Top Security News for Today
China-aligned threat actor is conducting widespread cyberespionage campaigns
https://therecord.media/china-aligned-threat-actor-espionage-network-devices
IT threat evolution in Q3 2025. Mobile statistics
https://securelist.com/malware-report-q3-2025-mobile-statistics/118013/
IT threat evolution in Q3 2025. Non-mobile statistics
https://securelist.com/malware-report-q3-2025-pc-iot-statistics/118020/
Legal Restrictions on Vulnerability Disclosure
https://www.schneier.com/blog/archives/2025/11/legal-restrictions-on-vulnerability-disclosure.html
The Cloudflare Outage May Be a Security Roadmap
https://krebsonsecurity.com/2025/11/the-cloudflare-outage-may-be-a-security-roadmap/
Major Russian insurer facing widespread outages after cyberattack
https://therecord.media/russia-vsk-cyberattack-outages
European Commission ‘simplification’ proposal would weaken GDPR, AI regulations
https://therecord.media/european-commission-proposal-gdpr-ai-simplification
Canadian privacy regulators say schools share blame for PowerSchool hack
https://therecord.media/canadian-privacy-regulators-say-schools-share-blame-powerschool-hack
Fortinet FortiWeb Authentication Bypass – CVE-2025-64446
https://bishopfox.com/blog/fortinet-fortiweb-authentication-bypass-cve-2025-64446
US, allies sanction Russian bulletproof hosting services for ransomware support
https://therecord.media/bulletproof-hosting-sanctions-ransomware
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
China-aligned threat actor is conducting widespread cyberespionage campaigns
https://therecord.media/china-aligned-threat-actor-espionage-network-devices
IT threat evolution in Q3 2025. Mobile statistics
https://securelist.com/malware-report-q3-2025-mobile-statistics/118013/
IT threat evolution in Q3 2025. Non-mobile statistics
https://securelist.com/malware-report-q3-2025-pc-iot-statistics/118020/
Legal Restrictions on Vulnerability Disclosure
https://www.schneier.com/blog/archives/2025/11/legal-restrictions-on-vulnerability-disclosure.html
The Cloudflare Outage May Be a Security Roadmap
https://krebsonsecurity.com/2025/11/the-cloudflare-outage-may-be-a-security-roadmap/
Major Russian insurer facing widespread outages after cyberattack
https://therecord.media/russia-vsk-cyberattack-outages
European Commission ‘simplification’ proposal would weaken GDPR, AI regulations
https://therecord.media/european-commission-proposal-gdpr-ai-simplification
Canadian privacy regulators say schools share blame for PowerSchool hack
https://therecord.media/canadian-privacy-regulators-say-schools-share-blame-powerschool-hack
Fortinet FortiWeb Authentication Bypass – CVE-2025-64446
https://bishopfox.com/blog/fortinet-fortiweb-authentication-bypass-cve-2025-64446
US, allies sanction Russian bulletproof hosting services for ransomware support
https://therecord.media/bulletproof-hosting-sanctions-ransomware
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
China-aligned threat actor is conducting widespread cyberespionage campaigns
The threat group PlushDaemon uses routers and other network device implants to redirect domain name system (DNS) queries to malicious external servers which take over updates to unleash tools used for cyberespionage.
Top Security News for Today
Scam USPS and E-Z Pass Texts and Websites
https://www.schneier.com/blog/archives/2025/11/scam-usps-and-e-z-pass-texts-and-websites.html
Blockchain and Node.js abused by Tsundere: an emerging botnet
https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/
Inside the dark web job market
https://securelist.com/dark-web-job-market-2023-2025/118057/
Samourai Wallet crypto mixer’s co-founders sentenced to prison
https://therecord.media/samourai-wallet-crypto-mixer-founders-sentenced
Russia blacklists S.T.A.L.K.E.R. game developer, accusing it of aiding Ukraine’s war effort
https://therecord.media/russia-blacklists-stalker-game-developer
FCC spikes Biden-era cyber regulations prompted by Salt Typhoon telecom breaches
https://therecord.media/fcc-removes-biden-era-cybersecurity-rules-telecoms-salt-typhoon
New Android malware can capture private messages, researchers warn
https://therecord.media/new-android-malware-captures-private-messages
Esbuild XSS Bug That Survived 5B Downloads and Bypassed HTML Sanitization
https://www.reddit.com/r/netsec/comments/1p2jinz/esbuild_xss_bug_that_survived_5b_downloads_and/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Scam USPS and E-Z Pass Texts and Websites
https://www.schneier.com/blog/archives/2025/11/scam-usps-and-e-z-pass-texts-and-websites.html
Blockchain and Node.js abused by Tsundere: an emerging botnet
https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/
Inside the dark web job market
https://securelist.com/dark-web-job-market-2023-2025/118057/
Samourai Wallet crypto mixer’s co-founders sentenced to prison
https://therecord.media/samourai-wallet-crypto-mixer-founders-sentenced
Russia blacklists S.T.A.L.K.E.R. game developer, accusing it of aiding Ukraine’s war effort
https://therecord.media/russia-blacklists-stalker-game-developer
FCC spikes Biden-era cyber regulations prompted by Salt Typhoon telecom breaches
https://therecord.media/fcc-removes-biden-era-cybersecurity-rules-telecoms-salt-typhoon
New Android malware can capture private messages, researchers warn
https://therecord.media/new-android-malware-captures-private-messages
Esbuild XSS Bug That Survived 5B Downloads and Bypassed HTML Sanitization
https://www.reddit.com/r/netsec/comments/1p2jinz/esbuild_xss_bug_that_survived_5b_downloads_and/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Scam USPS and E-Z Pass Texts and Websites - Schneier on Security
Google has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing…
Top Security News for Today
Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack
https://therecord.media/transport-for-london-hack-scattered-spider-suspects-plead-not-guilty
Eguard: Defending LLM Embeddings Against Inversion Attacks via Text Mutual Information Optimization
https://arxiv.org/abs/2511.15712
