Free Security Canaries (SSH, AWS, Cookies, Email, more..) - Tracebit Community Edition
https://ift.tt/VU4w7zf
Submitted December 08, 2025 at 07:04PM by tracebit
via reddit https://ift.tt/isyDlS4
https://ift.tt/VU4w7zf
Submitted December 08, 2025 at 07:04PM by tracebit
via reddit https://ift.tt/isyDlS4
Tracebit
Announcing Tracebit Community Edition | Tracebit
We're excited to announce Tracebit Community Edition, a completely free-forever platform to deploy security canaries.
New Prompt Injection Attack Vectors Through MCP Sampling
https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/
Submitted December 08, 2025 at 08:21PM by alt69785
via reddit https://ift.tt/7uTZARy
https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/
Submitted December 08, 2025 at 08:21PM by alt69785
via reddit https://ift.tt/7uTZARy
Unit 42
New Prompt Injection Attack Vectors Through MCP Sampling
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors.
React2shell: Critical vulnerability in react
https://ift.tt/nrEKzat
Submitted December 08, 2025 at 10:30PM by DramaticWerewolf7365
via reddit https://ift.tt/4uOnQFc
https://ift.tt/nrEKzat
Submitted December 08, 2025 at 10:30PM by DramaticWerewolf7365
via reddit https://ift.tt/4uOnQFc
JFrog
CVE-2025-55182 and CVE-2025-66478 ("React2Shell") - All you need to know
Critical React RCE vulnerability (React2Shell CVE-2025-55182) threatens Next.js apps. Learn how to detect with JFrog Xray and patch immediately.
Learning cloud exploits for redteam, alternative to SANS588 GCPN
https://ift.tt/WFgwLVm
Submitted December 09, 2025 at 06:41AM by EnoughAd1957
via reddit https://ift.tt/qPMRzUy
https://ift.tt/WFgwLVm
Submitted December 09, 2025 at 06:41AM by EnoughAd1957
via reddit https://ift.tt/qPMRzUy
SANS Institute
SEC588: Cloud Penetration Testing
Cloud security starts with thinking like the adversary—hack, test, and assess cloud environments built from real-world attacks.
Using Agents to Map SaaS Attack Surface via MITRE ATT&CK
https://ift.tt/J0RpF3D
Submitted December 09, 2025 at 11:06AM by wezham
via reddit https://ift.tt/Dl7T5JL
https://ift.tt/J0RpF3D
Submitted December 09, 2025 at 11:06AM by wezham
via reddit https://ift.tt/Dl7T5JL
Declarative Binary Parsing for Security Research with Kaitai Struct
https://ift.tt/bIBHhLN
Submitted December 09, 2025 at 05:35PM by Beneficial_Cattle_98
via reddit https://ift.tt/gCEiHA3
https://ift.tt/bIBHhLN
Submitted December 09, 2025 at 05:35PM by Beneficial_Cattle_98
via reddit https://ift.tt/gCEiHA3
Husseinmuhaisen
Declarative Binary Parsing for Security Research with Kaitai Struct
Reverse engineering a dummy KAISTDE format and generating parsers with Kaitai Struct.
Syd - Offline AI assistant for air-gapped security environments
https://ift.tt/0mFI9xi
Submitted December 09, 2025 at 05:21PM by Glass-Ant-6041
via reddit https://ift.tt/zWH8h6S
https://ift.tt/0mFI9xi
Submitted December 09, 2025 at 05:21PM by Glass-Ant-6041
via reddit https://ift.tt/zWH8h6S
GitLab
Sydsec / Syd · GitLab
Air-gapped cybersecurity assistant for security professionals. 100% offline AI-powered analysis tool for Nmap, Volatility, BloodHound, Metasploit, YARA, and more. Built for environments where cloud AI isn't available.
Free Honey Tokens for Breach Detection - No Signup
https://ift.tt/pg9mfRJ
Submitted December 10, 2025 at 01:09PM by radkawar
via reddit https://ift.tt/vF0nTNa
https://ift.tt/pg9mfRJ
Submitted December 10, 2025 at 01:09PM by radkawar
via reddit https://ift.tt/vF0nTNa
DeceptIQ Starter
DeceptIQ Starter - Free Honey Tokens
Deploy free honey tokens across your infrastructure in minutes. Real-time alerts when credentials are used. No credit card required.
Extending Burp Suite for fun and profit – The Montoya way – Part 9 - HN Security
https://ift.tt/KO24u3w
Submitted December 10, 2025 at 03:15PM by 0xdea
via reddit https://ift.tt/9Sn64Fd
https://ift.tt/KO24u3w
Submitted December 10, 2025 at 03:15PM by 0xdea
via reddit https://ift.tt/9Sn64Fd
HN Security
Extending Burp Suite for fun and profit – The Montoya way – Part 9 - HN Security
A comprehensive guide on extending Burp Scanner with custom scan checks.
Parrot 7.0 Beta swaps out the MATE desktop for using Plasma by default
https://ift.tt/yhrXIjg
Submitted December 10, 2025 at 04:19PM by Little-Season-3433
via reddit https://ift.tt/XnVAP45
https://ift.tt/yhrXIjg
Submitted December 10, 2025 at 04:19PM by Little-Season-3433
via reddit https://ift.tt/XnVAP45
Infostealer has entered the chat
https://ift.tt/LlGWf8m
Submitted December 10, 2025 at 10:20PM by Fit_Wing3352
via reddit https://ift.tt/IrOj4l8
https://ift.tt/LlGWf8m
Submitted December 10, 2025 at 10:20PM by Fit_Wing3352
via reddit https://ift.tt/IrOj4l8
Kaspersky official blog
The AMOS infostealer is piggybacking ChatGPT's chat-sharing feature
We break down a new infostealer attack that combines the ClickFix technique with a shared chat containing malicious user guides on the official ChatGPT website.
SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL - watchTowr Labs
https://ift.tt/HLgCqdQ
Submitted December 10, 2025 at 10:42PM by dx7r__
via reddit https://ift.tt/hj39kia
https://ift.tt/HLgCqdQ
Submitted December 10, 2025 at 10:42PM by dx7r__
via reddit https://ift.tt/hj39kia
watchTowr Labs
SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL
Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025).
Weeeeeeeee. Before then, we want to clear the decks and see how much research we can publish.…
Weeeeeeeee. Before then, we want to clear the decks and see how much research we can publish.…
Covert red team phishing
https://phishing.club/blog/covert-red-team-phishing-with-phishing-club/
Submitted December 10, 2025 at 11:54PM by hackeronni
via reddit https://ift.tt/gGFrC9S
https://phishing.club/blog/covert-red-team-phishing-with-phishing-club/
Submitted December 10, 2025 at 11:54PM by hackeronni
via reddit https://ift.tt/gGFrC9S
Phishing Club
Phishing Club - Professional Self-Hosted Phishing Platform
Professional self-hosted phishing platform built for enterprises, red teams, and security providers. Deploy locally for complete control over campaigns, data, and infrastructure with unlimited simulations and full privacy.
How widespread is the impact of Critical Security Vulnerability in React Server Components(CVE-2025-55182)
https://ift.tt/En96Z50
Submitted December 11, 2025 at 08:28AM by Fit_Wing3352
via reddit https://ift.tt/kjoUcgq
https://ift.tt/En96Z50
Submitted December 11, 2025 at 08:28AM by Fit_Wing3352
via reddit https://ift.tt/kjoUcgq
Empirical Analysis: Non-Linear Token Consumption in AI Security Agents
https://ift.tt/w53KWth
Submitted December 11, 2025 at 10:41PM by Obvious-Language4462
via reddit https://ift.tt/8yUOFmw
https://ift.tt/w53KWth
Submitted December 11, 2025 at 10:41PM by Obvious-Language4462
via reddit https://ift.tt/8yUOFmw
Aliasrobotics
Case Study - CAI delivers unlimited security automation
Learn why Alias Robotics transitioned from CAI ONE to CAI PRO. Real-world usage revealed that token-based models are incompatible with AI security workflows. CAI PRO delivers unlimited, enterprise-grade autonomous security performance.
A modern tale of blinkenlights
https://ift.tt/Pg2eiA9
Submitted December 11, 2025 at 11:38PM by smaury
via reddit https://ift.tt/t9aAlST
https://ift.tt/Pg2eiA9
Submitted December 11, 2025 at 11:38PM by smaury
via reddit https://ift.tt/t9aAlST
Quarkslab
A modern tale of blinkenlights - Quarkslab's blog
This blog post demonstrates how a modern variant of an hardware attack found in the 2000's allowed the extraction of a €12 smartwatch's firmware using only cheap and robust hardware. Damien and Thomas (introduced later in this post) gave a talk on this subject…
Require Google to Remove One-Click Full Logout URLs
https://c.org/9wTs4xPztQ
Submitted December 12, 2025 at 05:50AM by Redstoneriot234
via reddit https://ift.tt/XUGcRxt
https://c.org/9wTs4xPztQ
Submitted December 12, 2025 at 05:50AM by Redstoneriot234
via reddit https://ift.tt/XUGcRxt
Change.org
Sign the Petition
Require Google to Remove One-Click Full Logout URLs
The FreePBX Rabbit Hole: CVE-2025-66039 & More
https://ift.tt/vbsQwUg
Submitted December 12, 2025 at 07:26PM by scopedsecurity
via reddit https://ift.tt/6yGkABn
https://ift.tt/vbsQwUg
Submitted December 12, 2025 at 07:26PM by scopedsecurity
via reddit https://ift.tt/6yGkABn
Horizon3.ai
The FreePBX Rabbit Hole: CVE-2025-66039 & More
Horizon3.ai uncovers FreePBX flaws, including CVE-2025-66039 auth bypass, SQL injection, and file upload RCE—and shows how NodeZero detects them.
Building an Open-Source AI-Powered Auto-Exploiter with a 1.7B Parameter Model
https://ift.tt/2QHnVtK
Submitted December 13, 2025 at 01:24PM by beyonderdabas
via reddit https://ift.tt/FeMOxqc
https://ift.tt/2QHnVtK
Submitted December 13, 2025 at 01:24PM by beyonderdabas
via reddit https://ift.tt/FeMOxqc
Mohit Dabas's Blog
Building an Open-Source AI-Powered Auto-Exploiter with a 1.7B Parameter Model: No Paid APIs Required
Offline Decryption Messenger: Concept Proposal and Request for Constructive Feedback
https://ift.tt/U39fnLQ
Submitted December 13, 2025 at 09:31PM by calzone_rivoluzione
via reddit https://ift.tt/WcjGz7Z
https://ift.tt/U39fnLQ
Submitted December 13, 2025 at 09:31PM by calzone_rivoluzione
via reddit https://ift.tt/WcjGz7Z
Nextcloud
concept.pdf
Nextcloud - a safe home for all your data
How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev
https://ift.tt/y3TL6gv
Submitted December 14, 2025 at 11:11PM by alt69785
via reddit https://ift.tt/O19Hq8R
https://ift.tt/y3TL6gv
Submitted December 14, 2025 at 11:11PM by alt69785
via reddit https://ift.tt/O19Hq8R
trigger.dev
How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev
On November 25th, one of our engineers was compromised by the Shai-Hulud npm supply chain worm. Here's what happened, how we responded, and what we've changed.