Disrupting the first reported AI-orchestrated cyber espionage campaign #FirstAIHack #AgenticAI #CyberEspionage #AutonomousAttacks #CybersecurityFuture https://www.anthropic.com/news/disrupting-AI-espionage
Anthropic
Disrupting the first reported AI-orchestrated cyber espionage campaign
A report describing an a highly sophisticated AI-led cyberattack
N-able N-central: From N-days to 0-days #NableNcentral #0DayExploits #AuthBypass #XXEAttack #DataBreach https://horizon3.ai/attack-research/attack-blogs/n-able-n-central-from-n-days-to-0-days/
Horizon3.ai
N-able N-central: From N-days to 0-days
Root cause analysis for N-able N-central CVE-2025-9163 and CVE-2025-11700 which allow for reading files and and potentially compromising the N-central database which stores client credentials, API keys, and more.
Gotchas in Email Parsing - Lessons From Jakarta Mail #EmailParsing #JakartaMail #SecurityVulnerabilities #ParsingDifferentials #RFCCompliance https://www.elttam.com/blog/jakarta-mail-primitives/
Elttam
Gotchas in Email Parsing - Lessons From Jakarta Mail - elttam
Learn the hidden quirks in Jakarta Mail that can lead to high-impact security bugs, and how to avoid them in your Java applications.
Discussion on assert(int+100 > int) optimized away in gcc https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475
Python packages to create extensive spy program #Python #SpyProgram #BlockHacks #Hacking #Surveillance https://audits.blockhacks.io/audit/python-packages-to-create-spy-program
BlockHacks
Python packages to create extensive spy program
This article dives deep into the emerging threat of covert audio‑and‑video exfiltration hidden inside seemingly harmless PDF attachments and lightweight Python scripts. It explains how attackers embed microphone listeners, webcam recorders, and motion‑triggered…
IPIPHistory - IP Address and BGP Route History Search #IPASNLookup #BGPRoutes #BGPHijack #NetworkIntelligence #RoutingAnalysis http://ipiphistory.com/
Ipiphistory
IPIPHistory - IP Address & BGP Route History Search
Free IP address, ASN lookup and BGP route history analysis tool with hijack detection.
Exploiting A Pre-Auth RCE in W3 Total Cache For WordPress <= 2.9.1 (CVE-2025-9501) #W3TotalCache #WordPress #RCE #CVE20259501 #PatchBypass https://www.rcesecurity.com/2025/11/exploiting-a-pre-auth-rce-in-w3-total-cache-for-wordpress-cve-2025-9501/
RCE Security | Penetration Tests. Source Code Reviews. IT Security Audits.
Exploiting A Pre-Auth RCE in W3 Total Cache … | RCE Security
We recently came across a very brief vulnerability announcement made by WPScan about CVE-2025-9501, which is described as an "Unauthenticated Command Injection" …
Lite XL — Arbitrary Code & Remote Code Execution (CVE-2025-12120 & CVE-2025-12121) #LiteXL #RCE #ArbitraryCode #CVEs #Security https://bend0us.github.io/vulnerabilities/lite-xl-rce/
BEND0US Offensive Security Notes
Lite XL — Arbitrary Code & Remote Code Execution (CVE-2025-12120 & CVE-2025-12121)
Lite XL versions 2.1.8 and earlier contain vulnerabilities that allow arbitrary code execution and can lead to Remote Code Execution.
Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757) https://slcyber.io/research-center/breaking-oracles-identity-manager-pre-auth-rce/
Searchlight Cyber
Uncovering Oracle Identity Manager: Pre-Auth RCE (CVE-2025-61757)
Intro Earlier this year, in January, Oracle Cloud's login service (login.us2.oraclecloud.com) was breached—this led to the compromise of 6M records and over 140k Oracle Cloud tenants. Analysis showed that the threat actor had exploited an older CVE (CVE-2021…
When Updates Backfire: RCE in Windows Update Health Tools #RCE #WindowsUpdate #AzureVulnerability #MicrosoftSecurity #AbandonedBlobs https://research.eye.security/rce-windows-update-health-tools/
Eye Research
When Updates Backfire: RCE in Windows Update Health Tools
We discovered a remote code execution vulnerability in Microsoft's Update Health Tools (KB4023057) through an abandoned Azure Blob. Here’s how we found it, how it worked, and what it means for your Windows environment.
