Top Security News for Today
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
https://www.reddit.com/r/netsec/comments/1ps3taw/vulnhalla_picking_the_true_vulnerabilities_from/
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514
https://www.reddit.com/r/netsec/comments/1psq0mx/when_oauth_becomes_a_weapon_lessons_from/
CAPIO: Safe Kernel-Bypass of Commodity Devices using Capabilities
https://arxiv.org/abs/2512.16965
MemoryGraft: Persistent Compromise of LLM Agents via Poisoned Experience Retrieval
https://arxiv.org/abs/2512.17045
AutoDFBench 1.0: A Benchmarking Framework for Digital Forensic Tool Testing and Generated Code Evaluation
https://arxiv.org/abs/2512.17029
Adversarial VR: An Open-Source Testbed for Evaluating Adversarial Robustness of VR Cybersickness Detection and Mitigation
https://arxiv.org/abs/2512.16957
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
https://www.reddit.com/r/netsec/comments/1ps3taw/vulnhalla_picking_the_true_vulnerabilities_from/
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514
https://www.reddit.com/r/netsec/comments/1psq0mx/when_oauth_becomes_a_weapon_lessons_from/
CAPIO: Safe Kernel-Bypass of Commodity Devices using Capabilities
https://arxiv.org/abs/2512.16965
MemoryGraft: Persistent Compromise of LLM Agents via Poisoned Experience Retrieval
https://arxiv.org/abs/2512.17045
AutoDFBench 1.0: A Benchmarking Framework for Digital Forensic Tool Testing and Generated Code Evaluation
https://arxiv.org/abs/2512.17029
Adversarial VR: An Open-Source Testbed for Evaluating Adversarial Robustness of VR Cybersickness Detection and Mitigation
https://arxiv.org/abs/2512.16957
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
Explore this post and more from the netsec community
Top Security News for Today
Cyberctf.space - Early Access Open
https://www.reddit.com/r/netsec/comments/1psvcrn/cyberctfspace_early_access_open/
Microsoft Brokering File System Elevation of Privilege Vulnerability (CVE--2025-29970)
https://www.reddit.com/r/netsec/comments/1psw1qq/microsoft_brokering_file_system_elevation_of/
22nd December – Threat Intelligence Report
https://research.checkpoint.com/2025/22nd-december-threat-intelligence-report/
Romanian national water agency hit by BitLocker ransomware attack
https://therecord.media/romania-national-water-agency-ransomware-attack
Nefilim ransomware hacker pleads guilty to computer fraud
https://therecord.media/nefilim-ransomware-hacker-fraud
I caught a Rust DDoS botnet on my honeypot
https://www.reddit.com/r/netsec/comments/1pt2tv0/i_caught_a_rust_ddos_botnet_on_my_honeypot/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Cyberctf.space - Early Access Open
https://www.reddit.com/r/netsec/comments/1psvcrn/cyberctfspace_early_access_open/
Microsoft Brokering File System Elevation of Privilege Vulnerability (CVE--2025-29970)
https://www.reddit.com/r/netsec/comments/1psw1qq/microsoft_brokering_file_system_elevation_of/
22nd December – Threat Intelligence Report
https://research.checkpoint.com/2025/22nd-december-threat-intelligence-report/
Romanian national water agency hit by BitLocker ransomware attack
https://therecord.media/romania-national-water-agency-ransomware-attack
Nefilim ransomware hacker pleads guilty to computer fraud
https://therecord.media/nefilim-ransomware-hacker-fraud
I caught a Rust DDoS botnet on my honeypot
https://www.reddit.com/r/netsec/comments/1pt2tv0/i_caught_a_rust_ddos_botnet_on_my_honeypot/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Cyberctf.space - Early Access Open
Posted by Royal_Independent517 - 1 vote and 0 comments
Top Security News for Today
US disrupts multimillion-dollar bank account takeover operation targeting Americans
https://therecord.media/us-disrupts-bank-account-takeover-operation-web3adspanels
Denmark Accuses Russia of Conducting Two Cyberattacks
https://www.schneier.com/blog/archives/2025/12/denmark-accuses-russia-of-conducting-two-cyberattacks.html
SEC sues crypto firms for defrauding investors out of $14 million
https://therecord.media/sec-sues-crypto-firms-defrauding-investors-14-million
More than 22 million Aflac customers impacted by June data breach
https://therecord.media/22-million-impacted-aflac-breach
What Does it Take to Manage Cloud Risk?
https://www.trendmicro.com/en_us/research/25/l/managing-cloud-risk.html
Bishop Fox Wrapped: Research Worth Replaying
https://bishopfox.com/blog/wrapped
Dissecting a Multi-Stage macOS Infostealer
https://www.reddit.com/r/netsec/comments/1pu7nem/dissecting_a_multistage_macos_infostealer/
Guide to preventing the most common enterprise social engineering attacks
https://www.reddit.com/r/netsec/comments/1pu6gnr/guide_to_preventing_the_most_common_enterprise/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
US disrupts multimillion-dollar bank account takeover operation targeting Americans
https://therecord.media/us-disrupts-bank-account-takeover-operation-web3adspanels
Denmark Accuses Russia of Conducting Two Cyberattacks
https://www.schneier.com/blog/archives/2025/12/denmark-accuses-russia-of-conducting-two-cyberattacks.html
SEC sues crypto firms for defrauding investors out of $14 million
https://therecord.media/sec-sues-crypto-firms-defrauding-investors-14-million
More than 22 million Aflac customers impacted by June data breach
https://therecord.media/22-million-impacted-aflac-breach
What Does it Take to Manage Cloud Risk?
https://www.trendmicro.com/en_us/research/25/l/managing-cloud-risk.html
Bishop Fox Wrapped: Research Worth Replaying
https://bishopfox.com/blog/wrapped
Dissecting a Multi-Stage macOS Infostealer
https://www.reddit.com/r/netsec/comments/1pu7nem/dissecting_a_multistage_macos_infostealer/
Guide to preventing the most common enterprise social engineering attacks
https://www.reddit.com/r/netsec/comments/1pu6gnr/guide_to_preventing_the_most_common_enterprise/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
US disrupts multimillion-dollar bank account takeover operation targeting Americans
Crooks used fraudulent ads on major search engines to mimic banks and harvest people's login credentials, netting at least $14.6 million, the U.S. authorities said in announcing a takedown of the operation.
