Top Security News for Today
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Krebs on Security
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while…
Top Security News for Today
Efficient Deployment of CNN Models on Multiple In-Memory Computing Units
https://arxiv.org/abs/2502.03503
AI-Powered Citation Auditing: A Zero-Assumption Protocol for Systematic Reference Verification in Academic Research
https://arxiv.org/abs/2511.04682
RAS: A Bit-Exact rANS Accelerator For High-Performance Neural Lossless Compression
https://arxiv.org/abs/2511.04683
A hybrid solution approach for the Integrated Healthcare Timetabling Competition 2024
https://arxiv.org/abs/2511.04684
Stateful KV Cache Management for LLMs: Balancing Space, Time, Accuracy, and Positional Fidelity
https://arxiv.org/abs/2511.04685
New Attacks Against Secure Enclaves
https://www.schneier.com/blog/archives/2025/11/new-attacks-against-secure-enclaves.html
One Simple Mistake, Thousands at Risk - How Common Misconfigurations Could Lead to Massive Data Exposure
https://www.reddit.com/r/netsec/comments/1otba0s/one_simple_mistake_thousands_at_risk_how_common/
10th November – Threat Intelligence Report
https://research.checkpoint.com/2025/10th-november-threat-intelligence-report/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Efficient Deployment of CNN Models on Multiple In-Memory Computing Units
https://arxiv.org/abs/2502.03503
AI-Powered Citation Auditing: A Zero-Assumption Protocol for Systematic Reference Verification in Academic Research
https://arxiv.org/abs/2511.04682
RAS: A Bit-Exact rANS Accelerator For High-Performance Neural Lossless Compression
https://arxiv.org/abs/2511.04683
A hybrid solution approach for the Integrated Healthcare Timetabling Competition 2024
https://arxiv.org/abs/2511.04684
Stateful KV Cache Management for LLMs: Balancing Space, Time, Accuracy, and Positional Fidelity
https://arxiv.org/abs/2511.04685
New Attacks Against Secure Enclaves
https://www.schneier.com/blog/archives/2025/11/new-attacks-against-secure-enclaves.html
One Simple Mistake, Thousands at Risk - How Common Misconfigurations Could Lead to Massive Data Exposure
https://www.reddit.com/r/netsec/comments/1otba0s/one_simple_mistake_thousands_at_risk_how_common/
10th November – Threat Intelligence Report
https://research.checkpoint.com/2025/10th-november-threat-intelligence-report/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Analyzing limits for in-context learning
Our paper challenges claims from prior research that transformer-based models, when learning in context, implicitly implement standard learning algorithms. We present empirical evidence...
Top Security News for Today
Customized Retrieval-Augmented Generation with LLM for Debiasing Recommendation Unlearning
https://reporter.deepspecter.com/your-article-link-1
GreyShot: Zeroshot and Privacy-preserving Recommender System by GM(1,1) Model
https://arxiv.org/abs/2511.05494
IMDMR: An Intelligent Multi-Dimensional Memory Retrieval System for Enhanced Conversational AI
https://arxiv.org/abs/2511.05493
DOCUEVAL: An LLM-based AI Engineering Tool for Building Customisable Document Evaluation Workflows
https://arxiv.org/abs/2511.05495
Socially Aware Music Recommendation: A Multi-Modal Graph Neural Networks for Collaborative Music Consumption and Community-Based Engagement
https://arxiv.org/abs/2511.05496
Prompt Injection in AI Browsers
https://www.schneier.com/blog/archives/2025/11/prompt-injection-in-ai-browsers.html
Reconnoitre – Open-Source Reconnaissance and Service Enumeration Tool
https://www.darknet.org.uk/2025/11/reconnoitre-open-source-reconnaissance-and-service-enumeration-tool/
Microsoft Patch Tuesday, November 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/11/11/microsoft-patch-tuesday-november-2025-security-update-review
From Data Loss Prevention (DLP) to Modern Data Security
https://www.trendmicro.com/en_us/research/25/k/dlp-to-modern-data-security.html
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/11-11-2025
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Customized Retrieval-Augmented Generation with LLM for Debiasing Recommendation Unlearning
https://reporter.deepspecter.com/your-article-link-1
GreyShot: Zeroshot and Privacy-preserving Recommender System by GM(1,1) Model
https://arxiv.org/abs/2511.05494
IMDMR: An Intelligent Multi-Dimensional Memory Retrieval System for Enhanced Conversational AI
https://arxiv.org/abs/2511.05493
DOCUEVAL: An LLM-based AI Engineering Tool for Building Customisable Document Evaluation Workflows
https://arxiv.org/abs/2511.05495
Socially Aware Music Recommendation: A Multi-Modal Graph Neural Networks for Collaborative Music Consumption and Community-Based Engagement
https://arxiv.org/abs/2511.05496
Prompt Injection in AI Browsers
https://www.schneier.com/blog/archives/2025/11/prompt-injection-in-ai-browsers.html
Reconnoitre – Open-Source Reconnaissance and Service Enumeration Tool
https://www.darknet.org.uk/2025/11/reconnoitre-open-source-reconnaissance-and-service-enumeration-tool/
Microsoft Patch Tuesday, November 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/11/11/microsoft-patch-tuesday-november-2025-security-update-review
From Data Loss Prevention (DLP) to Modern Data Security
https://www.trendmicro.com/en_us/research/25/k/dlp-to-modern-data-security.html
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/11-11-2025
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
NHS patients to finally be informed if hackers published their STI and cancer test data
https://therecord.media/synnovis-healthcare-data-breach-notification-uk-patients
German extremist arrested over operating alleged darknet assassination marketplace
https://therecord.media/german-extremist-arrested-darknet-assassination-market
Google files lawsuit to disrupt massive ‘Lighthouse’ smishing scheme
https://therecord.media/google-files-lawsuit-to-disrupt-lighthouse-scam
Data broker Kochava agrees to change business practices to settle lawsuit
https://therecord.media/data-broker-kochava-business-change
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1ov4lab/is_it_citrixbleed4_well_no_is_it_good_also_no/
‘Advanced’ hacker seen exploiting Cisco, Citrix zero-days
https://therecord.media/advanced-hacker-exploiting-cisco-citrix-zero-days-amazon
British government unveils long-awaited landmark cybersecurity bill
https://therecord.media/british-gov-cybersecurity-law
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
NHS patients to finally be informed if hackers published their STI and cancer test data
https://therecord.media/synnovis-healthcare-data-breach-notification-uk-patients
German extremist arrested over operating alleged darknet assassination marketplace
https://therecord.media/german-extremist-arrested-darknet-assassination-market
Google files lawsuit to disrupt massive ‘Lighthouse’ smishing scheme
https://therecord.media/google-files-lawsuit-to-disrupt-lighthouse-scam
Data broker Kochava agrees to change business practices to settle lawsuit
https://therecord.media/data-broker-kochava-business-change
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1ov4lab/is_it_citrixbleed4_well_no_is_it_good_also_no/
‘Advanced’ hacker seen exploiting Cisco, Citrix zero-days
https://therecord.media/advanced-hacker-exploiting-cisco-citrix-zero-days-amazon
British government unveils long-awaited landmark cybersecurity bill
https://therecord.media/british-gov-cybersecurity-law
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
NHS patients to finally be informed if hackers published their STI and cancer test data
U.K. pathology services company Synnovis says it has begun notifying individuals if their sensitive healthcare data was posted online by a ransomware gang, 17 months after the incident.
