/r/netsec's Q4 2025 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted November 02, 2025 at 09:42PM by netsec_burn
via reddit https://ift.tt/0BRhrWm
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted November 02, 2025 at 09:42PM by netsec_burn
via reddit https://ift.tt/0BRhrWm
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Steal MS Teams app cookies
https://ift.tt/qDA3Xvn
Submitted November 03, 2025 at 04:01AM by clod81
via reddit https://ift.tt/5iPN42l
https://ift.tt/qDA3Xvn
Submitted November 03, 2025 at 04:01AM by clod81
via reddit https://ift.tt/5iPN42l
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Breaking Down 8 Open Source AI Security Tools at Black Hat Europe 2025 Arsenal
https://ift.tt/qpjoEWt
Submitted November 03, 2025 at 03:17PM by No-Emotion9668
via reddit https://ift.tt/jspmFgP
https://ift.tt/qpjoEWt
Submitted November 03, 2025 at 03:17PM by No-Emotion9668
via reddit https://ift.tt/jspmFgP
Medium
Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity
Introduction
Quick writeup for what to check when you see Firebase in a pentest
https://ift.tt/d82OJYT
Submitted November 03, 2025 at 02:34PM by ezzzzz
via reddit https://ift.tt/7AVJe6P
https://ift.tt/d82OJYT
Submitted November 03, 2025 at 02:34PM by ezzzzz
via reddit https://ift.tt/7AVJe6P
Research Blog | Project Black
Firebase Security Fundamentals
Every application built on Firebase that we've looked at has had the same vulnerabilities. These common vulnerabilities aren’t hard to prevent but they're easy to overlook.
RondoDox v2: When an IoT Botnet Goes Enterprise-Ready
https://ift.tt/SGxT1Hg
Submitted November 03, 2025 at 07:46PM by mario_candela
via reddit https://ift.tt/RSL6T5W
https://ift.tt/SGxT1Hg
Submitted November 03, 2025 at 07:46PM by mario_candela
via reddit https://ift.tt/RSL6T5W
Beelzebub
RondoDox v2: Evolution of RondoDox Botnet with 650% More Exploits | AI deception platform
AI deception platform: Deceive, Detect, Respond. “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.” Bruce Schneier. We turn that hard truth into your tactical advantage. Our AI-based decoys, built using our open-source…
Sniffing established BLE connections with HackRF One
https://ift.tt/73wntWZ
Submitted November 03, 2025 at 10:44PM by uBaze
via reddit https://ift.tt/dvMINxQ
https://ift.tt/73wntWZ
Submitted November 03, 2025 at 10:44PM by uBaze
via reddit https://ift.tt/dvMINxQ
blog.lexfo.fr
Sniffing established BLE connections with HackRF One
<p>Tracking already-established BLE connections using SDR has its own challenges. With custom firmware and multi-channel listening, the presented approach quickly deduces the hidden hopping parameters needed to follow the connection.</p>
MSSQL Exploitation - Run Commands Like A Pro
https://ift.tt/lHdezua
Submitted November 04, 2025 at 12:14AM by S3cur3Th1sSh1t
via reddit https://ift.tt/LC8r7cW
https://ift.tt/lHdezua
Submitted November 04, 2025 at 12:14AM by S3cur3Th1sSh1t
via reddit https://ift.tt/LC8r7cW
www.r-tec.net
r-tec Blog | MSSQL Exploitation - Run Commands Like A Pro
This blog post takes a deep dive into the offensive side of MSSQL security, exploring the quantities of attack vectors that can be exploited.
[Research] Unvalidated Trust: Cross-Stage Failure Modes in LLM/agent pipelines arXiv
https://ift.tt/YFIOsTn
Submitted November 04, 2025 at 05:29AM by Solid-Tomorrow6548
via reddit https://ift.tt/uLEntXj
https://ift.tt/YFIOsTn
Submitted November 04, 2025 at 05:29AM by Solid-Tomorrow6548
via reddit https://ift.tt/uLEntXj
arXiv.org
Unvalidated Trust: Cross-Stage Vulnerabilities in Large Language...
As Large Language Models (LLMs) are increasingly integrated into automated, multi-stage pipelines, risk patterns that arise from unvalidated trust between processing stages become a practical...
New Research: RondoDox v2, a 650% Expansion in Exploits
https://ift.tt/SGxT1Hg
Submitted November 04, 2025 at 02:38PM by mario_candela
via reddit https://ift.tt/hVFKuYn
https://ift.tt/SGxT1Hg
Submitted November 04, 2025 at 02:38PM by mario_candela
via reddit https://ift.tt/hVFKuYn
Beelzebub
RondoDox v2: Evolution of RondoDox Botnet with 650% More Exploits | AI deception platform
AI deception platform: Deceive, Detect, Respond. “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.” Bruce Schneier. We turn that hard truth into your tactical advantage. Our AI-based decoys, built using our open-source…
Linux kernel Bluetooth RCE
https://ift.tt/KnXtgdD
Submitted November 04, 2025 at 06:10PM by elatllat
via reddit https://ift.tt/S5KOERn
https://ift.tt/KnXtgdD
Submitted November 04, 2025 at 06:10PM by elatllat
via reddit https://ift.tt/S5KOERn
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
https://ift.tt/JF4YnSz
Submitted November 04, 2025 at 08:34PM by SRMish3
via reddit https://ift.tt/2C1ph6l
https://ift.tt/JF4YnSz
Submitted November 04, 2025 at 08:34PM by SRMish3
via reddit https://ift.tt/2C1ph6l
JFrog
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
Learn how the JFrog Security research team discovered and disclosed CVE-2025-11953 which poses a threat to developers using the popular React Native CLI.