Majority Rules: LLM Ensemble is a Winning Approach for Content Categorization
https://arxiv.org/abs/2511.15730
Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year
https://www.microsoft.com/en-us/security/blog/2025/11/21/microsoft-named-a-leader-in-the-gartner-magic-quadrant-for-access-management-for-the-ninth-consecutive-year/
China’s APT31 linked to hacks on Russian tech firms
https://therecord.media/russia-report-apt31-china-linked-hacks
Flock Safety cameras used to monitor protesters, rights group finds
https://therecord.media/flock-safety-rights-group-eff
Sliver C2 vulnerability enables attack on C2 operators through insecure Wireguard network
https://www.reddit.com/r/netsec/comments/1p2yexv/sliver_c2_vulnerability_enables_attack_on_c2/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack
https://therecord.media/transport-for-london-hack-scattered-spider-suspects-plead-not-guilty
Eguard: Defending LLM Embeddings Against Inversion Attacks via Text Mutual Information Optimization
https://arxiv.org/abs/2511.15712
Majority Rules: LLM Ensemble is a Winning Approach for Content Categorization
https://arxiv.org/abs/2511.15730
Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year
https://www.microsoft.com/en-us/security/blog/2025/11/21/microsoft-named-a-leader-in-the-gartner-magic-quadrant-for-access-management-for-the-ninth-consecutive-year/
China’s APT31 linked to hacks on Russian tech firms
https://therecord.media/russia-report-apt31-china-linked-hacks
Flock Safety cameras used to monitor protesters, rights group finds
https://therecord.media/flock-safety-rights-group-eff
Sliver C2 vulnerability enables attack on C2 operators through insecure Wireguard network
https://www.reddit.com/r/netsec/comments/1p2yexv/sliver_c2_vulnerability_enables_attack_on_c2/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack
Two U.K. teenagers pleaded not guilty to hacking the Transport for London agency in 2024 — an attack attributed to the Scattered Spider cybercrime group.
Top Security News for Today
Hitchhiker's Guide to Attack Surface Management
https://www.reddit.com/r/netsec/comments/1p4c2ih/hitchhikers_guide_to_attack_surface_management/
[Tool] Native JSONL viewer for analyzing massive security logs (Suricata, Zeek, EDR) without infrastructure overhead
https://www.reddit.com/r/netsec/comments/1p4fzrc/tool_native_jsonl_viewer_for_analyzing_massive/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hitchhiker's Guide to Attack Surface Management
https://www.reddit.com/r/netsec/comments/1p4c2ih/hitchhikers_guide_to_attack_surface_management/
[Tool] Native JSONL viewer for analyzing massive security logs (Suricata, Zeek, EDR) without infrastructure overhead
https://www.reddit.com/r/netsec/comments/1p4fzrc/tool_native_jsonl_viewer_for_analyzing_massive/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Hitchhiker's Guide to Attack Surface Management
Explore this post and more from the netsec community
Top Security News for Today
SmbCrawler – SMB Share Discovery and Secret-Hunting
https://www.darknet.org.uk/2025/11/smbcrawler-smb-share-discovery-and-secret-hunting/
I Analysed Over 3 Million Exposed Databases Using Netlas
https://www.reddit.com/r/netsec/comments/1p4jcmz/i_analysed_over_3_million_exposed_databases_using/
NocturneNotes — Secure Rust + GTK4 note‑taking with AES‑256‑GCM
https://www.reddit.com/r/netsec/comments/1p4k2p2/nocturnenotes_secure_rust_gtk4_notetaking_with/
Hitchhiker's Guide to Attack Surface Management
https://www.reddit.com/r/netsec/comments/1p4c2ih/hitchhikers_guide_to_attack_surface_management/
[Tool] Native JSONL viewer for analyzing massive security logs (Suricata, Zeek, EDR) without infrastructure overhead
https://www.reddit.com/r/netsec/comments/1p4fzrc/tool_native_jsonl_viewer_for_analyzing_massive/
The First Autonomous AI Cyberattack: Why SaaS Security Must Change
https://www.reddit.com/r/netsec/comments/1p4mx4j/the_first_autonomous_ai_cyberattack_why_saas/
A Reverse Engineer’s Anatomy of the macOS Boot Chain & Security Architecture
https://www.reddit.com/r/netsec/comments/1p54ody/a_reverse_engineers_anatomy_of_the_macos_boot/
Good and well-renowned Universities Worldwide for Master’s in Infosec (Preferably Europe - Public Universities; Open to Other countries/continents)
https://www.reddit.com/r/netsec/comments/1p53n9s/good_and_wellrenowned_universities_worldwide_for/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
SmbCrawler – SMB Share Discovery and Secret-Hunting
https://www.darknet.org.uk/2025/11/smbcrawler-smb-share-discovery-and-secret-hunting/
I Analysed Over 3 Million Exposed Databases Using Netlas
https://www.reddit.com/r/netsec/comments/1p4jcmz/i_analysed_over_3_million_exposed_databases_using/
NocturneNotes — Secure Rust + GTK4 note‑taking with AES‑256‑GCM
https://www.reddit.com/r/netsec/comments/1p4k2p2/nocturnenotes_secure_rust_gtk4_notetaking_with/
Hitchhiker's Guide to Attack Surface Management
https://www.reddit.com/r/netsec/comments/1p4c2ih/hitchhikers_guide_to_attack_surface_management/
[Tool] Native JSONL viewer for analyzing massive security logs (Suricata, Zeek, EDR) without infrastructure overhead
https://www.reddit.com/r/netsec/comments/1p4fzrc/tool_native_jsonl_viewer_for_analyzing_massive/
The First Autonomous AI Cyberattack: Why SaaS Security Must Change
https://www.reddit.com/r/netsec/comments/1p4mx4j/the_first_autonomous_ai_cyberattack_why_saas/
A Reverse Engineer’s Anatomy of the macOS Boot Chain & Security Architecture
https://www.reddit.com/r/netsec/comments/1p54ody/a_reverse_engineers_anatomy_of_the_macos_boot/
Good and well-renowned Universities Worldwide for Master’s in Infosec (Preferably Europe - Public Universities; Open to Other countries/continents)
https://www.reddit.com/r/netsec/comments/1p53n9s/good_and_wellrenowned_universities_worldwide_for/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Darknet - Hacking Tools, Hacker News & Cyber Security
SmbCrawler - SMB Share Discovery and Secret-Hunting
SmbCrawler is a credentialed SMB share crawler for red teams that discovers misconfigured shares and hunts secrets across Windows networks.
