systems
Nimbus Manticore Deploys New Malware Targeting Europe
https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/
HexStrike AI – Multi-Agent LLM Orchestration for Automated Offensive Security
https://www.darknet.org.uk/2025/09/hexstrike-ai-multi-agent-llm-orchestration-for-automated-offensive-security/
BlackLock Ransomware: From Meteoric Rise to Sudden Disruption
https://www.reddit.com/r/netsec/comments/1nob3s7/blacklock_ransomware_from_meteoric_rise_to_sudden/
What Does “Good” Look Like in Red Teaming
https://bishopfox.com/blog/what-does-good-look-like-in-red-teaming
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Neural Data Privacy: Brain Implants
https://therecord.media/neural-data-privacy-brain-implants
Details About Chinese Surveillance and Propaganda Companies
https://www.schneier.com/blog/archives/2025/09/details-about-chinese-surveillance-and-propaganda-companies.html
Major European Airports Work to Restore Services After Cyberattack on Check-in Systems
https://therecord.media/europe-airports-delays-ransomware-attack-checkin-systems
Nimbus Manticore Deploys New Malware Targeting Europe
https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/
HexStrike AI – Multi-Agent LLM Orchestration for Automated Offensive Security
https://www.darknet.org.uk/2025/09/hexstrike-ai-multi-agent-llm-orchestration-for-automated-offensive-security/
BlackLock Ransomware: From Meteoric Rise to Sudden Disruption
https://www.reddit.com/r/netsec/comments/1nob3s7/blacklock_ransomware_from_meteoric_rise_to_sudden/
What Does “Good” Look Like in Red Teaming
https://bishopfox.com/blog/what-does-good-look-like-in-red-teaming
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
As scientists show they can read inner speech, brain implant ‘pioneers’ fight for neural data privacy, access rights
With scientists now demonstrating that they can decode attempted speech based on the neural data they collect from Brain Computer Interface (BCI) research subjects with implants, patients and advocates say the importance of adequate data protections has grown.
Top Security News for Today
Ransomware Payments vs Rising Incident Counts in 2025 – What’s Changing in RaaS Economics
https://www.darknet.org.uk/2025/09/ransomware-payments-vs-rising-incident-counts-in-2025-whats-changing-in-raas-economics/
Apple’s New Memory Integrity Enforcement
https://www.schneier.com/blog/archives/2025/09/apples-new-memory-integrity-enforcement.html
Microsoft Purview delivered 30% reduction in data breach likelihood
https://www.microsoft.com/en-us/security/blog/2025/09/23/microsoft-purview-delivered-30-reduction-in-data-breach-likelihood/
Jaguar Land Rover extends shutdown again following cyberattack
https://therecord.media/jaguar-land-rover-extends-shutdown-again-cyberattack
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html
South Korea probes credit card company data breach affecting 3 million customers
https://therecord.media/south-korea-probes-credit-card-data-breach
Secret Service says it disrupted illicit cellular network threatening UN conference
https://therecord.media/secret-service-cellular-network-disruption
Suspected cyberattack disrupts Circle K chain’s operations in Hong Kong
https://therecord.media/circle-k-hong-kong-suspected-cyberattack-convience-stores
Image Forensics: Detecting AI Fakes with Compression Artifacts
https://www.reddit.com/r/netsec/comments/1noml13/image_forensics_detecting_ai_fakes_with/
Tea continued - Unauthenticated access to 150+ Firebase databases, storage buckets and secrets
https://www.reddit.com/r/netsec/comments/1noppeo/tea_continued_unauthenticated_access_to_150/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Ransomware Payments vs Rising Incident Counts in 2025 – What’s Changing in RaaS Economics
https://www.darknet.org.uk/2025/09/ransomware-payments-vs-rising-incident-counts-in-2025-whats-changing-in-raas-economics/
Apple’s New Memory Integrity Enforcement
https://www.schneier.com/blog/archives/2025/09/apples-new-memory-integrity-enforcement.html
Microsoft Purview delivered 30% reduction in data breach likelihood
https://www.microsoft.com/en-us/security/blog/2025/09/23/microsoft-purview-delivered-30-reduction-in-data-breach-likelihood/
Jaguar Land Rover extends shutdown again following cyberattack
https://therecord.media/jaguar-land-rover-extends-shutdown-again-cyberattack
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html
South Korea probes credit card company data breach affecting 3 million customers
https://therecord.media/south-korea-probes-credit-card-data-breach
Secret Service says it disrupted illicit cellular network threatening UN conference
https://therecord.media/secret-service-cellular-network-disruption
Suspected cyberattack disrupts Circle K chain’s operations in Hong Kong
https://therecord.media/circle-k-hong-kong-suspected-cyberattack-convience-stores
Image Forensics: Detecting AI Fakes with Compression Artifacts
https://www.reddit.com/r/netsec/comments/1noml13/image_forensics_detecting_ai_fakes_with/
Tea continued - Unauthenticated access to 150+ Firebase databases, storage buckets and secrets
https://www.reddit.com/r/netsec/comments/1noppeo/tea_continued_unauthenticated_access_to_150/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Darknet - Hacking Tools, Hacker News & Cyber Security
Ransomware Payments vs Rising Incident Counts in 2025 - What’s Changing in RaaS Economics
Ransomware payments dropped 35% in 2024 even as incidents rose in 2025. Explore RaaS economics, case studies, and CISO defense strategies.
