Top Security News for Today
Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
https://www.reddit.com/r/netsec/comments/1pcplsx/hacking_the_meatmeet_bbq_probe_ble_bbq_botnet/
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
https://www.reddit.com/r/netsec/comments/1pd094r/pytorch_users_at_risk_unveiling_3_zeroday/
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html
University of Phoenix says 'numerous individuals' impacted by Oracle EBS breach
https://therecord.media/university-of-phoenix-data-breach
Japan’s Askul resumes limited online sales 6 weeks after ransomware attack
https://therecord.media/askul-resumes-limited-ordering-following-ransomware-attack
India backs off mandatory 'cyber safety' app after surveillance backlash
https://therecord.media/india-drops-mandate-sanchar-saathi-app-privacy-surveillance
Canadian police department becomes first to trial body cameras equipped with facial recognition technology
https://therecord.media/canadian-police-department-trials-facial-recognition-body-cameras
What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams
https://bishopfox.com/blog/what-will-shape-cybersecurity-in-2026-ai-speed-expanding-attack-surfaces-and-specialized-red-teams
68% Of Phishing Websites Are Protected by CloudFlare
https://www.reddit.com/r/netsec/comments/1pdczk2/68_of_phishing_websites_are_protected_by/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
https://www.reddit.com/r/netsec/comments/1pcplsx/hacking_the_meatmeet_bbq_probe_ble_bbq_botnet/
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
https://www.reddit.com/r/netsec/comments/1pd094r/pytorch_users_at_risk_unveiling_3_zeroday/
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html
University of Phoenix says 'numerous individuals' impacted by Oracle EBS breach
https://therecord.media/university-of-phoenix-data-breach
Japan’s Askul resumes limited online sales 6 weeks after ransomware attack
https://therecord.media/askul-resumes-limited-ordering-following-ransomware-attack
India backs off mandatory 'cyber safety' app after surveillance backlash
https://therecord.media/india-drops-mandate-sanchar-saathi-app-privacy-surveillance
Canadian police department becomes first to trial body cameras equipped with facial recognition technology
https://therecord.media/canadian-police-department-trials-facial-recognition-body-cameras
What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams
https://bishopfox.com/blog/what-will-shape-cybersecurity-in-2026-ai-speed-expanding-attack-surfaces-and-specialized-red-teams
68% Of Phishing Websites Are Protected by CloudFlare
https://www.reddit.com/r/netsec/comments/1pdczk2/68_of_phishing_websites_are_protected_by/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
Explore this post and more from the netsec community
Top Security News for Today
Researchers find Predator spyware is being used in several countries, including Iraq
https://therecord.media/intellexa-predator-spyware-continues-despite-sanctions
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
https://www.reddit.com/r/netsec/comments/1pdthi6/high_fidelity_detection_mechanism_for_rscnextjs/
UK sanctions Russia’s GRU agency and cyber spies over deadly nerve agent attack
https://therecord.media/uk-sanctions-russia-gru-cyber-spies-nerve-agent-attack
Russian scientist sentenced to 21 years on treason, cyber sabotage charges
https://therecord.media/russia-sentences-physicist-treason-ddos-attacks
Cybersecurity strategies to prioritize now
https://www.microsoft.com/en-us/security/blog/2025/12/04/cybersecurity-strategies-to-prioritize-now/
Amid rising threats, NATO holds its largest-ever cyberdefense exercise
https://therecord.media/nato-holds-largest-ever-cyberdefense-exercise-estonia
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Researchers find Predator spyware is being used in several countries, including Iraq
https://therecord.media/intellexa-predator-spyware-continues-despite-sanctions
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
https://www.reddit.com/r/netsec/comments/1pdthi6/high_fidelity_detection_mechanism_for_rscnextjs/
UK sanctions Russia’s GRU agency and cyber spies over deadly nerve agent attack
https://therecord.media/uk-sanctions-russia-gru-cyber-spies-nerve-agent-attack
Russian scientist sentenced to 21 years on treason, cyber sabotage charges
https://therecord.media/russia-sentences-physicist-treason-ddos-attacks
Cybersecurity strategies to prioritize now
https://www.microsoft.com/en-us/security/blog/2025/12/04/cybersecurity-strategies-to-prioritize-now/
Amid rising threats, NATO holds its largest-ever cyberdefense exercise
https://therecord.media/nato-holds-largest-ever-cyberdefense-exercise-estonia
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Researchers find Predator spyware is being used in several countries, including Iraq
Researchers also found indicators “likely associated” with the use of Predator spyware by an entity tied to Pakistan.