Top Security News for Today
Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime Within Hours
https://www.reddit.com/r/netsec/comments/1p5d4pm/shaihulud_returns_over_300_npm_packages_and_21k/
24th November – Threat Intelligence Report
https://research.checkpoint.com/2025/24th-november-threat-intelligence-report/
IACR Nullifies Election Because of Lost Decryption Key
https://www.schneier.com/blog/archives/2025/11/iacr-nullifies-election-because-of-lost-decryption-key.html
To buy or not to buy: How cybercriminals capitalize on Black Friday
https://securelist.com/black-friday-threat-report-2025/118083/
Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet
https://blog.qualys.com/vulnerabilities-threat-research/2025/11/24/zero-day-zero-the-ai-attack-that-just-ended-the-era-of-the-forgiving-internet
Is Your Android TV Streaming Box Part of a Botnet?
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime Within Hours
https://www.reddit.com/r/netsec/comments/1p5d4pm/shaihulud_returns_over_300_npm_packages_and_21k/
24th November – Threat Intelligence Report
https://research.checkpoint.com/2025/24th-november-threat-intelligence-report/
IACR Nullifies Election Because of Lost Decryption Key
https://www.schneier.com/blog/archives/2025/11/iacr-nullifies-election-because-of-lost-decryption-key.html
To buy or not to buy: How cybercriminals capitalize on Black Friday
https://securelist.com/black-friday-threat-report-2025/118083/
Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet
https://blog.qualys.com/vulnerabilities-threat-research/2025/11/24/zero-day-zero-the-ai-attack-that-just-ended-the-era-of-the-forgiving-internet
Is Your Android TV Streaming Box Part of a Botnet?
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime…
Posted by Fit_Wing3352 - 55 votes and 13 comments
Top Security News for Today
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
https://www.reddit.com/r/netsec/comments/1p69p56/stop_putting_your_passwords_into_random_websites/
Four Ways AI Is Being Used to Strengthen Democracies Worldwide
https://www.schneier.com/blog/archives/2025/11/four-ways-ai-is-being-used-to-strengthen-democracies-worldwide.html
How to Expand a Self-orthogonal Code
https://arxiv.org/abs/2511.17503
Covert Communication and Key Generation Over Quantum State-Dependent Channels
https://arxiv.org/abs/2511.17504
Causal Intervention Sequence Analysis for Fault Tracking in Radio Access Networks
https://arxiv.org/abs/2511.17505
AURA: Adaptive Unified Reasoning and Automation with LLM-Guided MARL for NextG Cellular Networks
https://arxiv.org/abs/2511.17506
The use of artificial intelligence in music creation: between interface and appropriation
https://arxiv.org/abs/2511.17507
Charting the future of SOC: Human and AI collaboration for better security
https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/charting-the-future-of-soc-human-and-ai-collaboration-for-better-security/4470688
Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like
https://www.darknet.org.uk/2025/11/systemic-ransomware-events-in-2025-how-jaguar-land-rover-showed-what-a-category-3-supply-chain-breach-looks-like/
$262 million stolen in account takeover fraud schemes this year, FBI says ahead of holiday season
https://therecord.media/millions-in-account-takeover-fbi-warns-ahead-of-holidays/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
https://www.reddit.com/r/netsec/comments/1p69p56/stop_putting_your_passwords_into_random_websites/
Four Ways AI Is Being Used to Strengthen Democracies Worldwide
https://www.schneier.com/blog/archives/2025/11/four-ways-ai-is-being-used-to-strengthen-democracies-worldwide.html
How to Expand a Self-orthogonal Code
https://arxiv.org/abs/2511.17503
Covert Communication and Key Generation Over Quantum State-Dependent Channels
https://arxiv.org/abs/2511.17504
Causal Intervention Sequence Analysis for Fault Tracking in Radio Access Networks
https://arxiv.org/abs/2511.17505
AURA: Adaptive Unified Reasoning and Automation with LLM-Guided MARL for NextG Cellular Networks
https://arxiv.org/abs/2511.17506
The use of artificial intelligence in music creation: between interface and appropriation
https://arxiv.org/abs/2511.17507
Charting the future of SOC: Human and AI collaboration for better security
https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/charting-the-future-of-soc-human-and-ai-collaboration-for-better-security/4470688
Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like
https://www.darknet.org.uk/2025/11/systemic-ransomware-events-in-2025-how-jaguar-land-rover-showed-what-a-category-3-supply-chain-breach-looks-like/
$262 million stolen in account takeover fraud schemes this year, FBI says ahead of holiday season
https://therecord.media/millions-in-account-takeover-fbi-warns-ahead-of-holidays/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) - watchTowr…
Explore this post and more from the netsec community
Top Security News for Today
Cyber ‘issue’ hits three London councils with shared IT services
https://therecord.media/cyber-issue-london-councils-attack
Municipal emergency warning service offline after hackers steal user data
https://therecord.media/emergency-warning-service-offline
Hackers exploit 3D design software to target game developers, animators
https://therecord.media/hackers-blender-software-malware
Thailand bans World iris scans, orders company to delete data
https://therecord.media/thailand-world-iris-scans-ban
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
House Energy and Commerce Committee unveils new draft children’s online safety bill
https://therecord.media/house-commttee-unveils-new-kosa-bill
At least 35,000 impacted by Dartmouth College breach through Oracle EBS campaign
https://therecord.media/dartmouth-data-breach-thousands
We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.