Top Security News for Today
Cyber volunteer effort for small water utilities announces new MSSP effort
https://therecord.media/cyber-volunteer-water-utility-mssp
Urban VPN Proxy Surreptitiously Intercepts AI Chats
https://www.schneier.com/blog/archives/2025/12/urban-vpn-proxy-surreptitiously-intercepts-ai-chats.html
QoS-Aware Dynamic CU Selection in O-RAN with Graph-Based Reinforcement Learning
https://arxiv.org/abs/2512.19696
Automated Fault Detection in 5G Core Networks Using Large Language Models
https://arxiv.org/abs/2512.19697
Smoothing Rough Edges of IPv6 in VPNs
https://arxiv.org/abs/2512.19698
Holographic MIMO Empowered NOMA-ISAC for 6G: Rate-Splitting Enhanced Near-Field Modeling, Multi-Objective Optimization, and Statistical Performance Validation
https://arxiv.org/abs/2512.19699
ServiceNow to acquire cyber firm Armis in $7.75 billion deal
https://therecord.media/servicenow-cyber-armis-acquisition
WebSocket RCE in the CurseForge Launcher
https://www.reddit.com/r/netsec/comments/1pv0p4f/websocket_rce_in_the_curseforge_launcher/
Automated Red-Teaming Framework for Large Language Model Security Assessment: A Comprehensive Attack Generation and Detection System
https://arxiv.org/abs/2512.20705
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Cyber volunteer effort for small water utilities announces new MSSP effort
https://therecord.media/cyber-volunteer-water-utility-mssp
Urban VPN Proxy Surreptitiously Intercepts AI Chats
https://www.schneier.com/blog/archives/2025/12/urban-vpn-proxy-surreptitiously-intercepts-ai-chats.html
QoS-Aware Dynamic CU Selection in O-RAN with Graph-Based Reinforcement Learning
https://arxiv.org/abs/2512.19696
Automated Fault Detection in 5G Core Networks Using Large Language Models
https://arxiv.org/abs/2512.19697
Smoothing Rough Edges of IPv6 in VPNs
https://arxiv.org/abs/2512.19698
Holographic MIMO Empowered NOMA-ISAC for 6G: Rate-Splitting Enhanced Near-Field Modeling, Multi-Objective Optimization, and Statistical Performance Validation
https://arxiv.org/abs/2512.19699
ServiceNow to acquire cyber firm Armis in $7.75 billion deal
https://therecord.media/servicenow-cyber-armis-acquisition
WebSocket RCE in the CurseForge Launcher
https://www.reddit.com/r/netsec/comments/1pv0p4f/websocket_rce_in_the_curseforge_launcher/
Automated Red-Teaming Framework for Large Language Model Security Assessment: A Comprehensive Attack Generation and Detection System
https://arxiv.org/abs/2512.20705
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Cyber volunteer effort for small water utilities announces new MSSP effort
An organization is looking to develop a first-of-its-kind managed security service provider (MSSP) model tailored specifically for rural water utilities.
Top Security News for Today
LangGrinch: A Bug in the Library, A Lesson for the Architecture
https://www.reddit.com/r/netsec/comments/1pw1doh/langgrinch_a_bug_in_the_library_a_lesson_for_the/
Georgia arrests ex-spy chief over alleged protection of scam call centers
https://therecord.media/republic-of-georgia-former-spy-chief-arrested-scam-centers
Pro-Russian hackers claim attack on French postal service operator
https://therecord.media/pro-russia-hackers-claim-attack-la-poste
First verified SHA-256 second-preimage collision: Structural analysis of the W-schedule vulnerability
https://www.reddit.com/r/netsec/comments/1pwlp7g/first_verified_sha256_secondpreimage_collision/
IoT Hack
https://www.schneier.com/blog/archives/2025/12/iot-hack.html
Why are we worried about memory access semantics? Full barriers should be enough for anybody
https://www.reddit.com/r/lowlevel/comments/1pwcc1w/why_are_we_worried_about_memory_access_semantics/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
LangGrinch: A Bug in the Library, A Lesson for the Architecture
https://www.reddit.com/r/netsec/comments/1pw1doh/langgrinch_a_bug_in_the_library_a_lesson_for_the/
Georgia arrests ex-spy chief over alleged protection of scam call centers
https://therecord.media/republic-of-georgia-former-spy-chief-arrested-scam-centers
Pro-Russian hackers claim attack on French postal service operator
https://therecord.media/pro-russia-hackers-claim-attack-la-poste
First verified SHA-256 second-preimage collision: Structural analysis of the W-schedule vulnerability
https://www.reddit.com/r/netsec/comments/1pwlp7g/first_verified_sha256_secondpreimage_collision/
IoT Hack
https://www.schneier.com/blog/archives/2025/12/iot-hack.html
Why are we worried about memory access semantics? Full barriers should be enough for anybody
https://www.reddit.com/r/lowlevel/comments/1pwcc1w/why_are_we_worried_about_memory_access_semantics/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: LangGrinch: A Bug in the Library, A Lesson for the Architecture
Posted by hfti - 1 vote and 0 comments
Top Security News for Today