Top Security News for Today
How to detect React2Shell with Burp Suite
https://portswigger.net/blog/how-to-detect-react2shell-with-burp-suite
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
https://therecord.media/chinese-hackers-exploiting-react2shell-vulnerability-amazon
EU fines €120 million to Elon Musk’s X under rules to tackle disinformation
https://therecord.media/eu-fines-x-under-digital-services-act-disinformation-transparecy-rules
On cyber, Trump’s national security strategy emphasizes industry and regional partners
https://therecord.media/trump-national-security-strategy-cyber-elements
Maryland man sentenced for N. Korea IT worker scheme involving US government contracts
https://therecord.media/north-korea-it-worker-scheme-maryland-man-sentenced
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
https://www.trendmicro.com/en_us/research/25/l/critical-react-server-components-vulnerability.html
Friday Squid Blogging: Vampire Squid Genome
https://www.schneier.com/blog/archives/2025/12/friday-squid-blogging-vampire-squid-genome.html
Tracing JavaScript Value Origins in Modern SPAs: Breakpoint-Driven Heap Search (BDHS)
https://www.reddit.com/r/netsec/comments/1pewyze/tracing_javanoscript_value_origins_in_modern_spas/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How to detect React2Shell with Burp Suite
https://portswigger.net/blog/how-to-detect-react2shell-with-burp-suite
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
https://therecord.media/chinese-hackers-exploiting-react2shell-vulnerability-amazon
EU fines €120 million to Elon Musk’s X under rules to tackle disinformation
https://therecord.media/eu-fines-x-under-digital-services-act-disinformation-transparecy-rules
On cyber, Trump’s national security strategy emphasizes industry and regional partners
https://therecord.media/trump-national-security-strategy-cyber-elements
Maryland man sentenced for N. Korea IT worker scheme involving US government contracts
https://therecord.media/north-korea-it-worker-scheme-maryland-man-sentenced
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
https://www.trendmicro.com/en_us/research/25/l/critical-react-server-components-vulnerability.html
Friday Squid Blogging: Vampire Squid Genome
https://www.schneier.com/blog/archives/2025/12/friday-squid-blogging-vampire-squid-genome.html
Tracing JavaScript Value Origins in Modern SPAs: Breakpoint-Driven Heap Search (BDHS)
https://www.reddit.com/r/netsec/comments/1pewyze/tracing_javanoscript_value_origins_in_modern_spas/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
https://krebsonsecurity.com/2025/12/drones-to-diplomas-how-russias-largest-private-university-is-linked-to-a-25m-essay-mill/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
https://krebsonsecurity.com/2025/12/drones-to-diplomas-how-russias-largest-private-university-is-linked-to-a-25m-essay-mill/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Krebs on Security
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.
Top Security News for Today
mini-init-asm - tiny container init (PID 1) in pure assembly (x86-64 + ARM64)
https://www.reddit.com/r/lowlevel/comments/1pggi73/miniinitasm_tiny_container_init_pid_1_in_pure/
How (almost) any phone number can be tracked via WhatsApp & Signal – open-source PoC
https://www.reddit.com/r/netsec/comments/1pgmnnn/how_almost_any_phone_number_can_be_tracked_via/
Patching Pulse Oximeter Firmware
https://www.reddit.com/r/netsec/comments/1pgmks0/patching_pulse_oximeter_firmware/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Recon your patents with GenAI?
http://diablohorn.com/2025/12/07/recon-your-patents-with-genai/
AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
https://www.trendmicro.com/en_us/research/25/l/ghostpenguin.html
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
mini-init-asm - tiny container init (PID 1) in pure assembly (x86-64 + ARM64)
https://www.reddit.com/r/lowlevel/comments/1pggi73/miniinitasm_tiny_container_init_pid_1_in_pure/
How (almost) any phone number can be tracked via WhatsApp & Signal – open-source PoC
https://www.reddit.com/r/netsec/comments/1pgmnnn/how_almost_any_phone_number_can_be_tracked_via/
Patching Pulse Oximeter Firmware
https://www.reddit.com/r/netsec/comments/1pgmks0/patching_pulse_oximeter_firmware/
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://www.reddit.com/r/netsec/comments/1pgcion/stillepost_or_how_to_proxy_your_c2s_httptraffic/
Recon your patents with GenAI?
http://diablohorn.com/2025/12/07/recon-your-patents-with-genai/
AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
https://www.trendmicro.com/en_us/research/25/l/ghostpenguin.html
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: mini-init-asm - tiny container init (PID 1) in pure assembly (x86-64 + ARM64)
Posted by AdHour1983 - 11 votes and 0 comments
Top Security News for Today
Prompt Injection Attacks: UK Intelligence Warning
https://therecord.media/prompt-injection-attacks-uk-intelligence-warning
8th December – Threat Intelligence Report
https://research.checkpoint.com/2025/8th-december-threat-intelligence-report/
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Free Security Canaries (SSH, AWS, Cookies, Email, more..) - Tracebit Community Edition
https://www.reddit.com/r/netsec/comments/1phcird/free_security_canaries_ssh_aws_cookies_email_more/
Russian Police Bust Bank-Account Hacking Gang that used NFCGate-based Malware
https://therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware
React2shell: Critical Vulnerability in React
https://www.reddit.com/r/netsec/comments/1phhqo8/react2shell_critical_vulnerability_in_react/
Stronger Together: New Beazley Collaboration Enhances Cyber Resilience
https://www.microsoft.com/en-us/security/blog/2025/12/08/stronger-together-new-beazley-collaboration-enhances-cyber-resilience/
Meta Proposal for Less Data Sharing is Approved by European Commission
https://therecord.media/meta-less-data-sharing-european-commission
More than $2 Billion in Payments from 4,000 Ransomware Incidents Reported to Treasury in Recent Years
https://therecord.media/fincen-treasury-2-billion-ransomware-payments-report
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Prompt Injection Attacks: UK Intelligence Warning
https://therecord.media/prompt-injection-attacks-uk-intelligence-warning
8th December – Threat Intelligence Report
https://research.checkpoint.com/2025/8th-december-threat-intelligence-report/
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://www.reddit.com/r/netsec/comments/1ph4xb3/publishing_malicious_vs_code_extensions_bypassing/
Free Security Canaries (SSH, AWS, Cookies, Email, more..) - Tracebit Community Edition
https://www.reddit.com/r/netsec/comments/1phcird/free_security_canaries_ssh_aws_cookies_email_more/
Russian Police Bust Bank-Account Hacking Gang that used NFCGate-based Malware
https://therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware
React2shell: Critical Vulnerability in React
https://www.reddit.com/r/netsec/comments/1phhqo8/react2shell_critical_vulnerability_in_react/
Stronger Together: New Beazley Collaboration Enhances Cyber Resilience
https://www.microsoft.com/en-us/security/blog/2025/12/08/stronger-together-new-beazley-collaboration-enhances-cyber-resilience/
Meta Proposal for Less Data Sharing is Approved by European Commission
https://therecord.media/meta-less-data-sharing-european-commission
More than $2 Billion in Payments from 4,000 Ransomware Incidents Reported to Treasury in Recent Years
https://therecord.media/fincen-treasury-2-billion-ransomware-payments-report
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK intelligence warns AI 'prompt injection' attacks might never go away
A top technologist at the U.K.’s National Cyber Security Centre said “there’s a good chance” that prompt injection attacks against AI will never be eliminated, and he warned of the related risks of embedding generative AI into digital systems globally.