Top Security News for Today
Operation Endgame: Police reveal takedowns of three key cybercrime tools
https://therecord.media/operation-endgame-cybercrime-takedowns-rhadamanthys-venomrat-elysium
The State of Ransomware – Q3 2025
https://research.checkpoint.com/2025/the-state-of-ransomware-q3-2025/
Google Sues to Disrupt Chinese SMS Phishing Triad
https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad/
Phishing campaign targets customers of major Italian web hosting provider
https://therecord.media/phishing-campaign-targets-italian-web-hosting-customers
Kazakhstan becomes latest country to ban 'LGBT propaganda' online
https://therecord.media/kazakhstan-legislation-ban-lgbtq-content-online-media
Drawbot: Let’s Hack Something Cute! — Atredis Partners
https://www.reddit.com/r/netsec/comments/1ow9xsv/drawbot_lets_hack_something_cute_atredis_partners/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Operation Endgame: Police reveal takedowns of three key cybercrime tools
https://therecord.media/operation-endgame-cybercrime-takedowns-rhadamanthys-venomrat-elysium
The State of Ransomware – Q3 2025
https://research.checkpoint.com/2025/the-state-of-ransomware-q3-2025/
Google Sues to Disrupt Chinese SMS Phishing Triad
https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad/
Phishing campaign targets customers of major Italian web hosting provider
https://therecord.media/phishing-campaign-targets-italian-web-hosting-customers
Kazakhstan becomes latest country to ban 'LGBT propaganda' online
https://therecord.media/kazakhstan-legislation-ban-lgbtq-content-online-media
Drawbot: Let’s Hack Something Cute! — Atredis Partners
https://www.reddit.com/r/netsec/comments/1ow9xsv/drawbot_lets_hack_something_cute_atredis_partners/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Operation Endgame: Police reveal takedowns of three key cybercrime tools
The Rhadamanthys infostealer, the VenomRAT remote access trojan and the Elysium botnet were targeted in the latest phase of the international police action known as Operation Endgame.
Top Security News for Today
The Role of Humans in an AI-Powered World
https://www.schneier.com/blog/archives/2025/11/the-role-of-humans-in-an-ai-powered-world.html
🚨 FIRST PUBLIC EVIDENCE: RedTail Cryptominer Targets Docker APIs
https://www.reddit.com/r/netsec/comments/1owqjcx/first_public_evidence_redtail_cryptominer_targets/
Khmer Spellchecking: A Holistic Approach
https://arxiv.org/abs/2511.09582
When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb (??) Auth. Bypass) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1owxxey/when_the_impersonation_function_gets_used_to/
Civil society decries digital rights ‘rollback' as European Commission pushes data protection changes
https://therecord.media/civil-society-privacy-rollback
Chinese state hackers used Anthropic AI systems in dozens of attacks
https://therecord.media/chinese-hackers-anthropic-cyberattacks
Upcoming Speaking Engagements
https://www.schneier.com/blog/archives/2025/11/upcoming-speaking-engagements-50.html
Unauthenticated Authentication Bypass in Fortinet FortiWeb (CVE-2025-64446) Exploited in the Wild
https://blog.qualys.com/vulnerabilities-threat-research/2025/11/14/unauthenticated-authentication-bypass-in-fortinet-fortiweb-cve-2025-64446-exploited-in-the-wild
Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million
https://therecord.media/multiple-us-nationals-guilty-pleas-north-korean-it-worker-scams
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Role of Humans in an AI-Powered World
https://www.schneier.com/blog/archives/2025/11/the-role-of-humans-in-an-ai-powered-world.html
🚨 FIRST PUBLIC EVIDENCE: RedTail Cryptominer Targets Docker APIs
https://www.reddit.com/r/netsec/comments/1owqjcx/first_public_evidence_redtail_cryptominer_targets/
Khmer Spellchecking: A Holistic Approach
https://arxiv.org/abs/2511.09582
When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb (??) Auth. Bypass) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1owxxey/when_the_impersonation_function_gets_used_to/
Civil society decries digital rights ‘rollback' as European Commission pushes data protection changes
https://therecord.media/civil-society-privacy-rollback
Chinese state hackers used Anthropic AI systems in dozens of attacks
https://therecord.media/chinese-hackers-anthropic-cyberattacks
Upcoming Speaking Engagements
https://www.schneier.com/blog/archives/2025/11/upcoming-speaking-engagements-50.html