https://www.reddit.com/r/netsec/comments/1p71ntk/we_made_a_new_tool_quicdrawh3_because_http3_race/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Cyber ‘issue’ hits three London councils with shared IT services
https://therecord.media/cyber-issue-london-councils-attack
Municipal emergency warning service offline after hackers steal user data
https://therecord.media/emergency-warning-service-offline
Hackers exploit 3D design software to target game developers, animators
https://therecord.media/hackers-blender-software-malware
Thailand bans World iris scans, orders company to delete data
https://therecord.media/thailand-world-iris-scans-ban
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
House Energy and Commerce Committee unveils new draft children’s online safety bill
https://therecord.media/house-commttee-unveils-new-kosa-bill
At least 35,000 impacted by Dartmouth College breach through Oracle EBS campaign
https://therecord.media/dartmouth-data-breach-thousands
We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.
https://www.reddit.com/r/netsec/comments/1p71ntk/we_made_a_new_tool_quicdrawh3_because_http3_race/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Cyber ‘issue’ hits three London councils with shared IT services
A cybersecurity incident is affecting at least three London councils, including local authorities governing some of the capital’s wealthiest districts.
Top Security News for Today
Tomiris wreaks Havoc: New tools and techniques of the APT group
https://securelist.com/tomiris-new-tools/118143/
Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems
https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html
Poland detains Russian citizen suspected of hacking local firms
https://therecord.media/poland-detains-russian-citizen-accused-of-hacks
Taking down Next.js servers for 0.0001 cents a pop
https://www.reddit.com/r/netsec/comments/1p7ou7q/taking_down_nextjs_servers_for_00001_cents_a_pop/
Desktop Application Security Verification Standard - DASVS
https://www.reddit.com/r/netsec/comments/1p7fgts/desktop_application_security_verification/
Prepared Statements? Prepared to Be Vulnerable.
https://www.reddit.com/r/netsec/comments/1p7kdlz/prepared_statements_prepared_to_be_vulnerable/
The minefield between syntaxes: exploiting syntax confusions in the wild
https://www.reddit.com/r/netsec/comments/1p89lx1/the_minefield_between_syntaxes_exploiting_syntax/
Write Path Traversal to a RCE Art Department
https://www.reddit.com/r/netsec/comments/1p8hxad/write_path_traversal_to_a_rce_art_department/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tomiris wreaks Havoc: New tools and techniques of the APT group
https://securelist.com/tomiris-new-tools/118143/
Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems
https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html
Poland detains Russian citizen suspected of hacking local firms
https://therecord.media/poland-detains-russian-citizen-accused-of-hacks
Taking down Next.js servers for 0.0001 cents a pop
https://www.reddit.com/r/netsec/comments/1p7ou7q/taking_down_nextjs_servers_for_00001_cents_a_pop/
Desktop Application Security Verification Standard - DASVS
https://www.reddit.com/r/netsec/comments/1p7fgts/desktop_application_security_verification/
Prepared Statements? Prepared to Be Vulnerable.
https://www.reddit.com/r/netsec/comments/1p7kdlz/prepared_statements_prepared_to_be_vulnerable/
The minefield between syntaxes: exploiting syntax confusions in the wild
https://www.reddit.com/r/netsec/comments/1p89lx1/the_minefield_between_syntaxes_exploiting_syntax/
Write Path Traversal to a RCE Art Department
https://www.reddit.com/r/netsec/comments/1p8hxad/write_path_traversal_to_a_rce_art_department/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2
Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.
Top Security News for Today
California law regulating web browsers could have national data privacy impact, experts say
https://therecord.media/california-web-browser-law-national-implications
Japanese beer giant Asahi says ransomware attack may have exposed data of 1.5 million people
https://therecord.media/asahi-says-ransomware-incident-exposed-data
Prompt Injection Through Poetry
https://www.schneier.com/blog/archives/2025/11/prompt-injection-through-poetry.html
Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
https://www.schneier.com/blog/archives/2025/11/friday-squid-blogging-flying-neon-squid-found-on-israeli-beach.html
CTF challenge Malware Busters
https://www.reddit.com/r/netsec/comments/1p96zhu/ctf_challenge_malware_busters/
We have achieved FreeBSD 15.0-REL with KDE Plasma
https://taosecurity.blogspot.com/2025/11/we-have-achieved-freebsd-150-rel-with.html
What REALLY Happens When You Move the Mouse Pointer
https://www.reddit.com/r/lowlevel/comments/1p9jpf0/what_really_happens_when_you_move_the_mouse/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
California law regulating web browsers could have national data privacy impact, experts say
https://therecord.media/california-web-browser-law-national-implications
Japanese beer giant Asahi says ransomware attack may have exposed data of 1.5 million people
https://therecord.media/asahi-says-ransomware-incident-exposed-data
Prompt Injection Through Poetry
https://www.schneier.com/blog/archives/2025/11/prompt-injection-through-poetry.html
Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
https://www.schneier.com/blog/archives/2025/11/friday-squid-blogging-flying-neon-squid-found-on-israeli-beach.html
CTF challenge Malware Busters
https://www.reddit.com/r/netsec/comments/1p96zhu/ctf_challenge_malware_busters/
We have achieved FreeBSD 15.0-REL with KDE Plasma
https://taosecurity.blogspot.com/2025/11/we-have-achieved-freebsd-150-rel-with.html
What REALLY Happens When You Move the Mouse Pointer
https://www.reddit.com/r/lowlevel/comments/1p9jpf0/what_really_happens_when_you_move_the_mouse/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
California law regulating web browsers could have national data privacy impact, experts say
Tech companies may universally offer an opt-out capability required by California law as a way to avoid having multiple versions of browsers and ask questions about residency.