Top Security News for Today
Goodbye, dark Telegram: Blocks are pushing the underground out
https://securelist.com/goodbye-dark-telegram/118286/
Syd - Offline AI assistant for air-gapped security environments
https://www.reddit.com/r/netsec/comments/1pi5hhp/syd_offline_ai_assistant_for_airgapped_security/
AI vs. Human Drivers
https://www.schneier.com/blog/archives/2025/12/ai-vs-human-drivers.html
Seoul cyber investigators seize data, devices from ‘South Korea’s Amazon’ following data breach
https://therecord.media/seoul-cyber-investigators-seize-data-korea-tech-giant
Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware
https://therecord.media/khashoggi-widow-legal-complaint-filed-alleging-saudi-government-spyware
Changing the physics of cyber defense
https://www.microsoft.com/en-us/security/blog/2025/12/09/changing-the-physics-of-cyber-defense/
Microsoft Patch Tuesday, December 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-review
California man pleads guilty to RICO charges as DOJ indicts crypto theft gang
https://therecord.media/california-man-pleads-guilty-rico-charges-crypto-theft
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-investigating-and-defending-against-the-supply-chain-attack/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Goodbye, dark Telegram: Blocks are pushing the underground out
https://securelist.com/goodbye-dark-telegram/118286/
Syd - Offline AI assistant for air-gapped security environments
https://www.reddit.com/r/netsec/comments/1pi5hhp/syd_offline_ai_assistant_for_airgapped_security/
AI vs. Human Drivers
https://www.schneier.com/blog/archives/2025/12/ai-vs-human-drivers.html
Seoul cyber investigators seize data, devices from ‘South Korea’s Amazon’ following data breach
https://therecord.media/seoul-cyber-investigators-seize-data-korea-tech-giant
Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware
https://therecord.media/khashoggi-widow-legal-complaint-filed-alleging-saudi-government-spyware
Changing the physics of cyber defense
https://www.microsoft.com/en-us/security/blog/2025/12/09/changing-the-physics-of-cyber-defense/
Microsoft Patch Tuesday, December 2025 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-review
California man pleads guilty to RICO charges as DOJ indicts crypto theft gang
https://therecord.media/california-man-pleads-guilty-rico-charges-crypto-theft
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-investigating-and-defending-against-the-supply-chain-attack/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Goodbye, dark Telegram: Blocks are pushing the underground out
Kaspersky researchers analyze changes in the lifespan of a shadow Telegram channel, blocks, and migration to other platforms.
❤1
Top Security News for Today
FBI Warns of Fake Video Scams
https://www.schneier.com/blog/archives/2025/12/fbi-warns-of-fake-video-scams.html
Free Honey Tokens for Breach Detection - No Signup
https://www.reddit.com/r/netsec/comments/1piwp1l/free_honey_tokens_for_breach_detection_no_signup/
British government sanctions Russian and Chinese groups over information warfare
https://therecord.media/uk-sanctions-russia-china-entities-information-warfare
Detection of Cyberbullying in GIF using AI
https://arxiv.org/abs/2512.07838
ThreadWeaver: Adaptive Threading for Efficient Parallel Reasoning in Language Models
https://arxiv.org/abs/2512.07843
Impact of Data-Oriented and Object-Oriented Design on Performance and Cache Utilization with Artificial Intelligence Algorithms in Multi-Threaded CPUs
https://arxiv.org/abs/2512.07841
Space Alignment Matters: The Missing Piece for Inducing Neural Collapse in Long-Tailed Learning
https://arxiv.org/abs/2512.07844
AudioScene: Integrating Object-Event Audio into 3D Scenes
https://arxiv.org/abs/2512.07845
Senators return to effort to boost cybersecurity for commercial satellite industry
https://therecord.media/commercial-satellite-industry-cybersecurity-cornyn-peters-bill-returns
Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits
https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
FBI Warns of Fake Video Scams
https://www.schneier.com/blog/archives/2025/12/fbi-warns-of-fake-video-scams.html
Free Honey Tokens for Breach Detection - No Signup
https://www.reddit.com/r/netsec/comments/1piwp1l/free_honey_tokens_for_breach_detection_no_signup/
British government sanctions Russian and Chinese groups over information warfare
https://therecord.media/uk-sanctions-russia-china-entities-information-warfare
Detection of Cyberbullying in GIF using AI
https://arxiv.org/abs/2512.07838
ThreadWeaver: Adaptive Threading for Efficient Parallel Reasoning in Language Models
https://arxiv.org/abs/2512.07843
Impact of Data-Oriented and Object-Oriented Design on Performance and Cache Utilization with Artificial Intelligence Algorithms in Multi-Threaded CPUs
https://arxiv.org/abs/2512.07841
Space Alignment Matters: The Missing Piece for Inducing Neural Collapse in Long-Tailed Learning
https://arxiv.org/abs/2512.07844
AudioScene: Integrating Object-Event Audio into 3D Scenes
https://arxiv.org/abs/2512.07845
Senators return to effort to boost cybersecurity for commercial satellite industry
https://therecord.media/commercial-satellite-industry-cybersecurity-cornyn-peters-bill-returns
Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits
