Deepfakes, Vishing, and GPT Scams: Phishing Just Levelled Up
https://ift.tt/XcHmRsu
Submitted July 27, 2025 at 02:46AM by AlexanderDan10-Alger
via reddit https://ift.tt/pNFjdGK
https://ift.tt/XcHmRsu
Submitted July 27, 2025 at 02:46AM by AlexanderDan10-Alger
via reddit https://ift.tt/pNFjdGK
Created a Penetration Testing Guide to Help the Community, Feedback Welcome!
https://ift.tt/9hRaEfv
Submitted July 27, 2025 at 09:49AM by Bitter_Increase3590
via reddit https://ift.tt/KQgZG2q
https://ift.tt/9hRaEfv
Submitted July 27, 2025 at 09:49AM by Bitter_Increase3590
via reddit https://ift.tt/KQgZG2q
reaper.gitbook.io
Welcome here! | My Penetration Test Guide
BadSuccessor – Purple Team
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 05:49PM by netbiosX
via reddit https://ift.tt/gr0qlvJ
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 05:49PM by netbiosX
via reddit https://ift.tt/gr0qlvJ
Purple Team
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
Weekly feed of 140+ Security Blogs
https://ift.tt/gvCWJhO
Submitted July 28, 2025 at 09:45PM by CyberT17
via reddit https://ift.tt/lSFtakh
https://ift.tt/gvCWJhO
Submitted July 28, 2025 at 09:45PM by CyberT17
via reddit https://ift.tt/lSFtakh
149 Security Blogs
Security Blogs
149 Security Blogs News Feed
A purple team approach on BadSuccessor
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 10:50PM by netbiosX
via reddit https://ift.tt/Qehnx5k
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 10:50PM by netbiosX
via reddit https://ift.tt/Qehnx5k
Purple Team
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598)
https://ift.tt/bne7CaL
Submitted July 29, 2025 at 03:10AM by dx7r__
via reddit https://ift.tt/rnAidhM
https://ift.tt/bne7CaL
Submitted July 29, 2025 at 03:10AM by dx7r__
via reddit https://ift.tt/rnAidhM
watchTowr Labs
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598)
It’s 2025, and at this point, we’re convinced there’s a secret industry-wide pledge: every network appliance must include at least one trivially avoidable HTTP header parsing bug - preferably pre-auth. Bonus points if it involves sscanf.
If that’s the case…
If that’s the case…
Struts Devmode in 2025? Critical Pre-Auth Vulnerabilities in Adobe Experience Manager Forms
https://ift.tt/6bxeNXL
Submitted July 29, 2025 at 01:48PM by Mempodipper
via reddit https://ift.tt/pJ7Kwt4
https://ift.tt/6bxeNXL
Submitted July 29, 2025 at 01:48PM by Mempodipper
via reddit https://ift.tt/pJ7Kwt4
Searchlight Cyber
Struts Devmode in 2025? Pre-Auth Bugs in AEM Forms | Searchlight
Vulnerabilities in AEM Forms The Searchlight Cyber Research Team discovered and disclosed three critical vulnerabilities in Adobe Experience Manager Forms to Adobe in late April 2025. As of writing this research post, 90 days have passed since our disclosure…
Google Gemini AI CLI Hijack - Code Execution Through Deception
https://ift.tt/G0x8HIN
Submitted July 29, 2025 at 01:41PM by tracebit
via reddit https://ift.tt/bajedvT
https://ift.tt/G0x8HIN
Submitted July 29, 2025 at 01:41PM by tracebit
via reddit https://ift.tt/bajedvT
Tracebit
Code Execution Through Deception: Gemini AI CLI Hijack | Tracebit
Tracebit discovered a silent attack on Gemini CLI where, through a toxic combination of prompt injection, misleading UX and missing validation, inspecting untrusted code consistently leads to execution of malicious commands - enabling silent credential theft…
Attacking GenAI applications and LLMs - Sometimes all it takes is to ask nicely!
https://ift.tt/y9dINqP
Submitted July 29, 2025 at 05:57PM by 0xdea
via reddit https://ift.tt/BGiTCQH
https://ift.tt/y9dINqP
Submitted July 29, 2025 at 05:57PM by 0xdea
via reddit https://ift.tt/BGiTCQH
HN Security
Attacking GenAI applications and LLMs - Sometimes all it takes is to ask nicely! - HN Security
Real-world attack examples against GenAI and LLMs, highlighting attack techniques and often-overlooked security risks.
Amazon Q: Now with Helpful AI-Powered Self-Destruct Capabilities
https://ift.tt/kPd9MCw
Submitted July 30, 2025 at 02:47AM by cos
via reddit https://ift.tt/bEzH3wi
https://ift.tt/kPd9MCw
Submitted July 30, 2025 at 02:47AM by cos
via reddit https://ift.tt/bEzH3wi
Last Week in AWS
Amazon Q: Now with Helpful AI-Powered Self-Destruct Capabilities
Today 404Media released a truly stunning report that almost beggars belief. To break it down into its simplest form: A hacker submitted a PR. It got merged. It told Amazon Q to nuke your computer and cloud infra. Amazon shipped it.