Unauthenticated Authentication Bypass in Fortinet FortiWeb (CVE-2025-64446) Exploited in the Wild
https://blog.qualys.com/vulnerabilities-threat-research/2025/11/14/unauthenticated-authentication-bypass-in-fortinet-fortiweb-cve-2025-64446-exploited-in-the-wild
Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million
https://therecord.media/multiple-us-nationals-guilty-pleas-north-korean-it-worker-scams
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
The Role of Humans in an AI-Powered World - Schneier on Security
As AI capabilities grow, we must delineate the roles that should remain exclusively human. The line seems to be between fact-based decisions and judgment-based decisions. For example, in a medical context, if an AI was demonstrably better at reading a test…
Top Security News for Today
Face Scrapper Ai like faceSeek - netsec analysis
https://www.reddit.com/r/netsec/comments/1oxri7y/face_scrapper_ai_like_faceseek_netsec_analysis/
AT&T Data Breach Settlement Deadline Nears for Claims Up to $7,500
https://www.reddit.com/r/netsec/comments/1oxsa3s/att_data_breach_settlement_deadline_nears_for/
CyberRecon project
https://www.reddit.com/r/netsec/comments/1oxvw4q/cyberrecon_project/
NPMScan - Malicious NPM Package Detection & Security Scanner
https://www.reddit.com/r/netsec/comments/1oy1p2v/npmscan_malicious_npm_package_detection_security/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Face Scrapper Ai like faceSeek - netsec analysis
https://www.reddit.com/r/netsec/comments/1oxri7y/face_scrapper_ai_like_faceseek_netsec_analysis/
AT&T Data Breach Settlement Deadline Nears for Claims Up to $7,500
https://www.reddit.com/r/netsec/comments/1oxsa3s/att_data_breach_settlement_deadline_nears_for/
CyberRecon project
https://www.reddit.com/r/netsec/comments/1oxvw4q/cyberrecon_project/
NPMScan - Malicious NPM Package Detection & Security Scanner
https://www.reddit.com/r/netsec/comments/1oy1p2v/npmscan_malicious_npm_package_detection_security/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Face Scrapper Ai like faceSeek -netsec analysis
Posted by Few_Extension6813 - 21 votes and 1 comment
Top Security News for Today
Initial Access Brokers (IAB) in 2025 – From Dark Web Listings to Supply Chain Ransomware Events
https://www.darknet.org.uk/2025/11/initial-access-brokers-iab-in-2025-from-dark-web-listings-to-supply-chain-ransomware-events/
Claude AI ran autonomous espionage operations
https://www.reddit.com/r/netsec/comments/1oyis0z/claude_ai_ran_autonomous_espionage_operations/
NPMScan - Malicious NPM Package Detection & Security Scanner
https://www.reddit.com/r/netsec/comments/1oy1p2v/npmscan_malicious_npm_package_detection_security/
Trying to make CCNA learning more engaging for students
https://www.reddit.com/r/netsec/comments/1oyrn4t/trying_to_make_ccna_learning_more_engaging_for/
Microsoft Patch Tuesday, November 2025 Edition
https://krebsonsecurity.com/2025/11/microsoft-patch-tuesday-november-2025-edition/
mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers
https://www.darknet.org.uk/2025/11/mcp-scan-real-time-guardrail-monitoring-and-dynamic-proxy-for-mcp-servers/
what do you guys think of this undocumented behavior of "web for pentester 1?"
https://www.reddit.com/r/netsec/comments/1oz3zq7/what_do_you_guys_think_of_this_undocumented/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Initial Access Brokers (IAB) in 2025 – From Dark Web Listings to Supply Chain Ransomware Events
https://www.darknet.org.uk/2025/11/initial-access-brokers-iab-in-2025-from-dark-web-listings-to-supply-chain-ransomware-events/
Claude AI ran autonomous espionage operations
https://www.reddit.com/r/netsec/comments/1oyis0z/claude_ai_ran_autonomous_espionage_operations/
NPMScan - Malicious NPM Package Detection & Security Scanner
https://www.reddit.com/r/netsec/comments/1oy1p2v/npmscan_malicious_npm_package_detection_security/
Trying to make CCNA learning more engaging for students
https://www.reddit.com/r/netsec/comments/1oyrn4t/trying_to_make_ccna_learning_more_engaging_for/
Microsoft Patch Tuesday, November 2025 Edition
https://krebsonsecurity.com/2025/11/microsoft-patch-tuesday-november-2025-edition/
mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers
https://www.darknet.org.uk/2025/11/mcp-scan-real-time-guardrail-monitoring-and-dynamic-proxy-for-mcp-servers/
what do you guys think of this undocumented behavior of "web for pentester 1?"