https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
FBI Warns of Fake Video Scams - Schneier on Security
The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will…
Top Security News for Today
UK fines LastPass £1.2 million for data breach affecting 1.6 million people
https://therecord.media/uk-fines-lastpass-over-1-million-data-breach
Hackers reportedly breach developer involved with Russia’s military draft database
https://therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database
Imposter for hire: How fake people can gain very real access
https://www.microsoft.com/en-us/security/blog/2025/12/11/imposter-for-hire-how-fake-people-can-gain-very-real-access/
DAST without disruption: Burp Suite DAST winter update 2025
https://portswigger.net/blog/burp-suite-dast-winter-update-2025
Redefining Enterprise Defense in the Era of AI-Led Cyberattacks
https://www.trendmicro.com/en_us/research/25/k/redefining-defense-in-era-of-ai-led-attacks.html
New 'DroidLock' malware demands a ransom, locks user out of device
https://therecord.media/android-droidlock-malware-demands-ransom-locks-mobile-device
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
UK fines LastPass £1.2 million for data breach affecting 1.6 million people
https://therecord.media/uk-fines-lastpass-over-1-million-data-breach
Hackers reportedly breach developer involved with Russia’s military draft database
https://therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database
Imposter for hire: How fake people can gain very real access
https://www.microsoft.com/en-us/security/blog/2025/12/11/imposter-for-hire-how-fake-people-can-gain-very-real-access/
DAST without disruption: Burp Suite DAST winter update 2025
https://portswigger.net/blog/burp-suite-dast-winter-update-2025
Redefining Enterprise Defense in the Era of AI-Led Cyberattacks
https://www.trendmicro.com/en_us/research/25/k/redefining-defense-in-era-of-ai-led-attacks.html
New 'DroidLock' malware demands a ransom, locks user out of device
https://therecord.media/android-droidlock-malware-demands-ransom-locks-mobile-device
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK fines LastPass £1.2 million for data breach affecting 1.6 million people
The Information Commissioner’s Office said LastPass had “failed to implement sufficiently robust technical and security measures” to protect its data.
Top Security News for Today
Following the digital trail: what happens to data stolen in a phishing attack
https://securelist.com/what-happens-to-stolen-data-after-phishing-attacks/118180/
Burp On Tour 2025: bringing the AppSec community together around the world
https://portswigger.net/blog/burp-on-tour-2025-bringing-the-appsec-community-together-around-the-world
Building Trustworthy AI Agents
https://www.schneier.com/blog/archives/2025/12/building_trustworthy_ai_agents.html
A look at an Android ITW DNG exploit
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Germany summons Russian ambassador over cyberattack, election disinformation
https://therecord.media/germany-summons-russian-ambassador-cyberattack-disinformation
Trump signs executive order on 'national framework' for AI regulation
https://therecord.media/trump-executive-order-ai-national-framework
More than 340,000 impacted by cyberattack on library in large Washington county
https://therecord.media/over-340000-impacted-washington-state-library-hack
Canada’s privacy regulator to probe billboards equipped with facial scanning tech
https://therecord.media/canada-privacy-regulator-to-probe-face-scanning-billboards
Hamas-affiliated APT targeting government agencies in the Middle East, Morocco
https://therecord.media/hamas-apt-targeting-government-agencies
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Following the digital trail: what happens to data stolen in a phishing attack
https://securelist.com/what-happens-to-stolen-data-after-phishing-attacks/118180/
Burp On Tour 2025: bringing the AppSec community together around the world
https://portswigger.net/blog/burp-on-tour-2025-bringing-the-appsec-community-together-around-the-world
Building Trustworthy AI Agents
https://www.schneier.com/blog/archives/2025/12/building_trustworthy_ai_agents.html
A look at an Android ITW DNG exploit
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Germany summons Russian ambassador over cyberattack, election disinformation
https://therecord.media/germany-summons-russian-ambassador-cyberattack-disinformation
Trump signs executive order on 'national framework' for AI regulation
https://therecord.media/trump-executive-order-ai-national-framework
More than 340,000 impacted by cyberattack on library in large Washington county
https://therecord.media/over-340000-impacted-washington-state-library-hack
Canada’s privacy regulator to probe billboards equipped with facial scanning tech
https://therecord.media/canada-privacy-regulator-to-probe-face-scanning-billboards
Hamas-affiliated APT targeting government agencies in the Middle East, Morocco
https://therecord.media/hamas-apt-targeting-government-agencies
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Where does the data stolen in a phishing attack go?
Kaspersky experts detail the journey of the victims' data after a phishing attack. We break down the use of email-based phishing kits, Telegram bots, and customized administration panels.
