Cyber News
-
r/netsec monthly discussion & tool thread
https://www.reddit.com/r/netsec/comments/1olp81v/rnetsec_monthly_discussion_tool_thread/
-
Inside the Data on Insider Threats: What 1,000 Real Cases Reveal About Hidden Risk
-
Social Engineering People’s Credit Card Details
https://www.schneier.com/blog/archives/2025/10/social-engineering-peoples-credit-card-details.html
-
US Stands Out in Refusal to Sign UN Cybercrime Treaty
https://www.darkreading.com/cybersecurity-operations/us-refuses-sign-un-cybercrime-treaty
-
Over 100 Chrome extensions break WhatsApp’s anti-spam rules
Exploits
-
High-Severity Bug: AMD Zen 5 RDSEED Flaw Risks Randomness Integrity; Microcode Fix Coming
-
CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover
-
Critical WordPress Plugin Flaw (CVE-2025-8489, CVSS 9.8) Allows Unauthenticated Admin Takeover
-
CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities
https://securityonline.info/cisa-warns-of-active-exploitation-in-xwiki-and-vmware-vulnerabilities/
-
An 18-Year-Old Codebase Left Smart Buildings Wide Open
Tools
-
Pentesting Next.js Server Actions
https://www.reddit.com/r/netsec/comments/1of84hu/pentesting_nextjs_server_actions/
-
Modding And Distributing Mobile Apps with Frida
https://www.reddit.com/r/netsec/comments/1oe43pb/modding_and_distributing_mobile_apps_with_frida/
-
pyLDAPGui - Python based GUI for browsing LDAP
https://www.reddit.com/r/netsec/comments/1nh8qvn/pyldapgui_python_based_gui_for_browsing_ldap/
-
pyghidra-mcp: Headless Ghidra MCP Server for Project-Wide, Multi-Binary Analysis
https://www.reddit.com/r/netsec/comments/1muobce/pyghidramcp_headless_ghidra_mcp_server_for/
-
Snoop - OSINT Tool For Research Social Media Accounts By Username
http://www.kitploit.com/2025/04/snoop-osint-tool-for-research-social.html
Knowledge
-
Privescing a Laptop with BitLocker + PIN
https://www.reddit.com/r/netsec/comments/1oe6hrc/privescing_a_laptop_with_bitlocker_pin/
-
Yet Another Random Story. VBScript's Randomize Internals.
https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/
-
Fine-grained HTTP filtering for Claude Code
https://www.reddit.com/r/netsec/comments/1nff57n/finegrained_http_filtering_for_claude_code/
-
Practical guide for hunters: how leaked webhooks are abused and how to defend them
https://www.reddit.com/r/netsec/comments/1njbx3q/practical_guide_for_hunters_how_leaked_webhooks/
-
Mastering Digital Breadcrumbs to Stay Ahead of Evolving Threats
Cyber Jobs
-
Technical Writer II - Cyber - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
CyberSecurity Engineer - TS/SCI
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Windows Cyber Software Engineer - TS
Company: CrowdCyber
Location: Chantilly, VA
-
Information System Security Engineer 2 - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
HPC Technical Expert - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
Candidates
-
Windows Reverse Engineer - Top Secret - Full Scope
-
Linux Cyber Software Engineer - Top Secret - Full Scope
-
Apple iOS Cyber Software Engineer - Top Secret SCI
-
Mobile Android Cyber Software Engineer - Top Secret - Poly
-
Windows Vulnerability Researcher - Top Secret - Full Scope Poly
Bounties
-
Apple’s Bug Bounty Program
https://www.schneier.com/blog/archives/2025/10/apples-bug-bounty-program.html
-
Zeroday Cloud hacking contest offers $4.5 million in bounties
-
Google now pays $250,000 for KVM zero-day vulnerabilities
-
Bug Bounty: An Economic Disadvantage for Researchers?