Why runtime attacks stay quiet for so long
https://www.reddit.com/r/netsec/comments/1pwu7xt/why_runtime_attacks_stay_quiet_for_so_long/
Mongobleed - CVE-2025-14847
https://www.reddit.com/r/netsec/comments/1pwxku1/mongobleed_cve202514847/
Implicit execution authority is the real failure mode behind prompt injection
https://www.reddit.com/r/netsec/comments/1px42f4/implicit_execution_authority_is_the_real_failure/
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
https://www.reddit.com/r/netsec/comments/1px7jzx/petlibro_your_pet_feeder_is_feeding_data_to/
Early warning signs of runtime compromise
https://www.reddit.com/r/netsec/comments/1pwznw0/early_warning_signs_of_runtime_compromise/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Why runtime attacks stay quiet for so long
https://www.reddit.com/r/netsec/comments/1pwu7xt/why_runtime_attacks_stay_quiet_for_so_long/
Mongobleed - CVE-2025-14847
https://www.reddit.com/r/netsec/comments/1pwxku1/mongobleed_cve202514847/
Implicit execution authority is the real failure mode behind prompt injection
https://www.reddit.com/r/netsec/comments/1px42f4/implicit_execution_authority_is_the_real_failure/
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
https://www.reddit.com/r/netsec/comments/1px7jzx/petlibro_your_pet_feeder_is_feeding_data_to/
Early warning signs of runtime compromise
https://www.reddit.com/r/netsec/comments/1pwznw0/early_warning_signs_of_runtime_compromise/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Why runtime attacks stay quiet for so long
Posted by OKAMI_TAMA - 0 votes and 1 comment
Top Security News for Today
Composition Theorems for f-Differential Privacy
https://arxiv.org/abs/2512.21358
Reflection-Driven Control for Trustworthy Code Agents
https://arxiv.org/abs/2512.21354
Power Side-Channel Analysis of the CVA6 RISC-V Core at the RTL Level Using VeriSide
https://arxiv.org/abs/2512.21362
Satellite Cybersecurity Across Orbital Altitudes: Analyzing Ground-Based Threats to LEO, MEO, and GEO
https://arxiv.org/abs/2512.21367
Key Length-Oriented Classification of Lightweight Cryptographic Algorithms for IoT Security
https://arxiv.org/abs/2512.21368
Static scans vs runtime reality
https://www.reddit.com/r/netsec/comments/1pyfwn6/static_scans_vs_runtime_reality/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Composition Theorems for f-Differential Privacy
https://arxiv.org/abs/2512.21358
Reflection-Driven Control for Trustworthy Code Agents
https://arxiv.org/abs/2512.21354
Power Side-Channel Analysis of the CVA6 RISC-V Core at the RTL Level Using VeriSide
https://arxiv.org/abs/2512.21362
Satellite Cybersecurity Across Orbital Altitudes: Analyzing Ground-Based Threats to LEO, MEO, and GEO
https://arxiv.org/abs/2512.21367
Key Length-Oriented Classification of Lightweight Cryptographic Algorithms for IoT Security
https://arxiv.org/abs/2512.21368
Static scans vs runtime reality
https://www.reddit.com/r/netsec/comments/1pyfwn6/static_scans_vs_runtime_reality/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Composition Theorems for f-Differential Privacy
"f differential privacy" (fDP) is a recent definition for privacy privacy which can offer improved predictions of "privacy loss". It has been used to analyse specific privacy mechanisms, such as...
Top Security News for Today
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
https://securelist.com/honeymyte-kernel-mode-rootkit/118590/
29th December – Threat Intelligence Report
https://research.checkpoint.com/2025/29th-december-threat-intelligence-report/
Are We Ready to Be Governed by Artificial Intelligence?
https://www.schneier.com/blog/archives/2025/12/are-we-ready-to-be-governed-by-artificial-intelligence.html
Coupang recovers smashed laptop that alleged data leaker threw into river
https://therecord.media/coupang-recovers-smashed-laptop-data-breach
French software company fined $2 million for cyber failings leading to data breach
https://therecord.media/french-software-fined-cnil
Happy 16th Birthday, KrebsOnSecurity.com!
https://krebsonsecurity.com/2025/12/happy-16th-birthday-krebsonsecurity-com/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
https://securelist.com/honeymyte-kernel-mode-rootkit/118590/
29th December – Threat Intelligence Report
https://research.checkpoint.com/2025/29th-december-threat-intelligence-report/
Are We Ready to Be Governed by Artificial Intelligence?
https://www.schneier.com/blog/archives/2025/12/are-we-ready-to-be-governed-by-artificial-intelligence.html
Coupang recovers smashed laptop that alleged data leaker threw into river
https://therecord.media/coupang-recovers-smashed-laptop-data-breach
French software company fined $2 million for cyber failings leading to data breach
https://therecord.media/french-software-fined-cnil
Happy 16th Birthday, KrebsOnSecurity.com!
