Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
https://ift.tt/lagFizk
Submitted September 30, 2025 at 02:41PM by f3d_0x0
via reddit https://ift.tt/XJNgdax
https://ift.tt/lagFizk
Submitted September 30, 2025 at 02:41PM by f3d_0x0
via reddit https://ift.tt/XJNgdax
Cleafy
Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
In late August 2025, Cleafy's Threat Intelligence team discovered Klopatra, a new, highly sophisticated Android malware currently targeting banking users primarily in Spain and Italy. The number of compromised devices has already exceeded 1,000. Read the…
You name it, VMware elevates it (CVE-2025-41244)
https://ift.tt/yoQJXTS
Submitted September 30, 2025 at 04:08PM by rkhunter_
via reddit https://ift.tt/L43EBFJ
https://ift.tt/yoQJXTS
Submitted September 30, 2025 at 04:08PM by rkhunter_
via reddit https://ift.tt/L43EBFJ
NVISO Labs
You name it, VMware elevates it (CVE-2025-41244)
NVISO has identified zero-day exploitation of CVE-2025-41244, a local privilege escalation vulnerability impacting VMware's guest service discovery features.
ZeroDay Cloud: The first open-source cloud hacking competition
https://zeroday.cloud
Submitted October 01, 2025 at 12:27AM by geekydeveloper
via reddit https://ift.tt/CZdKRNP
https://zeroday.cloud
Submitted October 01, 2025 at 12:27AM by geekydeveloper
via reddit https://ift.tt/CZdKRNP
ZeroDay Cloud
ZeroDay Cloud: Cloud Security Hacking Competition
Join the world's top researchers in a competition to find zero-day vulnerabilities in core open-source software powering the cloud. Over $5M prize pool!
When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise
https://ift.tt/LfNhAJi
Submitted October 01, 2025 at 12:01AM by MrTuxracer
via reddit https://ift.tt/AHyt7zP
https://ift.tt/LfNhAJi
Submitted October 01, 2025 at 12:01AM by MrTuxracer
via reddit https://ift.tt/AHyt7zP
Remote Code Execution and Authentication Bypass in Materialise OrthoView (CVE-2025-23049)
https://ift.tt/C0OsVun
Submitted October 01, 2025 at 03:10AM by panicnot42
via reddit https://ift.tt/XdAmC57
https://ift.tt/C0OsVun
Submitted October 01, 2025 at 03:10AM by panicnot42
via reddit https://ift.tt/XdAmC57
Outurnate
Remote Code Execution and Authentication Bypass in Materialise OrthoView (CVE-2025-23049)
Personal projects, research, and other things I find worth sharing
LLM security agent finds zero-day vulnerability in LLM engineering platform with 16k github stars (CVE-2025-59305)
https://ift.tt/kK9JufR
Submitted October 01, 2025 at 04:00AM by va_start
via reddit https://ift.tt/vJD85Ik
https://ift.tt/kK9JufR
Submitted October 01, 2025 at 04:00AM by va_start
via reddit https://ift.tt/vJD85Ik
Depthfirst
DepthFirst | How An Authorization Flaw Reveals A Common Security Blind Spot: CVE-2025-59305 Case Study
Software Secured | Hacking Furbo 2: Mobile App and P2P Exploits | USA
https://ift.tt/PiuDybB
Submitted October 01, 2025 at 07:13AM by duduywn
via reddit https://ift.tt/iXdThIJ
https://ift.tt/PiuDybB
Submitted October 01, 2025 at 07:13AM by duduywn
via reddit https://ift.tt/iXdThIJ
Softwaresecured
Hacking Furbo 2: Mobile App and P2P Exploits
We reverse the Android app, hook TUTK Kalay P2P with Frida, capture commands, find token remnants in memory, trigger SSRF to custom.wav, and show a treat-toss DoS.
