New! Cloud Filter Arbitrary File Creation EoP Patch Bypass LPE - CVE-2025-55680
https://ift.tt/R6y2ObQ
Submitted November 05, 2025 at 03:46PM by SSDisclosure
via reddit https://ift.tt/BPNwFjs
https://ift.tt/R6y2ObQ
Submitted November 05, 2025 at 03:46PM by SSDisclosure
via reddit https://ift.tt/BPNwFjs
SSD Secure Disclosure
Cloud Filter Arbitrary File Creation EoP Patch Bypass LPE - SSD Secure Disclosure
Vendor Response The vendor has released a patch for Windows that addresses this vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55680 CVE CVE-2025-55680 Credit The vulnerability was disclosed during our TyphoonPWN Windows category…
BugBounty Directory
https://ift.tt/OEBKumT
Submitted November 05, 2025 at 06:46PM by abhishekY495
via reddit https://ift.tt/YMkxSdV
https://ift.tt/OEBKumT
Submitted November 05, 2025 at 06:46PM by abhishekY495
via reddit https://ift.tt/YMkxSdV
Bugbountydirectory
Bug Bounty Directory - List of bug bounty programs and responsible disclosure
A list of public bug bounty programs and responsible disclosures.
I built Ashes CTI: a dual-mode (CLI + UI) Threat Intelligence platform for Windows
https://ift.tt/ZL2BvjP
Submitted November 06, 2025 at 04:40PM by Minimum_Call_3677
via reddit https://ift.tt/tZKmnEX
https://ift.tt/ZL2BvjP
Submitted November 06, 2025 at 04:40PM by Minimum_Call_3677
via reddit https://ift.tt/tZKmnEX
Evading Elastic EDR's call stack signatures with call gadgets
https://ift.tt/Y5LSi0u
Submitted November 06, 2025 at 06:51PM by AlmondOffSec
via reddit https://ift.tt/v9NQ8aI
https://ift.tt/Y5LSi0u
Submitted November 06, 2025 at 06:51PM by AlmondOffSec
via reddit https://ift.tt/v9NQ8aI
LeakyInjector and LeakyStealer Duo Hunts For Crypto and Browser History
https://ift.tt/tqP3UoY
Submitted November 06, 2025 at 08:43PM by CyberMasterV
via reddit https://ift.tt/ezEiGFJ
https://ift.tt/tqP3UoY
Submitted November 06, 2025 at 08:43PM by CyberMasterV
via reddit https://ift.tt/ezEiGFJ
Blogspot
LeakyInjector and LeakyStealer Duo Hunts For Crypto and Browser History
Author(s): Vlad Pasca, Radu-Emanuel Chiscariu New two-stage malware targets cryptocurrency wallets and browser history LeakyInjector uses l...
The DragonForce Cartel: Scattered Spider at the gate
https://ift.tt/HkfOU3G
Submitted November 07, 2025 at 04:08PM by bagaudin
via reddit https://ift.tt/8sjhe0k
https://ift.tt/HkfOU3G
Submitted November 07, 2025 at 04:08PM by bagaudin
via reddit https://ift.tt/8sjhe0k
Acronis
The DragonForce Cartel: Scattered Spider at the gate
Acronis Threat Research Unit (TRU) analyzed DragonForce, a Conti-derived ransomware-as-a-service active since 2023, documenting its malware, affiliate model and links to Scattered Spider.
Free test for Post-Quantum Cryptography TLS
https://qcready.com
Submitted November 07, 2025 at 05:38PM by chrisdefourire
via reddit https://ift.tt/FYBNenz
https://qcready.com
Submitted November 07, 2025 at 05:38PM by chrisdefourire
via reddit https://ift.tt/FYBNenz
Reddit
From the netsec community on Reddit: Free test for Post-Quantum Cryptography TLS
Posted by chrisdefourire - 9 votes and 17 comments
What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299) - watchTowr Labs
https://ift.tt/irRvxoP
Submitted November 07, 2025 at 07:09PM by dx7r__
via reddit https://ift.tt/FgbToPr
https://ift.tt/irRvxoP
Submitted November 07, 2025 at 07:09PM by dx7r__
via reddit https://ift.tt/FgbToPr
watchTowr Labs
What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)
Happy Friday, friends and.. others.
We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!
What’re We Doing Today, Mr Fox?
Today, in a tale that seems all too familar at this point,
We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!
What’re We Doing Today, Mr Fox?
Today, in a tale that seems all too familar at this point,
Free IOC tool
https://ift.tt/5apvJuo
Submitted November 08, 2025 at 01:09AM by Cute_Leading_3759
via reddit https://ift.tt/k0fp1AE
https://ift.tt/5apvJuo
Submitted November 08, 2025 at 01:09AM by Cute_Leading_3759
via reddit https://ift.tt/k0fp1AE
New 'Landfall' spyware exploited a Samsung 0-day delivered through WhatsApp messages
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
Submitted November 08, 2025 at 03:45AM by Megabeets
via reddit https://ift.tt/T71Ehgc
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
Submitted November 08, 2025 at 03:45AM by Megabeets
via reddit https://ift.tt/T71Ehgc
Unit 42
LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android’s image processing library. The spyware was embedded in malicious DNG files.
Another one of those!!
https://ift.tt/vXQ5Msb
Submitted November 08, 2025 at 06:06AM by bi6o
via reddit https://ift.tt/nrPkWio
https://ift.tt/vXQ5Msb
Submitted November 08, 2025 at 06:06AM by bi6o
via reddit https://ift.tt/nrPkWio
Merge Conflict Digest
Merge Conflict Digest - Daily Tech Newsletter for Developers
Daily tech news for developers who value their time.