Top Security News for Today
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
https://www.reddit.com/r/netsec/comments/1p9oick/analysis_of_8_foundational_cache_poisoning/
Beyond Nmap: Building Custom Recon Pipelines
https://www.reddit.com/r/netsec/comments/1p9s2jn/beyond_nmap_building_custom_recon_pipelines/
Simulating a Water Control System in my Home Office
https://www.reddit.com/r/netsec/comments/1p9u4kq/simulating_a_water_control_system_in_my_home/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
https://www.reddit.com/r/netsec/comments/1p9oick/analysis_of_8_foundational_cache_poisoning/
Beyond Nmap: Building Custom Recon Pipelines
https://www.reddit.com/r/netsec/comments/1p9s2jn/beyond_nmap_building_custom_recon_pipelines/
Simulating a Water Control System in my Home Office
https://www.reddit.com/r/netsec/comments/1p9u4kq/simulating_a_water_control_system_in_my_home/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
Posted by Empty_Hacker - 1 vote and 0 comments
Top Security News for Today
A Longitudinal Measurement of Privacy Policy Evolution for Large Language Models
https://arxiv.org/abs/2511.21758
Adaptive Detection of Polymorphic Malware: Leveraging Mutation Engines and YARA Rules for Enhanced Security
https://arxiv.org/abs/2511.21764
Categorical Framework for Quantum-Resistant Zero-Trust AI Security
https://arxiv.org/abs/2511.21768
Advanced Data Collection Techniques in Cloud Security: A Multi-Modal Deep Learning Autoencoder Approach
https://arxiv.org/abs/2511.21795
Cross-Layer Detection of Wireless Misbehavior Using 5G RAN Telemetry and Operational Metadata
https://arxiv.org/abs/2511.21803
1st December – Threat Intelligence Report
https://research.checkpoint.com/2025/1st-december-threat-intelligence-report/
PortSwigger x TryHackMe: Supporting Advent of Cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
A Longitudinal Measurement of Privacy Policy Evolution for Large Language Models
https://arxiv.org/abs/2511.21758
Adaptive Detection of Polymorphic Malware: Leveraging Mutation Engines and YARA Rules for Enhanced Security
https://arxiv.org/abs/2511.21764
Categorical Framework for Quantum-Resistant Zero-Trust AI Security
https://arxiv.org/abs/2511.21768
Advanced Data Collection Techniques in Cloud Security: A Multi-Modal Deep Learning Autoencoder Approach
https://arxiv.org/abs/2511.21795
Cross-Layer Detection of Wireless Misbehavior Using 5G RAN Telemetry and Operational Metadata
https://arxiv.org/abs/2511.21803
1st December – Threat Intelligence Report
https://research.checkpoint.com/2025/1st-december-threat-intelligence-report/
PortSwigger x TryHackMe: Supporting Advent of Cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
A Longitudinal Measurement of Privacy Policy Evolution for Large...
Large language model (LLM) services have been rapidly integrated into people's daily lives as chatbots and agentic systems. They are nourished by collecting rich streams of data, raising privacy...
Top Security News for Today
Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population
https://therecord.media/coupang-south-korea-data-breach
Banning VPNs
https://www.schneier.com/blog/archives/2025/12/banning-vpns.html
Edtech company settles with FTC in wake of data breach
https://therecord.media/illuminate-education-data-breach-settlement-ftc
Officials accuse North Korea’s Lazarus of $30 million theft from crypto exchange
https://therecord.media/officials-accuse-north-korea-hackers-of-attack-on-crypto-exchange
Designing a Multimodal Viewer for Piano Performance Analysis -- a Pedagogy-First Approach
https://arxiv.org/abs/2511.21693
A Survey of Information Disorder on Video-Sharing Platforms
https://arxiv.org/abs/2511.21694
EvalCards: A Framework for Standardized Evaluation Reporting
https://arxiv.org/abs/2511.21695
TIP and Polish: Text-Image-Prototype Guided Multi-Modal Generation via Commonality-Discrepancy Modeling and Refinement
https://arxiv.org/abs/2511.21697
Detail Enhanced Gaussian Splatting for Large-Scale Volumetric Capture
https://arxiv.org/abs/2511.21698
Cryptomixer platform raided by European police; $29 million in bitcoin seized
https://therecord.media/cryptomixer-service-takedown-bitcoin-seized
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population
https://therecord.media/coupang-south-korea-data-breach
Banning VPNs
https://www.schneier.com/blog/archives/2025/12/banning-vpns.html
Edtech company settles with FTC in wake of data breach
https://therecord.media/illuminate-education-data-breach-settlement-ftc
Officials accuse North Korea’s Lazarus of $30 million theft from crypto exchange
https://therecord.media/officials-accuse-north-korea-hackers-of-attack-on-crypto-exchange
Designing a Multimodal Viewer for Piano Performance Analysis -- a Pedagogy-First Approach
https://arxiv.org/abs/2511.21693
A Survey of Information Disorder on Video-Sharing Platforms
https://arxiv.org/abs/2511.21694
EvalCards: A Framework for Standardized Evaluation Reporting
https://arxiv.org/abs/2511.21695
TIP and Polish: Text-Image-Prototype Guided Multi-Modal Generation via Commonality-Discrepancy Modeling and Refinement
https://arxiv.org/abs/2511.21697
Detail Enhanced Gaussian Splatting for Large-Scale Volumetric Capture
https://arxiv.org/abs/2511.21698
Cryptomixer platform raided by European police; $29 million in bitcoin seized
https://therecord.media/cryptomixer-service-takedown-bitcoin-seized
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population
South Korean online retail giant Coupang apologized for a data breach that prompted an emergency meeting by senior government officials.