https://www.reddit.com/r/netsec/comments/1oz3zq7/what_do_you_guys_think_of_this_undocumented/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Darknet - Hacking Tools, Hacker News & Cyber Security
Initial Access Brokers (IAB) in 2025 - From Dark Web Listings to Supply Chain Ransomware Events
Initial access brokers in 2025, how dark web access listings feed ransomware supply chain events like JLR, and what CISOs can do to detect and disrupt them
Top Security News for Today
CISA gives federal agencies one week to patch exploited Fortinet bug
https://therecord.media/fortinet-fortiweb-vulnerability-cisa-advisory
Logitech discloses data breach after Clop claims
https://therecord.media/logitech-discloses-data-breach-clop
Princeton University says database containing donor, alumni info breached
https://therecord.media/princeton-donor-alumni-database-breach
Pennsylvania attorney general says SSNs stolen during August ransomware attack
https://therecord.media/pennsylvania-attorney-general-office-data-breach-ssns
Kenyan gov't websites back online after hackers deface pages with white supremacist messages
https://therecord.media/kenyan-gov-websites-back-hack
A Cracker Barrel vulnerability
https://www.reddit.com/r/netsec/comments/1ozjng8/a_cracker_barrel_vulnerability/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
CISA gives federal agencies one week to patch exploited Fortinet bug
https://therecord.media/fortinet-fortiweb-vulnerability-cisa-advisory
Logitech discloses data breach after Clop claims
https://therecord.media/logitech-discloses-data-breach-clop
Princeton University says database containing donor, alumni info breached
https://therecord.media/princeton-donor-alumni-database-breach
Pennsylvania attorney general says SSNs stolen during August ransomware attack
https://therecord.media/pennsylvania-attorney-general-office-data-breach-ssns
Kenyan gov't websites back online after hackers deface pages with white supremacist messages
https://therecord.media/kenyan-gov-websites-back-hack
A Cracker Barrel vulnerability
https://www.reddit.com/r/netsec/comments/1ozjng8/a_cracker_barrel_vulnerability/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
CISA gives federal agencies one week to patch exploited Fortinet bug
U.S. government agencies have been given a shorter window than usual to patch a critical vulnerability affecting Fortinet's FortiWeb firewall product.
Top Security News for Today
Gotchas in Email Parsing - Lessons from Jakarta Mail
https://www.reddit.com/r/netsec/comments/1p084xf/gotchas_in_email_parsing_lessons_from_jakarta_mail/
AI and Voter Engagement
https://www.schneier.com/blog/archives/2025/11/ai-and-voter-engagement.html
Full renewal of state and local cyber grants program passes in House
https://therecord.media/state-local-cyber-grants-program-house-passage
Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses
https://www.trendmicro.com/en_us/research/25/k/s3-ransomware.html
MI5 warns of Chinese spies using LinkedIn to gain intel on lawmakers
https://therecord.media/mi5-warns-chinese-spies-using-linkedin-lawmakers
Russian suspect detained in Thailand is allegedly tied to Void Blizzard group
https://therecord.media/russian-arrested-thailand-allegedly-void-blizzard-apt-member
Ambient and autonomous security for the agentic era
https://www.microsoft.com/en-us/security/blog/2025/11/18/ambient-and-autonomous-security-for-the-agentic-era/
Agents built into your workflow: Get Security Copilot with Microsoft 365 E5
https://www.microsoft.com/en-us/security/blog/2025/11/18/agents-built-into-your-workflow-get-security-copilot-with-microsoft-365-e5/
Threat Actor "888" Claims LG Electronics Data Breach - Source Code and Hardcoded Credentials Allegedly Leaked [Unconfirmed]
https://www.reddit.com/r/netsec/comments/1p0ho9s/threat_actor_888_claims_lg_electronics_data/
ShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet | Oligo Security
https://www.reddit.com/r/netsec/comments/1p0evgu/shadowray_20_active_global_campaign_hijacks_ray/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Gotchas in Email Parsing - Lessons from Jakarta Mail
https://www.reddit.com/r/netsec/comments/1p084xf/gotchas_in_email_parsing_lessons_from_jakarta_mail/
AI and Voter Engagement
https://www.schneier.com/blog/archives/2025/11/ai-and-voter-engagement.html
Full renewal of state and local cyber grants program passes in House
https://therecord.media/state-local-cyber-grants-program-house-passage
Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses
https://www.trendmicro.com/en_us/research/25/k/s3-ransomware.html
MI5 warns of Chinese spies using LinkedIn to gain intel on lawmakers
https://therecord.media/mi5-warns-chinese-spies-using-linkedin-lawmakers
Russian suspect detained in Thailand is allegedly tied to Void Blizzard group
https://therecord.media/russian-arrested-thailand-allegedly-void-blizzard-apt-member
Ambient and autonomous security for the agentic era
https://www.microsoft.com/en-us/security/blog/2025/11/18/ambient-and-autonomous-security-for-the-agentic-era/
Agents built into your workflow: Get Security Copilot with Microsoft 365 E5
https://www.microsoft.com/en-us/security/blog/2025/11/18/agents-built-into-your-workflow-get-security-copilot-with-microsoft-365-e5/
Threat Actor "888" Claims LG Electronics Data Breach - Source Code and Hardcoded Credentials Allegedly Leaked [Unconfirmed]
https://www.reddit.com/r/netsec/comments/1p0ho9s/threat_actor_888_claims_lg_electronics_data/
ShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet | Oligo Security
https://www.reddit.com/r/netsec/comments/1p0evgu/shadowray_20_active_global_campaign_hijacks_ray/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Gotchas in Email Parsing - Lessons from Jakarta Mail
Posted by AnimalStrange - 1 vote and 0 comments
Top Security News for Today
China-aligned threat actor is conducting widespread cyberespionage campaigns
https://therecord.media/china-aligned-threat-actor-espionage-network-devices
IT threat evolution in Q3 2025. Mobile statistics
https://securelist.com/malware-report-q3-2025-mobile-statistics/118013/
IT threat evolution in Q3 2025. Non-mobile statistics
https://securelist.com/malware-report-q3-2025-pc-iot-statistics/118020/
Legal Restrictions on Vulnerability Disclosure
https://www.schneier.com/blog/archives/2025/11/legal-restrictions-on-vulnerability-disclosure.html
The Cloudflare Outage May Be a Security Roadmap
https://krebsonsecurity.com/2025/11/the-cloudflare-outage-may-be-a-security-roadmap/
Major Russian insurer facing widespread outages after cyberattack
https://therecord.media/russia-vsk-cyberattack-outages
European Commission ‘simplification’ proposal would weaken GDPR, AI regulations
https://therecord.media/european-commission-proposal-gdpr-ai-simplification
Canadian privacy regulators say schools share blame for PowerSchool hack
https://therecord.media/canadian-privacy-regulators-say-schools-share-blame-powerschool-hack
