Top Security News for Today
Cyber ‘issue’ hits three London councils with shared IT services
https://therecord.media/cyber-issue-london-councils-attack
Municipal emergency warning service offline after hackers steal user data
https://therecord.media/emergency-warning-service-offline
Hackers exploit 3D design software to target game developers, animators
https://therecord.media/hackers-blender-software-malware
Thailand bans World iris scans, orders company to delete data
https://therecord.media/thailand-world-iris-scans-ban
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
House Energy and Commerce Committee unveils new draft children’s online safety bill
https://therecord.media/house-commttee-unveils-new-kosa-bill
At least 35,000 impacted by Dartmouth College breach through Oracle EBS campaign
https://therecord.media/dartmouth-data-breach-thousands
We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.
https://www.reddit.com/r/netsec/comments/1p71ntk/we_made_a_new_tool_quicdrawh3_because_http3_race/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Cyber ‘issue’ hits three London councils with shared IT services
https://therecord.media/cyber-issue-london-councils-attack
Municipal emergency warning service offline after hackers steal user data
https://therecord.media/emergency-warning-service-offline
Hackers exploit 3D design software to target game developers, animators
https://therecord.media/hackers-blender-software-malware
Thailand bans World iris scans, orders company to delete data
https://therecord.media/thailand-world-iris-scans-ban
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
House Energy and Commerce Committee unveils new draft children’s online safety bill
https://therecord.media/house-commttee-unveils-new-kosa-bill
At least 35,000 impacted by Dartmouth College breach through Oracle EBS campaign
https://therecord.media/dartmouth-data-breach-thousands
We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.
https://www.reddit.com/r/netsec/comments/1p71ntk/we_made_a_new_tool_quicdrawh3_because_http3_race/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Cyber ‘issue’ hits three London councils with shared IT services
A cybersecurity incident is affecting at least three London councils, including local authorities governing some of the capital’s wealthiest districts.
Top Security News for Today
Tomiris wreaks Havoc: New tools and techniques of the APT group
https://securelist.com/tomiris-new-tools/118143/
Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems
https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html
Poland detains Russian citizen suspected of hacking local firms
https://therecord.media/poland-detains-russian-citizen-accused-of-hacks
Taking down Next.js servers for 0.0001 cents a pop
https://www.reddit.com/r/netsec/comments/1p7ou7q/taking_down_nextjs_servers_for_00001_cents_a_pop/
Desktop Application Security Verification Standard - DASVS
https://www.reddit.com/r/netsec/comments/1p7fgts/desktop_application_security_verification/
Prepared Statements? Prepared to Be Vulnerable.
https://www.reddit.com/r/netsec/comments/1p7kdlz/prepared_statements_prepared_to_be_vulnerable/
The minefield between syntaxes: exploiting syntax confusions in the wild
https://www.reddit.com/r/netsec/comments/1p89lx1/the_minefield_between_syntaxes_exploiting_syntax/
Write Path Traversal to a RCE Art Department
https://www.reddit.com/r/netsec/comments/1p8hxad/write_path_traversal_to_a_rce_art_department/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Tomiris wreaks Havoc: New tools and techniques of the APT group
https://securelist.com/tomiris-new-tools/118143/
Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems
https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html
Poland detains Russian citizen suspected of hacking local firms
https://therecord.media/poland-detains-russian-citizen-accused-of-hacks
Taking down Next.js servers for 0.0001 cents a pop
https://www.reddit.com/r/netsec/comments/1p7ou7q/taking_down_nextjs_servers_for_00001_cents_a_pop/
Desktop Application Security Verification Standard - DASVS
https://www.reddit.com/r/netsec/comments/1p7fgts/desktop_application_security_verification/
Prepared Statements? Prepared to Be Vulnerable.
https://www.reddit.com/r/netsec/comments/1p7kdlz/prepared_statements_prepared_to_be_vulnerable/
The minefield between syntaxes: exploiting syntax confusions in the wild
https://www.reddit.com/r/netsec/comments/1p89lx1/the_minefield_between_syntaxes_exploiting_syntax/
Write Path Traversal to a RCE Art Department
https://www.reddit.com/r/netsec/comments/1p8hxad/write_path_traversal_to_a_rce_art_department/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2
Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.
Top Security News for Today
California law regulating web browsers could have national data privacy impact, experts say
https://therecord.media/california-web-browser-law-national-implications
Japanese beer giant Asahi says ransomware attack may have exposed data of 1.5 million people
https://therecord.media/asahi-says-ransomware-incident-exposed-data
Prompt Injection Through Poetry
https://www.schneier.com/blog/archives/2025/11/prompt-injection-through-poetry.html
Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
https://www.schneier.com/blog/archives/2025/11/friday-squid-blogging-flying-neon-squid-found-on-israeli-beach.html
CTF challenge Malware Busters
https://www.reddit.com/r/netsec/comments/1p96zhu/ctf_challenge_malware_busters/
We have achieved FreeBSD 15.0-REL with KDE Plasma
https://taosecurity.blogspot.com/2025/11/we-have-achieved-freebsd-150-rel-with.html
What REALLY Happens When You Move the Mouse Pointer
https://www.reddit.com/r/lowlevel/comments/1p9jpf0/what_really_happens_when_you_move_the_mouse/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
California law regulating web browsers could have national data privacy impact, experts say
https://therecord.media/california-web-browser-law-national-implications
Japanese beer giant Asahi says ransomware attack may have exposed data of 1.5 million people
https://therecord.media/asahi-says-ransomware-incident-exposed-data
Prompt Injection Through Poetry
https://www.schneier.com/blog/archives/2025/11/prompt-injection-through-poetry.html
Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
https://www.schneier.com/blog/archives/2025/11/friday-squid-blogging-flying-neon-squid-found-on-israeli-beach.html
CTF challenge Malware Busters
https://www.reddit.com/r/netsec/comments/1p96zhu/ctf_challenge_malware_busters/
We have achieved FreeBSD 15.0-REL with KDE Plasma
https://taosecurity.blogspot.com/2025/11/we-have-achieved-freebsd-150-rel-with.html
What REALLY Happens When You Move the Mouse Pointer
https://www.reddit.com/r/lowlevel/comments/1p9jpf0/what_really_happens_when_you_move_the_mouse/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
California law regulating web browsers could have national data privacy impact, experts say
Tech companies may universally offer an opt-out capability required by California law as a way to avoid having multiple versions of browsers and ask questions about residency.