Top Security News for Today
Casino company Boyd Gaming hacked, employee data stolen
https://therecord.media/casino-company-boyd-gaming-reports-data-breach
UK authorities announce arrest in cyberattack that disrupted European airports
https://therecord.media/uk-arrest-cyberattack-disruption-european-airports
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
https://krebsonsecurity.com/2025/09/feds-tie-scattered-spider-duo-to-115m-in-ransoms/
AI vs. AI: Detecting an AI-obfuscated phishing campaign
https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/
New macOS threat abuses ads and social media to spread malware
https://www.reddit.com/r/netsec/comments/1npcera/new_macos_threat_abuses_ads_and_social_media_to/
International anti-fraud crackdown recovers more than $400 million, Interpol says
https://therecord.media/anti-fraud-interpol-crackdown-recovers-over-400-million
Senators introduce bill directing FTC to establish standards for protecting consumers’ neural data
https://therecord.media/senators-introduce-bill-ftc-brain-data-privacy
Retail at risk: How one alert uncovered a persistent cyberthreat
https://www.microsoft.com/en-us/security/blog/2025/09/24/retail-at-risk-how-one-alert-uncovered-a-persistent-cyberthreat/
Turning Hearsay into Discovery: Industrial 3D Printer Side Channel Information Translated to Stealing the Object Design
https://arxiv.org/abs/2509.18341
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Casino company Boyd Gaming hacked, employee data stolen
https://therecord.media/casino-company-boyd-gaming-reports-data-breach
UK authorities announce arrest in cyberattack that disrupted European airports
https://therecord.media/uk-arrest-cyberattack-disruption-european-airports
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
https://krebsonsecurity.com/2025/09/feds-tie-scattered-spider-duo-to-115m-in-ransoms/
AI vs. AI: Detecting an AI-obfuscated phishing campaign
https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/
New macOS threat abuses ads and social media to spread malware
https://www.reddit.com/r/netsec/comments/1npcera/new_macos_threat_abuses_ads_and_social_media_to/
International anti-fraud crackdown recovers more than $400 million, Interpol says
https://therecord.media/anti-fraud-interpol-crackdown-recovers-over-400-million
Senators introduce bill directing FTC to establish standards for protecting consumers’ neural data
https://therecord.media/senators-introduce-bill-ftc-brain-data-privacy
Retail at risk: How one alert uncovered a persistent cyberthreat
https://www.microsoft.com/en-us/security/blog/2025/09/24/retail-at-risk-how-one-alert-uncovered-a-persistent-cyberthreat/
Turning Hearsay into Discovery: Industrial 3D Printer Side Channel Information Translated to Stealing the Object Design
https://arxiv.org/abs/2509.18341
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Casino company Boyd Gaming hacked, employee data stolen
Casino and hotel operator Boyd Gaming reported a data breach to federal regulators, saying that an intruder accessed information on employees and “a limited number of other individuals."
Top Security News for Today
Massive npm infection: the Shai-Hulud worm and patient zero
https://securelist.com/shai-hulud-worm-infects-500-npm-packages-in-a-supply-chain-attack/117547/
Why “contained” doesn’t mean “safe” in modern SOCs
https://www.reddit.com/r/netsec/comments/1nq1xu9/why_contained_doesnt_mean_safe_in_modern_socs/
Malicious-Looking URL Creation Service
https://www.schneier.com/blog/archives/2025/09/malicious-looking-url-creation-service.html
Yet Another Random Story. VBScript's Randomize Internals.
https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/
Hacking Furbo - A Hardware Research Project – Part 5: Exploiting BLE
https://www.reddit.com/r/netsec/comments/1nq36wg/hacking_furbo_a_hardware_research_project_part_5/
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
Google, period-tracking app to pay combined $56 million to settle privacy claims
https://therecord.media/google-flo-health-settle-privacy-class-action
Federal agencies given one day to patch exploited Cisco firewall bugs
https://therecord.media/cisco-asa-firewall-bugs-cisa-federal-agencies-warning
CNAPP is the Solution to Multi-cloud Flexibility
https://www.trendmicro.com/en_us/research/25/i/cnapp-multi-cloud.html
New LockBit 5.0 Targets Windows, Linux, ESXi
https://www.trendmicro.com/en_us/research/25/i/lockbit-5-targets-windows-linux-esxi.html
Cyberattack on British retailer Co-op shaved about $275 million from revenues, company says
https://therecord.media/retailer-the-co-op-cyberattack-lost-revenue
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2 - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1nqgbd8/it_is_bad_exploitation_of_fortra_goanywhere_mft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Massive npm infection: the Shai-Hulud worm and patient zero
https://securelist.com/shai-hulud-worm-infects-500-npm-packages-in-a-supply-chain-attack/117547/
Why “contained” doesn’t mean “safe” in modern SOCs
https://www.reddit.com/r/netsec/comments/1nq1xu9/why_contained_doesnt_mean_safe_in_modern_socs/
Malicious-Looking URL Creation Service
https://www.schneier.com/blog/archives/2025/09/malicious-looking-url-creation-service.html
Yet Another Random Story. VBScript's Randomize Internals.
https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/
Hacking Furbo - A Hardware Research Project – Part 5: Exploiting BLE
https://www.reddit.com/r/netsec/comments/1nq36wg/hacking_furbo_a_hardware_research_project_part_5/
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
Google, period-tracking app to pay combined $56 million to settle privacy claims
https://therecord.media/google-flo-health-settle-privacy-class-action
Federal agencies given one day to patch exploited Cisco firewall bugs
https://therecord.media/cisco-asa-firewall-bugs-cisa-federal-agencies-warning
CNAPP is the Solution to Multi-cloud Flexibility
https://www.trendmicro.com/en_us/research/25/i/cnapp-multi-cloud.html
New LockBit 5.0 Targets Windows, Linux, ESXi
https://www.trendmicro.com/en_us/research/25/i/lockbit-5-targets-windows-linux-esxi.html
Cyberattack on British retailer Co-op shaved about $275 million from revenues, company says
https://therecord.media/retailer-the-co-op-cyberattack-lost-revenue
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2 - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1nqgbd8/it_is_bad_exploitation_of_fortra_goanywhere_mft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Shai-Hulud worm infects npm packages
We dissect a recent incident where npm packages with millions of downloads were infected by the Shai-Hulud worm. Kaspersky experts describe the starting point for the source of the infection.
