Autonomous code analyzer beats all human teams at OSS zero-day competition
https://ift.tt/Tsb1DBZ
Submitted December 16, 2025 at 06:27AM by tjbecker
via reddit https://ift.tt/KgaqP50
https://ift.tt/Tsb1DBZ
Submitted December 16, 2025 at 06:27AM by tjbecker
via reddit https://ift.tt/KgaqP50
theori.io
Announcing Xint Code - Theori BLOG
Real Vulnerabilities. Actionable Results. | AI for Security, Vulnerability Research
Autonomous AppSec via Chrome DevTools (MCP): 600 min → 3.5 min on OWASP Juice Shop
https://ift.tt/Kb1J0gL
Submitted December 16, 2025 at 01:41PM by Obvious-Language4462
via reddit https://ift.tt/Pqbrf5Y
https://ift.tt/Kb1J0gL
Submitted December 16, 2025 at 01:41PM by Obvious-Language4462
via reddit https://ift.tt/Pqbrf5Y
Aliasrobotics
Case Study - CAI with MCP enables AI-assisted web application security testing on OWASP Juice Shop
CAI integrated with Chrome via MCP delivers AI-assisted web application security assessments, demonstrated on OWASP Juice Shop with 171x faster vulnerability discovery
Temenos OFS String Injection: Revealing a Hidden Financial Attack Vector
https://ift.tt/hKu5NCL
Submitted December 15, 2025 at 04:38AM by DarKnight______
via reddit https://ift.tt/bcVaCTt
https://ift.tt/hKu5NCL
Submitted December 15, 2025 at 04:38AM by DarKnight______
via reddit https://ift.tt/bcVaCTt
Medium
Temenos OFS Field Injection: Revealing a Hidden Financial Attack Vector
Pentesting an API revealed an undocumented OFS Field Injection flaw that enables poisoned transactions without proper input validation.
TL;DR: Hide your headless bot by mimicking a WebView (Sec-Fetch and Client Hints inconsistencies)
https://ift.tt/wDqPFnW
Submitted December 16, 2025 at 07:15PM by theMiddleBlue
via reddit https://ift.tt/82qxhVO
https://ift.tt/wDqPFnW
Submitted December 16, 2025 at 07:15PM by theMiddleBlue
via reddit https://ift.tt/82qxhVO
Sicuranext Blog
Fight bad bot with Sec Fetch and Client Hints inconsistencies in headless browsers
For many of our e-commerce customers the problem of bad bots it's a everyday problem and has evolved a lot in the last few years. A common approach is to "block" automated traffic with a JavaScript challenge, basically a small noscript that the browser must…
Urban VPN Browser Extension Caught Harvesting AI Chat Conversations from Millions of Users
https://ift.tt/8v391dh
Submitted December 16, 2025 at 08:19PM by pfthurley
via reddit https://ift.tt/5mQcIxA
https://ift.tt/8v391dh
Submitted December 16, 2025 at 08:19PM by pfthurley
via reddit https://ift.tt/5mQcIxA
www.koi.ai
8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions | Koi Blog
GeminiJack: A prompt-injection challenge demonstrating real-world LLM abuse
https://ift.tt/dDouQre
Submitted December 16, 2025 at 10:27PM by appsec1337
via reddit https://ift.tt/p6V258q
https://ift.tt/dDouQre
Submitted December 16, 2025 at 10:27PM by appsec1337
via reddit https://ift.tt/p6V258q
Attempting Cross Translation Unit Taint Analysis for Firefox with Clang Static Analyzer
https://ift.tt/u6epFNr
Submitted December 16, 2025 at 10:16PM by tomrittervg
via reddit https://ift.tt/yhJg7Nn
https://ift.tt/u6epFNr
Submitted December 16, 2025 at 10:16PM by tomrittervg
via reddit https://ift.tt/yhJg7Nn
Attack & Defense
Attempting Cross Translation Unit Taint Analysis for Firefox
Preface
Pwning Santa before the bad guys do: A hybrid bug bounty / CTF for container isolation
https://ift.tt/kUtHq0Z
Submitted December 16, 2025 at 11:17PM by FreedomofPress
via reddit https://ift.tt/5G2t8v6
https://ift.tt/kUtHq0Z
Submitted December 16, 2025 at 11:17PM by FreedomofPress
via reddit https://ift.tt/5G2t8v6
dangerzone.rocks
Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF.
TruffleHog now detects JWTs with public-key signatures and verifies them for liveness
https://ift.tt/CcFTlnR
Submitted December 17, 2025 at 06:10AM by exploding_nun
via reddit https://ift.tt/8DxcuF4
https://ift.tt/CcFTlnR
Submitted December 17, 2025 at 06:10AM by exploding_nun
via reddit https://ift.tt/8DxcuF4
Trufflesecurity
TruffleHog now detects JWTs with public-key signatures and verifies them for liveness ◆ Truffle Security Co.
TruffleHog now detects JWTs signed with public-key cryptography and verifies them for liveness. This new detector has already found hundreds of live JWTs for our customers.
Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)
https://ift.tt/XSiJRm2
Submitted December 18, 2025 at 12:26AM by wtfse
via reddit https://ift.tt/mspiCjT
https://ift.tt/XSiJRm2
Submitted December 18, 2025 at 12:26AM by wtfse
via reddit https://ift.tt/mspiCjT
Mehmet Ince @mdisec
Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI…
It was yet another day at the office. Our team was internally discussing moving to a different platform analytics solution. Our team was really leaning more towards Posthog. It’s one of the brilliant -I personally believe it’s the best- products on the market.…
New research confirms what we suspected: every LLM tested can be exploited
https://ift.tt/tRNqIUz
Submitted December 18, 2025 at 03:47AM by CortexVortex1
via reddit https://ift.tt/SqBlXiE
https://ift.tt/tRNqIUz
Submitted December 18, 2025 at 03:47AM by CortexVortex1
via reddit https://ift.tt/SqBlXiE
ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities
https://ift.tt/UAdoWmh
Submitted December 18, 2025 at 03:04PM by elttam
via reddit https://ift.tt/iEXkNzU
https://ift.tt/UAdoWmh
Submitted December 18, 2025 at 03:04PM by elttam
via reddit https://ift.tt/iEXkNzU
Elttam
ORM Leaking More Than You Joined For - elttam
elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.
Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent
https://ift.tt/2fxs0QF
Submitted December 18, 2025 at 03:46PM by moviuro
via reddit https://ift.tt/getmdpO
https://ift.tt/2fxs0QF
Submitted December 18, 2025 at 03:46PM by moviuro
via reddit https://ift.tt/getmdpO
XM Cyber
JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent | XM Cyber
Learn more about JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent . Read more on XM Cyber website.
Active HubSpot Phishing Campaign
https://ift.tt/7whECiB
Submitted December 18, 2025 at 07:16PM by Deciqher_
via reddit https://ift.tt/lhQneIY
https://ift.tt/7whECiB
Submitted December 18, 2025 at 07:16PM by Deciqher_
via reddit https://ift.tt/lhQneIY
Evalian®
HubSpot users targeted by active phishing campaign
Evalian SOC investigates a phishing campaign targeting HubSpot users and how attackers used MailChimp & BEC to steal credentials.
I built a mitmproxy AI agent using 4000 paid security disclosures
https://ift.tt/bFYvmpZ
Submitted December 18, 2025 at 10:23PM by badhiyahai
via reddit https://ift.tt/wsKfE09
https://ift.tt/bFYvmpZ
Submitted December 18, 2025 at 10:23PM by badhiyahai
via reddit https://ift.tt/wsKfE09
instavm.io
InstaVM - Secure Execution of AI Generated Code
Execute code securely in isolated virtual machines with our high-performance cloud infrastructure.
Free STIX 2.1 Threat Intel Feed
https://ift.tt/UuVTrYS
Submitted December 19, 2025 at 12:23AM by IwantAMD
via reddit https://ift.tt/tCjV29n
https://ift.tt/UuVTrYS
Submitted December 19, 2025 at 12:23AM by IwantAMD
via reddit https://ift.tt/tCjV29n
pathfinding.cloud - A library of AWS IAM privilege escalation paths
https://ift.tt/UEVn8he
Submitted December 19, 2025 at 12:15AM by sethsec
via reddit https://ift.tt/p9PJZhF
https://ift.tt/UEVn8he
Submitted December 19, 2025 at 12:15AM by sethsec
via reddit https://ift.tt/p9PJZhF
Datadoghq
Introducing Pathfinding.cloud
Introducing Pathfinding.cloud, a library of AWS IAM privilege escalation paths
[Research] Geometric analysis of SHA-256: Finding 68% bit-match pairs through dimensional transformation
https://ift.tt/AonBey7
Submitted December 19, 2025 at 07:31AM by No_Arachnid_5563
via reddit https://ift.tt/ROraUh3
https://ift.tt/AonBey7
Submitted December 19, 2025 at 07:31AM by No_Arachnid_5563
via reddit https://ift.tt/ROraUh3
Remote Desktop access and IP address
https://ift.tt/rHW6oDB
Submitted December 19, 2025 at 07:25AM by Mission_Protection40
via reddit https://ift.tt/rMden9C
https://ift.tt/rHW6oDB
Submitted December 19, 2025 at 07:25AM by Mission_Protection40
via reddit https://ift.tt/rMden9C
TeamViewer
Remote desktop software—fast and secure | TeamViewer
Access your desktop computer or other devices remotely from home or on the road with our AI-enhanced remote desktop software. Trusted, secure, and fast.
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack
https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28
Submitted December 19, 2025 at 01:37PM by AlmondOffSec
via reddit https://ift.tt/gAJFTjb
https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28
Submitted December 19, 2025 at 01:37PM by AlmondOffSec
via reddit https://ift.tt/gAJFTjb
Gist
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack - writeup.md
Case study: enabling autonomous security assessments with AI (CAI framework)
https://ift.tt/gPqLyWc
Submitted December 19, 2025 at 05:17PM by Obvious-Language4462
via reddit https://ift.tt/c5brlHY
https://ift.tt/gPqLyWc
Submitted December 19, 2025 at 05:17PM by Obvious-Language4462
via reddit https://ift.tt/c5brlHY