Top Security News for Today
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
https://www.reddit.com/r/netsec/comments/1p9oick/analysis_of_8_foundational_cache_poisoning/
Beyond Nmap: Building Custom Recon Pipelines
https://www.reddit.com/r/netsec/comments/1p9s2jn/beyond_nmap_building_custom_recon_pipelines/
Simulating a Water Control System in my Home Office
https://www.reddit.com/r/netsec/comments/1p9u4kq/simulating_a_water_control_system_in_my_home/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
https://www.reddit.com/r/netsec/comments/1p9oick/analysis_of_8_foundational_cache_poisoning/
Beyond Nmap: Building Custom Recon Pipelines
https://www.reddit.com/r/netsec/comments/1p9s2jn/beyond_nmap_building_custom_recon_pipelines/
Simulating a Water Control System in my Home Office
https://www.reddit.com/r/netsec/comments/1p9u4kq/simulating_a_water_control_system_in_my_home/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
Posted by Empty_Hacker - 1 vote and 0 comments
Top Security News for Today
A Longitudinal Measurement of Privacy Policy Evolution for Large Language Models
https://arxiv.org/abs/2511.21758
Adaptive Detection of Polymorphic Malware: Leveraging Mutation Engines and YARA Rules for Enhanced Security
https://arxiv.org/abs/2511.21764
Categorical Framework for Quantum-Resistant Zero-Trust AI Security
https://arxiv.org/abs/2511.21768
Advanced Data Collection Techniques in Cloud Security: A Multi-Modal Deep Learning Autoencoder Approach
https://arxiv.org/abs/2511.21795
Cross-Layer Detection of Wireless Misbehavior Using 5G RAN Telemetry and Operational Metadata
https://arxiv.org/abs/2511.21803
1st December – Threat Intelligence Report
https://research.checkpoint.com/2025/1st-december-threat-intelligence-report/
PortSwigger x TryHackMe: Supporting Advent of Cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
A Longitudinal Measurement of Privacy Policy Evolution for Large Language Models
https://arxiv.org/abs/2511.21758
Adaptive Detection of Polymorphic Malware: Leveraging Mutation Engines and YARA Rules for Enhanced Security
https://arxiv.org/abs/2511.21764
Categorical Framework for Quantum-Resistant Zero-Trust AI Security
https://arxiv.org/abs/2511.21768
Advanced Data Collection Techniques in Cloud Security: A Multi-Modal Deep Learning Autoencoder Approach
https://arxiv.org/abs/2511.21795
Cross-Layer Detection of Wireless Misbehavior Using 5G RAN Telemetry and Operational Metadata
https://arxiv.org/abs/2511.21803
1st December – Threat Intelligence Report
https://research.checkpoint.com/2025/1st-december-threat-intelligence-report/
PortSwigger x TryHackMe: Supporting Advent of Cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
A Longitudinal Measurement of Privacy Policy Evolution for Large...
Large language model (LLM) services have been rapidly integrated into people's daily lives as chatbots and agentic systems. They are nourished by collecting rich streams of data, raising privacy...