Top Security News for Today
Building an Open-Source AI-Powered Auto-Exploiter with a 1.7B Parameter Model
https://arxiv.org/abs/2512.10081
Offline Decryption Messenger: Concept Proposal and Request for Constructive Feedback
https://www.reddit.com/r/netsec/comments/1plormo/offline_decryption_messenger_concept_proposal_and/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Building an Open-Source AI-Powered Auto-Exploiter with a 1.7B Parameter Model
https://arxiv.org/abs/2512.10081
Offline Decryption Messenger: Concept Proposal and Request for Constructive Feedback
https://www.reddit.com/r/netsec/comments/1plormo/offline_decryption_messenger_concept_proposal_and/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Defining the Scope of Learning Analytics: An Axiomatic Approach...
Learning Analytics (LA) has rapidly expanded through practical and technological innovation, yet its foundational identity has remained theoretically under-specified. This paper addresses this gap...
Top Security News for Today
Frogblight threatens you with a court case: a new Android banker targets Turkish users
https://securelist.com/frogblight-banker/118440/
How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev
https://www.reddit.com/r/netsec/comments/1pmk03y/how_we_got_hit_by_shaihulud_a_complete_postmortem/
Capabilities Are the Only Way to Secure Agent Delegation
https://www.reddit.com/r/netsec/comments/1pmqmf9/capabilities_are_the_only_way_to_secure_agent/
Thread-safe B-Tree implemented in pure x86-64 assembly – 58k mixed ops/sec under contention. I've just finished a complete, generic B-Tree written entirely in hand-tuned x86-64 assembly (NASM) with a clean C interface as a shared library.
https://www.reddit.com/r/lowlevel/comments/1pmmng8/threadsafe_btree_implemented_in_pure_x8664/
ELANA: A Simple Energy and Latency Analyzer for LLMs
https://arxiv.org/abs/2512.11112
SCOUT: A Defense Against Data Poisoning Attacks in Fine-Tuned Language Models
https://arxiv.org/abs/2512.10998
Cybersecurity policy adoption in South Africa: Does public trust matter?
https://arxiv.org/abs/2512.11484
Automated Penetration Testing with LLM Agents and Classical Planning
https://arxiv.org/abs/2512.11122
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Frogblight threatens you with a court case: a new Android banker targets Turkish users
https://securelist.com/frogblight-banker/118440/
How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev
https://www.reddit.com/r/netsec/comments/1pmk03y/how_we_got_hit_by_shaihulud_a_complete_postmortem/
Capabilities Are the Only Way to Secure Agent Delegation
https://www.reddit.com/r/netsec/comments/1pmqmf9/capabilities_are_the_only_way_to_secure_agent/
Thread-safe B-Tree implemented in pure x86-64 assembly – 58k mixed ops/sec under contention. I've just finished a complete, generic B-Tree written entirely in hand-tuned x86-64 assembly (NASM) with a clean C interface as a shared library.
https://www.reddit.com/r/lowlevel/comments/1pmmng8/threadsafe_btree_implemented_in_pure_x8664/
ELANA: A Simple Energy and Latency Analyzer for LLMs
https://arxiv.org/abs/2512.11112
SCOUT: A Defense Against Data Poisoning Attacks in Fine-Tuned Language Models
https://arxiv.org/abs/2512.10998
Cybersecurity policy adoption in South Africa: Does public trust matter?
https://arxiv.org/abs/2512.11484
Automated Penetration Testing with LLM Agents and Classical Planning
https://arxiv.org/abs/2512.11122
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Frogblight banking Trojan targets Android users in Turkey
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.
Top Security News for Today
Against the Federal Moratorium on State-Level Regulation of AI
https://www.schneier.com/blog/archives/2025/12/against-the-federal-moratorium-on-state-level-regulation-of_ai.html
Next.js: 59k servers compromised in 48h - I breached the attackers' C2 and here's what I found
https://www.reddit.com/r/netsec/comments/1pn5r6z/nextjs_59k_servers_compromised_in_48h_i_breached/
MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin
https://therecord.media/mi6-chief-speech-russia-threats-warning
15th December – Threat Intelligence Report
https://research.checkpoint.com/2025/15th-december-threat-intelligence-report/
Jaguar Land Rover confirms staff data stolen in cyberattack
https://therecord.media/jaguar-land-rover-confirms-staff-data-stolen-cyberattack
Nearly 20 million affected by Prosper, 700Credit data breaches
https://therecord.media/data-breaches-affecting-20-million-prosper-700credit
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Against the Federal Moratorium on State-Level Regulation of AI
https://www.schneier.com/blog/archives/2025/12/against-the-federal-moratorium-on-state-level-regulation-of_ai.html
Next.js: 59k servers compromised in 48h - I breached the attackers' C2 and here's what I found
