یکشنبه
۷ ‏( دی = ۱۰ )‏ ۱٤۰٤
‏28 ( دسامبر = december = 12 ) 2025
تکنیک‌ها ، کالبدشکافی ، درک عمیق ، یک قدم جلوتر ...
https://news.1rj.ru/str/boost/NullError_ir

CVE-2025-43300 is the latest zero-day flaw used in cyberattacks against "targeted individuals," which could signify spyware or nation-state hacking.

You may have noticed the Anime Catgirls when trying to get to the Linux Kernel’s mailing list, or one of any number of other sites associated with Open Source projects. [Tavis Ormandy] had th…

A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes.

China-linked APT MURKY PANDA targets North American gov, tech & legal sectors, exploiting cloud flaws & stealing sensitive data.

Dubbed Operation Serengeti 2.0, the operation took place between June and August.

Famously, Nikola Tesla won the War of the Currents in the early days of electrification because his AC system could use transformers to minimize losses for long distance circuits. That was well bef…

In this episode of the Hackaday Podcast, editors Elliot Williams and Tom Nardi start out with a warning about potentially radioactive shrimp entering the American food supply via Walmart, and thing…

A couple of decades ago now, several things happened which gave life to our world and made it what it has become. Hackerspaces proliferated, giving what was previously dispersed a physical focus. A…

The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India.

The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds.

Over time, web browsers have accumulated a ton of features beyond what anyone from the 90s might have imagined, from an application platform to file management and even to hardware access. While th…

This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. (It’s not a real sabbatical—I’m just an adjunct—but it’s the same idea.) I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University…

Many apps you use every day are highly invasive—but you don't have to make it easy for companies and data brokers to obtain and use your information.

A Chinese APT is going where most APTs don't: deep into the cloud, compromising supply chains and deploying uncommon malware.

If you’ve ever lost gear to lightning or power spikes, you know what a pain they are. Out in rural Arkansas, where [vinthewrench] lives, the grid is more chaos than comfort – especially when …

A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers.

Nice short article on the bobtail squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

When [Tom Nardi] reported on NOAA’s statement that many of its polar birds were no longer recommended for use, he mentioned that when the satellites do give up, there are other options if you…

A method to silently exfiltrate Windows secrets and credentials, evading detection from most Endpoint Detection and Response (EDR) solutions.

Sometimes it seems like there’s nothing Emacs can’t do. Which, of course, is why some people love it, and some people hate it. Apparently, [mbork] loves it and devised a scheme to show …