Fortinet FortiWeb Authentication Bypass – CVE-2025-64446
https://bishopfox.com/blog/fortinet-fortiweb-authentication-bypass-cve-2025-64446
US, allies sanction Russian bulletproof hosting services for ransomware support
https://therecord.media/bulletproof-hosting-sanctions-ransomware
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
China-aligned threat actor is conducting widespread cyberespionage campaigns
https://therecord.media/china-aligned-threat-actor-espionage-network-devices
IT threat evolution in Q3 2025. Mobile statistics
https://securelist.com/malware-report-q3-2025-mobile-statistics/118013/
IT threat evolution in Q3 2025. Non-mobile statistics
https://securelist.com/malware-report-q3-2025-pc-iot-statistics/118020/
Legal Restrictions on Vulnerability Disclosure
https://www.schneier.com/blog/archives/2025/11/legal-restrictions-on-vulnerability-disclosure.html
The Cloudflare Outage May Be a Security Roadmap
https://krebsonsecurity.com/2025/11/the-cloudflare-outage-may-be-a-security-roadmap/
Major Russian insurer facing widespread outages after cyberattack
https://therecord.media/russia-vsk-cyberattack-outages
European Commission ‘simplification’ proposal would weaken GDPR, AI regulations
https://therecord.media/european-commission-proposal-gdpr-ai-simplification
Canadian privacy regulators say schools share blame for PowerSchool hack
https://therecord.media/canadian-privacy-regulators-say-schools-share-blame-powerschool-hack
Fortinet FortiWeb Authentication Bypass – CVE-2025-64446
https://bishopfox.com/blog/fortinet-fortiweb-authentication-bypass-cve-2025-64446
US, allies sanction Russian bulletproof hosting services for ransomware support
https://therecord.media/bulletproof-hosting-sanctions-ransomware
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
China-aligned threat actor is conducting widespread cyberespionage campaigns
The threat group PlushDaemon uses routers and other network device implants to redirect domain name system (DNS) queries to malicious external servers which take over updates to unleash tools used for cyberespionage.
Top Security News for Today
Scam USPS and E-Z Pass Texts and Websites
https://www.schneier.com/blog/archives/2025/11/scam-usps-and-e-z-pass-texts-and-websites.html
Blockchain and Node.js abused by Tsundere: an emerging botnet
https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/
Inside the dark web job market
https://securelist.com/dark-web-job-market-2023-2025/118057/
Samourai Wallet crypto mixer’s co-founders sentenced to prison
https://therecord.media/samourai-wallet-crypto-mixer-founders-sentenced
Russia blacklists S.T.A.L.K.E.R. game developer, accusing it of aiding Ukraine’s war effort
https://therecord.media/russia-blacklists-stalker-game-developer
FCC spikes Biden-era cyber regulations prompted by Salt Typhoon telecom breaches
https://therecord.media/fcc-removes-biden-era-cybersecurity-rules-telecoms-salt-typhoon
New Android malware can capture private messages, researchers warn
https://therecord.media/new-android-malware-captures-private-messages
Esbuild XSS Bug That Survived 5B Downloads and Bypassed HTML Sanitization
https://www.reddit.com/r/netsec/comments/1p2jinz/esbuild_xss_bug_that_survived_5b_downloads_and/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Scam USPS and E-Z Pass Texts and Websites
https://www.schneier.com/blog/archives/2025/11/scam-usps-and-e-z-pass-texts-and-websites.html
Blockchain and Node.js abused by Tsundere: an emerging botnet
https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/
Inside the dark web job market
https://securelist.com/dark-web-job-market-2023-2025/118057/
Samourai Wallet crypto mixer’s co-founders sentenced to prison
https://therecord.media/samourai-wallet-crypto-mixer-founders-sentenced
Russia blacklists S.T.A.L.K.E.R. game developer, accusing it of aiding Ukraine’s war effort
https://therecord.media/russia-blacklists-stalker-game-developer
FCC spikes Biden-era cyber regulations prompted by Salt Typhoon telecom breaches
https://therecord.media/fcc-removes-biden-era-cybersecurity-rules-telecoms-salt-typhoon
New Android malware can capture private messages, researchers warn
https://therecord.media/new-android-malware-captures-private-messages
Esbuild XSS Bug That Survived 5B Downloads and Bypassed HTML Sanitization
https://www.reddit.com/r/netsec/comments/1p2jinz/esbuild_xss_bug_that_survived_5b_downloads_and/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Scam USPS and E-Z Pass Texts and Websites - Schneier on Security
Google has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing…
Top Security News for Today
Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack
https://therecord.media/transport-for-london-hack-scattered-spider-suspects-plead-not-guilty
Eguard: Defending LLM Embeddings Against Inversion Attacks via Text Mutual Information Optimization
https://arxiv.org/abs/2511.15712
Majority Rules: LLM Ensemble is a Winning Approach for Content Categorization
https://arxiv.org/abs/2511.15730
Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year
https://www.microsoft.com/en-us/security/blog/2025/11/21/microsoft-named-a-leader-in-the-gartner-magic-quadrant-for-access-management-for-the-ninth-consecutive-year/
China’s APT31 linked to hacks on Russian tech firms
https://therecord.media/russia-report-apt31-china-linked-hacks
Flock Safety cameras used to monitor protesters, rights group finds
https://therecord.media/flock-safety-rights-group-eff
Sliver C2 vulnerability enables attack on C2 operators through insecure Wireguard network
https://www.reddit.com/r/netsec/comments/1p2yexv/sliver_c2_vulnerability_enables_attack_on_c2/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack
https://therecord.media/transport-for-london-hack-scattered-spider-suspects-plead-not-guilty
Eguard: Defending LLM Embeddings Against Inversion Attacks via Text Mutual Information Optimization
https://arxiv.org/abs/2511.15712
Majority Rules: LLM Ensemble is a Winning Approach for Content Categorization
https://arxiv.org/abs/2511.15730
Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year
https://www.microsoft.com/en-us/security/blog/2025/11/21/microsoft-named-a-leader-in-the-gartner-magic-quadrant-for-access-management-for-the-ninth-consecutive-year/
China’s APT31 linked to hacks on Russian tech firms
https://therecord.media/russia-report-apt31-china-linked-hacks
Flock Safety cameras used to monitor protesters, rights group finds
https://therecord.media/flock-safety-rights-group-eff
Sliver C2 vulnerability enables attack on C2 operators through insecure Wireguard network
https://www.reddit.com/r/netsec/comments/1p2yexv/sliver_c2_vulnerability_enables_attack_on_c2/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack
Two U.K. teenagers pleaded not guilty to hacking the Transport for London agency in 2024 — an attack attributed to the Scattered Spider cybercrime group.
