Using an LLM with MCP for Threat Hunting
https://ift.tt/VYKkCUA
Submitted April 29, 2025 at 07:51AM by eitot8
via reddit https://ift.tt/UZ92DP3
https://ift.tt/VYKkCUA
Submitted April 29, 2025 at 07:51AM by eitot8
via reddit https://ift.tt/UZ92DP3
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Ruby on Rails Cross-Site Request Forgery
https://ift.tt/EHG2m8Q
Submitted April 29, 2025 at 05:30PM by thricethagr8est
via reddit https://ift.tt/dFPpEhi
https://ift.tt/EHG2m8Q
Submitted April 29, 2025 at 05:30PM by thricethagr8est
via reddit https://ift.tt/dFPpEhi
seclists.org
Full Disclosure: Ruby on Rails Cross-Site Request Forgery
AirBorne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk
https://ift.tt/1tx2wuJ
Submitted April 29, 2025 at 08:07PM by cov_id19
via reddit https://ift.tt/4jVG6oY
https://ift.tt/1tx2wuJ
Submitted April 29, 2025 at 08:07PM by cov_id19
via reddit https://ift.tt/4jVG6oY
www.oligo.security
Airborne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk | Oligo Security | Oligo Security
Oligo Security reveals AirBorne, a new set of vulnerabilities in Apple’s AirPlay protocol and SDK. Learn how zero-click RCEs, ACL bypasses, and wormable exploits could endanger Apple and IoT devices worldwide — and how to protect yourself.
Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
https://ift.tt/YqzHDnN
Submitted April 29, 2025 at 09:57PM by Pale_Fly_2673
via reddit https://ift.tt/PYJ80Ij
https://ift.tt/YqzHDnN
Submitted April 29, 2025 at 09:57PM by Pale_Fly_2673
via reddit https://ift.tt/PYJ80Ij
Aqua
Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
Shadow roles in AWS defaults can expose hidden attack paths enabling privilege escalation, cross-service access, and even account compromise
A Look Into the Secrets of MCP: The New Secret Leak Source
https://ift.tt/dnWrmjx
Submitted April 29, 2025 at 10:37PM by guedou
via reddit https://ift.tt/TMIf16r
https://ift.tt/dnWrmjx
Submitted April 29, 2025 at 10:37PM by guedou
via reddit https://ift.tt/TMIf16r
GitGuardian Blog - Take Control of Your Secrets Security
A Look Into the Secrets of MCP: The New Secret Leak Source
MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our research shows that MCP is a new source of leaks that already…
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
https://ift.tt/ZU063dQ
Submitted April 30, 2025 at 12:51AM by evilpies
via reddit https://ift.tt/sKbmO2Y
https://ift.tt/ZU063dQ
Submitted April 30, 2025 at 12:51AM by evilpies
via reddit https://ift.tt/sKbmO2Y
Google Cloud Blog
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Cloud Blog
This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits.
GFI MailEssentials - Yet Another .NET Target - Frycos
https://ift.tt/gNQeJvA
Submitted April 30, 2025 at 09:36AM by smaury
via reddit https://ift.tt/ydztq05
https://ift.tt/gNQeJvA
Submitted April 30, 2025 at 09:36AM by smaury
via reddit https://ift.tt/ydztq05
Frycos Security Diary
GFI MailEssentials - Yet Another .NET Target
What is this product GFI MailEssentials all about? We’re living the future, right? So let’s ask the GFI AI.
A Technical Review of AI-Infra-Guard V2: New MCP Server Security Analysis Tool
https://ift.tt/FUDpmMb
Submitted April 30, 2025 at 02:26PM by CoatPowerful1541
via reddit https://ift.tt/FonV9rl
https://ift.tt/FUDpmMb
Submitted April 30, 2025 at 02:26PM by CoatPowerful1541
via reddit https://ift.tt/FonV9rl
Medium
A Technical Review of AI-Infra-Guard V2: New MCP Server Security Analysis Tool
Tencent’s Zhuque Lab recently dropped AI-Infra-Guard V2, an open-source, AI-driven security tool built specifically for MCP servers. After…
Samsung MagicINFO Unauthenticated RCE
https://ift.tt/8NEyMci
Submitted April 30, 2025 at 02:53PM by Straight-Zombie-646
via reddit https://ift.tt/iH0Cz4l
https://ift.tt/8NEyMci
Submitted April 30, 2025 at 02:53PM by Straight-Zombie-646
via reddit https://ift.tt/iH0Cz4l
SSD Secure Disclosure
SSD Advisory - Samsung MagicINFO Unauthenticated RCE - SSD Secure Disclosure
Summary MagicINFO exposes an endpoint which: Wrapping all together it is possible to upload a JSP file to execute arbitrary server-side code without having a valid user. Credit An independent security researcher working with SSD Secure Disclosure. Vendor…
Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI
https://ift.tt/pKZW21S
Submitted April 30, 2025 at 06:01PM by onlinereadme
via reddit https://ift.tt/25LQxug
https://ift.tt/pKZW21S
Submitted April 30, 2025 at 06:01PM by onlinereadme
via reddit https://ift.tt/25LQxug
Medium
Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI
Reverse engineering binaries often resembles digital archaeology: excavating layers of compiled code, interpreting obscured logic, and…
I tried out vibe hacking with Cursor. It kinda worked and I ultimately found RCE.
https://ift.tt/pWYbVEO
Submitted April 30, 2025 at 05:37PM by ezzzzz
via reddit https://ift.tt/5IGJjln
https://ift.tt/pWYbVEO
Submitted April 30, 2025 at 05:37PM by ezzzzz
via reddit https://ift.tt/5IGJjln
Research Blog | Project Black
Vibe Hacking: Finding Auth Bypass and RCE in Open Game Panel
You've heard of vibe coding, but have you considered vibe hacking? I tried thinking less to find an authentication bypass and RCE in OpenGamePanel.
