Free test for Post-Quantum Cryptography TLS
https://qcready.com
Submitted November 07, 2025 at 05:38PM by chrisdefourire
via reddit https://ift.tt/FYBNenz
https://qcready.com
Submitted November 07, 2025 at 05:38PM by chrisdefourire
via reddit https://ift.tt/FYBNenz
Reddit
From the netsec community on Reddit: Free test for Post-Quantum Cryptography TLS
Posted by chrisdefourire - 9 votes and 17 comments
What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299) - watchTowr Labs
https://ift.tt/irRvxoP
Submitted November 07, 2025 at 07:09PM by dx7r__
via reddit https://ift.tt/FgbToPr
https://ift.tt/irRvxoP
Submitted November 07, 2025 at 07:09PM by dx7r__
via reddit https://ift.tt/FgbToPr
watchTowr Labs
What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)
Happy Friday, friends and.. others.
We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!
What’re We Doing Today, Mr Fox?
Today, in a tale that seems all too familar at this point,
We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!
What’re We Doing Today, Mr Fox?
Today, in a tale that seems all too familar at this point,
Free IOC tool
https://ift.tt/5apvJuo
Submitted November 08, 2025 at 01:09AM by Cute_Leading_3759
via reddit https://ift.tt/k0fp1AE
https://ift.tt/5apvJuo
Submitted November 08, 2025 at 01:09AM by Cute_Leading_3759
via reddit https://ift.tt/k0fp1AE
New 'Landfall' spyware exploited a Samsung 0-day delivered through WhatsApp messages
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
Submitted November 08, 2025 at 03:45AM by Megabeets
via reddit https://ift.tt/T71Ehgc
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
Submitted November 08, 2025 at 03:45AM by Megabeets
via reddit https://ift.tt/T71Ehgc
Unit 42
LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android’s image processing library. The spyware was embedded in malicious DNG files.
Another one of those!!
https://ift.tt/vXQ5Msb
Submitted November 08, 2025 at 06:06AM by bi6o
via reddit https://ift.tt/nrPkWio
https://ift.tt/vXQ5Msb
Submitted November 08, 2025 at 06:06AM by bi6o
via reddit https://ift.tt/nrPkWio
Merge Conflict Digest
Merge Conflict Digest - Daily Tech Newsletter for Developers
Daily tech news for developers who value their time.
Implementing the Etherhiding technique
https://ift.tt/ELPXenD
Submitted November 08, 2025 at 07:53PM by seyyid_
via reddit https://ift.tt/P317ROT
https://ift.tt/ELPXenD
Submitted November 08, 2025 at 07:53PM by seyyid_
via reddit https://ift.tt/P317ROT
Medium
Implementing the Etherhiding technique
Google recently published reports about a new technique called “Etherhiding.” The reports explain how the threat actors UNC5142 and UNC5342…
Arbitrary App Installation on Intune Managed Android Enterprise BYOD in Work Profile
https://ift.tt/oIxQkqJ
Submitted November 08, 2025 at 07:27PM by Jessner10247
via reddit https://ift.tt/zMKPkv2
https://ift.tt/oIxQkqJ
Submitted November 08, 2025 at 07:27PM by Jessner10247
via reddit https://ift.tt/zMKPkv2
How much latency does a Throwing Star LAN Tap add to packet capture? (practical numbers appreciated)
https://amzn.to/4oZoxUI
Submitted November 09, 2025 at 02:49AM by JMarkG
via reddit https://ift.tt/mxRIJtL
https://amzn.to/4oZoxUI
Submitted November 09, 2025 at 02:49AM by JMarkG
via reddit https://ift.tt/mxRIJtL
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by JMarkG - 8 votes and 7 comments
Update] VulScan-MCP: Now shows detailed CVE denoscriptions, severity, and mitigation steps
https://marketplace.visualstudio.com/items?itemName=abhishekrai43.vulscan-mcp-vscode
Submitted November 09, 2025 at 10:42AM by FeelingResolution806
via reddit https://ift.tt/nrC4TiY
https://marketplace.visualstudio.com/items?itemName=abhishekrai43.vulscan-mcp-vscode
Submitted November 09, 2025 at 10:42AM by FeelingResolution806
via reddit https://ift.tt/nrC4TiY
Visualstudio
VulScan-MCP Security Scanner - Visual Studio Marketplace
Extension for Visual Studio Code - Security vulnerability scanner for dependencies. Checks CVEs from NVD/OSV databases and provides remediation steps. Supports npm, pip, Maven, Go, and more.