https://krebsonsecurity.com/2025/12/happy-16th-birthday-krebsonsecurity-com/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
The HoneyMyte APT now protects malware with a kernel-mode rootkit
Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
Top Security News for Today
RMM Abuse in a Crypto Wallet Distribution Campaign
https://www.reddit.com/r/netsec/comments/1pztpnf/rmm_abuse_in_a_crypto_wallet_distribution_campaign/
Using AI-Generated Images to Get Refunds
https://www.schneier.com/blog/archives/2025/12/using-ai-generated-images-to-get-refunds.html
MonoM: Enhancing Monotonicity in Learned Cardinality Estimators
https://arxiv.org/abs/2512.22122
A Study of NP-Completeness and Undecidable Word Problems in Semigroups
https://arxiv.org/abs/2512.22123
GPU-Virt-Bench: A Comprehensive Benchmarking Framework for Software-Based GPU Virtualization Systems
https://arxiv.org/abs/2512.22125
Validation methodology on real data of reversible Kalman Filter for state estimation with Manifold
https://arxiv.org/abs/2512.22126
Impact of Sociality Regimes on Quality of Service and Energy Efficiency in Cell-Free MIMO Networks
https://arxiv.org/abs/2512.22127
Ransomware responders plead guilty to using ALPHV in attacks on US organizations
https://therecord.media/ransomware-responders-guilty-plea-using-alphv-blackcat-us-attacks
Treasury removes sanctions for three executives tied to spyware maker Intellexa
https://therecord.media/treasury-sanctions-intellexa-removed
GenAI DevOps: More Code, More Problems
https://bishopfox.com/blog/genai-devops-more-code-more-problems
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
RMM Abuse in a Crypto Wallet Distribution Campaign
https://www.reddit.com/r/netsec/comments/1pztpnf/rmm_abuse_in_a_crypto_wallet_distribution_campaign/
Using AI-Generated Images to Get Refunds
https://www.schneier.com/blog/archives/2025/12/using-ai-generated-images-to-get-refunds.html
MonoM: Enhancing Monotonicity in Learned Cardinality Estimators
https://arxiv.org/abs/2512.22122
A Study of NP-Completeness and Undecidable Word Problems in Semigroups
https://arxiv.org/abs/2512.22123
GPU-Virt-Bench: A Comprehensive Benchmarking Framework for Software-Based GPU Virtualization Systems
https://arxiv.org/abs/2512.22125
Validation methodology on real data of reversible Kalman Filter for state estimation with Manifold
https://arxiv.org/abs/2512.22126
Impact of Sociality Regimes on Quality of Service and Energy Efficiency in Cell-Free MIMO Networks
https://arxiv.org/abs/2512.22127
Ransomware responders plead guilty to using ALPHV in attacks on US organizations
https://therecord.media/ransomware-responders-guilty-plea-using-alphv-blackcat-us-attacks
Treasury removes sanctions for three executives tied to spyware maker Intellexa
https://therecord.media/treasury-sanctions-intellexa-removed
GenAI DevOps: More Code, More Problems
https://bishopfox.com/blog/genai-devops-more-code-more-problems
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: RMM Abuse in a Crypto Wallet Distribution Campaign
Explore this post and more from the netsec community
Top Security News for Today
Finland seizes ship suspected of damaging subsea cable in Baltic Sea
https://therecord.media/finland-seizes-ship-suspected-damaging-undersea-cable
RMM Abuse in a Crypto Wallet Distribution Campaign
https://www.reddit.com/r/netsec/comments/1pztpnf/rmm_abuse_in_a_crypto_wallet_distribution_campaign/
LinkedIn Job Scams
https://www.schneier.com/blog/archives/2025/12/linkedin-job-scams.html
Undefined reference linker error
https://www.reddit.com/r/lowlevel/comments/1q0m2hq/undefined_reference_linker_error/
Hello, This question popped into my mind a few days ago, and this is one of the only communities that allows this kind of question.
https://www.reddit.com/r/lowlevel/comments/1q0fq6n/hello_this_question_popped_into_my_mind_a_few/
NEW 'Off The Hook' ONLINE
https://www.2600.com/hook/31-12-2025
When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking
https://arxiv.org/abs/2512.23785
Application-Specific Power Side-Channel Attacks and Countermeasures: A Survey
https://arxiv.org/abs/2512.23778
SyncGait: Robust Long-Distance Authentication for Drone Delivery via Implicit Gait Behaviors
https://arxiv.org/abs/2512.23779
Prompt-Induced Over-Generation as Denial-of-Service: A Black-Box Attack-Side Benchmark
https://arxiv.org/abs/2512.23760
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Finland seizes ship suspected of damaging subsea cable in Baltic Sea
https://therecord.media/finland-seizes-ship-suspected-damaging-undersea-cable
RMM Abuse in a Crypto Wallet Distribution Campaign
https://www.reddit.com/r/netsec/comments/1pztpnf/rmm_abuse_in_a_crypto_wallet_distribution_campaign/
LinkedIn Job Scams
https://www.schneier.com/blog/archives/2025/12/linkedin-job-scams.html
Undefined reference linker error
https://www.reddit.com/r/lowlevel/comments/1q0m2hq/undefined_reference_linker_error/
Hello, This question popped into my mind a few days ago, and this is one of the only communities that allows this kind of question.
https://www.reddit.com/r/lowlevel/comments/1q0fq6n/hello_this_question_popped_into_my_mind_a_few/
NEW 'Off The Hook' ONLINE
https://www.2600.com/hook/31-12-2025
When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking
https://arxiv.org/abs/2512.23785
Application-Specific Power Side-Channel Attacks and Countermeasures: A Survey
https://arxiv.org/abs/2512.23778
SyncGait: Robust Long-Distance Authentication for Drone Delivery via Implicit Gait Behaviors
https://arxiv.org/abs/2512.23779
Prompt-Induced Over-Generation as Denial-of-Service: A Black-Box Attack-Side Benchmark
https://arxiv.org/abs/2512.23760
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Finland seizes ship suspected of damaging subsea cable in Baltic Sea
Disruptions in telecommunications services were tracked to fresh damage of Baltic Sea cables, leading Finnish authorities to seize a ship suspected of sabotage.
Top Security News for Today
Built an SSRF Prevention Library
https://www.reddit.com/r/netsec/comments/1q13m87/built_an_ssrf_prevention_library/
The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance
https://www.reddit.com/r/netsec/comments/1q15r3i/the_story_of_a_perfect_exploit_chain_six_bugs/
Built an Automated Red-Team Tool to Find LLM Vulnerabilities. Most AI Apps Are Frighteningly Easy to Break.
https://www.reddit.com/r/netsec/comments/1q1l1aj/built_an_automated_redteam_tool_to_find_llm/
CAT: A Metric-Driven Framework for Analyzing the Consistency-Accuracy Relation of LLMs under Controlled Input Variations
https://arxiv.org/abs/2512.23711
Enriching Historical Records: An OCR and AI-Driven Approach for Database Integration
https://arxiv.org/abs/2512.24863
STED and Consistency Scoring: A Framework for Evaluating LLM Structured Output Reliability
https://arxiv.org/abs/2512.23872
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Built an SSRF Prevention Library
https://www.reddit.com/r/netsec/comments/1q13m87/built_an_ssrf_prevention_library/
The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance
https://www.reddit.com/r/netsec/comments/1q15r3i/the_story_of_a_perfect_exploit_chain_six_bugs/
Built an Automated Red-Team Tool to Find LLM Vulnerabilities. Most AI Apps Are Frighteningly Easy to Break.