Top Security News for Today
India faces backlash over government cyber safety app mandate
https://therecord.media/india-faces-backlash-cyber-safety-app-mandate
DOJ takes down Myanmar scam center website spoofing TickMill trading platform
https://therecord.media/doj-takes-down-myanmar-scam-site-trickmill-spoof
Kaspersky Security Bulletin 2025. Statistics
https://securelist.com/kaspersky-security-bulletin-2025-statistics/118189/
Like Social Media, AI Requires Difficult Choices
https://www.schneier.com/blog/archives/2025/12/like-social-media-ai-requires-difficult-choices.html
Enhancing Jailbreak Attacks on LLMs via Persona Prompts
https://arxiv.org/abs/2512.00001
The $9M yETH Exploit: How 16 Wei Became Infinite Tokens
https://research.checkpoint.com/2025/16-wei/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
India faces backlash over government cyber safety app mandate
https://therecord.media/india-faces-backlash-cyber-safety-app-mandate
DOJ takes down Myanmar scam center website spoofing TickMill trading platform
https://therecord.media/doj-takes-down-myanmar-scam-site-trickmill-spoof
Kaspersky Security Bulletin 2025. Statistics
https://securelist.com/kaspersky-security-bulletin-2025-statistics/118189/
Like Social Media, AI Requires Difficult Choices
https://www.schneier.com/blog/archives/2025/12/like-social-media-ai-requires-difficult-choices.html
Enhancing Jailbreak Attacks on LLMs via Persona Prompts
https://arxiv.org/abs/2512.00001
The $9M yETH Exploit: How 16 Wei Became Infinite Tokens
https://research.checkpoint.com/2025/16-wei/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
India faces backlash over government cyber safety app mandate
Telecom Minister Jyotiraditya Scindia said Tuesday the system was optional and denied the app could be used for monitoring
Top Security News for Today
Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
https://www.reddit.com/r/netsec/comments/1pcplsx/hacking_the_meatmeet_bbq_probe_ble_bbq_botnet/
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
https://www.reddit.com/r/netsec/comments/1pd094r/pytorch_users_at_risk_unveiling_3_zeroday/
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html
University of Phoenix says 'numerous individuals' impacted by Oracle EBS breach
https://therecord.media/university-of-phoenix-data-breach
Japan’s Askul resumes limited online sales 6 weeks after ransomware attack
https://therecord.media/askul-resumes-limited-ordering-following-ransomware-attack
India backs off mandatory 'cyber safety' app after surveillance backlash
https://therecord.media/india-drops-mandate-sanchar-saathi-app-privacy-surveillance
Canadian police department becomes first to trial body cameras equipped with facial recognition technology
https://therecord.media/canadian-police-department-trials-facial-recognition-body-cameras
What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams
https://bishopfox.com/blog/what-will-shape-cybersecurity-in-2026-ai-speed-expanding-attack-surfaces-and-specialized-red-teams
68% Of Phishing Websites Are Protected by CloudFlare
https://www.reddit.com/r/netsec/comments/1pdczk2/68_of_phishing_websites_are_protected_by/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
https://www.reddit.com/r/netsec/comments/1pcplsx/hacking_the_meatmeet_bbq_probe_ble_bbq_botnet/
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
https://www.reddit.com/r/netsec/comments/1pd094r/pytorch_users_at_risk_unveiling_3_zeroday/
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html
University of Phoenix says 'numerous individuals' impacted by Oracle EBS breach
https://therecord.media/university-of-phoenix-data-breach
Japan’s Askul resumes limited online sales 6 weeks after ransomware attack
https://therecord.media/askul-resumes-limited-ordering-following-ransomware-attack
India backs off mandatory 'cyber safety' app after surveillance backlash
https://therecord.media/india-drops-mandate-sanchar-saathi-app-privacy-surveillance
Canadian police department becomes first to trial body cameras equipped with facial recognition technology
https://therecord.media/canadian-police-department-trials-facial-recognition-body-cameras
What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams
https://bishopfox.com/blog/what-will-shape-cybersecurity-in-2026-ai-speed-expanding-attack-surfaces-and-specialized-red-teams
68% Of Phishing Websites Are Protected by CloudFlare
https://www.reddit.com/r/netsec/comments/1pdczk2/68_of_phishing_websites_are_protected_by/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
Explore this post and more from the netsec community
Top Security News for Today
Researchers find Predator spyware is being used in several countries, including Iraq
https://therecord.media/intellexa-predator-spyware-continues-despite-sanctions
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
https://www.reddit.com/r/netsec/comments/1pdthi6/high_fidelity_detection_mechanism_for_rscnextjs/
UK sanctions Russia’s GRU agency and cyber spies over deadly nerve agent attack
https://therecord.media/uk-sanctions-russia-gru-cyber-spies-nerve-agent-attack
Russian scientist sentenced to 21 years on treason, cyber sabotage charges
https://therecord.media/russia-sentences-physicist-treason-ddos-attacks
Cybersecurity strategies to prioritize now
https://www.microsoft.com/en-us/security/blog/2025/12/04/cybersecurity-strategies-to-prioritize-now/
Amid rising threats, NATO holds its largest-ever cyberdefense exercise
https://therecord.media/nato-holds-largest-ever-cyberdefense-exercise-estonia
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Researchers find Predator spyware is being used in several countries, including Iraq
https://therecord.media/intellexa-predator-spyware-continues-despite-sanctions
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
https://www.reddit.com/r/netsec/comments/1pdthi6/high_fidelity_detection_mechanism_for_rscnextjs/
UK sanctions Russia’s GRU agency and cyber spies over deadly nerve agent attack
https://therecord.media/uk-sanctions-russia-gru-cyber-spies-nerve-agent-attack
Russian scientist sentenced to 21 years on treason, cyber sabotage charges
https://therecord.media/russia-sentences-physicist-treason-ddos-attacks
Cybersecurity strategies to prioritize now
https://www.microsoft.com/en-us/security/blog/2025/12/04/cybersecurity-strategies-to-prioritize-now/
Amid rising threats, NATO holds its largest-ever cyberdefense exercise
https://therecord.media/nato-holds-largest-ever-cyberdefense-exercise-estonia
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Researchers find Predator spyware is being used in several countries, including Iraq
Researchers also found indicators “likely associated” with the use of Predator spyware by an entity tied to Pakistan.