https://www.reddit.com/r/netsec/comments/1pn5r6z/nextjs_59k_servers_compromised_in_48h_i_breached/
MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin
https://therecord.media/mi6-chief-speech-russia-threats-warning
15th December – Threat Intelligence Report
https://research.checkpoint.com/2025/15th-december-threat-intelligence-report/
Jaguar Land Rover confirms staff data stolen in cyberattack
https://therecord.media/jaguar-land-rover-confirms-staff-data-stolen-cyberattack
Nearly 20 million affected by Prosper, 700Credit data breaches
https://therecord.media/data-breaches-affecting-20-million-prosper-700credit
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Top Security News for Today
God Mode On: how we attacked a vehicle’s head unit modem
https://ics-cert.kaspersky.com/publications/reports/2025/11/20/god-mode-on-researchers-run-doom-on-a-vehicles-head-unit-after-remotely-attacking-its-modem/
Temenos OFS String Injection: Revealing a Hidden Financial Attack Vector
https://www.reddit.com/r/netsec/comments/1pmrvsb/temenos_ofs_string_injection_revealing_a_hidden/
Chinese Surveillance and AI
https://www.schneier.com/blog/archives/2025/12/chinese-surveillance-and-ai.html
Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation
https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/
Most Parked Domains Now Serving Malicious Content
https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/
Urban VPN Browser Extension Caught Harvesting AI Chat Conversations from Millions of Users
https://www.reddit.com/r/netsec/comments/1po3tqx/urban_vpn_browser_extension_caught_harvesting_ai/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
God Mode On: how we attacked a vehicle’s head unit modem
https://ics-cert.kaspersky.com/publications/reports/2025/11/20/god-mode-on-researchers-run-doom-on-a-vehicles-head-unit-after-remotely-attacking-its-modem/
Temenos OFS String Injection: Revealing a Hidden Financial Attack Vector
https://www.reddit.com/r/netsec/comments/1pmrvsb/temenos_ofs_string_injection_revealing_a_hidden/
Chinese Surveillance and AI
https://www.schneier.com/blog/archives/2025/12/chinese-surveillance-and-ai.html
Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation
https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/
Most Parked Domains Now Serving Malicious Content
https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/
Urban VPN Browser Extension Caught Harvesting AI Chat Conversations from Millions of Users
https://www.reddit.com/r/netsec/comments/1po3tqx/urban_vpn_browser_extension_caught_harvesting_ai/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Kaspersky ICS CERT | Kaspersky Industrial Control Systems Cyber Emergency Response Team
God Mode On: Researchers run Doom on a vehicle’s head unit after remotely attacking its modem | Kaspersky ICS CERT
Exploiting a vulnerability identified in a modem installed in the head units of some vehicles enabled Kaspersky ICS CERT experts to gain complete control of the system.
Top Security News for Today
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
https://securelist.com/operation-forumtroll-new-targeted-campaign/118492/
Deliberate Internet Shutdowns
https://www.schneier.com/blog/archives/2025/12/deliberate-internet_shutowns.html
France investigates Interior Ministry email breach and access to confidential files
https://therecord.media/france-interior-ministry-email-breach-investigation
GachiLoader: Defeating Node.js Malware with API Tracing
https://research.checkpoint.com/2025/gachiloader-node-js-malware-with-api-tracing/
Privacy advocates see risk in new Meta policy that uses AI chats to serve targeted ads
https://therecord.media/privacy-advocates-see-risks-meta-ai-ad-targeting
FBI takes down alleged money laundering service for ransomware groups
https://therecord.media/fbi-takes-down-alleged-money-laundering-operation
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
https://securelist.com/operation-forumtroll-new-targeted-campaign/118492/
Deliberate Internet Shutdowns
https://www.schneier.com/blog/archives/2025/12/deliberate-internet_shutowns.html
France investigates Interior Ministry email breach and access to confidential files
https://therecord.media/france-interior-ministry-email-breach-investigation
GachiLoader: Defeating Node.js Malware with API Tracing
https://research.checkpoint.com/2025/gachiloader-node-js-malware-with-api-tracing/
Privacy advocates see risk in new Meta policy that uses AI chats to serve targeted ads
https://therecord.media/privacy-advocates-see-risks-meta-ai-ad-targeting
FBI takes down alleged money laundering service for ransomware groups
https://therecord.media/fbi-takes-down-alleged-money-laundering-operation
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
A new campaign by the ForumTroll APT group
Kaspersky's GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.