Top Security News for Today
Hitchhiker's Guide to Attack Surface Management
https://www.reddit.com/r/netsec/comments/1p4c2ih/hitchhikers_guide_to_attack_surface_management/
[Tool] Native JSONL viewer for analyzing massive security logs (Suricata, Zeek, EDR) without infrastructure overhead
https://www.reddit.com/r/netsec/comments/1p4fzrc/tool_native_jsonl_viewer_for_analyzing_massive/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hitchhiker's Guide to Attack Surface Management
https://www.reddit.com/r/netsec/comments/1p4c2ih/hitchhikers_guide_to_attack_surface_management/
[Tool] Native JSONL viewer for analyzing massive security logs (Suricata, Zeek, EDR) without infrastructure overhead
https://www.reddit.com/r/netsec/comments/1p4fzrc/tool_native_jsonl_viewer_for_analyzing_massive/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Hitchhiker's Guide to Attack Surface Management
Explore this post and more from the netsec community
Top Security News for Today
SmbCrawler – SMB Share Discovery and Secret-Hunting
https://www.darknet.org.uk/2025/11/smbcrawler-smb-share-discovery-and-secret-hunting/
I Analysed Over 3 Million Exposed Databases Using Netlas
https://www.reddit.com/r/netsec/comments/1p4jcmz/i_analysed_over_3_million_exposed_databases_using/
NocturneNotes — Secure Rust + GTK4 note‑taking with AES‑256‑GCM
https://www.reddit.com/r/netsec/comments/1p4k2p2/nocturnenotes_secure_rust_gtk4_notetaking_with/
Hitchhiker's Guide to Attack Surface Management
https://www.reddit.com/r/netsec/comments/1p4c2ih/hitchhikers_guide_to_attack_surface_management/
[Tool] Native JSONL viewer for analyzing massive security logs (Suricata, Zeek, EDR) without infrastructure overhead
https://www.reddit.com/r/netsec/comments/1p4fzrc/tool_native_jsonl_viewer_for_analyzing_massive/
The First Autonomous AI Cyberattack: Why SaaS Security Must Change
https://www.reddit.com/r/netsec/comments/1p4mx4j/the_first_autonomous_ai_cyberattack_why_saas/
A Reverse Engineer’s Anatomy of the macOS Boot Chain & Security Architecture
https://www.reddit.com/r/netsec/comments/1p54ody/a_reverse_engineers_anatomy_of_the_macos_boot/
Good and well-renowned Universities Worldwide for Master’s in Infosec (Preferably Europe - Public Universities; Open to Other countries/continents)
https://www.reddit.com/r/netsec/comments/1p53n9s/good_and_wellrenowned_universities_worldwide_for/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
SmbCrawler – SMB Share Discovery and Secret-Hunting
https://www.darknet.org.uk/2025/11/smbcrawler-smb-share-discovery-and-secret-hunting/
I Analysed Over 3 Million Exposed Databases Using Netlas
https://www.reddit.com/r/netsec/comments/1p4jcmz/i_analysed_over_3_million_exposed_databases_using/
NocturneNotes — Secure Rust + GTK4 note‑taking with AES‑256‑GCM
https://www.reddit.com/r/netsec/comments/1p4k2p2/nocturnenotes_secure_rust_gtk4_notetaking_with/
Hitchhiker's Guide to Attack Surface Management
https://www.reddit.com/r/netsec/comments/1p4c2ih/hitchhikers_guide_to_attack_surface_management/
[Tool] Native JSONL viewer for analyzing massive security logs (Suricata, Zeek, EDR) without infrastructure overhead
https://www.reddit.com/r/netsec/comments/1p4fzrc/tool_native_jsonl_viewer_for_analyzing_massive/
The First Autonomous AI Cyberattack: Why SaaS Security Must Change
https://www.reddit.com/r/netsec/comments/1p4mx4j/the_first_autonomous_ai_cyberattack_why_saas/
A Reverse Engineer’s Anatomy of the macOS Boot Chain & Security Architecture
https://www.reddit.com/r/netsec/comments/1p54ody/a_reverse_engineers_anatomy_of_the_macos_boot/
Good and well-renowned Universities Worldwide for Master’s in Infosec (Preferably Europe - Public Universities; Open to Other countries/continents)
https://www.reddit.com/r/netsec/comments/1p53n9s/good_and_wellrenowned_universities_worldwide_for/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Darknet - Hacking Tools, Hacker News & Cyber Security
SmbCrawler - SMB Share Discovery and Secret-Hunting
SmbCrawler is a credentialed SMB share crawler for red teams that discovers misconfigured shares and hunts secrets across Windows networks.