Built SlopGuard - open-source defense against AI supply chain attacks (slopsquatting)
https://aditya01933.github.io/aditya.github.io/slopguard
Submitted November 04, 2025 at 07:46PM by techoalien_com
via reddit https://ift.tt/muROgaB
https://aditya01933.github.io/aditya.github.io/slopguard
Submitted November 04, 2025 at 07:46PM by techoalien_com
via reddit https://ift.tt/muROgaB
Reddit
From the netsec community on Reddit: Built SlopGuard - open-source defense against AI supply chain attacks (slopsquatting)
Posted by techoalien_com - 1 vote and 0 comments
Privilege Escalation With Jupyter From the Command Line
https://ift.tt/2ykPzNE
Submitted November 05, 2025 at 04:23AM by ok_bye_now_
via reddit https://ift.tt/hwRBfsZ
https://ift.tt/2ykPzNE
Submitted November 05, 2025 at 04:23AM by ok_bye_now_
via reddit https://ift.tt/hwRBfsZ
www.adversis.io
Privilege Escalation With Jupyter From the Command Line
A recent penetration test led to an interesting way to escalate privileges on a Jupyter instance running as root.
New! Cloud Filter Arbitrary File Creation EoP Patch Bypass LPE - CVE-2025-55680
https://ift.tt/R6y2ObQ
Submitted November 05, 2025 at 03:46PM by SSDisclosure
via reddit https://ift.tt/BPNwFjs
https://ift.tt/R6y2ObQ
Submitted November 05, 2025 at 03:46PM by SSDisclosure
via reddit https://ift.tt/BPNwFjs
SSD Secure Disclosure
Cloud Filter Arbitrary File Creation EoP Patch Bypass LPE - SSD Secure Disclosure
Vendor Response The vendor has released a patch for Windows that addresses this vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55680 CVE CVE-2025-55680 Credit The vulnerability was disclosed during our TyphoonPWN Windows category…
BugBounty Directory
https://ift.tt/OEBKumT
Submitted November 05, 2025 at 06:46PM by abhishekY495
via reddit https://ift.tt/YMkxSdV
https://ift.tt/OEBKumT
Submitted November 05, 2025 at 06:46PM by abhishekY495
via reddit https://ift.tt/YMkxSdV
Bugbountydirectory
Bug Bounty Directory - List of bug bounty programs and responsible disclosure
A list of public bug bounty programs and responsible disclosures.
I built Ashes CTI: a dual-mode (CLI + UI) Threat Intelligence platform for Windows
https://ift.tt/ZL2BvjP
Submitted November 06, 2025 at 04:40PM by Minimum_Call_3677
via reddit https://ift.tt/tZKmnEX
https://ift.tt/ZL2BvjP
Submitted November 06, 2025 at 04:40PM by Minimum_Call_3677
via reddit https://ift.tt/tZKmnEX
Evading Elastic EDR's call stack signatures with call gadgets
https://ift.tt/Y5LSi0u
Submitted November 06, 2025 at 06:51PM by AlmondOffSec
via reddit https://ift.tt/v9NQ8aI
https://ift.tt/Y5LSi0u
Submitted November 06, 2025 at 06:51PM by AlmondOffSec
via reddit https://ift.tt/v9NQ8aI
LeakyInjector and LeakyStealer Duo Hunts For Crypto and Browser History
https://ift.tt/tqP3UoY
Submitted November 06, 2025 at 08:43PM by CyberMasterV
via reddit https://ift.tt/ezEiGFJ
https://ift.tt/tqP3UoY
Submitted November 06, 2025 at 08:43PM by CyberMasterV
via reddit https://ift.tt/ezEiGFJ
Blogspot
LeakyInjector and LeakyStealer Duo Hunts For Crypto and Browser History
Author(s): Vlad Pasca, Radu-Emanuel Chiscariu New two-stage malware targets cryptocurrency wallets and browser history LeakyInjector uses l...
The DragonForce Cartel: Scattered Spider at the gate
https://ift.tt/HkfOU3G
Submitted November 07, 2025 at 04:08PM by bagaudin
via reddit https://ift.tt/8sjhe0k
https://ift.tt/HkfOU3G
Submitted November 07, 2025 at 04:08PM by bagaudin
via reddit https://ift.tt/8sjhe0k
Acronis
The DragonForce Cartel: Scattered Spider at the gate
Acronis Threat Research Unit (TRU) analyzed DragonForce, a Conti-derived ransomware-as-a-service active since 2023, documenting its malware, affiliate model and links to Scattered Spider.
Free test for Post-Quantum Cryptography TLS
https://qcready.com
Submitted November 07, 2025 at 05:38PM by chrisdefourire
via reddit https://ift.tt/FYBNenz
https://qcready.com
Submitted November 07, 2025 at 05:38PM by chrisdefourire
via reddit https://ift.tt/FYBNenz
Reddit
From the netsec community on Reddit: Free test for Post-Quantum Cryptography TLS
Posted by chrisdefourire - 9 votes and 17 comments
What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299) - watchTowr Labs
https://ift.tt/irRvxoP
Submitted November 07, 2025 at 07:09PM by dx7r__
via reddit https://ift.tt/FgbToPr
https://ift.tt/irRvxoP
Submitted November 07, 2025 at 07:09PM by dx7r__
via reddit https://ift.tt/FgbToPr
watchTowr Labs
What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)
Happy Friday, friends and.. others.
We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!
What’re We Doing Today, Mr Fox?
Today, in a tale that seems all too familar at this point,
We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!
What’re We Doing Today, Mr Fox?
Today, in a tale that seems all too familar at this point,