Top Security News for Today
Digital Threat Modeling Under Authoritarianism
https://www.schneier.com/blog/archives/2025/09/digital-threat-modeling-under-authoritarianism.html
As fraud surges, UK prepares to replace its broken reporting service
https://therecord.media/uk-action-fraud-replacement-report-fraud
Teens arrested by Dutch police reportedly suspected of spying for Russia
https://therecord.media/teens-arrested-netherlands-reportedly-suspected-cyber-espionage-russia
Africa cybercrime crackdown includes hundreds of arrests, Interpol says
https://therecord.media/africa-cyber-fraud-crackdown-ghana-senegal-cote-divoire-angola-interpol
Ransomware attack on Ohio county impacts over 45,000 residents, employees
https://therecord.media/ohio-ransomware-attack-impacts-45000
Pointer leaks through pointer-keyed data structures
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html
The Phantom Extension: Backdooring chrome through uncharted pathways
https://www.reddit.com/r/netsec/comments/1nr9aw5/the_phantom_extension_backdooring_chrome_through/
Supply-Chain Guardrails for npm, pnpm, and Yarn
https://www.reddit.com/r/netsec/comments/1nr727w/supplychain_guardrails_for_npm_pnpm_and_yarn/
Lightweight MobileNetV1+GRU for ECG Biometric Authentication: Federated and Adversarial Evaluation
https://arxiv.org/abs/2509.20382
Can You Trust Your Copilot? A Privacy Scorecard for AI Coding Assistants
https://arxiv.org/abs/2509.20388
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Digital Threat Modeling Under Authoritarianism
https://www.schneier.com/blog/archives/2025/09/digital-threat-modeling-under-authoritarianism.html
As fraud surges, UK prepares to replace its broken reporting service
https://therecord.media/uk-action-fraud-replacement-report-fraud
Teens arrested by Dutch police reportedly suspected of spying for Russia
https://therecord.media/teens-arrested-netherlands-reportedly-suspected-cyber-espionage-russia
Africa cybercrime crackdown includes hundreds of arrests, Interpol says
https://therecord.media/africa-cyber-fraud-crackdown-ghana-senegal-cote-divoire-angola-interpol
Ransomware attack on Ohio county impacts over 45,000 residents, employees
https://therecord.media/ohio-ransomware-attack-impacts-45000
Pointer leaks through pointer-keyed data structures
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html
The Phantom Extension: Backdooring chrome through uncharted pathways
https://www.reddit.com/r/netsec/comments/1nr9aw5/the_phantom_extension_backdooring_chrome_through/
Supply-Chain Guardrails for npm, pnpm, and Yarn
https://www.reddit.com/r/netsec/comments/1nr727w/supplychain_guardrails_for_npm_pnpm_and_yarn/
Lightweight MobileNetV1+GRU for ECG Biometric Authentication: Federated and Adversarial Evaluation
https://arxiv.org/abs/2509.20382
Can You Trust Your Copilot? A Privacy Scorecard for AI Coding Assistants
https://arxiv.org/abs/2509.20388
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Digital Threat Modeling Under Authoritarianism - Schneier on Security
Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to…
Top Security News for Today
The only JWT security testing guide you will need!
https://www.reddit.com/r/netsec/comments/1nrpzwk/the_only_jwt_security_testing_guide_you_will_need/
This is the first time I've ever found chicken in a public (storage) bucket. You're not ready for this masterpiece.
https://www.reddit.com/r/netsec/comments/1ns58a0/this_is_the_first_time_ive_ever_found_chicken_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The only JWT security testing guide you will need!
https://www.reddit.com/r/netsec/comments/1nrpzwk/the_only_jwt_security_testing_guide_you_will_need/
This is the first time I've ever found chicken in a public (storage) bucket. You're not ready for this masterpiece.
https://www.reddit.com/r/netsec/comments/1ns58a0/this_is_the_first_time_ive_ever_found_chicken_in/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: The only JWT security testing guide you will need!
Posted by Altrntiv-to-security - 7 votes and 3 comments
Top Security News for Today
Github - Phishcan/phishcan-data: Canadian threat feeds updated every 12 hours.
https://github.com/Phishcan/phishcan-data
SetupHijack – Installer and Updater Race Condition Proof of Concept for Local Escalation
https://www.darknet.org.uk/2025/09/setuphijack-installer-and-updater-race-condition-proof-of-concept-for-local-escalation/
Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W
https://www.reddit.com/r/netsec/comments/1nssfzo/windows_heap_exploitation_from_heap_overflow_to/
FullHunt 💜 Open-Source: 39,408 Exploits from 0day.today is Back Online
https://www.reddit.com/r/netsec/comments/1nt4gt2/fullhunt_opensource_39408_exploits_from_0daytoday/
QUBOLite: A lightweight Python toolkit for QUBO
https://arxiv.org/abs/2509.21321
Discovering and Analyzing Stochastic Processes to Reduce Waste in Food Retail
https://arxiv.org/abs/2509.21322
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Github - Phishcan/phishcan-data: Canadian threat feeds updated every 12 hours.
https://github.com/Phishcan/phishcan-data
SetupHijack – Installer and Updater Race Condition Proof of Concept for Local Escalation
https://www.darknet.org.uk/2025/09/setuphijack-installer-and-updater-race-condition-proof-of-concept-for-local-escalation/
Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W
https://www.reddit.com/r/netsec/comments/1nssfzo/windows_heap_exploitation_from_heap_overflow_to/
FullHunt 💜 Open-Source: 39,408 Exploits from 0day.today is Back Online
https://www.reddit.com/r/netsec/comments/1nt4gt2/fullhunt_opensource_39408_exploits_from_0daytoday/
QUBOLite: A lightweight Python toolkit for QUBO
https://arxiv.org/abs/2509.21321
Discovering and Analyzing Stochastic Processes to Reduce Waste in Food Retail
https://arxiv.org/abs/2509.21322
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
GitHub
GitHub - Phishcan/phishcan-data: Canadian threat feeds updated every 12 hours.
Canadian threat feeds updated every 12 hours. Contribute to Phishcan/phishcan-data development by creating an account on GitHub.
