New no nonsense platform for practice security learning
https://ift.tt/Ckjuds5
Submitted October 26, 2025 at 08:28PM by int_over_flow
via reddit https://ift.tt/3eolmAr
https://ift.tt/Ckjuds5
Submitted October 26, 2025 at 08:28PM by int_over_flow
via reddit https://ift.tt/3eolmAr
VantagePoint | Cyber Security Learning Platform
Hack, Learn, Improve… Platform to learn cyber security with real world challenges
Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter
https://ift.tt/fRF2ZJw
Submitted October 26, 2025 at 07:33PM by Cold-Dinosaur
via reddit https://ift.tt/bDUOlZH
https://ift.tt/fRF2ZJw
Submitted October 26, 2025 at 07:33PM by Cold-Dinosaur
via reddit https://ift.tt/bDUOlZH
Zerosalarium
Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter
EDR-Redir uses BindLink Filter and Windows Cloud Filter to inject, corrupt, and disable EDRs.
GlobalCVE — OpenSource Unified CVE Data from Around the World
https://Globalcve.xyz
Submitted October 27, 2025 at 09:06AM by reallylonguserthing
via reddit https://ift.tt/zG6PmO5
https://Globalcve.xyz
Submitted October 27, 2025 at 09:06AM by reallylonguserthing
via reddit https://ift.tt/zG6PmO5
Reddit
From the netsec community on Reddit: GlobalCVE — OpenSource Unified CVE Data from Around the World
Posted by reallylonguserthing - 27 votes and 2 comments
CoPHish: New OAuth phishing technique abuses Microsoft Copilot Studio chatbots to create convincing credential theft campaigns
https://ift.tt/LZ6jo8G
Submitted October 27, 2025 at 01:27PM by ForwardPractice4395
via reddit https://ift.tt/6DinBbr
https://ift.tt/LZ6jo8G
Submitted October 27, 2025 at 01:27PM by ForwardPractice4395
via reddit https://ift.tt/6DinBbr
Cyber Updates 365
CoPhish Attack Exploits Microsoft Copilot Studio OAuth Theft - Cyber Updates 365
CoPhish attack exploits Microsoft Copilot Studio to steal OAuth tokens through malicious AI agents targeting Microsoft Entra ID accounts.
Jetty's addPath allows LFI in Windows - Traccar Unauthenticated LFI v5.8-v6.8.1
https://ift.tt/VcWCZYX
Submitted October 27, 2025 at 01:59PM by ezzzzz
via reddit https://ift.tt/ywEumaj
https://ift.tt/VcWCZYX
Submitted October 27, 2025 at 01:59PM by ezzzzz
via reddit https://ift.tt/ywEumaj
Research Blog | Project Black
Traccar Unauthenticated LFI v5.8-v6.8.1
Sometimes you search endlessly and find nothing. Other times, the gold just drops into your lap. This is a story about how we accidentally found a pretty impactful vulnerability.
Vibecoding and the illusion of security
https://ift.tt/KxLpWgy
Submitted October 27, 2025 at 02:43PM by security_aaudit
via reddit https://ift.tt/BbaLeZH
https://ift.tt/KxLpWgy
Submitted October 27, 2025 at 02:43PM by security_aaudit
via reddit https://ift.tt/BbaLeZH
baldur.dk
BALDUR. - Security Consultancy
Vibecoding is fast, but it is secure? We tested current state of the art LLM models against a common security task, namely the MFA implemented in your applications.
[Tool] CVE Daily — concise, vendor-neutral CVE briefs (NVD+OSV, KEV, deps.dev transitive upgrades)
https://cvedaily.com
Submitted October 27, 2025 at 04:27PM by Interesting-Work-980
via reddit https://ift.tt/Y4tzLOx
https://cvedaily.com
Submitted October 27, 2025 at 04:27PM by Interesting-Work-980
via reddit https://ift.tt/Y4tzLOx
CVE Daily
CVE Daily - Latest CVEs
Daily updated CVE summaries with CVSS and CWE tags. Latest update: 2025-12-03T14:15:48.680.