https://www.reddit.com/r/netsec/comments/1q1l1aj/built_an_automated_redteam_tool_to_find_llm/
CAT: A Metric-Driven Framework for Analyzing the Consistency-Accuracy Relation of LLMs under Controlled Input Variations
https://arxiv.org/abs/2512.23711
Enriching Historical Records: An OCR and AI-Driven Approach for Database Integration
https://arxiv.org/abs/2512.24863
STED and Consistency Scoring: A Framework for Evaluating LLM Structured Output Reliability
https://arxiv.org/abs/2512.23872
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: built an SSRF prevention library
Posted by Inner-Combination177 - 1 vote and 0 comments
Top Security News for Today
Flock Exposes Its AI-Enabled Surveillance Cameras
https://www.schneier.com/blog/archives/2026/01/flock-exposes-its-ai-enabled-surveillance-cameras.html
The Kimwolf Botnet is Stalking Your Local Network
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
Finland arrests two crew members of ship suspected of cable break
https://therecord.media/finland-arrests-crew-ship-suspected-cable-break
Exposed: Shedding Blacklight on Online Privacy
https://arxiv.org/abs/2512.24041
Technical Analysis - MongoBleed (CVE-2025-14847): Memory Corruption in MongoDB
https://www.reddit.com/r/netsec/comments/1q23y3l/technical_analysis_mongobleed_cve202514847_memory/
Sedgwick confirms cyber incident affecting its major federal contractor subsidiary
https://therecord.media/sedgwick-cyber-incident-ransomware
European regulators take aim at X after Grok creates deepfake of minor
https://therecord.media/europe-regulators-grok-france
Pakistan-linked hackers target Indian government, universities in new spying campaign
https://therecord.media/pakistan-linked-hacking-group-targets-indian-orgs
Nearly 480,000 impacted by Covenant Health data breach
https://therecord.media/covenant-health-breach-qilin
Friday Squid Blogging: Squid Found in Light Fixture
https://www.schneier.com/blog/archives/2026/01/friday-squid-blogging-squid-found-in-light-fixture.html
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Flock Exposes Its AI-Enabled Surveillance Cameras
https://www.schneier.com/blog/archives/2026/01/flock-exposes-its-ai-enabled-surveillance-cameras.html
The Kimwolf Botnet is Stalking Your Local Network
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
Finland arrests two crew members of ship suspected of cable break
https://therecord.media/finland-arrests-crew-ship-suspected-cable-break
Exposed: Shedding Blacklight on Online Privacy
https://arxiv.org/abs/2512.24041
Technical Analysis - MongoBleed (CVE-2025-14847): Memory Corruption in MongoDB
https://www.reddit.com/r/netsec/comments/1q23y3l/technical_analysis_mongobleed_cve202514847_memory/
Sedgwick confirms cyber incident affecting its major federal contractor subsidiary
https://therecord.media/sedgwick-cyber-incident-ransomware
European regulators take aim at X after Grok creates deepfake of minor
https://therecord.media/europe-regulators-grok-france
Pakistan-linked hackers target Indian government, universities in new spying campaign
https://therecord.media/pakistan-linked-hacking-group-targets-indian-orgs
Nearly 480,000 impacted by Covenant Health data breach
https://therecord.media/covenant-health-breach-qilin
Friday Squid Blogging: Squid Found in Light Fixture
https://www.schneier.com/blog/archives/2026/01/friday-squid-blogging-squid-found-in-light-fixture.html
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Flock Exposes Its AI-Enabled Surveillance Cameras - Schneier on Security
404 Media has the story: Unlike many of Flock’s cameras, which are designed to capture license plates as people drive by, Flock’s Condor cameras are pan-tilt-zoom (PTZ) cameras designed to record and track people, not vehicles. Condor cameras can be set to…
Top Security News for Today
HardBit 4.0 Ransomware Evolution
https://www.reddit.com/r/netsec/comments/1q361ae/hardbit_40_ransomware_evolution/
Integer Factorization via Subset-Sum Reduction: A Heuristic Approach Suggesting Practical P=NPEquivalence
https://www.reddit.com/r/netsec/comments/1q3g8xh/integer_factorization_via_subsetsum_reductiona/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
HardBit 4.0 Ransomware Evolution
https://www.reddit.com/r/netsec/comments/1q361ae/hardbit_40_ransomware_evolution/
Integer Factorization via Subset-Sum Reduction: A Heuristic Approach Suggesting Practical P=NPEquivalence
https://www.reddit.com/r/netsec/comments/1q3g8xh/integer_factorization_via_subsetsum_reductiona/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: HardBit 4.0 Ransomware Evolution
Posted by AriannaLombardi76 - 5 votes and 0 comments
Top Security News for Today
Improving Multi-step RAG with Hypergraph-based Memory for Long-Context Complex Relational Modeling
https://arxiv.org/abs/2512.23959
Evaluating interface-based concealment in local data protection: threat model considerations
https://www.reddit.com/r/netsec/comments/1q4afh7/evaluating_interfacebased_concealment_in_local/
Overlooked Safety Vulnerability in LLMs: Malicious Intelligent Optimization Algorithm Request and its Jailbreak
https://arxiv.org/abs/2601.00213
Large Empirical Case Study: Go-Explore adapted for AI Red Team Testing
https://arxiv.org/abs/2601.00042
Evolution of Android's Permission-based Security Model and Challenges
https://arxiv.org/abs/2601.00252
Rectifying Adversarial Examples Using Their Vulnerabilities
https://arxiv.org/abs/2601.00270
From Consensus to Chaos: A Vulnerability Assessment of the RAFT Algorithm
https://arxiv.org/abs/2601.00273
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Improving Multi-step RAG with Hypergraph-based Memory for Long-Context Complex Relational Modeling
https://arxiv.org/abs/2512.23959
Evaluating interface-based concealment in local data protection: threat model considerations
https://www.reddit.com/r/netsec/comments/1q4afh7/evaluating_interfacebased_concealment_in_local/
Overlooked Safety Vulnerability in LLMs: Malicious Intelligent Optimization Algorithm Request and its Jailbreak
https://arxiv.org/abs/2601.00213
Large Empirical Case Study: Go-Explore adapted for AI Red Team Testing
https://arxiv.org/abs/2601.00042
Evolution of Android's Permission-based Security Model and Challenges
https://arxiv.org/abs/2601.00252
Rectifying Adversarial Examples Using Their Vulnerabilities
https://arxiv.org/abs/2601.00270
From Consensus to Chaos: A Vulnerability Assessment of the RAFT Algorithm
https://arxiv.org/abs/2601.00273
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Improving Multi-step RAG with Hypergraph-based Memory for...