https://www.digitaloperatives.com/2023/07/29/bug-bounty-an-economic-disadvantage-for-researchers/
-
Google Pixel Titan M with Persistence - Zero click Up to $1,000,000
Research
-
The AI-Designed Bioweapon Arms Race
https://www.schneier.com/blog/archives/2025/10/the-ai-designed-bioweapon-arms-race.html
-
Security Analysis of a medical device: Methods and Findings
https://www.reddit.com/r/netsec/comments/1o29iec/security_analysis_of_a_medical_device_methods_and/
-
LLM Honeypot vs. Cryptojacking: Understanding the Enemy
https://www.reddit.com/r/netsec/comments/1o5m7cg/llm_honeypot_vs_cryptojacking_understanding_the/
-
Singularity: Deep Dive into a Modern Stealth Linux Kernel Rootkit – Kyntra Blog
https://www.reddit.com/r/netsec/comments/1o7bh9p/singularity_deep_dive_into_a_modern_stealth_linux/
-
Blind Enumeration of gRPC Services
https://www.reddit.com/r/netsec/comments/1o4eyuc/blind_enumeration_of_grpc_services/
Videos
-
Operation Triangulation: What You Get When Attack iPhones of Researchers
-
Our Polymorphic Reverse Shell Generator beat EVERY AV!
-
How Hackers Hide From Memory Scanners
-
How Hackers Exploit Vulnerable Drivers
-
DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK
Social
-
FX of Phenoelit - @41414141
-
vx-underground - @vx-underground
-
BTCillustrated - @BTCillustrated
-
Halvar Flake - @halvarflake
-
Dave Aitel - @daveaitel
Artificial Intelligence (AI)
-
Will AI Strengthen or Undermine Democracy?
https://www.schneier.com/blog/archives/2025/10/will-ai-strengthen-or-undermine-democracy.html
-
Google says Search AI Mode will know everything about you
-
The AI Fix #74: AGI, LLM brain rot, and how to scam an AI browser
-
Aembit Introduces Identity and Access Management for Agentic AI
https://securityonline.info/aembit-introduces-identity-and-access-management-for-agentic-ai/
-
NSFW ChatGPT? OpenAI plans “grown-up mode” for verified adults
Threat Intelligence
-
Tired of Unpaid Toll Texts? Blame the 'Smishing Triad'
https://www.darkreading.com/threat-intelligence/unpaid-toll-texts-smishing-triad
-
UNC6384 Targets European Diplomatic Entities With Windows Exploit
https://www.darkreading.com/cyberattacks-data-breaches/unc6384-european-diplomat-windows
-
Penn hacker claims to have stolen 1.2 million donor records in data breach
-
China-linked hackers exploited Lanscope flaw as a zero-day in attacks
-
Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor
Bitcoin and Alt
-
CoinTelegraph Hacked: Fake CTG Airdrop Scam Steals Crypto Via Malicious Pop-Ups
-
Cencora’s $75 Million Ransom: A New High in Cyber Extortion
https://securityonline.info/cencoras-75-million-ransom-a-new-high-in-cyber-extortion/
-
FBI warns against using unlicensed crypto transfer services
-
iOS v17.4 Beta 2 Nerfs (Some) Progressive Web Apps for EU Users
https://www.nobsbitcoin.com/ios-v17-4-beta2-undermines-progressive-web-apps-pwas-for-eu-users/
-
CoinCenter: Broad, Ambiguous, or Delegated: Constitutional Infirmities of the Bank Secrecy Act
Privacy
-
Flok License Plate Surveillance
https://www.schneier.com/blog/archives/2025/10/flok-license-plate-surveillance.html
-
Privacy Alert: Meta to Use User-AI Conversations to Target Ads Across Facebook and Instagram
-
LinkedIn will use your data to train its AI unless you opt out now
-
TikTok is misusing kids’ data, says privacy watchdog
https://www.malwarebytes.com/blog/news/2025/09/tiktok-is-misusing-kids-data-says-privacy-watchdog
-
Police using drones to read your license plates, warns EFF
Censorship
-
Details About Chinese Surveillance and Propaganda Companies
-
The Great Firewall Leaks: A 600GB Trove of Secrets Exposed
https://securityonline.info/the-great-firewall-leaks-a-600gb-trove-of-secrets-exposed/
-
Tor needs 200 new WebTunnel bridges to fight censorship
-
Meta plans retention 'hooks' for Threads as more than half of users leave app
-
EFF: The U.K. Government Is Very Close To Eroding Encryption Worldwide
https://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide
Infographics
-
Aircrack Cheat Sheet
https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/aircrack/Aircrack-ng%20%20UHD.png
-
How a Load Balancer Works
https://pbs.twimg.com/media/F5-ByLvXkAASw3j?format=jpg&name=4096x4096
-
Process Injection
-
Argument Map on Restricting Encryption
-
OSCP Enumeration Cheat Sheet
https://pbs.twimg.com/media/F2HWy_LWgAI5hT1?format=jpg&name=4096x4096
Quantum Computing
-
Google Chrome's new post-quantum cryptography may break TLS connections
-
Companies, countries battle to develop quantum computers | 60 Minutes
-
An Efficient Quantum Factoring Algorithm
-
You Can’t Rush Post-Quantum-Computing Cryptography Standards
-
Supercomputer makes calculations in blink of an eye that take rivals 47 years
Paid Gigs
-
The Human Rights Foundation Announces 20 Btc Bounty Challenge For Bitcoin Development
-
Open-Sourcing the Design Guide: 2 BTC to port the Bitcoin UI Kit from Figma to an open-source Penpot project.