Top Security News for Today
Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime Within Hours
https://www.reddit.com/r/netsec/comments/1p5d4pm/shaihulud_returns_over_300_npm_packages_and_21k/
24th November – Threat Intelligence Report
https://research.checkpoint.com/2025/24th-november-threat-intelligence-report/
IACR Nullifies Election Because of Lost Decryption Key
https://www.schneier.com/blog/archives/2025/11/iacr-nullifies-election-because-of-lost-decryption-key.html
To buy or not to buy: How cybercriminals capitalize on Black Friday
https://securelist.com/black-friday-threat-report-2025/118083/
Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet
https://blog.qualys.com/vulnerabilities-threat-research/2025/11/24/zero-day-zero-the-ai-attack-that-just-ended-the-era-of-the-forgiving-internet
Is Your Android TV Streaming Box Part of a Botnet?
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime Within Hours
https://www.reddit.com/r/netsec/comments/1p5d4pm/shaihulud_returns_over_300_npm_packages_and_21k/
24th November – Threat Intelligence Report
https://research.checkpoint.com/2025/24th-november-threat-intelligence-report/
IACR Nullifies Election Because of Lost Decryption Key
https://www.schneier.com/blog/archives/2025/11/iacr-nullifies-election-because-of-lost-decryption-key.html
To buy or not to buy: How cybercriminals capitalize on Black Friday
https://securelist.com/black-friday-threat-report-2025/118083/
Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet
https://blog.qualys.com/vulnerabilities-threat-research/2025/11/24/zero-day-zero-the-ai-attack-that-just-ended-the-era-of-the-forgiving-internet
Is Your Android TV Streaming Box Part of a Botnet?
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime…
Posted by Fit_Wing3352 - 55 votes and 13 comments
Top Security News for Today
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
https://www.reddit.com/r/netsec/comments/1p69p56/stop_putting_your_passwords_into_random_websites/
Four Ways AI Is Being Used to Strengthen Democracies Worldwide
https://www.schneier.com/blog/archives/2025/11/four-ways-ai-is-being-used-to-strengthen-democracies-worldwide.html
How to Expand a Self-orthogonal Code
https://arxiv.org/abs/2511.17503
Covert Communication and Key Generation Over Quantum State-Dependent Channels
https://arxiv.org/abs/2511.17504
Causal Intervention Sequence Analysis for Fault Tracking in Radio Access Networks
https://arxiv.org/abs/2511.17505
AURA: Adaptive Unified Reasoning and Automation with LLM-Guided MARL for NextG Cellular Networks
https://arxiv.org/abs/2511.17506
The use of artificial intelligence in music creation: between interface and appropriation
https://arxiv.org/abs/2511.17507
Charting the future of SOC: Human and AI collaboration for better security
https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/charting-the-future-of-soc-human-and-ai-collaboration-for-better-security/4470688
Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like
https://www.darknet.org.uk/2025/11/systemic-ransomware-events-in-2025-how-jaguar-land-rover-showed-what-a-category-3-supply-chain-breach-looks-like/
$262 million stolen in account takeover fraud schemes this year, FBI says ahead of holiday season
https://therecord.media/millions-in-account-takeover-fbi-warns-ahead-of-holidays/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
https://www.reddit.com/r/netsec/comments/1p69p56/stop_putting_your_passwords_into_random_websites/
Four Ways AI Is Being Used to Strengthen Democracies Worldwide
https://www.schneier.com/blog/archives/2025/11/four-ways-ai-is-being-used-to-strengthen-democracies-worldwide.html
How to Expand a Self-orthogonal Code
https://arxiv.org/abs/2511.17503
Covert Communication and Key Generation Over Quantum State-Dependent Channels
https://arxiv.org/abs/2511.17504
Causal Intervention Sequence Analysis for Fault Tracking in Radio Access Networks
https://arxiv.org/abs/2511.17505
AURA: Adaptive Unified Reasoning and Automation with LLM-Guided MARL for NextG Cellular Networks
https://arxiv.org/abs/2511.17506
The use of artificial intelligence in music creation: between interface and appropriation
https://arxiv.org/abs/2511.17507
Charting the future of SOC: Human and AI collaboration for better security
https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/charting-the-future-of-soc-human-and-ai-collaboration-for-better-security/4470688
Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like
https://www.darknet.org.uk/2025/11/systemic-ransomware-events-in-2025-how-jaguar-land-rover-showed-what-a-category-3-supply-chain-breach-looks-like/
$262 million stolen in account takeover fraud schemes this year, FBI says ahead of holiday season
https://therecord.media/millions-in-account-takeover-fbi-warns-ahead-of-holidays/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) - watchTowr…
Explore this post and more from the netsec community
Top Security News for Today
Cyber ‘issue’ hits three London councils with shared IT services
https://therecord.media/cyber-issue-london-councils-attack
Municipal emergency warning service offline after hackers steal user data
https://therecord.media/emergency-warning-service-offline
Hackers exploit 3D design software to target game developers, animators
https://therecord.media/hackers-blender-software-malware
Thailand bans World iris scans, orders company to delete data
https://therecord.media/thailand-world-iris-scans-ban
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
House Energy and Commerce Committee unveils new draft children’s online safety bill
https://therecord.media/house-commttee-unveils-new-kosa-bill
At least 35,000 impacted by Dartmouth College breach through Oracle EBS campaign
https://therecord.media/dartmouth-data-breach-thousands
We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.
https://www.reddit.com/r/netsec/comments/1p71ntk/we_made_a_new_tool_quicdrawh3_because_http3_race/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Cyber ‘issue’ hits three London councils with shared IT services
https://therecord.media/cyber-issue-london-councils-attack
Municipal emergency warning service offline after hackers steal user data
https://therecord.media/emergency-warning-service-offline
Hackers exploit 3D design software to target game developers, animators
https://therecord.media/hackers-blender-software-malware
Thailand bans World iris scans, orders company to delete data
https://therecord.media/thailand-world-iris-scans-ban
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
House Energy and Commerce Committee unveils new draft children’s online safety bill
https://therecord.media/house-commttee-unveils-new-kosa-bill
At least 35,000 impacted by Dartmouth College breach through Oracle EBS campaign
https://therecord.media/dartmouth-data-breach-thousands
We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.
https://www.reddit.com/r/netsec/comments/1p71ntk/we_made_a_new_tool_quicdrawh3_because_http3_race/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Cyber ‘issue’ hits three London councils with shared IT services
A cybersecurity incident is affecting at least three London councils, including local authorities governing some of the capital’s wealthiest districts.
