Hijacking Cursor’s Agent: How We Took Over an EC2 Instance
https://ift.tt/6Oz9iEF
Submitted July 23, 2025 at 09:36PM by vowskigin
via reddit https://ift.tt/D0xUCIO
https://ift.tt/6Oz9iEF
Submitted July 23, 2025 at 09:36PM by vowskigin
via reddit https://ift.tt/D0xUCIO
🧠 Countdown to BSides Basingstoke – Talk + CTF Incoming!
https://ift.tt/FWilMIC
Submitted July 24, 2025 at 02:52AM by DifferenceNorth1427
via reddit https://ift.tt/Zl3KQxd
https://ift.tt/FWilMIC
Submitted July 24, 2025 at 02:52AM by DifferenceNorth1427
via reddit https://ift.tt/Zl3KQxd
SharePoint ToolShell – One Request PreAuth RCE Chain
https://ift.tt/I6ypYuz
Submitted July 24, 2025 at 05:15PM by AlmondOffSec
via reddit https://ift.tt/q4NCIdg
https://ift.tt/I6ypYuz
Submitted July 24, 2025 at 05:15PM by AlmondOffSec
via reddit https://ift.tt/q4NCIdg
CastleLoader Malware: Fake GitHub and Phishing Attack Hits 469 Devices
https://ift.tt/P9sjhTd
Submitted July 25, 2025 at 02:19AM by small_talk101
via reddit https://ift.tt/oZFVqI8
https://ift.tt/P9sjhTd
Submitted July 25, 2025 at 02:19AM by small_talk101
via reddit https://ift.tt/oZFVqI8
How we Rooted Copilot
https://ift.tt/APRWfVH
Submitted July 25, 2025 at 05:03PM by vaizor
via reddit https://ift.tt/nu0e2lC
https://ift.tt/APRWfVH
Submitted July 25, 2025 at 05:03PM by vaizor
via reddit https://ift.tt/nu0e2lC
research.eye.security
How we Rooted Copilot
We explored the new Python sandbox in Microsoft Copilot Enterprise, and got root on the underlying container.
How We Gained Full Access to a $100M Zero-Trust Startup
https://ift.tt/qKhnC8r
Submitted July 25, 2025 at 07:42PM by kobsoN
via reddit https://ift.tt/5lUQWjJ
https://ift.tt/qKhnC8r
Submitted July 25, 2025 at 07:42PM by kobsoN
via reddit https://ift.tt/5lUQWjJ
New Advanced Stealer (SHUYAL) Targets Credentials Across 19 Popular Browsers
https://ift.tt/E2xt10X
Submitted July 24, 2025 at 07:38PM by CyberMasterV
via reddit https://ift.tt/nY2CzHl
https://ift.tt/E2xt10X
Submitted July 24, 2025 at 07:38PM by CyberMasterV
via reddit https://ift.tt/nY2CzHl
Blogspot
New Advanced Stealer (SHUYAL) Targets Credentials Across 19 Popular Browsers
Author(s): Vlad Pasca New advanced stealer analyzed though Hybrid Analysis and named 'SHUYAL' Hybrid Analysis report reveals the stealer c...
The average ransomware attack payment increased nearly 500% from 2023 to 2024.
https://ift.tt/rfPtAUM
Submitted July 26, 2025 at 02:58AM by OpulentOwl
via reddit https://ift.tt/bBxQ29L
https://ift.tt/rfPtAUM
Submitted July 26, 2025 at 02:58AM by OpulentOwl
via reddit https://ift.tt/bBxQ29L
Ooma.com - Smart solutions for home and business.
30 statistics about data breaches | Ooma
Data breaches remain a massive concern and have seemed to shift from rare occurrences to disturbingly common ones. Here is what you need to know.
Admin Emails & Passwords Exposed via HTTP Method Change
https://ift.tt/FzOpNkW
Submitted July 26, 2025 at 07:02AM by General_Speaker9653
via reddit https://ift.tt/BeR3Ihd
https://ift.tt/FzOpNkW
Submitted July 26, 2025 at 07:02AM by General_Speaker9653
via reddit https://ift.tt/BeR3Ihd
Medium
Admin Emails & Passwords Exposed via HTTP Method Change
Hello folks,
I’m Mahmoud El manzalawy, a bug bounty hunter who enjoys finding vulnerabilities in his free time.
I’m Mahmoud El manzalawy, a bug bounty hunter who enjoys finding vulnerabilities in his free time.