Top Security News for Today
Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent
https://www.reddit.com/r/netsec/comments/1ppndbf/local_privilege_escalation_cve202534352_in/
France arrests 22-year-old over Interior Ministry hack
https://therecord.media/france-interior-ministry-hack-arrest
Hackers breach internal servers of tech provider for Britain’s health service
https://therecord.media/uk-nhs-tech-provider-dxs-discloses-hack
Pa. high court rules that police can access Google searches without a warrant
https://therecord.media/google-searches-police-access-without-warrant-pennsylvania-court-ruling
ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities
https://www.reddit.com/r/netsec/comments/1ppmqsi/orm_leaking_more_than_you_joined_for_part_33_on/
Chinese attackers exploiting zero-day to target Cisco email security products
https://therecord.media/chinese-attackers-zero-day
New China-linked hacker group spies on governments in Southeast Asia, Japan
https://therecord.media/china-linked-hacker-group-spied-on-asian-govs
Active HubSpot Phishing Campaign
https://www.reddit.com/r/netsec/comments/1ppr74j/active_hubspot_phishing_campaign/
Over $3.4 billion in crypto stolen throughout 2025, with North Korea again the top culprit
https://therecord.media/over-3-billion-crypto-stolen-2025-north-korea
Austria’s high court orders Meta to change its personalized ad practices
https://therecord.media/austria-court-meta-ruling
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent
https://www.reddit.com/r/netsec/comments/1ppndbf/local_privilege_escalation_cve202534352_in/
France arrests 22-year-old over Interior Ministry hack
https://therecord.media/france-interior-ministry-hack-arrest
Hackers breach internal servers of tech provider for Britain’s health service
https://therecord.media/uk-nhs-tech-provider-dxs-discloses-hack
Pa. high court rules that police can access Google searches without a warrant
https://therecord.media/google-searches-police-access-without-warrant-pennsylvania-court-ruling
ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities
https://www.reddit.com/r/netsec/comments/1ppmqsi/orm_leaking_more_than_you_joined_for_part_33_on/
Chinese attackers exploiting zero-day to target Cisco email security products
https://therecord.media/chinese-attackers-zero-day
New China-linked hacker group spies on governments in Southeast Asia, Japan
https://therecord.media/china-linked-hacker-group-spied-on-asian-govs
Active HubSpot Phishing Campaign
https://www.reddit.com/r/netsec/comments/1ppr74j/active_hubspot_phishing_campaign/
Over $3.4 billion in crypto stolen throughout 2025, with North Korea again the top culprit
https://therecord.media/over-3-billion-crypto-stolen-2025-north-korea
Austria’s high court orders Meta to change its personalized ad practices
https://therecord.media/austria-court-meta-ruling
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent
Explore this post and more from the netsec community
Top Security News for Today
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack
https://www.reddit.com/r/netsec/comments/1pqfoqo/how_we_pwned_x_twitter_vercel_cursor_discord_and/
AI Advertising Company Hacked
https://www.schneier.com/blog/archives/2025/12/ai-advertising-company-hacked.html
UK confirms Foreign Office hacked, says ‘low risk’ of impact to individuals
https://therecord.media/uk-foreign-office-hacked-china
Trump signs defense bill allocating millions for Cyber Command, mandating Pentagon phone security
https://therecord.media/trump-signs-ndaa-cyber-command
Breaking SAPCAR: Four Local Privilege Escalation Bugs in SAR Archive Parsing
https://www.reddit.com/r/netsec/comments/1pqm3tt/breaking_sapcar_four_local_privilege_escalation/
Denmark summons Russian ambassador over alleged cyberattacks on water utility, elections
https://therecord.media/denmark-summons-russian-ambassador-cyberattack-elections
Nigeria arrests suspected RaccoonO365 phishing kit developer on tip from Microsoft, FBI
https://therecord.media/nigeria-raccoon-developer-tip
University of Sydney reports data breach affecting over 20,000 staff, affiliates
https://therecord.media/university-of-sydney-reports-data-breach
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack
https://www.reddit.com/r/netsec/comments/1pqfoqo/how_we_pwned_x_twitter_vercel_cursor_discord_and/
AI Advertising Company Hacked
https://www.schneier.com/blog/archives/2025/12/ai-advertising-company-hacked.html
UK confirms Foreign Office hacked, says ‘low risk’ of impact to individuals
https://therecord.media/uk-foreign-office-hacked-china
Trump signs defense bill allocating millions for Cyber Command, mandating Pentagon phone security
https://therecord.media/trump-signs-ndaa-cyber-command
Breaking SAPCAR: Four Local Privilege Escalation Bugs in SAR Archive Parsing
https://www.reddit.com/r/netsec/comments/1pqm3tt/breaking_sapcar_four_local_privilege_escalation/
Denmark summons Russian ambassador over alleged cyberattacks on water utility, elections
https://therecord.media/denmark-summons-russian-ambassador-cyberattack-elections
Nigeria arrests suspected RaccoonO365 phishing kit developer on tip from Microsoft, FBI
https://therecord.media/nigeria-raccoon-developer-tip
University of Sydney reports data breach affecting over 20,000 staff, affiliates
https://therecord.media/university-of-sydney-reports-data-breach
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply…
Explore this post and more from the netsec community
Top Security News for Today
Faster than C! Introducing the Jolt Programming Language
https://www.reddit.com/r/lowlevel/comments/1prmdo5/faster_than_c_introducing_the_jolt_programming/
BRAID: Bounded Reasoning for Autonomous Inference and Decisions
https://arxiv.org/abs/2512.15959
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Faster than C! Introducing the Jolt Programming Language
https://www.reddit.com/r/lowlevel/comments/1prmdo5/faster_than_c_introducing_the_jolt_programming/
BRAID: Bounded Reasoning for Autonomous Inference and Decisions
https://arxiv.org/abs/2512.15959
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
Faster than C! Introducing the Jolt Programming Language. : r/lowlevel
15K subscribers in the lowlevel community. Low level programming and hacking subreddit for Linux and Windows.