Implementing the Etherhiding technique
https://ift.tt/ELPXenD
Submitted November 08, 2025 at 07:53PM by seyyid_
via reddit https://ift.tt/P317ROT
https://ift.tt/ELPXenD
Submitted November 08, 2025 at 07:53PM by seyyid_
via reddit https://ift.tt/P317ROT
Medium
Implementing the Etherhiding technique
Google recently published reports about a new technique called “Etherhiding.” The reports explain how the threat actors UNC5142 and UNC5342…
Arbitrary App Installation on Intune Managed Android Enterprise BYOD in Work Profile
https://ift.tt/oIxQkqJ
Submitted November 08, 2025 at 07:27PM by Jessner10247
via reddit https://ift.tt/zMKPkv2
https://ift.tt/oIxQkqJ
Submitted November 08, 2025 at 07:27PM by Jessner10247
via reddit https://ift.tt/zMKPkv2
How much latency does a Throwing Star LAN Tap add to packet capture? (practical numbers appreciated)
https://amzn.to/4oZoxUI
Submitted November 09, 2025 at 02:49AM by JMarkG
via reddit https://ift.tt/mxRIJtL
https://amzn.to/4oZoxUI
Submitted November 09, 2025 at 02:49AM by JMarkG
via reddit https://ift.tt/mxRIJtL
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by JMarkG - 8 votes and 7 comments
Update] VulScan-MCP: Now shows detailed CVE denoscriptions, severity, and mitigation steps
https://marketplace.visualstudio.com/items?itemName=abhishekrai43.vulscan-mcp-vscode
Submitted November 09, 2025 at 10:42AM by FeelingResolution806
via reddit https://ift.tt/nrC4TiY
https://marketplace.visualstudio.com/items?itemName=abhishekrai43.vulscan-mcp-vscode
Submitted November 09, 2025 at 10:42AM by FeelingResolution806
via reddit https://ift.tt/nrC4TiY
Visualstudio
VulScan-MCP Security Scanner - Visual Studio Marketplace
Extension for Visual Studio Code - Security vulnerability scanner for dependencies. Checks CVEs from NVD/OSV databases and provides remediation steps. Supports npm, pip, Maven, Go, and more.
One Simple Mistake, Thousands at Risk - How Common Misconfigurations Could Lead to Massive Data Exposure
https://ift.tt/eF1bJoS
Submitted November 10, 2025 at 04:56PM by we-we-we
via reddit https://ift.tt/vrbCV7e
https://ift.tt/eF1bJoS
Submitted November 10, 2025 at 04:56PM by we-we-we
via reddit https://ift.tt/vrbCV7e
Medium
The Burn Notice, Part 3/5 | One Simple Mistake, Thousands at Risk
How Common Misconfigurations Could Lead to Massive Data Exposure
HTTP Request Smuggling in Kestrel via chunk extensions (CVE-2025-55315)
https://ift.tt/STlvMWo
Submitted November 10, 2025 at 09:26PM by albinowax
via reddit https://ift.tt/PnDLmhc
https://ift.tt/STlvMWo
Submitted November 10, 2025 at 09:26PM by albinowax
via reddit https://ift.tt/PnDLmhc
Praetorian
How I Found the Worst ASP.NET Vulnerability — A $10K Bug (CVE-2025-55315)
Introduction Earlier this year, I earned a $10,000 bounty from Microsoft after discovering a critical HTTP request smuggling vulnerability in ASP.NET Core’s Kestrel server (CVE-2025-55315). The vulnerability garnered significant media attention after Microsoft…
[DISCLOSURE] DoorDash Enabled 5-Year XSS/HTML Injection Flaw via Official Email; VDP Misclassified Report for 15 Months
https://ift.tt/bmoykfL
Submitted November 10, 2025 at 10:00PM by east0n12
via reddit https://ift.tt/BvbUPMu
https://ift.tt/bmoykfL
Submitted November 10, 2025 at 10:00PM by east0n12
via reddit https://ift.tt/BvbUPMu
GitLab
index.md · 54535fa7b497e13100aa14f32a46f6aedb4aaf28 · Martin Ferech / DoorDash-Disclosure-Public · GitLab
No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE
https://ift.tt/B7GLowz
Submitted November 12, 2025 at 12:48PM by parzel
via reddit https://ift.tt/Hk5vPeT
https://ift.tt/B7GLowz
Submitted November 12, 2025 at 12:48PM by parzel
via reddit https://ift.tt/Hk5vPeT
Modzero
No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE
MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper
https://pberba.github.io/security/2025/11/11/macos-infection-vector-applenoscript-bypass-gatekeeper/
Submitted November 12, 2025 at 02:49PM by dashboard_monkey
via reddit https://ift.tt/ZWYPRsr
https://pberba.github.io/security/2025/11/11/macos-infection-vector-applenoscript-bypass-gatekeeper/
Submitted November 12, 2025 at 02:49PM by dashboard_monkey
via reddit https://ift.tt/ZWYPRsr
pepe berba
MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper
A look at how threat actors are abusing AppleScript .scpt files to deliver macOS malware, from fake documents to browser update lures, and how these noscripts ...
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs
https://ift.tt/Oa8KPmA
Submitted November 12, 2025 at 06:34PM by dx7r__
via reddit https://ift.tt/4bFl8vQ
https://ift.tt/Oa8KPmA
Submitted November 12, 2025 at 06:34PM by dx7r__
via reddit https://ift.tt/4bFl8vQ
watchTowr Labs
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)
There’s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It’s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together…