LLM Honeypot vs. Cryptojacking: Understanding the Enemy #Cryptojacking #LLMHoneypot #MalwareAnalysis #Beelzebub #Cybersecurity https://beelzebub.ai/blog/llm-honeypot-vs-cryptojacking-understanding-the-enemy/
Beelzebub
LLM Honeypot vs. Cryptojacking: Understanding the Enemy | AI-Native security platform
AI-Native security platform: Deceive, Detect, Respond. “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.” Bruce Schneier. We turn that hard truth into your tactical advantage. Our AI-based decoys, built using our open…
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic Execution for Code Decryption and Deobfuscation https://revflash.medium.com/strategies-for-analyzing-native-code-in-android-applications-combining-ghidra-and-symbolic-aaef4c9555df
Medium
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic…
In my work analyzing native code in Android applications, I often try different techniques. Some work, others not so much. I’ve realized I…
LG WebOS TV Path Traversal, Authentication Bypass and Full Device Takeover #LGWebOSTV #PathTraversal #AuthenticationBypass #DeviceTakeover #Vulnerability https://ssd-disclosure.com/lg-webos-tv-path-traversal-authentication-bypass-and-full-device-takeover/
SSD Secure Disclosure
LG WebOS TV Path Traversal, Authentication Bypass and Full Device Takeover - SSD Secure Disclosure
Affected Versions Vendor Response The vendor has issued an advisory SMR-SEP-2025, available at: https://lgsecurity.lge.com/bulletins/tv in regard to the below described vulnerability Credit The vulnerability was disclosed during our TyphoonPWN 2025 LG Category…
😱1👾1
Modus Operandi of Subtle Snail #PRODAFT #CATALYST https://catalyst.prodaft.com/public/report/modus-operandi-of-subtle-snail/overview
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State #EDRFreeze #EDRBypass #AntivirusDisable #WerFaultExploit #RedTeam https://www.zerosalarium.com/2025/09/EDR-Freeze-Puts-EDRs-Antivirus-Into-Coma.html
Zerosalarium
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
EDR-Freeze exploits the vulnerability of WerFaultSecure to suspend the processes of EDRs and Antimalware, halting the operation of Antivirus and EDR
Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
Lastpass
Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware - The LastPass…
Were tracking an ongoing, widespread infostealer campaign targeting Mac users through fraudulent GitHub repositories.
😱2🍾1
Journeys in Hosting 1/x - Precomputed SSH Host Keys #LightNode #SSHKeys #PrecomputedKeys #SecurityVulnerability #HostingAnomaly https://dataplane.org/jtk/blog/2025/09/hosting-stories-1/
dataplane.org
John Kristoff - Journeys in Hosting 1/x - Precomputed SSH Host Keys
🔥3
BlackLock Ransomware: From Meteoric Rise to Sudden Disruption #BlackLockRansomware #RansomwareDisruption #MeteoricRise #DoubleExtortion #CyberThreats https://wealthari.com/blacklock-ransomware-from-meteoric-rise-to-sudden-disruption/
Wealthari
BlackLock Ransomware: From Meteoric Rise to Sudden Disruption
BlackLock has quickly climbed the ranks in the global ransomware scene, setting new benchmarks for attack frequency and technical complexity. Emerging in March 2024 under the name El Dorado, t…
Detecting AI Fakes with Compression Artifacts #AIFakes #CompressionArtifacts #ELA #ImageForensics #FraudDetection https://dmanco.dev/2025/09/15/basics-of-image-forensics-1.html
Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035) #GoAnywhereMFT #CVE202510035 #Deserialization #AuthBypass #PreAuthRCE https://labs.watchtowr.com/is-this-bad-this-feels-bad-goanywhere-cve-2025-10035/
watchTowr Labs
Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035)
File transfer used to be simple fun - fire up your favourite FTP client, log in to a glFTPd site, and you were done.
Fast forward to 2025, and the same act requires a procurement team, a web interface, and a vendor proudly waving their Secure by Design pledge.…
Fast forward to 2025, and the same act requires a procurement team, a web interface, and a vendor proudly waving their Secure by Design pledge.…
30 Minutes to Root Cause: Akira Ransomware via SonicWall VPN Compromise https://www.strandintelligence.com/case-studies/akira-ransomware-investigation
Strand Intelligence
Strand - AI-Powered Digital Forensics & Incident Response
Investigate any cyber incident in minutes. Immediate, automated digital forensics for incident response.