Multi-step retrieval-augmented generation (RAG) has become a widely adopted strategy for enhancing large language models (LLMs) on tasks that demand global comprehension and intensive reasoning....
Top Security News for Today
Telegram Hosting World’s Largest Darknet Market
https://www.schneier.com/blog/archives/2026/01/telegram-hosting-worlds-largest-darknet-market.html
5th January – Threat Intelligence Report
https://research.checkpoint.com/2026/5th-january-threat-intelligence-report/
EU looking ‘very seriously’ at taking action against X over Grok
https://therecord.media/eu-grok-regulation-deepfake
Cyberattack forces British high school to close
https://therecord.media/cyberattack-british-high-school-closes
Russian hackers target European hospitality industry with ‘blue screen of death’ malware
https://therecord.media/russian-hackers-europe-hospitality-blue-screen
A practical guide to finding soundness bugs in ZK circuits
https://www.reddit.com/r/netsec/comments/1q5b20w/a_practical_guide_to_finding_soundness_bugs_in_zk/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Telegram Hosting World’s Largest Darknet Market
https://www.schneier.com/blog/archives/2026/01/telegram-hosting-worlds-largest-darknet-market.html
5th January – Threat Intelligence Report
https://research.checkpoint.com/2026/5th-january-threat-intelligence-report/
EU looking ‘very seriously’ at taking action against X over Grok
https://therecord.media/eu-grok-regulation-deepfake
Cyberattack forces British high school to close
https://therecord.media/cyberattack-british-high-school-closes
Russian hackers target European hospitality industry with ‘blue screen of death’ malware
https://therecord.media/russian-hackers-europe-hospitality-blue-screen
A practical guide to finding soundness bugs in ZK circuits
https://www.reddit.com/r/netsec/comments/1q5b20w/a_practical_guide_to_finding_soundness_bugs_in_zk/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Telegram Hosting World's Largest Darknet Market - Schneier on Security
Wired is reporting on Chinese darknet markets on Telegram. The ecosystem of marketplaces for Chinese-speaking crypto scammers hosted on the messaging service Telegram have now grown to be bigger than ever before, according to a new analysis from the crypto…
Top Security News for Today
UK government admits years of cyber policy have failed, announces reset
https://therecord.media/uk-government-cyber-action-plan
A Cyberattack Was Part of the US Assault on Venezuela
https://www.schneier.com/blog/archives/2026/01/a-cyberattack-was-part-of-the-us-assault-on-venezuela.html
Phishing actors exploit complex routing and misconfigurations to spoof domains
https://www.microsoft.com/en-us/security/blog/2026/01/06/phishing-actors-exploit-complex-routing-and-misconfigurations-to-spoof-domains/
Introducing the Microsoft Defender Experts Suite: Elevate your security with expert-led services
https://www.microsoft.com/en-us/security/blog/2026/01/06/introducing-the-microsoft-defender-experts-suite-elevate-your-security-with-expert-led-services/
A practical guide to finding soundness bugs in ZK circuits
https://www.reddit.com/r/netsec/comments/1q5b20w/a_practical_guide_to_finding_soundness_bugs_in_zk/
Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
https://www.reddit.com/r/netsec/comments/1q5k295/reverse_engineering_my_cloudconnected_escooter/
Proxying Flutter Traffic on Android with Claude
https://www.reddit.com/r/netsec/comments/1q5pocf/proxying_flutter_traffic_on_android_with_claude/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
UK government admits years of cyber policy have failed, announces reset
https://therecord.media/uk-government-cyber-action-plan
A Cyberattack Was Part of the US Assault on Venezuela
https://www.schneier.com/blog/archives/2026/01/a-cyberattack-was-part-of-the-us-assault-on-venezuela.html
Phishing actors exploit complex routing and misconfigurations to spoof domains
https://www.microsoft.com/en-us/security/blog/2026/01/06/phishing-actors-exploit-complex-routing-and-misconfigurations-to-spoof-domains/
Introducing the Microsoft Defender Experts Suite: Elevate your security with expert-led services
https://www.microsoft.com/en-us/security/blog/2026/01/06/introducing-the-microsoft-defender-experts-suite-elevate-your-security-with-expert-led-services/
A practical guide to finding soundness bugs in ZK circuits
https://www.reddit.com/r/netsec/comments/1q5b20w/a_practical_guide_to_finding_soundness_bugs_in_zk/
Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
https://www.reddit.com/r/netsec/comments/1q5k295/reverse_engineering_my_cloudconnected_escooter/
Proxying Flutter Traffic on Android with Claude
https://www.reddit.com/r/netsec/comments/1q5pocf/proxying_flutter_traffic_on_android_with_claude/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK government admits years of cyber policy have failed, announces reset
The current system of accountability has left much of the British government vulnerable to cyberattacks, according to a new Government Cyber Action Plan, with responsibilities for risk “unclear at all levels.”