Top Security News for Today
Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population
https://therecord.media/coupang-south-korea-data-breach
Banning VPNs
https://www.schneier.com/blog/archives/2025/12/banning-vpns.html
Edtech company settles with FTC in wake of data breach
https://therecord.media/illuminate-education-data-breach-settlement-ftc
Officials accuse North Korea’s Lazarus of $30 million theft from crypto exchange
https://therecord.media/officials-accuse-north-korea-hackers-of-attack-on-crypto-exchange
Designing a Multimodal Viewer for Piano Performance Analysis -- a Pedagogy-First Approach
https://arxiv.org/abs/2511.21693
A Survey of Information Disorder on Video-Sharing Platforms
https://arxiv.org/abs/2511.21694
EvalCards: A Framework for Standardized Evaluation Reporting
https://arxiv.org/abs/2511.21695
TIP and Polish: Text-Image-Prototype Guided Multi-Modal Generation via Commonality-Discrepancy Modeling and Refinement
https://arxiv.org/abs/2511.21697
Detail Enhanced Gaussian Splatting for Large-Scale Volumetric Capture
https://arxiv.org/abs/2511.21698
Cryptomixer platform raided by European police; $29 million in bitcoin seized
https://therecord.media/cryptomixer-service-takedown-bitcoin-seized
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population
https://therecord.media/coupang-south-korea-data-breach
Banning VPNs
https://www.schneier.com/blog/archives/2025/12/banning-vpns.html
Edtech company settles with FTC in wake of data breach
https://therecord.media/illuminate-education-data-breach-settlement-ftc
Officials accuse North Korea’s Lazarus of $30 million theft from crypto exchange
https://therecord.media/officials-accuse-north-korea-hackers-of-attack-on-crypto-exchange
Designing a Multimodal Viewer for Piano Performance Analysis -- a Pedagogy-First Approach
https://arxiv.org/abs/2511.21693
A Survey of Information Disorder on Video-Sharing Platforms
https://arxiv.org/abs/2511.21694
EvalCards: A Framework for Standardized Evaluation Reporting
https://arxiv.org/abs/2511.21695
TIP and Polish: Text-Image-Prototype Guided Multi-Modal Generation via Commonality-Discrepancy Modeling and Refinement
https://arxiv.org/abs/2511.21697
Detail Enhanced Gaussian Splatting for Large-Scale Volumetric Capture
https://arxiv.org/abs/2511.21698
Cryptomixer platform raided by European police; $29 million in bitcoin seized
https://therecord.media/cryptomixer-service-takedown-bitcoin-seized
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population
South Korean online retail giant Coupang apologized for a data breach that prompted an emergency meeting by senior government officials.
Top Security News for Today
India faces backlash over government cyber safety app mandate
https://therecord.media/india-faces-backlash-cyber-safety-app-mandate
DOJ takes down Myanmar scam center website spoofing TickMill trading platform
https://therecord.media/doj-takes-down-myanmar-scam-site-trickmill-spoof
Kaspersky Security Bulletin 2025. Statistics
https://securelist.com/kaspersky-security-bulletin-2025-statistics/118189/
Like Social Media, AI Requires Difficult Choices
https://www.schneier.com/blog/archives/2025/12/like-social-media-ai-requires-difficult-choices.html
Enhancing Jailbreak Attacks on LLMs via Persona Prompts
https://arxiv.org/abs/2512.00001
The $9M yETH Exploit: How 16 Wei Became Infinite Tokens
https://research.checkpoint.com/2025/16-wei/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
India faces backlash over government cyber safety app mandate
https://therecord.media/india-faces-backlash-cyber-safety-app-mandate
DOJ takes down Myanmar scam center website spoofing TickMill trading platform
https://therecord.media/doj-takes-down-myanmar-scam-site-trickmill-spoof
Kaspersky Security Bulletin 2025. Statistics
https://securelist.com/kaspersky-security-bulletin-2025-statistics/118189/
Like Social Media, AI Requires Difficult Choices
https://www.schneier.com/blog/archives/2025/12/like-social-media-ai-requires-difficult-choices.html
Enhancing Jailbreak Attacks on LLMs via Persona Prompts
https://arxiv.org/abs/2512.00001
The $9M yETH Exploit: How 16 Wei Became Infinite Tokens
https://research.checkpoint.com/2025/16-wei/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
India faces backlash over government cyber safety app mandate
Telecom Minister Jyotiraditya Scindia said Tuesday the system was optional and denied the app could be used for monitoring
Top Security News for Today
Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
https://www.reddit.com/r/netsec/comments/1pcplsx/hacking_the_meatmeet_bbq_probe_ble_bbq_botnet/
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
https://www.reddit.com/r/netsec/comments/1pd094r/pytorch_users_at_risk_unveiling_3_zeroday/
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html
University of Phoenix says 'numerous individuals' impacted by Oracle EBS breach
https://therecord.media/university-of-phoenix-data-breach
Japan’s Askul resumes limited online sales 6 weeks after ransomware attack
https://therecord.media/askul-resumes-limited-ordering-following-ransomware-attack
India backs off mandatory 'cyber safety' app after surveillance backlash
https://therecord.media/india-drops-mandate-sanchar-saathi-app-privacy-surveillance
Canadian police department becomes first to trial body cameras equipped with facial recognition technology
https://therecord.media/canadian-police-department-trials-facial-recognition-body-cameras
What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams
https://bishopfox.com/blog/what-will-shape-cybersecurity-in-2026-ai-speed-expanding-attack-surfaces-and-specialized-red-teams
68% Of Phishing Websites Are Protected by CloudFlare
https://www.reddit.com/r/netsec/comments/1pdczk2/68_of_phishing_websites_are_protected_by/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
https://www.reddit.com/r/netsec/comments/1pcplsx/hacking_the_meatmeet_bbq_probe_ble_bbq_botnet/
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
https://www.reddit.com/r/netsec/comments/1pd094r/pytorch_users_at_risk_unveiling_3_zeroday/
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html
University of Phoenix says 'numerous individuals' impacted by Oracle EBS breach