Top Security News for Today
Law enforcement is using AI to synthesize evidence. Is the justice system ready for it?
https://therecord.media/law-enforcement-ai-platforms-synthesize-evidence-criminal-cases
Abusing Notion’s AI Agent for Data Theft
https://www.schneier.com/blog/archives/2025/09/abusing-notions-ai-agent-for-data-theft.html
AIPentestKit – AI-Augmented Red Team Toolkit for Recon, Fuzzing and Payload Generation
https://www.darknet.org.uk/2025/09/aipentestkit-ai-augmented-red-team-toolkit-for-recon-fuzzing-and-payload-generation/
Moldova’s pro-EU party wins election amid cyberattacks, Kremlin interference
https://therecord.media/moldova-election-pro-eu-party-wins-ddos-incidents-influence-ops
29th September – Threat Intelligence Report
https://research.checkpoint.com/2025/29th-september-threat-intelligence-report/
Ukraine’s digital chief pushes for AI-first state amid war and cyber threats
https://therecord.media/ukraine-ai-state-digital
Chinese scammer pleads guilty after UK seizes nearly $7 billion in bitcoin
https://therecord.media/chinese-scammer-guilty-seizure-uk
Understanding the OWASP AI Maturity Assessment
https://www.tripwire.com/state-of-security/understanding-owasp-ai-maturity-assessment
Cloud Security in the CNAPP Era: Eight Important Takeaways
https://www.trendmicro.com/en_us/research/25/i/cloud-security-cnapp.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Law enforcement is using AI to synthesize evidence. Is the justice system ready for it?
https://therecord.media/law-enforcement-ai-platforms-synthesize-evidence-criminal-cases
Abusing Notion’s AI Agent for Data Theft
https://www.schneier.com/blog/archives/2025/09/abusing-notions-ai-agent-for-data-theft.html
AIPentestKit – AI-Augmented Red Team Toolkit for Recon, Fuzzing and Payload Generation
https://www.darknet.org.uk/2025/09/aipentestkit-ai-augmented-red-team-toolkit-for-recon-fuzzing-and-payload-generation/
Moldova’s pro-EU party wins election amid cyberattacks, Kremlin interference
https://therecord.media/moldova-election-pro-eu-party-wins-ddos-incidents-influence-ops
29th September – Threat Intelligence Report
https://research.checkpoint.com/2025/29th-september-threat-intelligence-report/
Ukraine’s digital chief pushes for AI-first state amid war and cyber threats
https://therecord.media/ukraine-ai-state-digital
Chinese scammer pleads guilty after UK seizes nearly $7 billion in bitcoin
https://therecord.media/chinese-scammer-guilty-seizure-uk
Understanding the OWASP AI Maturity Assessment
https://www.tripwire.com/state-of-security/understanding-owasp-ai-maturity-assessment
Cloud Security in the CNAPP Era: Eight Important Takeaways
https://www.trendmicro.com/en_us/research/25/i/cloud-security-cnapp.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Law enforcement is using AI to synthesize evidence. Is the justice system ready for it?
Busy law enforcement agencies are trying out AI platforms that process large amounts of evidence to help officers build cases. Experts say there are potential dangers for everyone involved.
Top Security News for Today
Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
https://arxiv.org/abs/2509.22662
An In-depth research-based walk-through of an Uninitialized Local Variable Static Analyzer
https://www.reddit.com/r/netsec/comments/1nu7f3y/an_indepth_researchbased_walkthrough_of_an/
You name it, VMware elevates it (CVE-2025-41244)
https://www.reddit.com/r/netsec/comments/1nu9q24/you_name_it_vmware_elevates_it_cve202541244/
Details of a Scam
https://www.schneier.com/blog/archives/2025/09/details-of-a-scam.html
Empowering defenders in the era of agentic AI with Microsoft Sentinel
https://www.microsoft.com/en-us/security/blog/2025/09/30/empowering-defenders-in-the-era-of-agentic-ai-with-microsoft-sentinel/
Cyberattack on Japanese beer giant Asahi limits shipping, call center operations
https://therecord.media/asahi-japan-cyberattack-limits-shipping-call-centers
Afghanistan plunged into nationwide internet blackout, disrupting air travel, medical care
https://therecord.media/afghanistan-plunged-into-nationwide-internet-blackout
FTC alleges messaging app violated child privacy law, duped users into subscriptions
https://therecord.media/ftc-alleges-sendit-app-violated-children-privacy-rule
CISA orders federal gov to patch critical Fortra file transfer bug
https://therecord.media/cisa-orders-federal-gov-patch-fortra-bug
CPPA fines Tractor Supply Company $1.4 million for privacy violations
https://therecord.media/ccpa-tractor-supply-privacy-fine
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
https://arxiv.org/abs/2509.22662
An In-depth research-based walk-through of an Uninitialized Local Variable Static Analyzer
https://www.reddit.com/r/netsec/comments/1nu7f3y/an_indepth_researchbased_walkthrough_of_an/
You name it, VMware elevates it (CVE-2025-41244)
https://www.reddit.com/r/netsec/comments/1nu9q24/you_name_it_vmware_elevates_it_cve202541244/
Details of a Scam
https://www.schneier.com/blog/archives/2025/09/details-of-a-scam.html
Empowering defenders in the era of agentic AI with Microsoft Sentinel
https://www.microsoft.com/en-us/security/blog/2025/09/30/empowering-defenders-in-the-era-of-agentic-ai-with-microsoft-sentinel/
Cyberattack on Japanese beer giant Asahi limits shipping, call center operations
https://therecord.media/asahi-japan-cyberattack-limits-shipping-call-centers
Afghanistan plunged into nationwide internet blackout, disrupting air travel, medical care
https://therecord.media/afghanistan-plunged-into-nationwide-internet-blackout
FTC alleges messaging app violated child privacy law, duped users into subscriptions
https://therecord.media/ftc-alleges-sendit-app-violated-children-privacy-rule
CISA orders federal gov to patch critical Fortra file transfer bug
https://therecord.media/cisa-orders-federal-gov-patch-fortra-bug
CPPA fines Tractor Supply Company $1.4 million for privacy violations
https://therecord.media/ccpa-tractor-supply-privacy-fine
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
GPS Spoofing Attacks and Pilot Responses Using a Flight Simulator...