Top Security News for Today
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
https://www.reddit.com/r/netsec/comments/1ps3taw/vulnhalla_picking_the_true_vulnerabilities_from/
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514
https://www.reddit.com/r/netsec/comments/1psq0mx/when_oauth_becomes_a_weapon_lessons_from/
CAPIO: Safe Kernel-Bypass of Commodity Devices using Capabilities
https://arxiv.org/abs/2512.16965
MemoryGraft: Persistent Compromise of LLM Agents via Poisoned Experience Retrieval
https://arxiv.org/abs/2512.17045
AutoDFBench 1.0: A Benchmarking Framework for Digital Forensic Tool Testing and Generated Code Evaluation
https://arxiv.org/abs/2512.17029
Adversarial VR: An Open-Source Testbed for Evaluating Adversarial Robustness of VR Cybersickness Detection and Mitigation
https://arxiv.org/abs/2512.16957
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
https://www.reddit.com/r/netsec/comments/1ps3taw/vulnhalla_picking_the_true_vulnerabilities_from/
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514
https://www.reddit.com/r/netsec/comments/1psq0mx/when_oauth_becomes_a_weapon_lessons_from/
CAPIO: Safe Kernel-Bypass of Commodity Devices using Capabilities
https://arxiv.org/abs/2512.16965
MemoryGraft: Persistent Compromise of LLM Agents via Poisoned Experience Retrieval
https://arxiv.org/abs/2512.17045
AutoDFBench 1.0: A Benchmarking Framework for Digital Forensic Tool Testing and Generated Code Evaluation
https://arxiv.org/abs/2512.17029
Adversarial VR: An Open-Source Testbed for Evaluating Adversarial Robustness of VR Cybersickness Detection and Mitigation
https://arxiv.org/abs/2512.16957
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
Explore this post and more from the netsec community
Top Security News for Today
Cyberctf.space - Early Access Open
https://www.reddit.com/r/netsec/comments/1psvcrn/cyberctfspace_early_access_open/
Microsoft Brokering File System Elevation of Privilege Vulnerability (CVE--2025-29970)
https://www.reddit.com/r/netsec/comments/1psw1qq/microsoft_brokering_file_system_elevation_of/
22nd December – Threat Intelligence Report
https://research.checkpoint.com/2025/22nd-december-threat-intelligence-report/
Romanian national water agency hit by BitLocker ransomware attack
https://therecord.media/romania-national-water-agency-ransomware-attack
Nefilim ransomware hacker pleads guilty to computer fraud
https://therecord.media/nefilim-ransomware-hacker-fraud
I caught a Rust DDoS botnet on my honeypot
https://www.reddit.com/r/netsec/comments/1pt2tv0/i_caught_a_rust_ddos_botnet_on_my_honeypot/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Cyberctf.space - Early Access Open
https://www.reddit.com/r/netsec/comments/1psvcrn/cyberctfspace_early_access_open/
Microsoft Brokering File System Elevation of Privilege Vulnerability (CVE--2025-29970)
https://www.reddit.com/r/netsec/comments/1psw1qq/microsoft_brokering_file_system_elevation_of/
22nd December – Threat Intelligence Report
https://research.checkpoint.com/2025/22nd-december-threat-intelligence-report/
Romanian national water agency hit by BitLocker ransomware attack
https://therecord.media/romania-national-water-agency-ransomware-attack
Nefilim ransomware hacker pleads guilty to computer fraud
https://therecord.media/nefilim-ransomware-hacker-fraud
I caught a Rust DDoS botnet on my honeypot
https://www.reddit.com/r/netsec/comments/1pt2tv0/i_caught_a_rust_ddos_botnet_on_my_honeypot/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Cyberctf.space - Early Access Open
Posted by Royal_Independent517 - 1 vote and 0 comments
Top Security News for Today
US disrupts multimillion-dollar bank account takeover operation targeting Americans
https://therecord.media/us-disrupts-bank-account-takeover-operation-web3adspanels
Denmark Accuses Russia of Conducting Two Cyberattacks
https://www.schneier.com/blog/archives/2025/12/denmark-accuses-russia-of-conducting-two-cyberattacks.html
SEC sues crypto firms for defrauding investors out of $14 million
https://therecord.media/sec-sues-crypto-firms-defrauding-investors-14-million
More than 22 million Aflac customers impacted by June data breach
https://therecord.media/22-million-impacted-aflac-breach
What Does it Take to Manage Cloud Risk?
https://www.trendmicro.com/en_us/research/25/l/managing-cloud-risk.html
Bishop Fox Wrapped: Research Worth Replaying
https://bishopfox.com/blog/wrapped
Dissecting a Multi-Stage macOS Infostealer
https://www.reddit.com/r/netsec/comments/1pu7nem/dissecting_a_multistage_macos_infostealer/
Guide to preventing the most common enterprise social engineering attacks
https://www.reddit.com/r/netsec/comments/1pu6gnr/guide_to_preventing_the_most_common_enterprise/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
US disrupts multimillion-dollar bank account takeover operation targeting Americans
https://therecord.media/us-disrupts-bank-account-takeover-operation-web3adspanels
Denmark Accuses Russia of Conducting Two Cyberattacks
https://www.schneier.com/blog/archives/2025/12/denmark-accuses-russia-of-conducting-two-cyberattacks.html
SEC sues crypto firms for defrauding investors out of $14 million
https://therecord.media/sec-sues-crypto-firms-defrauding-investors-14-million
More than 22 million Aflac customers impacted by June data breach
https://therecord.media/22-million-impacted-aflac-breach
What Does it Take to Manage Cloud Risk?
https://www.trendmicro.com/en_us/research/25/l/managing-cloud-risk.html
Bishop Fox Wrapped: Research Worth Replaying
https://bishopfox.com/blog/wrapped
Dissecting a Multi-Stage macOS Infostealer
https://www.reddit.com/r/netsec/comments/1pu7nem/dissecting_a_multistage_macos_infostealer/
Guide to preventing the most common enterprise social engineering attacks
https://www.reddit.com/r/netsec/comments/1pu6gnr/guide_to_preventing_the_most_common_enterprise/
Follow Top Cyber News at https://news.1rj.ru/str/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
US disrupts multimillion-dollar bank account takeover operation targeting Americans
Crooks used fraudulent ads on major search engines to mimic banks and harvest people's login credentials, netting at least $14.6 million, the U.S. authorities said in announcing a takedown of the operation.