Top Security News for Today
Alleged cyber scam kingpin arrested, extradited to China
https://therecord.media/alleged-cyber-scam-kingpin-cambodia-arrested-extradited
Cyberattack forces British high school to cancel classes and delay reopening
https://therecord.media/cyberattack-forces-british-high-school-to-delay-opening
Inside GoBruteforcer: AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns
https://research.checkpoint.com/2026/01/inside-gobruteforcer-ai-generated-server-defaults-weak-passwords-and-crypto-focused-campaigns/
Explore the latest Microsoft Incident Response proactive services for enhanced resilience
https://www.microsoft.com/en-us/security/blog/2026/01/07/explore-the-latest-microsoft-incident-response-proactive-services-for-enhanced-resilience/
Illinois state agency exposed personal data of 700,000 people
https://therecord.media/illinois-agency-exposed-data
Spanish airline Iberia attributes recent data breach claims to November incident
https://therecord.media/spanish-airline-attributes-recent-breach-allegation-to-nov-incident
Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858)
https://www.reddit.com/r/netsec/comments/1q6iw0y/ni8mare_unauthenticated_remote_code_execution_in/
Stalkerware operator pleads guilty in rare prosecution
https://therecord.media/stalkerware-guilty-plea-fleming
JA4 Fingerprinting Against AI Scrapers: A Practical Guide
https://www.reddit.com/r/netsec/comments/1q71l7v/ja4_fingerprinting_against_ai_scrapers_a/
How Real is Your Jailbreak? Fine-grained Jailbreak Evaluation with Anchored Reference
https://arxiv.org/abs/2601.03288
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Alleged cyber scam kingpin arrested, extradited to China
https://therecord.media/alleged-cyber-scam-kingpin-cambodia-arrested-extradited
Cyberattack forces British high school to cancel classes and delay reopening
https://therecord.media/cyberattack-forces-british-high-school-to-delay-opening
Inside GoBruteforcer: AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns
https://research.checkpoint.com/2026/01/inside-gobruteforcer-ai-generated-server-defaults-weak-passwords-and-crypto-focused-campaigns/
Explore the latest Microsoft Incident Response proactive services for enhanced resilience
https://www.microsoft.com/en-us/security/blog/2026/01/07/explore-the-latest-microsoft-incident-response-proactive-services-for-enhanced-resilience/
Illinois state agency exposed personal data of 700,000 people
https://therecord.media/illinois-agency-exposed-data
Spanish airline Iberia attributes recent data breach claims to November incident
https://therecord.media/spanish-airline-attributes-recent-breach-allegation-to-nov-incident
Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858)
https://www.reddit.com/r/netsec/comments/1q6iw0y/ni8mare_unauthenticated_remote_code_execution_in/
Stalkerware operator pleads guilty in rare prosecution
https://therecord.media/stalkerware-guilty-plea-fleming
JA4 Fingerprinting Against AI Scrapers: A Practical Guide
https://www.reddit.com/r/netsec/comments/1q71l7v/ja4_fingerprinting_against_ai_scrapers_a/
How Real is Your Jailbreak? Fine-grained Jailbreak Evaluation with Anchored Reference
https://arxiv.org/abs/2601.03288
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Alleged cyber scam kingpin arrested, extradited to China
Chen Zhi’s arrest is the latest chapter in the remarkable downfall of one of the country’s most prominent businesses, with holdings in the real estate, banking, entertainment and airline industries.
Top Security News for Today
ChatGPT Health feature draws concern from privacy critics over sensitive medical data
https://therecord.media/chatgpt-health-draws-concern-privacy-critics
Enhancing Retrieval-Augmented Generation with Two-Stage Retrieval: FlashRank Reranking and Query Expansion
https://arxiv.org/abs/2601.03258
Mastering the Game of Go with Self-play Experience Replay
https://arxiv.org/abs/2601.03259
CVE-2026-21876: OWASP Modsecurity CRS WAF bypass blogpost is out!
https://www.reddit.com/r/netsec/comments/1q7myyq/cve202621876_owasp_modsecurity_crs_waf_bypass/
US announces withdrawal from dozens of international treaties
https://therecord.media/us-announces-withdrawal-from-dozens-international-orgs
CISA sunsets 10 emergency directives thanks to evolution of exploited vulnerabilities catalog
https://therecord.media/cisa-sunsets-10-emergency-directives
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
ChatGPT Health feature draws concern from privacy critics over sensitive medical data
https://therecord.media/chatgpt-health-draws-concern-privacy-critics
Enhancing Retrieval-Augmented Generation with Two-Stage Retrieval: FlashRank Reranking and Query Expansion
https://arxiv.org/abs/2601.03258
Mastering the Game of Go with Self-play Experience Replay
https://arxiv.org/abs/2601.03259
CVE-2026-21876: OWASP Modsecurity CRS WAF bypass blogpost is out!
https://www.reddit.com/r/netsec/comments/1q7myyq/cve202621876_owasp_modsecurity_crs_waf_bypass/
US announces withdrawal from dozens of international treaties
https://therecord.media/us-announces-withdrawal-from-dozens-international-orgs
CISA sunsets 10 emergency directives thanks to evolution of exploited vulnerabilities catalog
https://therecord.media/cisa-sunsets-10-emergency-directives
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
ChatGPT Health feature draws concern from privacy critics over sensitive medical data
The artificial intelligence juggernaut in a blog post encouraged its hundreds of millions of users to connect medical records and wellness app data to the new health-focused chatbot feature, adding that it will be outfitted with extra data privacy protections.