Global Positioning System (GPS) spoofing involves transmitting fake signals that mimic those from GPS satellites, causing the GPS receivers to calculate incorrect Positioning, Navigation, and...
Top Security News for Today
DEEP SPECTER RESEARCH Alerted Jaguar 2.5 months prior to the cyber incident.
https://www.bloomberg.com/news/newsletters/2025-10-01/researchers-flagged-hacks-at-jaguar-land-rover-ahead-of-crippling-breach
Forensic journey: hunting evil within AmCache
https://securelist.com/amcache-forensic-artifact/117622/
Use of Generative AI in Scams
https://www.schneier.com/blog/archives/2025/10/use-of-generative-ai-in-scams.html
Seniors targeted in global Facebook scam spreading new Android malware
https://therecord.media/seniors-targeted-facebook-android-malware-scam
Hacking smarter with Burp AI: NahamSec puts Burp AI to the test
https://portswigger.net/blog/hacking-smarter-with-burp-ai-nahamsec-puts-burp-ai-to-the-test
China-linked hacking group Phantom Taurus targeting embassies, foreign ministries
https://therecord.media/china-linked-phantom-taurus-hacking
1.2 million people had information stolen during cyberattack on WestJet
https://therecord.media/westjet-data-breach-disclosures
Millions impacted by data breaches at insurance giant, auto dealership software firm
https://therecord.media/millions-impacted-by-data-breaches-insurance-car-dealership-software
Nuclei Templates for Detecting AMI MegaRAC BMC Vulnerabilities
https://www.reddit.com/r/netsec/comments/1nvllz0/nuclei_templates_for_detecting_ami_megarac_bmc/
Fingerprinting LLMs via Prompt Injection
https://arxiv.org/abs/2509.25410
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
DEEP SPECTER RESEARCH Alerted Jaguar 2.5 months prior to the cyber incident.
https://www.bloomberg.com/news/newsletters/2025-10-01/researchers-flagged-hacks-at-jaguar-land-rover-ahead-of-crippling-breach
Forensic journey: hunting evil within AmCache
https://securelist.com/amcache-forensic-artifact/117622/
Use of Generative AI in Scams
https://www.schneier.com/blog/archives/2025/10/use-of-generative-ai-in-scams.html
Seniors targeted in global Facebook scam spreading new Android malware
https://therecord.media/seniors-targeted-facebook-android-malware-scam
Hacking smarter with Burp AI: NahamSec puts Burp AI to the test
https://portswigger.net/blog/hacking-smarter-with-burp-ai-nahamsec-puts-burp-ai-to-the-test
China-linked hacking group Phantom Taurus targeting embassies, foreign ministries
https://therecord.media/china-linked-phantom-taurus-hacking
1.2 million people had information stolen during cyberattack on WestJet
https://therecord.media/westjet-data-breach-disclosures
Millions impacted by data breaches at insurance giant, auto dealership software firm
https://therecord.media/millions-impacted-by-data-breaches-insurance-car-dealership-software
Nuclei Templates for Detecting AMI MegaRAC BMC Vulnerabilities
https://www.reddit.com/r/netsec/comments/1nvllz0/nuclei_templates_for_detecting_ami_megarac_bmc/
Fingerprinting LLMs via Prompt Injection
https://arxiv.org/abs/2509.25410
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Bloomberg.com
Researchers Say They Flagged Cyber Flaws at Jaguar Ahead of Crippling Breach
Two cybersecurity companies say they discovered breaches at the company in the months before automaker shut down by cyberattack.
Top Security News for Today
Georgia Tech settles with DOJ over allegations of lax cybersecurity on federal projects
https://therecord.media/georgia-tech-gtrc-cybersecurity-false-claims-act-settlement
Japanese brewer Asahi delays product launches, halts deliveries after cyberattack
https://therecord.media/japan-asahi-delay-cyberattack
Daniel Miessler on the AI Attack/Defense Balance
https://www.schneier.com/blog/archives/2025/10/daniel-miessler-on-the-ai-attack-defense-balance.html
European parliamentarians implore EU leadership to stop funding spyware
https://therecord.media/european-parliament-stop-funding-spyware
Dutch court rules Meta violated European law by pushing users to profiled feeds
https://therecord.media/dutch-court-meta-violated-european-law-social-feeds
Microsoft named a Leader in the IDC MarketScape for XDR
https://www.microsoft.com/en-us/security/blog/2025/10/02/microsoft-named-a-leader-in-the-idc-marketscape-for-xdr/
Cybercriminals are trying to extort executives with data allegedly stolen through Oracle tool
https://therecord.media/possible-clop-campaign-extortion-executives-stolen-data
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Georgia Tech settles with DOJ over allegations of lax cybersecurity on federal projects
https://therecord.media/georgia-tech-gtrc-cybersecurity-false-claims-act-settlement
Japanese brewer Asahi delays product launches, halts deliveries after cyberattack
https://therecord.media/japan-asahi-delay-cyberattack
Daniel Miessler on the AI Attack/Defense Balance
https://www.schneier.com/blog/archives/2025/10/daniel-miessler-on-the-ai-attack-defense-balance.html
European parliamentarians implore EU leadership to stop funding spyware
https://therecord.media/european-parliament-stop-funding-spyware
Dutch court rules Meta violated European law by pushing users to profiled feeds
https://therecord.media/dutch-court-meta-violated-european-law-social-feeds
Microsoft named a Leader in the IDC MarketScape for XDR
https://www.microsoft.com/en-us/security/blog/2025/10/02/microsoft-named-a-leader-in-the-idc-marketscape-for-xdr/
Cybercriminals are trying to extort executives with data allegedly stolen through Oracle tool
https://therecord.media/possible-clop-campaign-extortion-executives-stolen-data
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Georgia Tech settles with DOJ over allegations of lax cybersecurity on federal projects
The Georgia Institute of Technology is paying $875,000 to settle a False Claims Act lawsuit with the federal government, which accused an office at the school of not following cybersecurity rules on some defense contracts.