https://therecord.media/university-of-phoenix-data-breach
Japan’s Askul resumes limited online sales 6 weeks after ransomware attack
https://therecord.media/askul-resumes-limited-ordering-following-ransomware-attack
India backs off mandatory 'cyber safety' app after surveillance backlash
https://therecord.media/india-drops-mandate-sanchar-saathi-app-privacy-surveillance
Canadian police department becomes first to trial body cameras equipped with facial recognition technology
https://therecord.media/canadian-police-department-trials-facial-recognition-body-cameras
What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams
https://bishopfox.com/blog/what-will-shape-cybersecurity-in-2026-ai-speed-expanding-attack-surfaces-and-specialized-red-teams
68% Of Phishing Websites Are Protected by CloudFlare
https://www.reddit.com/r/netsec/comments/1pdczk2/68_of_phishing_websites_are_protected_by/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
Explore this post and more from the netsec community
Top Security News for Today
Researchers find Predator spyware is being used in several countries, including Iraq
https://therecord.media/intellexa-predator-spyware-continues-despite-sanctions
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
https://www.reddit.com/r/netsec/comments/1pdthi6/high_fidelity_detection_mechanism_for_rscnextjs/
UK sanctions Russia’s GRU agency and cyber spies over deadly nerve agent attack
https://therecord.media/uk-sanctions-russia-gru-cyber-spies-nerve-agent-attack
Russian scientist sentenced to 21 years on treason, cyber sabotage charges
https://therecord.media/russia-sentences-physicist-treason-ddos-attacks
Cybersecurity strategies to prioritize now
https://www.microsoft.com/en-us/security/blog/2025/12/04/cybersecurity-strategies-to-prioritize-now/
Amid rising threats, NATO holds its largest-ever cyberdefense exercise
https://therecord.media/nato-holds-largest-ever-cyberdefense-exercise-estonia
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Researchers find Predator spyware is being used in several countries, including Iraq
https://therecord.media/intellexa-predator-spyware-continues-despite-sanctions
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
https://www.reddit.com/r/netsec/comments/1pdthi6/high_fidelity_detection_mechanism_for_rscnextjs/
UK sanctions Russia’s GRU agency and cyber spies over deadly nerve agent attack
https://therecord.media/uk-sanctions-russia-gru-cyber-spies-nerve-agent-attack
Russian scientist sentenced to 21 years on treason, cyber sabotage charges
https://therecord.media/russia-sentences-physicist-treason-ddos-attacks
Cybersecurity strategies to prioritize now
https://www.microsoft.com/en-us/security/blog/2025/12/04/cybersecurity-strategies-to-prioritize-now/
Amid rising threats, NATO holds its largest-ever cyberdefense exercise
https://therecord.media/nato-holds-largest-ever-cyberdefense-exercise-estonia
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Researchers find Predator spyware is being used in several countries, including Iraq
Researchers also found indicators “likely associated” with the use of Predator spyware by an entity tied to Pakistan.
Top Security News for Today
How to detect React2Shell with Burp Suite
https://portswigger.net/blog/how-to-detect-react2shell-with-burp-suite
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
https://therecord.media/chinese-hackers-exploiting-react2shell-vulnerability-amazon
EU fines €120 million to Elon Musk’s X under rules to tackle disinformation
https://therecord.media/eu-fines-x-under-digital-services-act-disinformation-transparecy-rules
On cyber, Trump’s national security strategy emphasizes industry and regional partners
https://therecord.media/trump-national-security-strategy-cyber-elements
Maryland man sentenced for N. Korea IT worker scheme involving US government contracts
https://therecord.media/north-korea-it-worker-scheme-maryland-man-sentenced
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
https://www.trendmicro.com/en_us/research/25/l/critical-react-server-components-vulnerability.html
Friday Squid Blogging: Vampire Squid Genome
https://www.schneier.com/blog/archives/2025/12/friday-squid-blogging-vampire-squid-genome.html
Tracing JavaScript Value Origins in Modern SPAs: Breakpoint-Driven Heap Search (BDHS)
https://www.reddit.com/r/netsec/comments/1pewyze/tracing_javanoscript_value_origins_in_modern_spas/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How to detect React2Shell with Burp Suite
https://portswigger.net/blog/how-to-detect-react2shell-with-burp-suite
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
https://therecord.media/chinese-hackers-exploiting-react2shell-vulnerability-amazon
EU fines €120 million to Elon Musk’s X under rules to tackle disinformation
https://therecord.media/eu-fines-x-under-digital-services-act-disinformation-transparecy-rules
On cyber, Trump’s national security strategy emphasizes industry and regional partners
https://therecord.media/trump-national-security-strategy-cyber-elements
Maryland man sentenced for N. Korea IT worker scheme involving US government contracts
https://therecord.media/north-korea-it-worker-scheme-maryland-man-sentenced
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
https://www.trendmicro.com/en_us/research/25/l/critical-react-server-components-vulnerability.html
Friday Squid Blogging: Vampire Squid Genome
https://www.schneier.com/blog/archives/2025/12/friday-squid-blogging-vampire-squid-genome.html
Tracing JavaScript Value Origins in Modern SPAs: Breakpoint-Driven Heap Search (BDHS)
https://www.reddit.com/r/netsec/comments/1pewyze/tracing_javanoscript_value_origins_in_modern_spas/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
https://krebsonsecurity.com/2025/12/drones-to-diplomas-how-russias-largest-private-university-is-linked-to-a-25m-essay-mill/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
https://krebsonsecurity.com/2025/12/drones-to-diplomas-how-russias-largest-private-university-is-linked-to-a-25m-essay-mill/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Krebs on Security
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.