Yet Another Random Story: VBScript's Randomize Internals #VBScript #Randomize #PRNGWeakness #TokenPrediction #SecurityVulnerability https://blog.doyensec.com/2025/09/25/yet-another-random-story.html
Doyensec
Yet Another Random Story: VBScript's Randomize Internals
In one of our recent posts, Dennis shared an interesting case study of C# exploitation that rode on Random-based password-reset tokens. He demonstrated how to use the single-packet attack, or a bit of old-school math, to beat the game. Recently, I performed…
ReDisclosure: New technique for exploiting Full-Text Search in MySQL (myBB case study) #FullTextSearch #RegexInjection #MySQL #MyBB #InfoDisclosure https://exploit.az/posts/wor/
Exploit Azerbaijan
ReDisclosure: New technique for exploiting Full-Text Search in MySQL (myBB case study)
"Even a small key can open a big lock" Azerbaijani Proverb ---[ Index 1 - Introduction 2 - Tradition 2.1 - ReDoS, not the OS 2.2 - REGEXP, RLIKE and others 3 - How insecure, secure implementations are? 4 - Study Case: myBB 4.1 - Identification 4.2 - Perfect…
Hacking Furbo - A Hardware Hacking Research Project – Part 5: Exploiting BLE #FurboHack #BLEExploits #WiFiExposure #StreamHijack #HardwareSecurity https://www.softwaresecured.com/post/hacking-furbo-a-hardware-research-project-part-5-exploiting-ble
Softwaresecured
Hacking Furbo - A Hardware Hacking Research Project - Part 5
This post analyzes Furbo’s BLE communication, uncovering flaws that expose Wi-Fi credentials, allow device resets, and reveal hidden GATT data.
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2 #CVE202510035 #GoAnywhereMFT #InTheWildExploitation #SecurityTransparency #BackdoorAccount https://labs.watchtowr.com/it-is-bad-exploitation-of-fortra-goanywhere-mft-cve-2025-10035-part-2/
watchTowr Labs
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2
We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035.
Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible intel that informed this update.
In Part 1 we laid out an…
Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible intel that informed this update.
In Part 1 we laid out an…
Klopatra: exposing a new Android banking trojan operation with roots in Turkey #Klopatra #AndroidTrojan #BankingMalware #TurkishThreat #AdvancedEvasion https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey
Cleafy
Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
In late August 2025, Cleafy's Threat Intelligence team discovered Klopatra, a new, highly sophisticated Android malware currently targeting banking users primarily in Spain and Italy. The number of compromised devices has already exceeded 1,000. Read the…
You name it, VMware elevates it (CVE-2025-41244) #CVE202541244 #VMware #PrivilegeEscalation #ZeroDay #ServiceDiscovery https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/
NVISO Labs
You name it, VMware elevates it (CVE-2025-41244)
NVISO has identified zero-day exploitation of CVE-2025-41244, a local privilege escalation vulnerability impacting VMware's guest service discovery features.
Finding Critical Bugs in Adobe Experience Manager https://slcyber.io/research-center/finding-critical-bugs-in-adobe-experience-manager/
Searchlight Cyber
Finding Critical Bugs in Adobe Experience Manager › Searchlight Cyber
Adobe Experience Manager is one of the most popular CMSes around. Given its widespread use throughout the enterprise, you likely interact with AEM-based sites almost every day. From a security perspective, AEM presents an interesting target. AEM's popularity…
BombShell: The Signed Backdoor Hiding in Plain Sight on Framework Devices #UEFIVulnerability #SecureBootBypass #SignedBackdoor #FrameworkDevices #FirmwareSecurity https://eclypsium.com/blog/bombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices/
Eclypsium | Supply Chain Security for the Modern Enterprise
BombShell: The Signed Backdoor Hiding in Plain Sight on Framework Devices
Eclypsium researchers have discovered UEFI shells, authorized via Secure Boot, on Framework laptops. The UEFI shells contain capabilities that allow attackers to bypass Secure Boot on roughly 200,000 affected Framework laptops and desktops.
CVE-2025-9133: Configuration Exposure via Authorization Bypass #CVE20259133 #ZyxelVulnerability #AuthBypass #ConfigExposure #CommandInjection https://rainpwn.blog/blog/cve-2025-9133/
Rainpwn
CVE-2025-9133: Configuration Exposure via Authorization Bypass
A vulnerability in the zysh-cgi component of the USG/ATP Series allows a low-privileged, semi-authenticated attacker to access the device’s configuration, bypassing authorization controls. This issue arises due to missing authorization checks and an incomplete…
The MCP Security Tool You Probably Need - MCP Snitch #MCPSecurity #AISecurity #ProxySecurity #Authentication #DataProtection https://www.adversis.io/blogs/the-mcp-security-tool-you-probably-need---mcp-snitch
www.adversis.io
The MCP Security Tool You Probably Need - MCP Snitch
The Model Context Protocol (MCP) has rapidly emerged as the standard for connecting AI agents to external tools and services.