GeminiJack: A prompt-injection challenge demonstrating real-world LLM abuse
https://ift.tt/dDouQre
Submitted December 16, 2025 at 10:27PM by appsec1337
via reddit https://ift.tt/p6V258q
https://ift.tt/dDouQre
Submitted December 16, 2025 at 10:27PM by appsec1337
via reddit https://ift.tt/p6V258q
Attempting Cross Translation Unit Taint Analysis for Firefox with Clang Static Analyzer
https://ift.tt/u6epFNr
Submitted December 16, 2025 at 10:16PM by tomrittervg
via reddit https://ift.tt/yhJg7Nn
https://ift.tt/u6epFNr
Submitted December 16, 2025 at 10:16PM by tomrittervg
via reddit https://ift.tt/yhJg7Nn
Attack & Defense
Attempting Cross Translation Unit Taint Analysis for Firefox
Preface
Pwning Santa before the bad guys do: A hybrid bug bounty / CTF for container isolation
https://ift.tt/kUtHq0Z
Submitted December 16, 2025 at 11:17PM by FreedomofPress
via reddit https://ift.tt/5G2t8v6
https://ift.tt/kUtHq0Z
Submitted December 16, 2025 at 11:17PM by FreedomofPress
via reddit https://ift.tt/5G2t8v6
dangerzone.rocks
Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF.
TruffleHog now detects JWTs with public-key signatures and verifies them for liveness
https://ift.tt/CcFTlnR
Submitted December 17, 2025 at 06:10AM by exploding_nun
via reddit https://ift.tt/8DxcuF4
https://ift.tt/CcFTlnR
Submitted December 17, 2025 at 06:10AM by exploding_nun
via reddit https://ift.tt/8DxcuF4
Trufflesecurity
TruffleHog now detects JWTs with public-key signatures and verifies them for liveness ◆ Truffle Security Co.
TruffleHog now detects JWTs signed with public-key cryptography and verifies them for liveness. This new detector has already found hundreds of live JWTs for our customers.
Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)
https://ift.tt/XSiJRm2
Submitted December 18, 2025 at 12:26AM by wtfse
via reddit https://ift.tt/mspiCjT
https://ift.tt/XSiJRm2
Submitted December 18, 2025 at 12:26AM by wtfse
via reddit https://ift.tt/mspiCjT
Mehmet Ince @mdisec
Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI…
It was yet another day at the office. Our team was internally discussing moving to a different platform analytics solution. Our team was really leaning more towards Posthog. It’s one of the brilliant -I personally believe it’s the best- products on the market.…
New research confirms what we suspected: every LLM tested can be exploited
https://ift.tt/tRNqIUz
Submitted December 18, 2025 at 03:47AM by CortexVortex1
via reddit https://ift.tt/SqBlXiE
https://ift.tt/tRNqIUz
Submitted December 18, 2025 at 03:47AM by CortexVortex1
via reddit https://ift.tt/SqBlXiE
ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities
https://ift.tt/UAdoWmh
Submitted December 18, 2025 at 03:04PM by elttam
via reddit https://ift.tt/iEXkNzU
https://ift.tt/UAdoWmh
Submitted December 18, 2025 at 03:04PM by elttam
via reddit https://ift.tt/iEXkNzU
Elttam
ORM Leaking More Than You Joined For - elttam
elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.
Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent
https://ift.tt/2fxs0QF
Submitted December 18, 2025 at 03:46PM by moviuro
via reddit https://ift.tt/getmdpO
https://ift.tt/2fxs0QF
Submitted December 18, 2025 at 03:46PM by moviuro
via reddit https://ift.tt/getmdpO
XM Cyber
JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent | XM Cyber
Learn more about JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent . Read more on XM Cyber website.
Active HubSpot Phishing Campaign
https://ift.tt/7whECiB
Submitted December 18, 2025 at 07:16PM by Deciqher_
via reddit https://ift.tt/lhQneIY
https://ift.tt/7whECiB
Submitted December 18, 2025 at 07:16PM by Deciqher_
via reddit https://ift.tt/lhQneIY
Evalian®
HubSpot users targeted by active phishing campaign
Evalian SOC investigates a phishing campaign targeting HubSpot users and how attackers used MailChimp & BEC to steal credentials.
I built a mitmproxy AI agent using 4000 paid security disclosures
https://ift.tt/bFYvmpZ
Submitted December 18, 2025 at 10:23PM by badhiyahai
via reddit https://ift.tt/wsKfE09
https://ift.tt/bFYvmpZ
Submitted December 18, 2025 at 10:23PM by badhiyahai
via reddit https://ift.tt/wsKfE09
instavm.io
InstaVM - Secure Execution of AI Generated Code
Execute code securely in isolated virtual machines with our high-performance cloud infrastructure.