Top Security News for Today
mini-init-asm - tiny container init (PID 1) in pure assembly (x86-64 + ARM64)
https://www.reddit.com/r/lowlevel/comments/1pggi73/miniinitasm_tiny_container_init_pid_1_in_pure/
How (almost) any phone number can be tracked via WhatsApp & Signal – open-source PoC
https://www.reddit.com/r/netsec/comments/1pgmnnn/how_almost_any_phone_number_can_be_tracked_via/
Patching Pulse Oximeter Firmware
https://www.reddit.com/r/netsec/comments/1pgmks0/patching_pulse_oximeter_firmware/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Recon your patents with GenAI?
http://diablohorn.com/2025/12/07/recon-your-patents-with-genai/
AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
https://www.trendmicro.com/en_us/research/25/l/ghostpenguin.html
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
mini-init-asm - tiny container init (PID 1) in pure assembly (x86-64 + ARM64)
https://www.reddit.com/r/lowlevel/comments/1pggi73/miniinitasm_tiny_container_init_pid_1_in_pure/
How (almost) any phone number can be tracked via WhatsApp & Signal – open-source PoC
https://www.reddit.com/r/netsec/comments/1pgmnnn/how_almost_any_phone_number_can_be_tracked_via/
Patching Pulse Oximeter Firmware
https://www.reddit.com/r/netsec/comments/1pgmks0/patching_pulse_oximeter_firmware/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Recon your patents with GenAI?
http://diablohorn.com/2025/12/07/recon-your-patents-with-genai/
AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
https://www.trendmicro.com/en_us/research/25/l/ghostpenguin.html
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: mini-init-asm - tiny container init (PID 1) in pure assembly (x86-64 + ARM64)
Posted by AdHour1983 - 11 votes and 0 comments
Top Security News for Today
Prompt Injection Attacks: UK Intelligence Warning
https://therecord.media/prompt-injection-attacks-uk-intelligence-warning
8th December – Threat Intelligence Report
https://research.checkpoint.com/2025/8th-december-threat-intelligence-report/
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Free Security Canaries (SSH, AWS, Cookies, Email, more..) - Tracebit Community Edition
https://www.reddit.com/r/netsec/comments/1phcird/free_security_canaries_ssh_aws_cookies_email_more/
Russian Police Bust Bank-Account Hacking Gang that used NFCGate-based Malware
https://therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware
React2shell: Critical Vulnerability in React
https://www.reddit.com/r/netsec/comments/1phhqo8/react2shell_critical_vulnerability_in_react/
Stronger Together: New Beazley Collaboration Enhances Cyber Resilience
https://www.microsoft.com/en-us/security/blog/2025/12/08/stronger-together-new-beazley-collaboration-enhances-cyber-resilience/
Meta Proposal for Less Data Sharing is Approved by European Commission
https://therecord.media/meta-less-data-sharing-european-commission
More than $2 Billion in Payments from 4,000 Ransomware Incidents Reported to Treasury in Recent Years
https://therecord.media/fincen-treasury-2-billion-ransomware-payments-report
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Prompt Injection Attacks: UK Intelligence Warning
https://therecord.media/prompt-injection-attacks-uk-intelligence-warning
8th December – Threat Intelligence Report
https://research.checkpoint.com/2025/8th-december-threat-intelligence-report/
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Free Security Canaries (SSH, AWS, Cookies, Email, more..) - Tracebit Community Edition
https://www.reddit.com/r/netsec/comments/1phcird/free_security_canaries_ssh_aws_cookies_email_more/
Russian Police Bust Bank-Account Hacking Gang that used NFCGate-based Malware
https://therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware
React2shell: Critical Vulnerability in React
https://www.reddit.com/r/netsec/comments/1phhqo8/react2shell_critical_vulnerability_in_react/
Stronger Together: New Beazley Collaboration Enhances Cyber Resilience
https://www.microsoft.com/en-us/security/blog/2025/12/08/stronger-together-new-beazley-collaboration-enhances-cyber-resilience/
Meta Proposal for Less Data Sharing is Approved by European Commission
https://therecord.media/meta-less-data-sharing-european-commission
More than $2 Billion in Payments from 4,000 Ransomware Incidents Reported to Treasury in Recent Years
https://therecord.media/fincen-treasury-2-billion-ransomware-payments-report
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK intelligence warns AI 'prompt injection' attacks might never go away
A top technologist at the U.K.’s National Cyber Security Centre said “there’s a good chance” that prompt injection attacks against AI will never be eliminated, and he warned of the related risks of embedding generative AI into digital systems globally.