-
Serverless Payjoin: 2 BTC to deploy a production-ready version 2 payjoin protocol which may send and receive Payjoin transactions without requiring a sender or recipient to operate a public server.
-
E2EE Group Chats: 2 BTC for the creation of end to end encrypted group chats powered by any popular Nostr client that does not leak metadata
-
Silent payments: 2 BTC for a mobile wallet which can send and receive Silent Payments in a private manner without requiring the user to run a full node
Cryptography
-
Signal’s Post-Quantum Cryptographic Implementation
-
Part Four of The Kryptos Sculpture
https://www.schneier.com/blog/archives/2025/10/part-four-of-the-kryptos-sculpture.html
-
Signal adds new cryptographic defense against quantum attacks
-
Journeys in Hosting 1/x - Precomputed SSH Host Keys
https://www.reddit.com/r/netsec/comments/1no01xq/journeys_in_hosting_1x_precomputed_ssh_host_keys/
-
1965 Cryptanalysis Training Workbook Released by the NSA
Cloud
-
The Cloud Edge Is the New Attack Surface
https://www.darkreading.com/cloud-security/cloud-edge-new-attack-surface
-
Hybrid Clouds Provide a Practical Approach to Post-Quantum Migration
-
Cloud Threat Hunting and Defense Landscape
https://www.recordedfuture.com/research/cloud-threat-hunting-defense-landscape
-
US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’
https://www.securityweek.com/us-senator-wyden-accuses-microsoft-of-cybersecurity-negligence/
-
The 10 Humorous But Immutable Laws of Cloud Security
https://www.digitaloperatives.com/2023/07/18/the-10-humorous-but-immutable-laws-of-cloud-security/
Github Cyber Projects
-
vuls: Vuls is an agent-less vulnerability scanner for various platforms and applications. 6 recent commits. Latest release: v0.35.1.
-
devguard: DevGuard secures software supply chains through attestation-based compliance and vulnerability management. 22 recent commits. Latest release: v0.17.5.
-
BBtool: BBtool is a user-friendly penetration testing tool for security researchers and ethical hackers. 1 recent commits.
-
Mobile-Security-Framework-MobSF: Mobile-Security-Framework-MobSF performs automated mobile app security testing and analysis for Android, iOS, and Windows devices. 1 recent commits. Latest release: v4.4.2.
-
CVE-2016-10708: This project exploits a vulnerability in OpenSSH versions prior to 7.4 through malicious SSH packets. 2 recent commits.
Top Github Devs
-
Joas A Santos (@CyberSecurityUP): Joas A Santos is a cybersecurity expert with experience as a Red Team Lead and Information Security Researcher. 4064 followers. Known for ShadowPhish (209 stars). Expert in Red Team Operations.
-
sonyahack1 (@sonyahack1): SonyaHack1 is a cybersecurity developer specializing in penetration testing and red team operations with notable work on VulnHub and HackTheBox. 42 followers. Known for kids_2.0-Tasks (0 stars). Expert in Penetration Testing, Red Team Operations.
-
Art of Hacking (@The-Art-of-Hacking): Omar Santos is a cybersecurity developer specializing in ethical hacking, penetration testing, and digital forensics with notable tools like h4cker and Weevely. 2983 followers. Known for h4cker (23348 stars). Expert in Exploit Development, Incident Response.
-
sickcodes (@sickcodes): Sickcodes is a cybersecurity developer with expertise in security research and open-source development of notable projects like no-sandbox and Docker-OSX. 2664 followers. Known for no-sandbox (186 stars). Expert in Exploit Development, Security Scanning.
-
kader m (@cyn00b): kader m is a cybersecurity developer specializing in API and framework vulnerability testing with notable open-source contributions. 61 followers. Known for Windows-Exploit-Suggester (1 stars). Expert in Exploit Development.