Intercepting MacOS XPC
https://ift.tt/G7Mkey6
Submitted April 03, 2025 at 11:23PM by Ano_F
via reddit https://ift.tt/5713ElL
https://ift.tt/G7Mkey6
Submitted April 03, 2025 at 11:23PM by Ano_F
via reddit https://ift.tt/5713ElL
Medium
Intercepting MacOS XPC
Intercepting XPC Messages With Frida
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
https://ift.tt/Tw134Vf
Submitted April 03, 2025 at 11:03PM by ethicalhack3r
via reddit https://ift.tt/OTVxzFR
https://ift.tt/Tw134Vf
Submitted April 03, 2025 at 11:03PM by ethicalhack3r
via reddit https://ift.tt/OTVxzFR
Google Cloud Blog
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud…
Talk To Your Malware - Integrating AI Capability in an Open-Source C2 Agent
https://ift.tt/1lyAdNn
Submitted April 04, 2025 at 03:43AM by obilodeau
via reddit https://ift.tt/WdQJi9y
https://ift.tt/1lyAdNn
Submitted April 04, 2025 at 03:43AM by obilodeau
via reddit https://ift.tt/WdQJi9y
GoSecure
Talk To Your Malware - Integrating AI Capability in an Open-Source C2 Agent
Explore how AI-enabled implants can generate and execute custom malware commands on the fly, no coding required.
Open-source Compliance
https://trycomp.ai/
Submitted April 04, 2025 at 01:25PM by Indiemarketing
via reddit https://ift.tt/EVCaKHp
https://trycomp.ai/
Submitted April 04, 2025 at 01:25PM by Indiemarketing
via reddit https://ift.tt/EVCaKHp
Comp AI
Comp AI - SOC 2 - HIPAA - GDPR - ISO 27001 made effortless
AI that handles compliance for you at startup speed. The effortless way to get SOC 2, HIPAA, GDPR, and ISO 27001 compliant in hours, not months.
Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457) - watchTowr Labs
https://ift.tt/AeQY1N0
Submitted April 04, 2025 at 07:20PM by dx7r__
via reddit https://ift.tt/SbJRyX9
https://ift.tt/AeQY1N0
Submitted April 04, 2025 at 07:20PM by dx7r__
via reddit https://ift.tt/SbJRyX9
watchTowr Labs
Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)
What's that Skippy? Another Ivanti Connect Secure vulnerability?
At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis.
Do you know the fun things about these posts?…
At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis.
Do you know the fun things about these posts?…
ServiceRadar 1.0.28 - Open Source Network Monitoring and Observability
https://ift.tt/Z1fGBbo
Submitted April 06, 2025 at 10:00AM by ChaseApp501
via reddit https://ift.tt/pfhJS1n
https://ift.tt/Z1fGBbo
Submitted April 06, 2025 at 10:00AM by ChaseApp501
via reddit https://ift.tt/pfhJS1n
New attack vector on AI toolchains: Tool Poisoning in MCPs (Machine Code Models)
https://ift.tt/HxczY6O
Submitted April 07, 2025 at 04:49AM by VonNaturAustreVe
via reddit https://ift.tt/Y0ZrcTa
https://ift.tt/HxczY6O
Submitted April 07, 2025 at 04:49AM by VonNaturAustreVe
via reddit https://ift.tt/Y0ZrcTa
invariantlabs.ai
MCP Security Notification: Tool Poisoning Attacks
We have discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for
[CVE-2025-32101] UNA CMS <= 14.0.0-RC4 PHP Object Injection
https://ift.tt/wN9PHKz
Submitted April 07, 2025 at 09:02PM by eg1x
via reddit https://ift.tt/V45PWDe
https://ift.tt/wN9PHKz
Submitted April 07, 2025 at 09:02PM by eg1x
via reddit https://ift.tt/V45PWDe
Karmainsecurity
UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Dependency Injection for Artificial Intelligence (DI4AI)
https://ift.tt/qKy6grH
Submitted April 08, 2025 at 04:25PM by FoxInTheRedBox
via reddit https://ift.tt/v617P2z
https://ift.tt/qKy6grH
Submitted April 08, 2025 at 04:25PM by FoxInTheRedBox
via reddit https://ift.tt/v617P2z
SQL injections in MachForm v24 allow authenticated backend users to access unauthorized form entries and perform privesc
https://ift.tt/RLG6h9r
Submitted April 08, 2025 at 05:31PM by qwerty0x41
via reddit https://ift.tt/scHRhLJ
https://ift.tt/RLG6h9r
Submitted April 08, 2025 at 05:31PM by qwerty0x41
via reddit https://ift.tt/scHRhLJ
Shopware Unfixed SQL Injection in Security Plugin 6
https://ift.tt/bflzZQq
Submitted April 08, 2025 at 05:18PM by RedTeamPentesting
via reddit https://ift.tt/7jWRLPf
https://ift.tt/bflzZQq
Submitted April 08, 2025 at 05:18PM by RedTeamPentesting
via reddit https://ift.tt/7jWRLPf
www.redteam-pentesting.de
RedTeam Pentesting - Shopware Unfixed SQL Injection in Security Plugin 6
Shopware is affected by a known SQL injection in older Shopware versions which is fixed in newer Shopware releases. For customers who can not upgrade the main Shopware version the Shopware AG offers the security plugin which patches known vulnerabilities…
CyberAlerts Known Exploited Vulnerabilities (KEV) Catalog
https://ift.tt/GnQOadP
Submitted April 08, 2025 at 05:51PM by ethicalhack3r
via reddit https://ift.tt/TxOQjuU
https://ift.tt/GnQOadP
Submitted April 08, 2025 at 05:51PM by ethicalhack3r
via reddit https://ift.tt/TxOQjuU
Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation
https://ift.tt/1B2ezAD
Submitted April 09, 2025 at 12:27AM by halxon
via reddit https://ift.tt/BGD6wSW
https://ift.tt/1B2ezAD
Submitted April 09, 2025 at 12:27AM by halxon
via reddit https://ift.tt/BGD6wSW
Cymulate
Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation
Improper input validation in AWS SSM Agent's plugin ID exposes systems to path traversal and privilege escalation attacks.