One Simple Mistake, Thousands at Risk - How Common Misconfigurations Could Lead to Massive Data Exposure
https://ift.tt/eF1bJoS
Submitted November 10, 2025 at 04:56PM by we-we-we
via reddit https://ift.tt/vrbCV7e
https://ift.tt/eF1bJoS
Submitted November 10, 2025 at 04:56PM by we-we-we
via reddit https://ift.tt/vrbCV7e
Medium
The Burn Notice, Part 3/5 | One Simple Mistake, Thousands at Risk
How Common Misconfigurations Could Lead to Massive Data Exposure
HTTP Request Smuggling in Kestrel via chunk extensions (CVE-2025-55315)
https://ift.tt/STlvMWo
Submitted November 10, 2025 at 09:26PM by albinowax
via reddit https://ift.tt/PnDLmhc
https://ift.tt/STlvMWo
Submitted November 10, 2025 at 09:26PM by albinowax
via reddit https://ift.tt/PnDLmhc
Praetorian
How I Found the Worst ASP.NET Vulnerability — A $10K Bug (CVE-2025-55315)
Introduction Earlier this year, I earned a $10,000 bounty from Microsoft after discovering a critical HTTP request smuggling vulnerability in ASP.NET Core’s Kestrel server (CVE-2025-55315). The vulnerability garnered significant media attention after Microsoft…
[DISCLOSURE] DoorDash Enabled 5-Year XSS/HTML Injection Flaw via Official Email; VDP Misclassified Report for 15 Months
https://ift.tt/bmoykfL
Submitted November 10, 2025 at 10:00PM by east0n12
via reddit https://ift.tt/BvbUPMu
https://ift.tt/bmoykfL
Submitted November 10, 2025 at 10:00PM by east0n12
via reddit https://ift.tt/BvbUPMu
GitLab
index.md · 54535fa7b497e13100aa14f32a46f6aedb4aaf28 · Martin Ferech / DoorDash-Disclosure-Public · GitLab
No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE
https://ift.tt/B7GLowz
Submitted November 12, 2025 at 12:48PM by parzel
via reddit https://ift.tt/Hk5vPeT
https://ift.tt/B7GLowz
Submitted November 12, 2025 at 12:48PM by parzel
via reddit https://ift.tt/Hk5vPeT
Modzero
No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE
MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper
https://pberba.github.io/security/2025/11/11/macos-infection-vector-applenoscript-bypass-gatekeeper/
Submitted November 12, 2025 at 02:49PM by dashboard_monkey
via reddit https://ift.tt/ZWYPRsr
https://pberba.github.io/security/2025/11/11/macos-infection-vector-applenoscript-bypass-gatekeeper/
Submitted November 12, 2025 at 02:49PM by dashboard_monkey
via reddit https://ift.tt/ZWYPRsr
pepe berba
MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper
A look at how threat actors are abusing AppleScript .scpt files to deliver macOS malware, from fake documents to browser update lures, and how these noscripts ...
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs
https://ift.tt/Oa8KPmA
Submitted November 12, 2025 at 06:34PM by dx7r__
via reddit https://ift.tt/4bFl8vQ
https://ift.tt/Oa8KPmA
Submitted November 12, 2025 at 06:34PM by dx7r__
via reddit https://ift.tt/4bFl8vQ
watchTowr Labs
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)
There’s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It’s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together…
The GitHub Security Blindspot: When Your Organisation Members’ Personal Repos Become Your Problem
https://ift.tt/N56PcDf
Submitted November 12, 2025 at 10:46PM by dinkoism
via reddit https://ift.tt/3r7x0zd
https://ift.tt/N56PcDf
Submitted November 12, 2025 at 10:46PM by dinkoism
via reddit https://ift.tt/3r7x0zd
Medium
The GitHub Security Blindspot: When Your Organisation Members’ Personal Repos Become Your Problem
The Security Gap GitHub Doesn’t Want to Talk About
Making .NET Serialization Gadgets by Hand
https://ift.tt/NXRHfA8
Submitted November 13, 2025 at 03:27AM by chicksdigthelongrun
via reddit https://ift.tt/su6pxez
https://ift.tt/NXRHfA8
Submitted November 13, 2025 at 03:27AM by chicksdigthelongrun
via reddit https://ift.tt/su6pxez
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
Breaking mPDF with regex and logic
https://ift.tt/uhZpgsP
Submitted November 13, 2025 at 04:54AM by ZoltyLis
via reddit https://ift.tt/5yFkiWs
https://ift.tt/uhZpgsP
Submitted November 13, 2025 at 04:54AM by ZoltyLis
via reddit https://ift.tt/5yFkiWs
Medium
Breaking mPDF with regex and logic
Triggering web requests with sanitized input
Dehashed alternative for pentesters/red teamers
https://ift.tt/v0pnNCs
Submitted November 13, 2025 at 04:03PM by Pleasant-Drawer729
via reddit https://ift.tt/dUegrNJ
https://ift.tt/v0pnNCs
Submitted November 13, 2025 at 04:03PM by Pleasant-Drawer729
via reddit https://ift.tt/dUegrNJ
Drawbot: Let’s Hack Something Cute! — Atredis Partners
https://ift.tt/qvMYDu7
Submitted November 14, 2025 at 12:39AM by juken
via reddit https://ift.tt/v2KAE5m
https://ift.tt/qvMYDu7
Submitted November 14, 2025 at 12:39AM by juken
via reddit https://ift.tt/v2KAE5m
Atredis Partners
Drawbot: Let’s Hack Something Cute! — Atredis Partners
The Target A few months ago I realized I was overdue for a fun, quirky hardware project. Every so often I like to see what new and interesting electronic children's toys are out there. When looking, I keep in mind the potential attack surface, typically…
Milvus Proxy Authentication Bypass Vulnerability(CVE-2025-64513)
https://ift.tt/lDj6sdI
Submitted November 14, 2025 at 09:43AM by Fit_Wing3352
via reddit https://ift.tt/faeSWV9
https://ift.tt/lDj6sdI
Submitted November 14, 2025 at 09:43AM by Fit_Wing3352
via reddit https://ift.tt/faeSWV9