How to find the blackhat and defcon paper
https://ift.tt/9NWTOdY
Submitted July 26, 2025 at 02:40PM by Green_Sky_99
via reddit https://ift.tt/kKphwdF
https://ift.tt/9NWTOdY
Submitted July 26, 2025 at 02:40PM by Green_Sky_99
via reddit https://ift.tt/kKphwdF
Blackhat
Black Hat USA 2024
Investigate phishing emails
https://ift.tt/5fAKMUe
Submitted July 26, 2025 at 08:17PM by Brave-Application841
via reddit https://ift.tt/kduf1s0
https://ift.tt/5fAKMUe
Submitted July 26, 2025 at 08:17PM by Brave-Application841
via reddit https://ift.tt/kduf1s0
ChatGPT
ChatGPT - Investigate phishing emails
Shared via ChatGPT
Deepfakes, Vishing, and GPT Scams: Phishing Just Levelled Up
https://ift.tt/XcHmRsu
Submitted July 27, 2025 at 02:46AM by AlexanderDan10-Alger
via reddit https://ift.tt/pNFjdGK
https://ift.tt/XcHmRsu
Submitted July 27, 2025 at 02:46AM by AlexanderDan10-Alger
via reddit https://ift.tt/pNFjdGK
Created a Penetration Testing Guide to Help the Community, Feedback Welcome!
https://ift.tt/9hRaEfv
Submitted July 27, 2025 at 09:49AM by Bitter_Increase3590
via reddit https://ift.tt/KQgZG2q
https://ift.tt/9hRaEfv
Submitted July 27, 2025 at 09:49AM by Bitter_Increase3590
via reddit https://ift.tt/KQgZG2q
reaper.gitbook.io
Welcome here! | My Penetration Test Guide
BadSuccessor – Purple Team
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 05:49PM by netbiosX
via reddit https://ift.tt/gr0qlvJ
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 05:49PM by netbiosX
via reddit https://ift.tt/gr0qlvJ
Purple Team
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
Weekly feed of 140+ Security Blogs
https://ift.tt/gvCWJhO
Submitted July 28, 2025 at 09:45PM by CyberT17
via reddit https://ift.tt/lSFtakh
https://ift.tt/gvCWJhO
Submitted July 28, 2025 at 09:45PM by CyberT17
via reddit https://ift.tt/lSFtakh
149 Security Blogs
Security Blogs
149 Security Blogs News Feed
A purple team approach on BadSuccessor
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 10:50PM by netbiosX
via reddit https://ift.tt/Qehnx5k
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 10:50PM by netbiosX
via reddit https://ift.tt/Qehnx5k
Purple Team
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598)
https://ift.tt/bne7CaL
Submitted July 29, 2025 at 03:10AM by dx7r__
via reddit https://ift.tt/rnAidhM
https://ift.tt/bne7CaL
Submitted July 29, 2025 at 03:10AM by dx7r__
via reddit https://ift.tt/rnAidhM
watchTowr Labs
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598)
It’s 2025, and at this point, we’re convinced there’s a secret industry-wide pledge: every network appliance must include at least one trivially avoidable HTTP header parsing bug - preferably pre-auth. Bonus points if it involves sscanf.
If that’s the case…
If that’s the case…
Struts Devmode in 2025? Critical Pre-Auth Vulnerabilities in Adobe Experience Manager Forms
https://ift.tt/6bxeNXL
Submitted July 29, 2025 at 01:48PM by Mempodipper
via reddit https://ift.tt/pJ7Kwt4
https://ift.tt/6bxeNXL
Submitted July 29, 2025 at 01:48PM by Mempodipper
via reddit https://ift.tt/pJ7Kwt4
Searchlight Cyber
Struts Devmode in 2025? Pre-Auth Bugs in AEM Forms | Searchlight
Vulnerabilities in AEM Forms The Searchlight Cyber Research Team discovered and disclosed three critical vulnerabilities in Adobe Experience Manager Forms to Adobe in late April 2025. As of writing this research post, 90 days have passed since our disclosure…
Google Gemini AI CLI Hijack - Code Execution Through Deception
https://ift.tt/G0x8HIN
Submitted July 29, 2025 at 01:41PM by tracebit
via reddit https://ift.tt/bajedvT
https://ift.tt/G0x8HIN
Submitted July 29, 2025 at 01:41PM by tracebit
via reddit https://ift.tt/bajedvT
Tracebit
Code Execution Through Deception: Gemini AI CLI Hijack | Tracebit
Tracebit discovered a silent attack on Gemini CLI where, through a toxic combination of prompt injection, misleading UX and missing validation, inspecting untrusted code consistently leads to execution of malicious commands - enabling silent credential theft…
Attacking GenAI applications and LLMs - Sometimes all it takes is to ask nicely!
https://ift.tt/y9dINqP
Submitted July 29, 2025 at 05:57PM by 0xdea
via reddit https://ift.tt/BGiTCQH
https://ift.tt/y9dINqP
Submitted July 29, 2025 at 05:57PM by 0xdea
via reddit https://ift.tt/BGiTCQH
HN Security
Attacking GenAI applications and LLMs - Sometimes all it takes is to ask nicely! - HN Security
Real-world attack examples against GenAI and LLMs, highlighting attack techniques and often-overlooked security risks.
Amazon Q: Now with Helpful AI-Powered Self-Destruct Capabilities
https://ift.tt/kPd9MCw
Submitted July 30, 2025 at 02:47AM by cos
via reddit https://ift.tt/bEzH3wi
https://ift.tt/kPd9MCw
Submitted July 30, 2025 at 02:47AM by cos
via reddit https://ift.tt/bEzH3wi
Last Week in AWS
Amazon Q: Now with Helpful AI-Powered Self-Destruct Capabilities
Today 404Media released a truly stunning report that almost beggars belief. To break it down into its simplest form: A hacker submitted a PR. It got merged. It told Amazon Q to nuke your computer and cloud infra. Amazon shipped it.