In- Person CTF
https://ift.tt/8gad61W
Submitted April 09, 2025 at 12:23AM by Wireless_Noise
via reddit https://ift.tt/HFS09ia
https://ift.tt/8gad61W
Submitted April 09, 2025 at 12:23AM by Wireless_Noise
via reddit https://ift.tt/HFS09ia
The Evolution of HTTPS Adoption in Firefox
https://ift.tt/3btgJMI
Submitted April 09, 2025 at 12:52PM by mozfreddyb
via reddit https://ift.tt/8DXbQxR
https://ift.tt/3btgJMI
Submitted April 09, 2025 at 12:52PM by mozfreddyb
via reddit https://ift.tt/8DXbQxR
Attack & Defense
The Evolution of HTTPS Adoption in Firefox
We at Mozilla believe that people deserve privacy and one of the most important pieces of web privacy is provided through ubiquitous encryption. Because of this, we shipped HTTPS-First by default as of Firefox 136 (March 4th). The mechanism upgrades all page…
Hardening the Firefox Frontend with Content Security Policies
https://ift.tt/mK4ODIS
Submitted April 09, 2025 at 03:08PM by evilpies
via reddit https://ift.tt/huV5l3z
https://ift.tt/mK4ODIS
Submitted April 09, 2025 at 03:08PM by evilpies
via reddit https://ift.tt/huV5l3z
Attack & Defense
Hardening the Firefox Frontend with Content Security Policies
Most of the Firefox User Interface (UI), including the address bar and the tab strip, are implemented using standard web technologies like HTML, CSS and JavaScript plus some additional custom components like XUL. One of the advantages of using web technologies…
Windows Defender antivirus bypass in 2025
https://ift.tt/sWa9lyr
Submitted April 09, 2025 at 01:55PM by Hackmosphere
via reddit https://ift.tt/LimIHhO
https://ift.tt/sWa9lyr
Submitted April 09, 2025 at 01:55PM by Hackmosphere
via reddit https://ift.tt/LimIHhO
Hackmosphere
Windows Defender antivirus bypass in 2025 - part 1
Discover how antivirus works and how to setup a lab for (Windows Defender) antivirus bypass. Basic code is provided to start experimenting !
OpenSSL prepares for a quantum future with 3.5.0 release
https://ift.tt/ifAMmG8
Submitted April 09, 2025 at 04:19PM by Comfortable-Site8626
via reddit https://ift.tt/Y8A4f9c
https://ift.tt/ifAMmG8
Submitted April 09, 2025 at 04:19PM by Comfortable-Site8626
via reddit https://ift.tt/Y8A4f9c
Help Net Security
OpenSSL prepares for a quantum future with 3.5.0 release
The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that
The Rise of Text-to-Video Innovation: Transforming Content Creation with AI
https://ift.tt/j9QuFkV
Submitted April 09, 2025 at 08:24PM by codeagencyblog
via reddit https://ift.tt/gDmrK5F
https://ift.tt/j9QuFkV
Submitted April 09, 2025 at 08:24PM by codeagencyblog
via reddit https://ift.tt/gDmrK5F
<FrontBackGeek/>
The Rise of Text-to-Video Innovation: Transforming Content Creation with AI - <FrontBackGeek/>
Imagine typing a simple noscript and watching it turn into a full-blown video with visuals, voiceovers, and seamless transitions—all in minutes. That’s the
VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side
https://ift.tt/HsSqM6d
Submitted April 09, 2025 at 09:33PM by Comfortable-Site8626
via reddit https://ift.tt/V879YGP
https://ift.tt/HsSqM6d
Submitted April 09, 2025 at 09:33PM by Comfortable-Site8626
via reddit https://ift.tt/V879YGP
Medium
VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side
By Nati Tal (Head of Guardio Labs)
One Bug Wasn’t Enough: Escalating Twice Through SAP’s Setuid Landscape
https://ift.tt/rzwOT1d
Submitted April 09, 2025 at 10:29PM by tlxio
via reddit https://ift.tt/zrmjNau
https://ift.tt/rzwOT1d
Submitted April 09, 2025 at 10:29PM by tlxio
via reddit https://ift.tt/zrmjNau
Anvil Secure
One Bug Wasn’t Enough: Escalating Twice Through SAP’s Setuid Landscape - Anvil Secure
Principal Security Engineer Tao Sauvage discovered two SAP flaws on a client project, resulting in a CVE and a custom tool.