Top Security News for Today
Tomiris wreaks Havoc: New tools and techniques of the APT group
https://securelist.com/tomiris-new-tools/118143/
Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems
https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html
Poland detains Russian citizen suspected of hacking local firms
https://therecord.media/poland-detains-russian-citizen-accused-of-hacks
Taking down Next.js servers for 0.0001 cents a pop
https://www.reddit.com/r/netsec/comments/1p7ou7q/taking_down_nextjs_servers_for_00001_cents_a_pop/
Desktop Application Security Verification Standard - DASVS
https://www.reddit.com/r/netsec/comments/1p7fgts/desktop_application_security_verification/
Prepared Statements? Prepared to Be Vulnerable.
https://www.reddit.com/r/netsec/comments/1p7kdlz/prepared_statements_prepared_to_be_vulnerable/
The minefield between syntaxes: exploiting syntax confusions in the wild
https://www.reddit.com/r/netsec/comments/1p89lx1/the_minefield_between_syntaxes_exploiting_syntax/
Write Path Traversal to a RCE Art Department
https://www.reddit.com/r/netsec/comments/1p8hxad/write_path_traversal_to_a_rce_art_department/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tomiris wreaks Havoc: New tools and techniques of the APT group
https://securelist.com/tomiris-new-tools/118143/
Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems
https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html
Poland detains Russian citizen suspected of hacking local firms
https://therecord.media/poland-detains-russian-citizen-accused-of-hacks
Taking down Next.js servers for 0.0001 cents a pop
https://www.reddit.com/r/netsec/comments/1p7ou7q/taking_down_nextjs_servers_for_00001_cents_a_pop/
Desktop Application Security Verification Standard - DASVS
https://www.reddit.com/r/netsec/comments/1p7fgts/desktop_application_security_verification/
Prepared Statements? Prepared to Be Vulnerable.
https://www.reddit.com/r/netsec/comments/1p7kdlz/prepared_statements_prepared_to_be_vulnerable/
The minefield between syntaxes: exploiting syntax confusions in the wild
https://www.reddit.com/r/netsec/comments/1p89lx1/the_minefield_between_syntaxes_exploiting_syntax/
Write Path Traversal to a RCE Art Department
https://www.reddit.com/r/netsec/comments/1p8hxad/write_path_traversal_to_a_rce_art_department/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2
Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.
Top Security News for Today
California law regulating web browsers could have national data privacy impact, experts say
https://therecord.media/california-web-browser-law-national-implications
Japanese beer giant Asahi says ransomware attack may have exposed data of 1.5 million people
https://therecord.media/asahi-says-ransomware-incident-exposed-data
Prompt Injection Through Poetry
https://www.schneier.com/blog/archives/2025/11/prompt-injection-through-poetry.html
Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
https://www.schneier.com/blog/archives/2025/11/friday-squid-blogging-flying-neon-squid-found-on-israeli-beach.html
CTF challenge Malware Busters
https://www.reddit.com/r/netsec/comments/1p96zhu/ctf_challenge_malware_busters/
We have achieved FreeBSD 15.0-REL with KDE Plasma
https://taosecurity.blogspot.com/2025/11/we-have-achieved-freebsd-150-rel-with.html
What REALLY Happens When You Move the Mouse Pointer
https://www.reddit.com/r/lowlevel/comments/1p9jpf0/what_really_happens_when_you_move_the_mouse/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
California law regulating web browsers could have national data privacy impact, experts say
https://therecord.media/california-web-browser-law-national-implications
Japanese beer giant Asahi says ransomware attack may have exposed data of 1.5 million people
https://therecord.media/asahi-says-ransomware-incident-exposed-data
Prompt Injection Through Poetry
https://www.schneier.com/blog/archives/2025/11/prompt-injection-through-poetry.html
Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
https://www.schneier.com/blog/archives/2025/11/friday-squid-blogging-flying-neon-squid-found-on-israeli-beach.html
CTF challenge Malware Busters
https://www.reddit.com/r/netsec/comments/1p96zhu/ctf_challenge_malware_busters/
We have achieved FreeBSD 15.0-REL with KDE Plasma
https://taosecurity.blogspot.com/2025/11/we-have-achieved-freebsd-150-rel-with.html
What REALLY Happens When You Move the Mouse Pointer
https://www.reddit.com/r/lowlevel/comments/1p9jpf0/what_really_happens_when_you_move_the_mouse/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
California law regulating web browsers could have national data privacy impact, experts say
Tech companies may universally offer an opt-out capability required by California law as a way to avoid having multiple versions of browsers and ask questions about residency.
Top Security News for Today
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
https://www.reddit.com/r/netsec/comments/1p9oick/analysis_of_8_foundational_cache_poisoning/
Beyond Nmap: Building Custom Recon Pipelines
https://www.reddit.com/r/netsec/comments/1p9s2jn/beyond_nmap_building_custom_recon_pipelines/
Simulating a Water Control System in my Home Office
https://www.reddit.com/r/netsec/comments/1p9u4kq/simulating_a_water_control_system_in_my_home/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
https://www.reddit.com/r/netsec/comments/1p9oick/analysis_of_8_foundational_cache_poisoning/
Beyond Nmap: Building Custom Recon Pipelines
https://www.reddit.com/r/netsec/comments/1p9s2jn/beyond_nmap_building_custom_recon_pipelines/
Simulating a Water Control System in my Home Office
https://www.reddit.com/r/netsec/comments/1p9u4kq/simulating_a_water_control_system_in_my_home/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
Posted by Empty_Hacker - 1 vote and 0 comments