Top Security News for Today
N/A
N/A
Palo Alto Crosswalk Signals Had Default Passwords
https://www.schneier.com/blog/archives/2026/01/palo-alto-crosswalk-signals-had-default-passwords.html
Former NSA insider Kosiba brought back as spy agency’s No. 2
https://therecord.media/timothy-kosiba-nsa-new-deputy-chief
MedPI: Evaluating AI Systems in Medical Patient-facing Interactions
https://arxiv.org/abs/2601.04195
RAGVUE: A Diagnostic View for Explainable and Automated Evaluation of Retrieval-Augmented Generation
https://arxiv.org/abs/2601.04196
Automatic Construction of Chinese Verb Collostruction Database
https://arxiv.org/abs/2601.04197
Identification of a Kalman filter: consistency of local solutions
https://arxiv.org/abs/2601.04198
Using Grok to Avoid Personal Attacks While Correcting Misinformation on X
https://therecord.media/using-grok-to-avoid-personal-attacks-while-correcting-misinformation-on-x
At least $26 million in crypto stolen from Truebit platform as crypto crime landscape evolves
https://therecord.media/26-million-in-crypto-stolen-truebit
Lawmakers call on app stores to remove Grok, X over sexualized deepfakes
https://therecord.media/lawmakers-call-on-app-stores-to-remove-grok-x
Basketball player arrested for alleged ransomware ties freed in Russia-France prisoner swap
https://therecord.media/france-frees-russian-basketball-player-ransomware-swap
Friday Squid Blogging: The Chinese Squid-Fishing Fleet off the Argentine Coast
https://www.schneier.com/blog/archives/2026/01/friday-squid-blogging-the-chinese-squid-fishing-fleet-off-the-argentine-coast.html
DVAIB: A deliberately vulnerable AI bank for practicing prompt injection and AI security attacks
https://www.reddit.com/r/netsec/comments/1q87uqn/dvaib_a_deliberately_vulnerable_ai_bank_for/
“The Conscience of a Hacker” is 40 today
https://www.reddit.com/r/netsec/comments/1q7wjjo/the_conscience_of_a_hacker_is_40_today/
[Article] Intercept: How MITM attacks work in Ethernet, IPv4 & IPv6
https://www.reddit.com/r/netsec/comments/1q89qxk/article_intercept_how_mitm_attacks_work_in/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
N/A
N/A
Palo Alto Crosswalk Signals Had Default Passwords
https://www.schneier.com/blog/archives/2026/01/palo-alto-crosswalk-signals-had-default-passwords.html
Former NSA insider Kosiba brought back as spy agency’s No. 2
https://therecord.media/timothy-kosiba-nsa-new-deputy-chief
MedPI: Evaluating AI Systems in Medical Patient-facing Interactions
https://arxiv.org/abs/2601.04195
RAGVUE: A Diagnostic View for Explainable and Automated Evaluation of Retrieval-Augmented Generation
https://arxiv.org/abs/2601.04196
Automatic Construction of Chinese Verb Collostruction Database
https://arxiv.org/abs/2601.04197
Identification of a Kalman filter: consistency of local solutions
https://arxiv.org/abs/2601.04198
Using Grok to Avoid Personal Attacks While Correcting Misinformation on X
https://therecord.media/using-grok-to-avoid-personal-attacks-while-correcting-misinformation-on-x
At least $26 million in crypto stolen from Truebit platform as crypto crime landscape evolves
https://therecord.media/26-million-in-crypto-stolen-truebit
Lawmakers call on app stores to remove Grok, X over sexualized deepfakes
https://therecord.media/lawmakers-call-on-app-stores-to-remove-grok-x
Basketball player arrested for alleged ransomware ties freed in Russia-France prisoner swap
https://therecord.media/france-frees-russian-basketball-player-ransomware-swap
Friday Squid Blogging: The Chinese Squid-Fishing Fleet off the Argentine Coast
https://www.schneier.com/blog/archives/2026/01/friday-squid-blogging-the-chinese-squid-fishing-fleet-off-the-argentine-coast.html
DVAIB: A deliberately vulnerable AI bank for practicing prompt injection and AI security attacks
https://www.reddit.com/r/netsec/comments/1q87uqn/dvaib_a_deliberately_vulnerable_ai_bank_for/
“The Conscience of a Hacker” is 40 today
https://www.reddit.com/r/netsec/comments/1q7wjjo/the_conscience_of_a_hacker_is_40_today/
[Article] Intercept: How MITM attacks work in Ethernet, IPv4 & IPv6
https://www.reddit.com/r/netsec/comments/1q89qxk/article_intercept_how_mitm_attacks_work_in/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Palo Alto Crosswalk Signals Had Default Passwords - Schneier on Security
Palo Alto’s crosswalk signals were hacked last year. Turns out the city never changed the default passwords.
Top Security News for Today
A small experiment to understand speculative execution via cache side effects
https://www.reddit.com/r/lowlevel/comments/1q9k9ad/a_small_experiment_to_understand_speculative/
Browser based tech support scam abusing full screen, input lock, and fake BSOD
https://www.reddit.com/r/netsec/comments/1q8z7h2/browser_based_tech_support_scam_abusing_full/
Gixy-Next: NGINX Configuration Security & Hardening Scanner
https://www.reddit.com/r/netsec/comments/1q9c7zg/gixynext_nginx_configuration_security_hardening/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
A small experiment to understand speculative execution via cache side effects
https://www.reddit.com/r/lowlevel/comments/1q9k9ad/a_small_experiment_to_understand_speculative/
Browser based tech support scam abusing full screen, input lock, and fake BSOD
https://www.reddit.com/r/netsec/comments/1q8z7h2/browser_based_tech_support_scam_abusing_full/
Gixy-Next: NGINX Configuration Security & Hardening Scanner
https://www.reddit.com/r/netsec/comments/1q9c7zg/gixynext_nginx_configuration_security_hardening/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: A small experiment to understand speculative execution via cache side effects
Explore this post and more from the lowlevel community