Exploiting zero days in abandoned hardware
https://ift.tt/VOo9ybr
Submitted July 30, 2025 at 12:59PM by AlmondOffSec
via reddit https://ift.tt/i8OBtq3
https://ift.tt/VOo9ybr
Submitted July 30, 2025 at 12:59PM by AlmondOffSec
via reddit https://ift.tt/i8OBtq3
The Trail of Bits Blog
Exploiting zero days in abandoned hardware
We successfully exploited two discontinued network devices at DistrictCon’s inaugural Junkyard competition in February, winning runner-up for Most Innovative Exploitation Technique. Our exploit chains demonstrate why end-of-life hardware poses persistent…
New Critical CrushFTP CVE-2025-54309 RCE Explained + PoC
https://ift.tt/tJmYqWn
Submitted July 31, 2025 at 03:46AM by pwnguide
via reddit https://ift.tt/wL2Qtnd
https://ift.tt/tJmYqWn
Submitted July 31, 2025 at 03:46AM by pwnguide
via reddit https://ift.tt/wL2Qtnd
MaterialX and OpenEXR Security Audit - Shielder
https://ift.tt/KrauqX0
Submitted July 31, 2025 at 08:40PM by smaury
via reddit https://ift.tt/c6h8v24
https://ift.tt/KrauqX0
Submitted July 31, 2025 at 08:40PM by smaury
via reddit https://ift.tt/c6h8v24
Shielder
Shielder - MaterialX and OpenEXR Security Audit
MaterialX And OpenEXR Security Audits, sponsored by the ASWF (Academy Software Foundation), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT | Cleafy
https://ift.tt/f0kuDSA
Submitted August 01, 2025 at 02:05PM by f3d_0x0
via reddit https://ift.tt/EDcFwjB
https://ift.tt/f0kuDSA
Submitted August 01, 2025 at 02:05PM by f3d_0x0
via reddit https://ift.tt/EDcFwjB
Cleafy
PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT | Cleafy
The Cleafy Threat Intelligence Team has uncovered a large-scale Malware-as-a-Service (MaaS) operation orchestrated by Chinese-speaking Threat Actors. The operation has globally infected over 11,000 Android devices by deploying the PlayPraetor Remote Access…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted August 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/JRwvOiM
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted August 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/JRwvOiM
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
It opened the free, online, practical 'Introduction to Security' class from the Czech Technical University.
https://ift.tt/CsoZY5k
Submitted August 01, 2025 at 10:42PM by sebagarcia
via reddit https://ift.tt/72pwan5
https://ift.tt/CsoZY5k
Submitted August 01, 2025 at 10:42PM by sebagarcia
via reddit https://ift.tt/72pwan5
cybersecurity.bsy.fel.cvut.cz
Introduction to Security
Introduction to Security Class (BSY), FEL, Czech Technical University
What the Top 20 OSS Vulnerabilities Reveal About the Real Challenges in Security Governance
https://ift.tt/3lEqaCS
Submitted August 02, 2025 at 09:43AM by repoog
via reddit https://ift.tt/s0KIPzh
https://ift.tt/3lEqaCS
Submitted August 02, 2025 at 09:43AM by repoog
via reddit https://ift.tt/s0KIPzh
Medium
From the Top 20 Open Source Component Vulnerabilities: Rethinking the Challenges of Open Source Security Governance
How the most common open source vulnerabilities reveal deeper challenges in building sustainable, secure software systems.
Forced to give your password? Here is the solution.
https://www.veilith.com
Submitted August 02, 2025 at 04:32PM by marcusfrex
via reddit https://ift.tt/VHvxSu8
https://www.veilith.com
Submitted August 02, 2025 at 04:32PM by marcusfrex
via reddit https://ift.tt/VHvxSu8
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by marcusfrex - 0 votes and 19 comments
Be patient and keep it simple.
https://ift.tt/GqSkDAF
Submitted August 02, 2025 at 09:01PM by anasbetis94
via reddit https://ift.tt/jKbGJPk
https://ift.tt/GqSkDAF
Submitted August 02, 2025 at 09:01PM by anasbetis94
via reddit https://ift.tt/jKbGJPk
Medium
Be Patient and Keep it Simple, The Bug is There
Good Day!
I designed a constant-free cryptographic hash function where entropy fully emerges from the input: Kaoru Hash (public blueprint with code and spec)
https://ift.tt/8fr4YnZ
Submitted August 04, 2025 at 07:50AM by No_Arachnid_5563
via reddit https://ift.tt/rVTINmM
https://ift.tt/8fr4YnZ
Submitted August 04, 2025 at 07:50AM by No_Arachnid_5563
via reddit https://ift.tt/rVTINmM
OSF
Kaoru Hash: A Constant-Free, Message-Emergent Hash Function Specification and Security Rationale
Kaoru Hash is a novel cryptographic blueprint for a deterministic, constant-free hash function where all entropy and structural complexity emerge from the input message itself.
Unlike traditional hash functions that rely on fixed tables, seeds, or externally…
Unlike traditional hash functions that rely on fixed tables, seeds, or externally…
Lateral Movement – BitLocker
https://ift.tt/ymYExGt
Submitted August 04, 2025 at 02:53PM by netbiosX
via reddit https://ift.tt/cErBzY2
https://ift.tt/ymYExGt
Submitted August 04, 2025 at 02:53PM by netbiosX
via reddit https://ift.tt/cErBzY2
Purple Team
Lateral Movement – BitLocker
BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typi…