Top Security News for Today
Goodbye, dark Telegram: Blocks are pushing the underground out
https://securelist.com/goodbye-dark-telegram/118286/
Syd - Offline AI assistant for air-gapped security environments
https://www.reddit.com/r/netsec/comments/1pi5hhp/syd_offline_ai_assistant_for_airgapped_security/
AI vs. Human Drivers
https://www.schneier.com/blog/archives/2025/12/ai-vs-human-drivers.html
Seoul cyber investigators seize data, devices from ‘South Korea’s Amazon’ following data breach
https://therecord.media/seoul-cyber-investigators-seize-data-korea-tech-giant
Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware
https://therecord.media/khashoggi-widow-legal-complaint-filed-alleging-saudi-government-spyware
Changing the physics of cyber defense
https://www.microsoft.com/en-us/security/blog/2025/12/09/changing-the-physics-of-cyber-defense/
Microsoft Patch Tuesday, December 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-review
California man pleads guilty to RICO charges as DOJ indicts crypto theft gang
https://therecord.media/california-man-pleads-guilty-rico-charges-crypto-theft
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-investigating-and-defending-against-the-supply-chain-attack/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Goodbye, dark Telegram: Blocks are pushing the underground out
https://securelist.com/goodbye-dark-telegram/118286/
Syd - Offline AI assistant for air-gapped security environments
https://www.reddit.com/r/netsec/comments/1pi5hhp/syd_offline_ai_assistant_for_airgapped_security/
AI vs. Human Drivers
https://www.schneier.com/blog/archives/2025/12/ai-vs-human-drivers.html
Seoul cyber investigators seize data, devices from ‘South Korea’s Amazon’ following data breach
https://therecord.media/seoul-cyber-investigators-seize-data-korea-tech-giant
Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware
https://therecord.media/khashoggi-widow-legal-complaint-filed-alleging-saudi-government-spyware
Changing the physics of cyber defense
https://www.microsoft.com/en-us/security/blog/2025/12/09/changing-the-physics-of-cyber-defense/
Microsoft Patch Tuesday, December 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-review
California man pleads guilty to RICO charges as DOJ indicts crypto theft gang
https://therecord.media/california-man-pleads-guilty-rico-charges-crypto-theft
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-investigating-and-defending-against-the-supply-chain-attack/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Goodbye, dark Telegram: Blocks are pushing the underground out
Kaspersky researchers analyze changes in the lifespan of a shadow Telegram channel, blocks, and migration to other platforms.
❤1
Top Security News for Today
FBI Warns of Fake Video Scams
https://www.schneier.com/blog/archives/2025/12/fbi-warns-of-fake-video-scams.html
Free Honey Tokens for Breach Detection - No Signup
https://www.reddit.com/r/netsec/comments/1piwp1l/free_honey_tokens_for_breach_detection_no_signup/
British government sanctions Russian and Chinese groups over information warfare
https://therecord.media/uk-sanctions-russia-china-entities-information-warfare
Detection of Cyberbullying in GIF using AI
https://arxiv.org/abs/2512.07838
ThreadWeaver: Adaptive Threading for Efficient Parallel Reasoning in Language Models
https://arxiv.org/abs/2512.07843
Impact of Data-Oriented and Object-Oriented Design on Performance and Cache Utilization with Artificial Intelligence Algorithms in Multi-Threaded CPUs
https://arxiv.org/abs/2512.07841
Space Alignment Matters: The Missing Piece for Inducing Neural Collapse in Long-Tailed Learning
https://arxiv.org/abs/2512.07844
AudioScene: Integrating Object-Event Audio into 3D Scenes
https://arxiv.org/abs/2512.07845
Senators return to effort to boost cybersecurity for commercial satellite industry
https://therecord.media/commercial-satellite-industry-cybersecurity-cornyn-peters-bill-returns
Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits
https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
FBI Warns of Fake Video Scams
https://www.schneier.com/blog/archives/2025/12/fbi-warns-of-fake-video-scams.html
Free Honey Tokens for Breach Detection - No Signup
https://www.reddit.com/r/netsec/comments/1piwp1l/free_honey_tokens_for_breach_detection_no_signup/
British government sanctions Russian and Chinese groups over information warfare
https://therecord.media/uk-sanctions-russia-china-entities-information-warfare
Detection of Cyberbullying in GIF using AI
https://arxiv.org/abs/2512.07838
ThreadWeaver: Adaptive Threading for Efficient Parallel Reasoning in Language Models
https://arxiv.org/abs/2512.07843
Impact of Data-Oriented and Object-Oriented Design on Performance and Cache Utilization with Artificial Intelligence Algorithms in Multi-Threaded CPUs
https://arxiv.org/abs/2512.07841
Space Alignment Matters: The Missing Piece for Inducing Neural Collapse in Long-Tailed Learning
https://arxiv.org/abs/2512.07844
AudioScene: Integrating Object-Event Audio into 3D Scenes
https://arxiv.org/abs/2512.07845
Senators return to effort to boost cybersecurity for commercial satellite industry
https://therecord.media/commercial-satellite-industry-cybersecurity-cornyn-peters-bill-returns
Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits
https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
FBI Warns of Fake Video Scams - Schneier on Security
The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will…
Top Security News for Today
UK fines LastPass £1.2 million for data breach affecting 1.6 million people
https://therecord.media/uk-fines-lastpass-over-1-million-data-breach
Hackers reportedly breach developer involved with Russia’s military draft database
https://therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database
Imposter for hire: How fake people can gain very real access
https://www.microsoft.com/en-us/security/blog/2025/12/11/imposter-for-hire-how-fake-people-can-gain-very-real-access/
DAST without disruption: Burp Suite DAST winter update 2025
https://portswigger.net/blog/burp-suite-dast-winter-update-2025
Redefining Enterprise Defense in the Era of AI-Led Cyberattacks
https://www.trendmicro.com/en_us/research/25/k/redefining-defense-in-era-of-ai-led-attacks.html
New 'DroidLock' malware demands a ransom, locks user out of device
https://therecord.media/android-droidlock-malware-demands-ransom-locks-mobile-device
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
UK fines LastPass £1.2 million for data breach affecting 1.6 million people
https://therecord.media/uk-fines-lastpass-over-1-million-data-breach
Hackers reportedly breach developer involved with Russia’s military draft database
https://therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database
Imposter for hire: How fake people can gain very real access
https://www.microsoft.com/en-us/security/blog/2025/12/11/imposter-for-hire-how-fake-people-can-gain-very-real-access/
DAST without disruption: Burp Suite DAST winter update 2025
https://portswigger.net/blog/burp-suite-dast-winter-update-2025
Redefining Enterprise Defense in the Era of AI-Led Cyberattacks
https://www.trendmicro.com/en_us/research/25/k/redefining-defense-in-era-of-ai-led-attacks.html
New 'DroidLock' malware demands a ransom, locks user out of device
https://therecord.media/android-droidlock-malware-demands-ransom-locks-mobile-device
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK fines LastPass £1.2 million for data breach affecting 1.6 million people
The Information Commissioner’s Office said LastPass had “failed to implement sufficiently robust technical and security measures” to protect its data.