Crafting self masking functions using LLVM
https://ift.tt/2pnErVu
Submitted October 28, 2025 at 01:33PM by gid0rah
via reddit https://ift.tt/oDeuV0m
https://ift.tt/2pnErVu
Submitted October 28, 2025 at 01:33PM by gid0rah
via reddit https://ift.tt/oDeuV0m
MDSec
Function Peekaboo: Crafting self masking functions using LLVM - MDSec
Introduction LLVM compiler infrastructure is powerful because of its modular design, flexibility, and rich intermediate representation (IR) that enables deep analysis and transformation of code. Unlike traditional compilers, LLVM separates...
WSO2 #2: The many ways to bypass authentication in WSO2 products (CVE-2025-9152, CVE-2025-10611, CVE-2025-9804)
https://ift.tt/MnKaeiN
Submitted October 28, 2025 at 12:43PM by crnkovic_
via reddit https://ift.tt/9pecBsO
https://ift.tt/MnKaeiN
Submitted October 28, 2025 at 12:43PM by crnkovic_
via reddit https://ift.tt/9pecBsO
crnkovic.dev
WSO2 #2: The many ways to bypass authentication in WSO2 products
CVE-2025-9152, CVE-2025-10611, and CVE-2025-9804 are critical authentication bypass and privilege escalation vulnerabilities I discovered in WSO2 API Manager and WSO2 Identity Server.
404 to arbitrary file read in WSO2 API Manager (CVE-2025-2905)
https://ift.tt/crfVkaS
Submitted October 28, 2025 at 02:07PM by crnkovic_
via reddit https://ift.tt/boaJQtL
https://ift.tt/crfVkaS
Submitted October 28, 2025 at 02:07PM by crnkovic_
via reddit https://ift.tt/boaJQtL
crnkovic.dev
WSO2 #1: 404 to arbitrary file read
CVE-2025-2905 is a blind XXE vulnerability in WSO2 API Manager and other WSO2 products dependent on WSO2-Synapse.
Brida (Burp-Frida Bridge) 0.6 released! - HN Security
https://ift.tt/W4R6dIm
Submitted October 28, 2025 at 04:05PM by 0xdea
via reddit https://ift.tt/3sDzA1M
https://ift.tt/W4R6dIm
Submitted October 28, 2025 at 04:05PM by 0xdea
via reddit https://ift.tt/3sDzA1M
HN Security
Brida 0.6 released! - HN Security
We are releasing Brida 0.6 that supports Frida 17, which introduced some breaking change in its API.
New Ubuntu Kernel LPE!
https://ift.tt/Fs5gBpU
Submitted October 28, 2025 at 05:14PM by SSDisclosure
via reddit https://ift.tt/7NqIfRC
https://ift.tt/Fs5gBpU
Submitted October 28, 2025 at 05:14PM by SSDisclosure
via reddit https://ift.tt/7NqIfRC
SSD Secure Disclosure
LPE via refcount imbalance in the af_unix of Ubuntu's Kernel - SSD Secure Disclosure
Affected Versions Vendor Response The vendor has released an updated kernel on the 18th of September Credit The vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place. Vulnerability Details The vulnerability is caused by…
guys ı ha ve problem
http://google.com
Submitted October 28, 2025 at 05:12PM by Double-Structure4337
via reddit https://ift.tt/60pDfRt
http://google.com
Submitted October 28, 2025 at 05:12PM by Double-Structure4337
via reddit https://ift.tt/60pDfRt
Reddit
From the netsec community on Reddit: guys ı ha ve problem
Posted by Double-Structure4337 - 0 votes and 1 comment
Battling Shadow AI: Prompt Injection for the Good
https://ift.tt/W0aT6DX
Submitted October 28, 2025 at 07:30PM by Far_Ice2481
via reddit https://ift.tt/e7PQjxK
https://ift.tt/W0aT6DX
Submitted October 28, 2025 at 07:30PM by Far_Ice2481
via reddit https://ift.tt/e7PQjxK
Eye Research
Battling Shadow AI: Prompt Injection for the Good
Explore how Eye Security tackles the rising threat of Shadow AI by using prompt injection for good: enhancing data security, boosting AI awareness, and defending corporate intelligence across LLMs like ChatGPT, Claude, and DeepSeek.