Top Security News for Today
LinkedIn sues software company allegedly scraping data from millions of profiles
https://therecord.media/linkedin-sues-data-scraping-company
CVE-2025-59489: Arbitrary Code Execution in Unity Runtime
https://www.reddit.com/r/netsec/comments/1nwq9wj/cve202559489_arbitrary_code_execution_in_unity/
It's Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1nwy4eq/its_never_simple_until_it_is_dell_unityvsa/
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
https://www.trendmicro.com/en_us/research/25/j/self-propagating-malware-spreads-via-whatsapp.html
Oracle links extortion campaign to bugs addressed in July patch
https://therecord.media/oracle-links-extortion-campaign-to-patched-vulnerabilities
California AG sues city for allowing out-of-state searches of license plate reader database
https://therecord.media/california-lawsuit-el-cajon-police-out-of-state-searches-flock-database
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
LinkedIn sues software company allegedly scraping data from millions of profiles
https://therecord.media/linkedin-sues-data-scraping-company
CVE-2025-59489: Arbitrary Code Execution in Unity Runtime
https://www.reddit.com/r/netsec/comments/1nwq9wj/cve202559489_arbitrary_code_execution_in_unity/
It's Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1nwy4eq/its_never_simple_until_it_is_dell_unityvsa/
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
https://www.trendmicro.com/en_us/research/25/j/self-propagating-malware-spreads-via-whatsapp.html
Oracle links extortion campaign to bugs addressed in July patch
https://therecord.media/oracle-links-extortion-campaign-to-patched-vulnerabilities
California AG sues city for allowing out-of-state searches of license plate reader database
https://therecord.media/california-lawsuit-el-cajon-police-out-of-state-searches-flock-database
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
LinkedIn sues software company allegedly scraping data from millions of profiles
ProAPIs, a software company, and its CEO Rahmat Alam allegedly run an operation which LinkedIn says charges customers up to $15,000 per month for scraped user data taken from the social media platform.
Top Security News for Today
Fun With HyperLogLog and SIMD
https://www.reddit.com/r/lowlevel/comments/1nxqoqg/fun_with_hyperloglog_and_simd/
VED 2026: after CFI - data only
https://www.reddit.com/r/netsec/comments/1nxknk5/ved_2026_after_cfi_data_only/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Fun With HyperLogLog and SIMD
https://www.reddit.com/r/lowlevel/comments/1nxqoqg/fun_with_hyperloglog_and_simd/
VED 2026: after CFI - data only
https://www.reddit.com/r/netsec/comments/1nxknk5/ved_2026_after_cfi_data_only/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: Fun With HyperLogLog and SIMD
Posted by vaktibabat - 4 votes and 0 comments
Top Security News for Today
Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control
https://www.reddit.com/r/netsec/comments/1nx6jtq/ghost_in_the_cloud_weaponizing_aws_xray_for/
Analyzing The Salesloft-Drift Breach
https://www.reddit.com/r/netsec/comments/1nzcsly/analyzing_the_salesloftdrift_breach/
Detecting DLL hijacking with machine learning: real-world cases
https://securelist.com/detecting-dll-hijacking-with-machine-learning-in-kaspersky-siem/117567/
How we trained an ML model to detect DLL hijacking
https://securelist.com/building-ml-model-to-detect-dll-hijacking/117565/
Modeling the Attack: Detecting AI-Generated Text by Quantifying Adversarial Perturbations
https://arxiv.org/abs/2510.02319
Hybrid Horizons: Policy for Post-Quantum Security
https://arxiv.org/abs/2510.02317
NetCAS: Dynamic Cache and Backend Device Management in Networked Environments
https://arxiv.org/abs/2510.02323
Hallucination reduction with CASAL: Contrastive Activation Steering For Amortized Learning
https://arxiv.org/abs/2510.02324
Agentic-AI Healthcare: Multilingual, Privacy-First Framework with MCP Agents
https://arxiv.org/abs/2510.02325
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control
https://www.reddit.com/r/netsec/comments/1nx6jtq/ghost_in_the_cloud_weaponizing_aws_xray_for/
Analyzing The Salesloft-Drift Breach
https://www.reddit.com/r/netsec/comments/1nzcsly/analyzing_the_salesloftdrift_breach/
Detecting DLL hijacking with machine learning: real-world cases
https://securelist.com/detecting-dll-hijacking-with-machine-learning-in-kaspersky-siem/117567/
How we trained an ML model to detect DLL hijacking
https://securelist.com/building-ml-model-to-detect-dll-hijacking/117565/
Modeling the Attack: Detecting AI-Generated Text by Quantifying Adversarial Perturbations
https://arxiv.org/abs/2510.02319
Hybrid Horizons: Policy for Post-Quantum Security
https://arxiv.org/abs/2510.02317
NetCAS: Dynamic Cache and Backend Device Management in Networked Environments
https://arxiv.org/abs/2510.02323
Hallucination reduction with CASAL: Contrastive Activation Steering For Amortized Learning
https://arxiv.org/abs/2510.02324
Agentic-AI Healthcare: Multilingual, Privacy-First Framework with MCP Agents
https://arxiv.org/abs/2510.02325
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control
Explore this post and more from the netsec community
Top Security News for Today
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/
AI in the 2026 Midterm Elections
https://www.schneier.com/blog/archives/2025/10/ai-in-the-2026-midterm-elections.html
Taking remote control over industrial generators
https://www.reddit.com/r/netsec/comments/1nzm5tf/taking_remote_control_over_industrial_generators/
Brazil malware uses WhatsApp to target government
https://therecord.media/brazil-malware-whatsapp-sorvepotel
Signal calls on Germany to vote no to 'Chat Control'
https://therecord.media/signal-calls-on-germany-to-vote-no-chat-control
Suspected Chinese spies target Serbia
https://therecord.media/suspected-chinese-spies-serbia
FBI, UK urge orgs to patch after Clop campaign
https://therecord.media/fbi-uk-urge-orgs-to-patch-after-clop-campaign
Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1nzpx3b/well_well_well_its_another_day_oracle_ebusiness/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/
AI in the 2026 Midterm Elections
https://www.schneier.com/blog/archives/2025/10/ai-in-the-2026-midterm-elections.html
Taking remote control over industrial generators
https://www.reddit.com/r/netsec/comments/1nzm5tf/taking_remote_control_over_industrial_generators/
Brazil malware uses WhatsApp to target government
https://therecord.media/brazil-malware-whatsapp-sorvepotel
Signal calls on Germany to vote no to 'Chat Control'
https://therecord.media/signal-calls-on-germany-to-vote-no-chat-control
Suspected Chinese spies target Serbia
https://therecord.media/suspected-chinese-spies-serbia
FBI, UK urge orgs to patch after Clop campaign
https://therecord.media/fbi-uk-urge-orgs-to-patch-after-clop-campaign
Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1nzpx3b/well_well_well_its_another_day_oracle_ebusiness/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Microsoft News
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025…
Top Security News for Today
AI-Enabled Influence Operation Against Iran
https://www.schneier.com/blog/archives/2025/10/ai-enabled-influence-operation-against-iran.html
Jaguar Land Rover to restart production following cyberattack
https://therecord.media/jaguar-land-rover-restarting-production-after-cyberattack
Discord says sensitive info stolen during cyberattack on customer service provider
https://therecord.media/discord-data-breach-third-party
The future of pentesting is Human x AI, and it's already in Burp Suite Professional
https://portswigger.net/blog/the-future-of-pentesting-is-human-x-ai-and-its-already-in-burp-suite-professional
Russia blocks mobile internet for foreign SIM cards, citing drone threats
https://therecord.media/russia-blocks-mobile-internet-foreign-sim-cards
New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security
https://www.microsoft.com/en-us/security/blog/2025/10/07/new-microsoft-secure-future-initiative-sfi-patterns-and-practices-practical-guides-to-strengthen-security/
Police searched national network of automatic license plate reading cameras in abortion investigation
https://therecord.media/police-searched-license-reading-cameras-abortion-investigation
Disrupting threats targeting Microsoft Teams
https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/
How Your AI Chatbot Can Become a Backdoor
https://www.trendmicro.com/en_us/research/25/j/ai-chatbot-backdoor.html
ShinyHunters Wage Broad Corporate Extortion Spree
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
AI-Enabled Influence Operation Against Iran
https://www.schneier.com/blog/archives/2025/10/ai-enabled-influence-operation-against-iran.html
Jaguar Land Rover to restart production following cyberattack
https://therecord.media/jaguar-land-rover-restarting-production-after-cyberattack
Discord says sensitive info stolen during cyberattack on customer service provider
https://therecord.media/discord-data-breach-third-party
The future of pentesting is Human x AI, and it's already in Burp Suite Professional
https://portswigger.net/blog/the-future-of-pentesting-is-human-x-ai-and-its-already-in-burp-suite-professional
Russia blocks mobile internet for foreign SIM cards, citing drone threats
https://therecord.media/russia-blocks-mobile-internet-foreign-sim-cards
New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security
https://www.microsoft.com/en-us/security/blog/2025/10/07/new-microsoft-secure-future-initiative-sfi-patterns-and-practices-practical-guides-to-strengthen-security/
Police searched national network of automatic license plate reading cameras in abortion investigation
https://therecord.media/police-searched-license-reading-cameras-abortion-investigation
Disrupting threats targeting Microsoft Teams
https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/
How Your AI Chatbot Can Become a Backdoor
https://www.trendmicro.com/en_us/research/25/j/ai-chatbot-backdoor.html
ShinyHunters Wage Broad Corporate Extortion Spree
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
AI-Enabled Influence Operation Against Iran - Schneier on Security
Citizen Lab has uncovered a coordinated AI-enabled influence operation against the Iranian government, probably conducted by Israel. Key Findings A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation.…
Top Security News for Today
Tiny but Mighty: A Software-Hardware Co-Design Approach for Efficient Multimodal Inference on Battery-Powered Small Devices
https://arxiv.org/abs/2510.05109
System Prompt Poisoning: Persistent Attacks on Large Language Models Beyond User Injection
https://arxiv.org/abs/2505.06493
Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984)
https://www.reddit.com/r/netsec/comments/1o170wz/bash_a_newline_exploiting_ssh_via_proxycommand/
Teenagers arrested in England over cyberattack on nursery chain Kido
https://therecord.media/kido-nursery-school-chain-hack-arrests-britain
Cybercrime crew claims attack on Japanese brewer as it restarts operations
https://therecord.media/qilin-ransomware-gang-alleged-asahi-hackers
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tiny but Mighty: A Software-Hardware Co-Design Approach for Efficient Multimodal Inference on Battery-Powered Small Devices
https://arxiv.org/abs/2510.05109
System Prompt Poisoning: Persistent Attacks on Large Language Models Beyond User Injection
https://arxiv.org/abs/2505.06493
Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984)
https://www.reddit.com/r/netsec/comments/1o170wz/bash_a_newline_exploiting_ssh_via_proxycommand/
Teenagers arrested in England over cyberattack on nursery chain Kido
https://therecord.media/kido-nursery-school-chain-hack-arrests-britain
Cybercrime crew claims attack on Japanese brewer as it restarts operations
https://therecord.media/qilin-ransomware-gang-alleged-asahi-hackers
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Tiny but Mighty: A Software-Hardware Co-Design Approach for...