Top Security News for Today
Following the digital trail: what happens to data stolen in a phishing attack
https://securelist.com/what-happens-to-stolen-data-after-phishing-attacks/118180/
Burp On Tour 2025: bringing the AppSec community together around the world
https://portswigger.net/blog/burp-on-tour-2025-bringing-the-appsec-community-together-around-the-world
Building Trustworthy AI Agents
https://www.schneier.com/blog/archives/2025/12/building_trustworthy_ai_agents.html
A look at an Android ITW DNG exploit
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Germany summons Russian ambassador over cyberattack, election disinformation
https://therecord.media/germany-summons-russian-ambassador-cyberattack-disinformation
Trump signs executive order on 'national framework' for AI regulation
https://therecord.media/trump-executive-order-ai-national-framework
More than 340,000 impacted by cyberattack on library in large Washington county
https://therecord.media/over-340000-impacted-washington-state-library-hack
Canada’s privacy regulator to probe billboards equipped with facial scanning tech
https://therecord.media/canada-privacy-regulator-to-probe-face-scanning-billboards
Hamas-affiliated APT targeting government agencies in the Middle East, Morocco
https://therecord.media/hamas-apt-targeting-government-agencies
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Following the digital trail: what happens to data stolen in a phishing attack
https://securelist.com/what-happens-to-stolen-data-after-phishing-attacks/118180/
Burp On Tour 2025: bringing the AppSec community together around the world
https://portswigger.net/blog/burp-on-tour-2025-bringing-the-appsec-community-together-around-the-world
Building Trustworthy AI Agents
https://www.schneier.com/blog/archives/2025/12/building_trustworthy_ai_agents.html
A look at an Android ITW DNG exploit
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Germany summons Russian ambassador over cyberattack, election disinformation
https://therecord.media/germany-summons-russian-ambassador-cyberattack-disinformation
Trump signs executive order on 'national framework' for AI regulation
https://therecord.media/trump-executive-order-ai-national-framework
More than 340,000 impacted by cyberattack on library in large Washington county
https://therecord.media/over-340000-impacted-washington-state-library-hack
Canada’s privacy regulator to probe billboards equipped with facial scanning tech
https://therecord.media/canada-privacy-regulator-to-probe-face-scanning-billboards
Hamas-affiliated APT targeting government agencies in the Middle East, Morocco
https://therecord.media/hamas-apt-targeting-government-agencies
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Where does the data stolen in a phishing attack go?
Kaspersky experts detail the journey of the victims' data after a phishing attack. We break down the use of email-based phishing kits, Telegram bots, and customized administration panels.
Top Security News for Today
Building an Open-Source AI-Powered Auto-Exploiter with a 1.7B Parameter Model
https://arxiv.org/abs/2512.10081
Offline Decryption Messenger: Concept Proposal and Request for Constructive Feedback
https://www.reddit.com/r/netsec/comments/1plormo/offline_decryption_messenger_concept_proposal_and/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Building an Open-Source AI-Powered Auto-Exploiter with a 1.7B Parameter Model
https://arxiv.org/abs/2512.10081
Offline Decryption Messenger: Concept Proposal and Request for Constructive Feedback
https://www.reddit.com/r/netsec/comments/1plormo/offline_decryption_messenger_concept_proposal_and/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Defining the Scope of Learning Analytics: An Axiomatic Approach...
Learning Analytics (LA) has rapidly expanded through practical and technological innovation, yet its foundational identity has remained theoretically under-specified. This paper addresses this gap...
Top Security News for Today
Frogblight threatens you with a court case: a new Android banker targets Turkish users
https://securelist.com/frogblight-banker/118440/
How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev
https://www.reddit.com/r/netsec/comments/1pmk03y/how_we_got_hit_by_shaihulud_a_complete_postmortem/
Capabilities Are the Only Way to Secure Agent Delegation
https://www.reddit.com/r/netsec/comments/1pmqmf9/capabilities_are_the_only_way_to_secure_agent/
Thread-safe B-Tree implemented in pure x86-64 assembly – 58k mixed ops/sec under contention. I've just finished a complete, generic B-Tree written entirely in hand-tuned x86-64 assembly (NASM) with a clean C interface as a shared library.
https://www.reddit.com/r/lowlevel/comments/1pmmng8/threadsafe_btree_implemented_in_pure_x8664/
ELANA: A Simple Energy and Latency Analyzer for LLMs
https://arxiv.org/abs/2512.11112
SCOUT: A Defense Against Data Poisoning Attacks in Fine-Tuned Language Models
https://arxiv.org/abs/2512.10998
Cybersecurity policy adoption in South Africa: Does public trust matter?