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
https://ift.tt/vj5t2yf
Submitted October 28, 2025 at 08:37PM by oddvarmoe
via reddit https://ift.tt/bOUvh7d
https://ift.tt/vj5t2yf
Submitted October 28, 2025 at 08:37PM by oddvarmoe
via reddit https://ift.tt/bOUvh7d
TrustedSec
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
I built a tool that notifies you only when new vulnerabilities affect your products 🔒
https://vulntracker.io
Submitted October 28, 2025 at 09:30PM by yuznumara
via reddit https://ift.tt/wcDd9Kb
https://vulntracker.io
Submitted October 28, 2025 at 09:30PM by yuznumara
via reddit https://ift.tt/wcDd9Kb
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by yuznumara - 0 votes and 7 comments
How SOC Teams Operationalize Real-Time Defense Against Credential Replay Attacks
https://ift.tt/TFcNYOk
Submitted October 29, 2025 at 03:05AM by EssentialSharpness
via reddit https://ift.tt/I7O9yfE
https://ift.tt/TFcNYOk
Submitted October 29, 2025 at 03:05AM by EssentialSharpness
via reddit https://ift.tt/I7O9yfE
Hacking India's largest automaker: Tata Motors
https://ift.tt/NDUxYXz
Submitted October 29, 2025 at 07:01AM by EatonZ
via reddit https://ift.tt/73YhzSi
https://ift.tt/NDUxYXz
Submitted October 29, 2025 at 07:01AM by EatonZ
via reddit https://ift.tt/73YhzSi
Eaton-Works
Hacking India’s largest automaker: Tata Motors
Tata Motors gave away the keys to their infrastructure and customer data on their public websites.
Attacker Target VSCode Extension Marketplace, IDE Plugins Face Higher Supply Chain Attack Risks
https://ift.tt/bPY5gFW
Submitted October 29, 2025 at 10:38AM by Fit_Wing3352
via reddit https://ift.tt/YK6GMm7
https://ift.tt/bPY5gFW
Submitted October 29, 2025 at 10:38AM by Fit_Wing3352
via reddit https://ift.tt/YK6GMm7
How we found +2k vulns, 400+ secrets and 175 PII instances in publicly exposed apps built on vibe-coded platforms (Research methodology)
https://ift.tt/ryHzQxN
Submitted October 30, 2025 at 09:23PM by PriorPuzzleheaded880
via reddit https://ift.tt/obEeD8u
https://ift.tt/ryHzQxN
Submitted October 30, 2025 at 09:23PM by PriorPuzzleheaded880
via reddit https://ift.tt/obEeD8u
Escape DAST - Application Security Blog
Methodology: 2k+ Vulnerabilities in Vibe-Coded Apps
Discover the security risks in vibe-coded applications as we uncover over 2,000 vulnerabilities, exposed secrets, and PII
A Deep Dive Into Warlock Ransomware Deployed Via ToolShell SharePoint Chained Vulnerabilities
https://ift.tt/yYGnt1U
Submitted October 30, 2025 at 09:08PM by CyberMasterV
via reddit https://ift.tt/dcxUL9t
https://ift.tt/yYGnt1U
Submitted October 30, 2025 at 09:08PM by CyberMasterV
via reddit https://ift.tt/dcxUL9t
Blogspot
A Deep Dive Into Warlock Ransomware Deployed Via ToolShell SharePoint Chained Vulnerabilities
Author(s): Vlad Pasca Warlock ransomware was deployed by exploiting the SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 The ma...