Large Multimodal Models (LMMs) are inherently modular, consisting of vision and audio encoders, projectors, and large language models. Yet, they are almost always executed monolithically, which...
Top Security News for Today
Discord says 70,000 users had government IDs exposed in third-party breach
https://therecord.media/discord-government-docs-exposed-breach
Investing targeted “payroll pirate” attacks affecting US universities
https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/
LLM Black Markets in 2025 – Prompt Injection, Jailbreak Sales & Model Leaks
https://www.darknet.org.uk/2025/10/llm-black-markets-in-2025-prompt-injection-jailbreak-sales-model-leaks/
HTTP/1.1 must die: Dafydd Stuttard on what this means for enterprise security
https://portswigger.net/blog/http-1-1-must-die-dafydd-stuttard-on-what-this-means-for-enterprise-security
Security Analysis of a medical device: Methods and Findings
https://www.reddit.com/r/netsec/comments/1o29iec/security_analysis_of_a_medical_device_methods_and/
A Hands-On Edition: Will Supabase Be the Next Firebase (At Least in Terms of Security)?
https://www.reddit.com/r/netsec/comments/1o0pfnr/a_handson_edition_will_supabase_be_the_next/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Discord says 70,000 users had government IDs exposed in third-party breach
https://therecord.media/discord-government-docs-exposed-breach
Investing targeted “payroll pirate” attacks affecting US universities
https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/
LLM Black Markets in 2025 – Prompt Injection, Jailbreak Sales & Model Leaks
https://www.darknet.org.uk/2025/10/llm-black-markets-in-2025-prompt-injection-jailbreak-sales-model-leaks/
HTTP/1.1 must die: Dafydd Stuttard on what this means for enterprise security
https://portswigger.net/blog/http-1-1-must-die-dafydd-stuttard-on-what-this-means-for-enterprise-security
Security Analysis of a medical device: Methods and Findings
https://www.reddit.com/r/netsec/comments/1o29iec/security_analysis_of_a_medical_device_methods_and/
A Hands-On Edition: Will Supabase Be the Next Firebase (At Least in Terms of Security)?
https://www.reddit.com/r/netsec/comments/1o0pfnr/a_handson_edition_will_supabase_be_the_next/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Discord says 70,000 users had government IDs exposed in third-party breach
The social media platform Discord said about 70,000 users had their government IDs stolen by cybercriminals, as the company sought to dispel claims by the purported hackers of a larger breach.
Top Security News for Today
CISA Emergency Directive: AI-Powered Phishing Campaign Analysis - 300% Surge, $2.3B Q3 Losses
https://www.reddit.com/r/netsec/comments/1o2wci1/cisa_emergency_directive_aipowered_phishing/
Autonomous AI Hacking and the Future of Cybersecurity
https://www.schneier.com/blog/archives/2025/10/autonomous-ai-hacking-and-the-future-of-cybersecurity.html
Hacking with AI SASTs: An overview of 'AI Security Engineers'
https://www.reddit.com/r/netsec/comments/1o2tait/hacking_with_ai_sasts_an_overview_of_ai_security/
Pro-Russian hackers caught bragging about attack on fake water utility
https://therecord.media/fake-water-utility-honeypot-hacked-pro-russian-group
Living off Node.js Addons
https://www.reddit.com/r/netsec/comments/1o326ys/living_off_nodejs_addons/
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
https://krebsonsecurity.com/2025/10/ddos-botnet-aisuru-blankets-us-isps-in-record-ddos/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
CISA Emergency Directive: AI-Powered Phishing Campaign Analysis - 300% Surge, $2.3B Q3 Losses
https://www.reddit.com/r/netsec/comments/1o2wci1/cisa_emergency_directive_aipowered_phishing/
Autonomous AI Hacking and the Future of Cybersecurity
https://www.schneier.com/blog/archives/2025/10/autonomous-ai-hacking-and-the-future-of-cybersecurity.html
Hacking with AI SASTs: An overview of 'AI Security Engineers'
https://www.reddit.com/r/netsec/comments/1o2tait/hacking_with_ai_sasts_an_overview_of_ai_security/
Pro-Russian hackers caught bragging about attack on fake water utility
https://therecord.media/fake-water-utility-honeypot-hacked-pro-russian-group
Living off Node.js Addons
https://www.reddit.com/r/netsec/comments/1o326ys/living_off_nodejs_addons/
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
https://krebsonsecurity.com/2025/10/ddos-botnet-aisuru-blankets-us-isps-in-record-ddos/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
[ Removed by moderator ] : r/netsec
538K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers…
Top Security News for Today
IAmAntimalware: Inject Malicious Code Into Antivirus
https://www.reddit.com/r/netsec/comments/1o3rhy1/iamantimalware_inject_malicious_code_into/
A Story About Bypassing Air Canada's In-flight Network Restrictions
https://www.reddit.com/r/netsec/comments/1o3l1fy/a_story_about_bypassing_air_canadas_inflight/
Blind Enumeration of gRPC Services
https://www.reddit.com/r/netsec/comments/1o4eyuc/blind_enumeration_of_grpc_services/
Venom: A Kernel Module
https://www.reddit.com/r/lowlevel/comments/1o4iguk/venom_a_kernel_module/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
IAmAntimalware: Inject Malicious Code Into Antivirus
https://www.reddit.com/r/netsec/comments/1o3rhy1/iamantimalware_inject_malicious_code_into/
A Story About Bypassing Air Canada's In-flight Network Restrictions
https://www.reddit.com/r/netsec/comments/1o3l1fy/a_story_about_bypassing_air_canadas_inflight/
Blind Enumeration of gRPC Services
https://www.reddit.com/r/netsec/comments/1o4eyuc/blind_enumeration_of_grpc_services/
Venom: A Kernel Module
https://www.reddit.com/r/lowlevel/comments/1o4iguk/venom_a_kernel_module/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: IAmAntimalware: Inject Malicious Code Into Antivirus
Explore this post and more from the netsec community