Top Security News for Today
How to detect React2Shell with Burp Suite
https://portswigger.net/blog/how-to-detect-react2shell-with-burp-suite
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
https://therecord.media/chinese-hackers-exploiting-react2shell-vulnerability-amazon
EU fines €120 million to Elon Musk’s X under rules to tackle disinformation
https://therecord.media/eu-fines-x-under-digital-services-act-disinformation-transparecy-rules
On cyber, Trump’s national security strategy emphasizes industry and regional partners
https://therecord.media/trump-national-security-strategy-cyber-elements
Maryland man sentenced for N. Korea IT worker scheme involving US government contracts
https://therecord.media/north-korea-it-worker-scheme-maryland-man-sentenced
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
https://www.trendmicro.com/en_us/research/25/l/critical-react-server-components-vulnerability.html
Friday Squid Blogging: Vampire Squid Genome
https://www.schneier.com/blog/archives/2025/12/friday-squid-blogging-vampire-squid-genome.html
Tracing JavaScript Value Origins in Modern SPAs: Breakpoint-Driven Heap Search (BDHS)
https://www.reddit.com/r/netsec/comments/1pewyze/tracing_javanoscript_value_origins_in_modern_spas/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How to detect React2Shell with Burp Suite
https://portswigger.net/blog/how-to-detect-react2shell-with-burp-suite
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
https://therecord.media/chinese-hackers-exploiting-react2shell-vulnerability-amazon
EU fines €120 million to Elon Musk’s X under rules to tackle disinformation
https://therecord.media/eu-fines-x-under-digital-services-act-disinformation-transparecy-rules
On cyber, Trump’s national security strategy emphasizes industry and regional partners
https://therecord.media/trump-national-security-strategy-cyber-elements
Maryland man sentenced for N. Korea IT worker scheme involving US government contracts
https://therecord.media/north-korea-it-worker-scheme-maryland-man-sentenced
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
https://www.trendmicro.com/en_us/research/25/l/critical-react-server-components-vulnerability.html
Friday Squid Blogging: Vampire Squid Genome
https://www.schneier.com/blog/archives/2025/12/friday-squid-blogging-vampire-squid-genome.html
Tracing JavaScript Value Origins in Modern SPAs: Breakpoint-Driven Heap Search (BDHS)
https://www.reddit.com/r/netsec/comments/1pewyze/tracing_javanoscript_value_origins_in_modern_spas/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
https://krebsonsecurity.com/2025/12/drones-to-diplomas-how-russias-largest-private-university-is-linked-to-a-25m-essay-mill/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
https://krebsonsecurity.com/2025/12/drones-to-diplomas-how-russias-largest-private-university-is-linked-to-a-25m-essay-mill/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Krebs on Security
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.
Top Security News for Today
mini-init-asm - tiny container init (PID 1) in pure assembly (x86-64 + ARM64)
https://www.reddit.com/r/lowlevel/comments/1pggi73/miniinitasm_tiny_container_init_pid_1_in_pure/
How (almost) any phone number can be tracked via WhatsApp & Signal – open-source PoC
https://www.reddit.com/r/netsec/comments/1pgmnnn/how_almost_any_phone_number_can_be_tracked_via/
Patching Pulse Oximeter Firmware
https://www.reddit.com/r/netsec/comments/1pgmks0/patching_pulse_oximeter_firmware/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Recon your patents with GenAI?
http://diablohorn.com/2025/12/07/recon-your-patents-with-genai/
AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
https://www.trendmicro.com/en_us/research/25/l/ghostpenguin.html
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
mini-init-asm - tiny container init (PID 1) in pure assembly (x86-64 + ARM64)
https://www.reddit.com/r/lowlevel/comments/1pggi73/miniinitasm_tiny_container_init_pid_1_in_pure/
How (almost) any phone number can be tracked via WhatsApp & Signal – open-source PoC
https://www.reddit.com/r/netsec/comments/1pgmnnn/how_almost_any_phone_number_can_be_tracked_via/
Patching Pulse Oximeter Firmware
https://www.reddit.com/r/netsec/comments/1pgmks0/patching_pulse_oximeter_firmware/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Recon your patents with GenAI?