https://arxiv.org/abs/2512.11484
Automated Penetration Testing with LLM Agents and Classical Planning
https://arxiv.org/abs/2512.11122
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Frogblight threatens you with a court case: a new Android banker targets Turkish users
https://securelist.com/frogblight-banker/118440/
How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev
https://www.reddit.com/r/netsec/comments/1pmk03y/how_we_got_hit_by_shaihulud_a_complete_postmortem/
Capabilities Are the Only Way to Secure Agent Delegation
https://www.reddit.com/r/netsec/comments/1pmqmf9/capabilities_are_the_only_way_to_secure_agent/
Thread-safe B-Tree implemented in pure x86-64 assembly – 58k mixed ops/sec under contention. I've just finished a complete, generic B-Tree written entirely in hand-tuned x86-64 assembly (NASM) with a clean C interface as a shared library.
https://www.reddit.com/r/lowlevel/comments/1pmmng8/threadsafe_btree_implemented_in_pure_x8664/
ELANA: A Simple Energy and Latency Analyzer for LLMs
https://arxiv.org/abs/2512.11112
SCOUT: A Defense Against Data Poisoning Attacks in Fine-Tuned Language Models
https://arxiv.org/abs/2512.10998
Cybersecurity policy adoption in South Africa: Does public trust matter?
https://arxiv.org/abs/2512.11484
Automated Penetration Testing with LLM Agents and Classical Planning
https://arxiv.org/abs/2512.11122
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Frogblight banking Trojan targets Android users in Turkey
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.
Top Security News for Today
Against the Federal Moratorium on State-Level Regulation of AI
https://www.schneier.com/blog/archives/2025/12/against-the-federal-moratorium-on-state-level-regulation-of_ai.html
Next.js: 59k servers compromised in 48h - I breached the attackers' C2 and here's what I found
https://www.reddit.com/r/netsec/comments/1pn5r6z/nextjs_59k_servers_compromised_in_48h_i_breached/
MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin
https://therecord.media/mi6-chief-speech-russia-threats-warning
15th December – Threat Intelligence Report
https://research.checkpoint.com/2025/15th-december-threat-intelligence-report/
Jaguar Land Rover confirms staff data stolen in cyberattack
https://therecord.media/jaguar-land-rover-confirms-staff-data-stolen-cyberattack
Nearly 20 million affected by Prosper, 700Credit data breaches
https://therecord.media/data-breaches-affecting-20-million-prosper-700credit
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Against the Federal Moratorium on State-Level Regulation of AI
https://www.schneier.com/blog/archives/2025/12/against-the-federal-moratorium-on-state-level-regulation-of_ai.html
Next.js: 59k servers compromised in 48h - I breached the attackers' C2 and here's what I found
https://www.reddit.com/r/netsec/comments/1pn5r6z/nextjs_59k_servers_compromised_in_48h_i_breached/
MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin
https://therecord.media/mi6-chief-speech-russia-threats-warning
15th December – Threat Intelligence Report
https://research.checkpoint.com/2025/15th-december-threat-intelligence-report/
Jaguar Land Rover confirms staff data stolen in cyberattack
https://therecord.media/jaguar-land-rover-confirms-staff-data-stolen-cyberattack
Nearly 20 million affected by Prosper, 700Credit data breaches
https://therecord.media/data-breaches-affecting-20-million-prosper-700credit
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
God Mode On: how we attacked a vehicle’s head unit modem
https://ics-cert.kaspersky.com/publications/reports/2025/11/20/god-mode-on-researchers-run-doom-on-a-vehicles-head-unit-after-remotely-attacking-its-modem/
Temenos OFS String Injection: Revealing a Hidden Financial Attack Vector
https://www.reddit.com/r/netsec/comments/1pmrvsb/temenos_ofs_string_injection_revealing_a_hidden/
Chinese Surveillance and AI
https://www.schneier.com/blog/archives/2025/12/chinese-surveillance-and-ai.html
Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation
https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/
Most Parked Domains Now Serving Malicious Content
https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/
Urban VPN Browser Extension Caught Harvesting AI Chat Conversations from Millions of Users
https://www.reddit.com/r/netsec/comments/1po3tqx/urban_vpn_browser_extension_caught_harvesting_ai/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
God Mode On: how we attacked a vehicle’s head unit modem
https://ics-cert.kaspersky.com/publications/reports/2025/11/20/god-mode-on-researchers-run-doom-on-a-vehicles-head-unit-after-remotely-attacking-its-modem/
Temenos OFS String Injection: Revealing a Hidden Financial Attack Vector
https://www.reddit.com/r/netsec/comments/1pmrvsb/temenos_ofs_string_injection_revealing_a_hidden/
Chinese Surveillance and AI
https://www.schneier.com/blog/archives/2025/12/chinese-surveillance-and-ai.html
Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation
https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/
Most Parked Domains Now Serving Malicious Content
https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/
Urban VPN Browser Extension Caught Harvesting AI Chat Conversations from Millions of Users
https://www.reddit.com/r/netsec/comments/1po3tqx/urban_vpn_browser_extension_caught_harvesting_ai/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Kaspersky ICS CERT | Kaspersky Industrial Control Systems Cyber Emergency Response Team
God Mode On: Researchers run Doom on a vehicle’s head unit after remotely attacking its modem | Kaspersky ICS CERT
Exploiting a vulnerability identified in a modem installed in the head units of some vehicles enabled Kaspersky ICS CERT experts to gain complete control of the system.