AiTM for WHFB persistence
https://ift.tt/1TJStoG
Submitted April 30, 2025 at 10:39PM by rikvduijn
via reddit https://ift.tt/F4SWdiJ
https://ift.tt/1TJStoG
Submitted April 30, 2025 at 10:39PM by rikvduijn
via reddit https://ift.tt/F4SWdiJ
Attic
AiTM for WHFB persistence - Attic
Learn how we managed to circumvent "phishing-resistant" MFA based on Windows Hello for Business, during an internal capture-the-flag competition.
Hijacking NodeJS’ Jenkins Agents For Code Execution and More
https://ift.tt/IoTefXQ
Submitted May 01, 2025 at 01:17AM by IrohsLotusTile
via reddit https://ift.tt/XVefKJu
https://ift.tt/IoTefXQ
Submitted May 01, 2025 at 01:17AM by IrohsLotusTile
via reddit https://ift.tt/XVefKJu
Praetorian
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.
Inside the Latest Espionage Campaign of Nebulous Mantis
https://ift.tt/5ybmLx6
Submitted May 01, 2025 at 12:14PM by small_talk101
via reddit https://ift.tt/zKruvBl
https://ift.tt/5ybmLx6
Submitted May 01, 2025 at 12:14PM by small_talk101
via reddit https://ift.tt/zKruvBl
Pwning the Ladybird browser
https://ift.tt/rLVlHEJ
Submitted May 01, 2025 at 11:50PM by FoxInTheRedBox
via reddit https://ift.tt/Sa28Nsr
https://ift.tt/rLVlHEJ
Submitted May 01, 2025 at 11:50PM by FoxInTheRedBox
via reddit https://ift.tt/Sa28Nsr
AI hiveminds can exploit vulnerabilities 25% faster—here’s how they work
https://ift.tt/F5E8bY2
Submitted May 02, 2025 at 02:38PM by raptorhunter22
via reddit https://ift.tt/2bVgM3l
https://ift.tt/F5E8bY2
Submitted May 02, 2025 at 02:38PM by raptorhunter22
via reddit https://ift.tt/2bVgM3l
The CyberSec Guru
The Rise of the AI Hivemind: How Autonomous Agents Are Revolutionizing Cyber Attacks | The CyberSec Guru
Explore how AI hiveminds and autonomous agents are transforming cyber attacks in 2025. Learn about their speed, adaptability, and impact
The Chromium Security Paradox
https://ift.tt/PIhdfqn
Submitted May 03, 2025 at 03:56PM by unaligned_access
via reddit https://ift.tt/41Nsjnb
https://ift.tt/PIhdfqn
Submitted May 03, 2025 at 03:56PM by unaligned_access
via reddit https://ift.tt/41Nsjnb
Island.io
The Chromium Security Paradox: Advanced Yet Vulnerable
Chromium's advanced security still leaves enterprises vulnerable to local attacks. But it’s not Chromium’s fault. A deeper look via the Chromium issue tracker
Need Help
https://ift.tt/RCrFoia
Submitted May 03, 2025 at 11:34PM by walidelkrrr
via reddit https://ift.tt/VmEaG8P
https://ift.tt/RCrFoia
Submitted May 03, 2025 at 11:34PM by walidelkrrr
via reddit https://ift.tt/VmEaG8P
The Malware That Outsmarted Antivirus, Firewalls, and Humans — Meet Chimera
https://ift.tt/ivT7W5h
Submitted May 04, 2025 at 05:39AM by badminton987
via reddit https://ift.tt/Va9xIZf
https://ift.tt/ivT7W5h
Submitted May 04, 2025 at 05:39AM by badminton987
via reddit https://ift.tt/Va9xIZf
Medium
The Malware That Outsmarted Antivirus, Firewalls, and Humans — Meet Chimera
How “Chimera” Nearly Destroyed X Business in 2025 — and What Every Small Business Must Learn
YARA Playground - Client Side WASM
https://ift.tt/Dr0FkEv
Submitted May 04, 2025 at 08:40PM by Diligent_Desk5592
via reddit https://ift.tt/rwbLzuU
https://ift.tt/Dr0FkEv
Submitted May 04, 2025 at 08:40PM by Diligent_Desk5592
via reddit https://ift.tt/rwbLzuU
Yaraplayground
YARA Playground Online – Free YARA Validator
Instant YARA rule testing and validation in the browser.
Reddit shadowban architecture creates silent data harvesting risk, undermines trust boundaries
https://ift.tt/93EUGe7
Submitted May 05, 2025 at 08:45AM by notyourgirl4444444
via reddit https://ift.tt/V8d4jfv
https://ift.tt/93EUGe7
Submitted May 05, 2025 at 08:45AM by notyourgirl4444444
via reddit https://ift.tt/V8d4jfv
localhost
7 Astonishing Facts You Need to Know About Reddit's Shadowban Phenomenon
A Foray into the Shadowy Corners of Reddit: Understanding Reddit Shadowbans