IPv4/IPv6 Packet Fragmentation: Implementation Details - PacketSmith
https://ift.tt/4XAGFBK
Submitted October 01, 2025 at 06:50PM by MFMokbel
via reddit https://ift.tt/FwhpNOq
https://ift.tt/4XAGFBK
Submitted October 01, 2025 at 06:50PM by MFMokbel
via reddit https://ift.tt/FwhpNOq
PacketSmith
IPv4/IPv6 Packet Fragmentation: Implementation Details - PacketSmith
IPv4/IPv6 Packet Fragmentation: Implementation Details Introduction In release v2.0, we’ve shipped PacketSmith with support for IPv4/IPv6 fragmentation detection and reassembly. Additionally, we’ve detailed some of the implementation details in the public…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted October 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/a4ieQft
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted October 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/a4ieQft
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Nuclei Templates for Detecting AMI MegaRAC BMC Vulnerabilities
https://ift.tt/2Dyomnz
Submitted October 02, 2025 at 03:17AM by TechDeepDive
via reddit https://ift.tt/cg9UMH4
https://ift.tt/2Dyomnz
Submitted October 02, 2025 at 03:17AM by TechDeepDive
via reddit https://ift.tt/cg9UMH4
Eclypsium | Supply Chain Security for the Modern Enterprise
Eclypsium Releases Tools for Detecting AMI MegaRAC BMC Vulnerabilities - Eclypsium | Supply Chain Security for the Modern Enterprise
An attacker armed with the latest knowledge of BMC vulnerabilities and exploits is poised to take control of your server(s). Given that one of these vulnerabilities, CVE-2024-54085, was recently added to the CISA KEV, we now know exploitation is happening…
CVE-2025-59489: Arbitrary Code Execution in Unity Runtime
https://ift.tt/J372yxu
Submitted October 03, 2025 at 10:36AM by toyojuni
via reddit https://ift.tt/lmUvCrk
https://ift.tt/J372yxu
Submitted October 03, 2025 at 10:36AM by toyojuni
via reddit https://ift.tt/lmUvCrk
GMO Flatt Security Research
CVE-2025-59489: Arbitrary Code Execution in Unity Runtime
Introduction
Hello, I’m RyotaK
(@ryotkak
), a security engineer at GMO Flatt Security Inc.
In May 2025, I participated in the Meta Bug Bounty Researcher Conference 2025.
During this event, I discovered a vulnerability (CVE-2025-59489) in the Unity Runtime…
Hello, I’m RyotaK
(@ryotkak
), a security engineer at GMO Flatt Security Inc.
In May 2025, I participated in the Meta Bug Bounty Researcher Conference 2025.
During this event, I discovered a vulnerability (CVE-2025-59489) in the Unity Runtime…
It's Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604) - watchTowr Labs
https://ift.tt/DAuyGBs
Submitted October 03, 2025 at 06:15PM by dx7r__
via reddit https://ift.tt/ApzVv1O
https://ift.tt/DAuyGBs
Submitted October 03, 2025 at 06:15PM by dx7r__
via reddit https://ift.tt/ApzVv1O
watchTowr Labs
It's Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604)
Welcome back, and what a week! We’re glad that happened for you and/or sorry that happened to you. It will get better and/or worse, and you will likely survive.