Free STIX 2.1 Threat Intel Feed
https://ift.tt/UuVTrYS
Submitted December 19, 2025 at 12:23AM by IwantAMD
via reddit https://ift.tt/tCjV29n
https://ift.tt/UuVTrYS
Submitted December 19, 2025 at 12:23AM by IwantAMD
via reddit https://ift.tt/tCjV29n
pathfinding.cloud - A library of AWS IAM privilege escalation paths
https://ift.tt/UEVn8he
Submitted December 19, 2025 at 12:15AM by sethsec
via reddit https://ift.tt/p9PJZhF
https://ift.tt/UEVn8he
Submitted December 19, 2025 at 12:15AM by sethsec
via reddit https://ift.tt/p9PJZhF
Datadoghq
Introducing Pathfinding.cloud
Introducing Pathfinding.cloud, a library of AWS IAM privilege escalation paths
[Research] Geometric analysis of SHA-256: Finding 68% bit-match pairs through dimensional transformation
https://ift.tt/AonBey7
Submitted December 19, 2025 at 07:31AM by No_Arachnid_5563
via reddit https://ift.tt/ROraUh3
https://ift.tt/AonBey7
Submitted December 19, 2025 at 07:31AM by No_Arachnid_5563
via reddit https://ift.tt/ROraUh3
Remote Desktop access and IP address
https://ift.tt/rHW6oDB
Submitted December 19, 2025 at 07:25AM by Mission_Protection40
via reddit https://ift.tt/rMden9C
https://ift.tt/rHW6oDB
Submitted December 19, 2025 at 07:25AM by Mission_Protection40
via reddit https://ift.tt/rMden9C
TeamViewer
Remote desktop software—fast and secure | TeamViewer
Access your desktop computer or other devices remotely from home or on the road with our AI-enhanced remote desktop software. Trusted, secure, and fast.
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack
https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28
Submitted December 19, 2025 at 01:37PM by AlmondOffSec
via reddit https://ift.tt/gAJFTjb
https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28
Submitted December 19, 2025 at 01:37PM by AlmondOffSec
via reddit https://ift.tt/gAJFTjb
Gist
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack - writeup.md
Case study: enabling autonomous security assessments with AI (CAI framework)
https://ift.tt/gPqLyWc
Submitted December 19, 2025 at 05:17PM by Obvious-Language4462
via reddit https://ift.tt/c5brlHY
https://ift.tt/gPqLyWc
Submitted December 19, 2025 at 05:17PM by Obvious-Language4462
via reddit https://ift.tt/c5brlHY
Breaking SAPCAR: Four Local Privilege Escalation Bugs in SAR Archive Parsing
https://ift.tt/w3rx72a
Submitted December 19, 2025 at 07:43PM by depierre
via reddit https://ift.tt/z2mhbD7
https://ift.tt/w3rx72a
Submitted December 19, 2025 at 07:43PM by depierre
via reddit https://ift.tt/z2mhbD7
Anvil Secure
Breaking SAPCAR: Four Local Privilege Escalation Bugs in SAR Archive Parsing - Anvil Secure
Principal Security Engineer Tao Sauvage uncovers four SAPCAR bugs, where parsing a SAR archive could lead to local privilege escalation.
Transforming InfoSec - How the next generation of security products should not require any IT knowledge
https://ift.tt/OLwWfEa
Submitted December 20, 2025 at 12:38AM by pathetiq
via reddit https://ift.tt/dQMoCTL
https://ift.tt/OLwWfEa
Submitted December 20, 2025 at 12:38AM by pathetiq
via reddit https://ift.tt/dQMoCTL
Security Autopsy
Transforming Cybersecurity - How the next generation of security products should not require any IT knowledge
We don’t lack cybersecurity ideas. We lack companies hiring juniors and products that are secure by default. These two problems are connected, and until we fix both, we’ll keep talking about a skills shortage while making it impossible to build a secure society.
TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering
https://ift.tt/grE5PyJ
Submitted December 20, 2025 at 02:25AM by _vavkamil_
via reddit https://ift.tt/j3VqpaL
https://ift.tt/grE5PyJ
Submitted December 20, 2025 at 02:25AM by _vavkamil_
via reddit https://ift.tt/j3VqpaL
evilsocket
TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
https://ift.tt/ydpkKhJ
Submitted December 21, 2025 at 04:17PM by ES_CY
via reddit https://ift.tt/Ff5Qd26
https://ift.tt/ydpkKhJ
Submitted December 21, 2025 at 04:17PM by ES_CY
via reddit https://ift.tt/Ff5Qd26
Cyberark
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
In this blog post, we present our approach for uncovering vulnerabilities by combining LLM reasoning with static analysis. By layering an LLM on top of CodeQL, we significantly reduce the...
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514
https://ift.tt/ZbLu20e
Submitted December 22, 2025 at 09:36AM by hfti
via reddit https://ift.tt/BMC1wT4
https://ift.tt/ZbLu20e
Submitted December 22, 2025 at 09:36AM by hfti
via reddit https://ift.tt/BMC1wT4
Amla Labs
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514 | Amla Labs
A critical vulnerability in mcp-remote affected 558,846 downloads. The bug was client-side, but the attack exploited OAuth dynamic discovery—a trust assumption that breaks for autonomous agents.