http://diablohorn.com/2025/12/07/recon-your-patents-with-genai/
AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
https://www.trendmicro.com/en_us/research/25/l/ghostpenguin.html
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: mini-init-asm - tiny container init (PID 1) in pure assembly (x86-64 + ARM64)
Posted by AdHour1983 - 11 votes and 0 comments
Top Security News for Today
Prompt Injection Attacks: UK Intelligence Warning
https://therecord.media/prompt-injection-attacks-uk-intelligence-warning
8th December – Threat Intelligence Report
https://research.checkpoint.com/2025/8th-december-threat-intelligence-report/
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Free Security Canaries (SSH, AWS, Cookies, Email, more..) - Tracebit Community Edition
https://www.reddit.com/r/netsec/comments/1phcird/free_security_canaries_ssh_aws_cookies_email_more/
Russian Police Bust Bank-Account Hacking Gang that used NFCGate-based Malware
https://therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware
React2shell: Critical Vulnerability in React
https://www.reddit.com/r/netsec/comments/1phhqo8/react2shell_critical_vulnerability_in_react/
Stronger Together: New Beazley Collaboration Enhances Cyber Resilience
https://www.microsoft.com/en-us/security/blog/2025/12/08/stronger-together-new-beazley-collaboration-enhances-cyber-resilience/
Meta Proposal for Less Data Sharing is Approved by European Commission
https://therecord.media/meta-less-data-sharing-european-commission
More than $2 Billion in Payments from 4,000 Ransomware Incidents Reported to Treasury in Recent Years
https://therecord.media/fincen-treasury-2-billion-ransomware-payments-report
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Prompt Injection Attacks: UK Intelligence Warning
https://therecord.media/prompt-injection-attacks-uk-intelligence-warning
8th December – Threat Intelligence Report
https://research.checkpoint.com/2025/8th-december-threat-intelligence-report/
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Free Security Canaries (SSH, AWS, Cookies, Email, more..) - Tracebit Community Edition
https://www.reddit.com/r/netsec/comments/1phcird/free_security_canaries_ssh_aws_cookies_email_more/
Russian Police Bust Bank-Account Hacking Gang that used NFCGate-based Malware
https://therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware
React2shell: Critical Vulnerability in React
https://www.reddit.com/r/netsec/comments/1phhqo8/react2shell_critical_vulnerability_in_react/
Stronger Together: New Beazley Collaboration Enhances Cyber Resilience
https://www.microsoft.com/en-us/security/blog/2025/12/08/stronger-together-new-beazley-collaboration-enhances-cyber-resilience/
Meta Proposal for Less Data Sharing is Approved by European Commission
https://therecord.media/meta-less-data-sharing-european-commission
More than $2 Billion in Payments from 4,000 Ransomware Incidents Reported to Treasury in Recent Years
https://therecord.media/fincen-treasury-2-billion-ransomware-payments-report
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK intelligence warns AI 'prompt injection' attacks might never go away
A top technologist at the U.K.’s National Cyber Security Centre said “there’s a good chance” that prompt injection attacks against AI will never be eliminated, and he warned of the related risks of embedding generative AI into digital systems globally.
Top Security News for Today
Goodbye, dark Telegram: Blocks are pushing the underground out
https://securelist.com/goodbye-dark-telegram/118286/
Syd - Offline AI assistant for air-gapped security environments
https://www.reddit.com/r/netsec/comments/1pi5hhp/syd_offline_ai_assistant_for_airgapped_security/
AI vs. Human Drivers
https://www.schneier.com/blog/archives/2025/12/ai-vs-human-drivers.html
Seoul cyber investigators seize data, devices from ‘South Korea’s Amazon’ following data breach
https://therecord.media/seoul-cyber-investigators-seize-data-korea-tech-giant
Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware
https://therecord.media/khashoggi-widow-legal-complaint-filed-alleging-saudi-government-spyware
Changing the physics of cyber defense
https://www.microsoft.com/en-us/security/blog/2025/12/09/changing-the-physics-of-cyber-defense/
Microsoft Patch Tuesday, December 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-review
California man pleads guilty to RICO charges as DOJ indicts crypto theft gang
https://therecord.media/california-man-pleads-guilty-rico-charges-crypto-theft
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-investigating-and-defending-against-the-supply-chain-attack/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Goodbye, dark Telegram: Blocks are pushing the underground out
https://securelist.com/goodbye-dark-telegram/118286/
Syd - Offline AI assistant for air-gapped security environments
https://www.reddit.com/r/netsec/comments/1pi5hhp/syd_offline_ai_assistant_for_airgapped_security/
AI vs. Human Drivers
https://www.schneier.com/blog/archives/2025/12/ai-vs-human-drivers.html
Seoul cyber investigators seize data, devices from ‘South Korea’s Amazon’ following data breach
https://therecord.media/seoul-cyber-investigators-seize-data-korea-tech-giant
Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware
https://therecord.media/khashoggi-widow-legal-complaint-filed-alleging-saudi-government-spyware
Changing the physics of cyber defense
https://www.microsoft.com/en-us/security/blog/2025/12/09/changing-the-physics-of-cyber-defense/
Microsoft Patch Tuesday, December 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-review
California man pleads guilty to RICO charges as DOJ indicts crypto theft gang
https://therecord.media/california-man-pleads-guilty-rico-charges-crypto-theft
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-investigating-and-defending-against-the-supply-chain-attack/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Goodbye, dark Telegram: Blocks are pushing the underground out
Kaspersky researchers analyze changes in the lifespan of a shadow Telegram channel, blocks, and migration to other platforms.
❤1