Today, we’re walking down the garden path and digging into the archives, publishing our analysis…
Today, we’re walking down the garden path and digging into the archives, publishing our analysis…
Macquarie Telecom enlists Netskope to power SASE sauce
https://ift.tt/Uo8nhvq
Submitted October 03, 2025 at 06:59PM by Choochy89
via reddit https://ift.tt/nMz4a7c
https://ift.tt/Uo8nhvq
Submitted October 03, 2025 at 06:59PM by Choochy89
via reddit https://ift.tt/nMz4a7c
Sdxcentral
Macquarie Telecom enlists Netskope to power SASE sauce
Netskope’s SSE platform will help bring Macquarie’s SASE offerings to more customers amid deluge of Australian cyberattacks
Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control
https://ift.tt/FpIdajT
Submitted October 03, 2025 at 11:36PM by SkyFallRobin
via reddit https://ift.tt/ZzFCBvT
https://ift.tt/FpIdajT
Submitted October 03, 2025 at 11:36PM by SkyFallRobin
via reddit https://ift.tt/ZzFCBvT
Medium
Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control
Summary & Background
My experience with LLM Code Review vs Deterministic SAST Security Tools
https://ift.tt/5R1Fvpf
Submitted October 04, 2025 at 02:53AM by prestonprice
via reddit https://ift.tt/kJaCgxm
https://ift.tt/5R1Fvpf
Submitted October 04, 2025 at 02:53AM by prestonprice
via reddit https://ift.tt/kJaCgxm
blog.fraim.dev
LLM Code Review vs Deterministic SAST Security Tools
How do the latest models stack up against traditional code scanners?
VED 2026: after CFI - data only
https://ift.tt/NIgFXVx
Submitted October 04, 2025 at 10:04AM by hardenedvault
via reddit https://ift.tt/DbOhd6R
https://ift.tt/NIgFXVx
Submitted October 04, 2025 at 10:04AM by hardenedvault
via reddit https://ift.tt/DbOhd6R
hardenedvault.net
VED 2026: after CFI - data only
after CFI - data only The exploitation techniques and mitigation has been evolving rapidly since the paper “Smash the Stack for Fun and Profit” released in Phrack Issue 49.
Upcoming Technical Security Talks & Workshops at BsidesNoVA – Oct 10–11 (Arlington VA)
https://bsidesnova.org
Submitted October 05, 2025 at 09:34PM by JackfruitDirect6803
via reddit https://ift.tt/mxr3ga8
https://bsidesnova.org
Submitted October 05, 2025 at 09:34PM by JackfruitDirect6803
via reddit https://ift.tt/mxr3ga8
Analyzing The Salesloft-Drift Breach
https://ift.tt/HykKMFv
Submitted October 06, 2025 at 01:11PM by Comfortable-Site8626
via reddit https://ift.tt/2hPsUvz
https://ift.tt/HykKMFv
Submitted October 06, 2025 at 01:11PM by Comfortable-Site8626
via reddit https://ift.tt/2hPsUvz
Taking remote control over industrial generators
https://ift.tt/jT5q2Vz
Submitted October 06, 2025 at 08:56PM by EatonZ
via reddit https://ift.tt/KLFaPpN
https://ift.tt/jT5q2Vz
Submitted October 06, 2025 at 08:56PM by EatonZ
via reddit https://ift.tt/KLFaPpN
Eaton-Works
Taking remote control over industrial generators
Industrial generator smart platform had insecure APIs that could enable remote control by anyone.
Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) - watchTowr Labs
https://ift.tt/6Rzdmax
Submitted October 06, 2025 at 11:13PM by dx7r__
via reddit https://ift.tt/70Sq3c6
https://ift.tt/6Rzdmax
Submitted October 06, 2025 at 11:13PM by dx7r__
via reddit https://ift.tt/70Sq3c6
watchTowr Labs
Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882)
We bet you thought you’d be allowed to sit there, breathe, and savour the few moments of peace you’d earned after a painful week in cyber security.
Obviously, you were horribly wrong, and you need to wake up now - we’re back, it’s all on fire,
Obviously, you were horribly wrong, and you need to wake up now - we’re back, it’s all on fire,
Looking for community advice...
https://ift.tt/EYyb2rt
Submitted October 07, 2025 at 11:36PM by Expensive-Mix-4170
via reddit https://ift.tt/mkCrLAy
https://ift.tt/EYyb2rt
Submitted October 07, 2025 at 11:36PM by Expensive-Mix-4170
via reddit https://ift.tt/mkCrLAy
seclists.org
Full Disclosure: Re: [FD]
: "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201,…
: "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201,…