Sliver C2 Insecure Default Network Policy (CVE-2025-27093) #SliverC2 #Wireguard #CVE202527093 #NetworkPolicy #CommandAndControl https://hngnh.com/posts/Sliver-CVE-2025-27093/
Hoang Nguyen
Sliver C2 Insecure Default Network Policy (CVE-2025-27093)
Summary Sliver is a powerful command and control (C2) framework designed to provide advanced capabilities for covertly managing and controlling remote systems.
A Reverse Engineer’s Anatomy of the macOS Boot Chain & Security Architecture #macOSSecurity #AppleSilicon #SecureBoot #ReverseEngineering #HardwareTrust https://stack.int.mov/a-reverse-engineers-anatomy-of-the-macos-boot-chain-security-architecture/
/dev/stack
A Reverse Engineer’s Anatomy of the macOS Boot Chain & Security Architecture
1.0 The Silicon Root of Trust: Pre-Boot & Hardware Primitives
The security of the macOS platform on Apple Silicon is not defined by the kernel; it is defined by the physics of the die. Before the first instruction of kernelcache is fetched, a complex, cryptographic…
The security of the macOS platform on Apple Silicon is not defined by the kernel; it is defined by the physics of the die. Before the first instruction of kernelcache is fetched, a complex, cryptographic…
Live Updates: Sha1-Hulud, The Second Coming - Hundreds of NPM Packages Compromised #NPMsupplychain #Sha1Hulud #MalwareAttack #CredentialTheft #DataDestruction https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised
www.koi.ai
Live Updates: Sha1-Hulud, The Second Coming - Hundreds of NPM Packages Compromised
A new wave of the Shai-Hulud malware is compromising hundreds of npm packages and destroying user home directories. Get live updates and mitigation steps.
TOTAL RECALL 2024 - Memory Forensics Self-Paced Learning/Challenge/CTF #MemoryForensics #CTF #IncidentResponse #DigitalForensics #Cybersecurity https://www.securitynik.com/2024/03/total-recall-2024-memory-forensics-self.html
Securitynik
**TOTAL RECALL 2024** - Memory Forensics Self-Paced Learning/Challenge/CTF
Similar to " Solving the CTF challenge - Network Forensics (packet and log analysis), USB Disk Forensics, Database Forensics, Stego " this c...
Split-Second Side Doors: How Bot-Delegated TOCTOU Breaks The CI/CD Threat Model #TOCTOU #Bots #CICD #SideDoors #RaceConditions https://boostsecurity.io/blog/split-second-side-doors-how-bot-delegated-toctou-breaks-the-cicd-threat-model
Write Path Traversal to a RCE Art Department #PathTraversal #RCE #RubyOnRails #WildcardRouting #TemplateInjection https://lab.ctbb.show/research/write-path-traversal-to-RCE-art-department
Critical Thinking - Bug Bounty Podcast
Write Path Traversal to a RCE Art Department
Abusing Write Path Traversal for Living Off the Land Remote Code Execution
TROOPERS25: Revisiting Cross Session Activation attacks https://youtu.be/7bPzqEiO6Tk
YouTube
TROOPERS25: Revisiting Cross Session Activation attacks
More impressions:
/ wearetroopers
/ ernw_itsec
https://infosec.exchange/@WEareTROOPERS
https://infosec.exchange/@ERNW https://ernw.de
#TROOPERS #ITsecurity #ERNW
/ wearetroopers
/ ernw_itsec
https://infosec.exchange/@WEareTROOPERS
https://infosec.exchange/@ERNW https://ernw.de
#TROOPERS #ITsecurity #ERNW
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land #BulletproofHosting #MediaLandLeak #Ransomware #ThreatIntelligence #Cybercrime https://disclosing.observer/2025/11/24/bulletproof-hoster-anatomy-data-driven-reconstruction.html
Disclosing.Observer
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land
A data-driven reconstruction of the bulletproof hosting provider Media Land, using leaked internal records to analyze customer structure, address space alloc...
GeoServer WMS GetMap XML External Entity Injection Vulnerability (CVE-2025-58360) #GeoServer #WMS #XEE #Injection #Vulnerability https://helixguard.ai/blog/CVE-2025-58360/
helixguard.ai
GeoServer WMS GetMap XML External Entity Injection Vulnerability(CVE-2025-58360)
GeoServer is an open-source geospatial server used to publish and share spatial data and map services through standardized OGC interfaces. In affected versions, the WMS GetMap endpoint fails to disable external entity expansion when parsing SLD/XML documents.