Cyber News
-
New iPhone Air Camera Flaw: What You Need to Know
https://securityonline.info/new-iphone-air-camera-flaw-what-you-need-to-know/
-
From mischief to malware: ICO warns schools about student hackers
https://www.fortra.com/blog/mischief-malware-ico-warns-schools-about-student-hackers
-
“Pompompurin” resentenced: BreachForums creator heads back behind bars
-
Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks
-
Notepad gets free AI features on Copilot+ PCs with Windows 11
Exploits
-
Jenkins Patches High-Severity Vulnerabilities, Including a DoS Flaw
https://securityonline.info/jenkins-patches-high-severity-vulnerabilities-including-a-dos-flaw/
-
WatchGuard warns of critical vulnerability in Firebox firewalls
-
Google patches sixth Chrome zero-day exploited in attacks this year
-
Chrome Emergency Update: Zero-Day (CVE-2025-10585) in V8 Exploited in the Wild
-
NVIDIA Patches Critical RCE Flaw (CVE-2025-23316, CVSS 9.8) in Triton Inference Server
Tools
-
pyghidra-mcp: Headless Ghidra MCP Server for Project-Wide, Multi-Binary Analysis
https://www.reddit.com/r/netsec/comments/1muobce/pyghidramcp_headless_ghidra_mcp_server_for/
-
Snoop - OSINT Tool For Research Social Media Accounts By Username
http://www.kitploit.com/2025/04/snoop-osint-tool-for-research-social.html
-
gitGRAB - This Tool Is Designed To Interact With The GitHub API And Retrieve Specific User Details, Repository Information, And Commit Emails For A Given User
http://www.kitploit.com/2025/04/gitgrab-this-tool-is-designed-to.html
-
Everyday Ghidra: How Platform Choice Influences Ghidra’s Binary Analysis
https://www.reddit.com/r/netsec/comments/1isfypx/everyday_ghidra_how_platform_choice_influences/
-
BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
http://www.kitploit.com/2024/09/byosi-evade-edrs-simple-way-by-not.html
Knowledge
-
Practical guide for hunters: how leaked webhooks are abused and how to defend them
https://www.reddit.com/r/netsec/comments/1njbx3q/practical_guide_for_hunters_how_leaked_webhooks/
-
Mastering Digital Breadcrumbs to Stay Ahead of Evolving Threats
-
New OpenSecurityTraining2 class: "TPM 2.0 Programming using Python and the tpm2-pytss libraries" (~13 hours)
https://www.reddit.com/r/netsec/comments/1nh6az4/new_opensecuritytraining2_class_tpm_20/
-
New OpenSecurityTraining2 class: "Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting" (~8 hours)
https://www.reddit.com/r/netsec/comments/1natzsl/new_opensecuritytraining2_class_bluetooth_2222/
-
Tracking malicious code execution in Python
https://www.reddit.com/r/netsec/comments/1mzk3l4/tracking_malicious_code_execution_in_python/
Cyber Jobs
-
HPC Technical Expert - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
CyberSecurity Engineer - TS/SCI
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Windows Cyber Software Engineer - TS
Company: CrowdCyber
Location: Chantilly, VA
-
Systems Engineer 3 - Cisco - TS/SCI/CI-Poly
Company: CrowdCyber
Location: Annapolis Junction, MD
-
HPC System Administrator - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
Candidates
-
Windows Reverse Engineer - Top Secret - Full Scope
-
Linux Cyber Software Engineer - Top Secret - Full Scope
-
Apple iOS Cyber Software Engineer - Top Secret SCI
-
Mobile Android Cyber Software Engineer - Top Secret - Poly
-
Windows Vulnerability Researcher - Top Secret - Full Scope Poly
Bounties
-
Google now pays $250,000 for KVM zero-day vulnerabilities
-
Bug Bounty: An Economic Disadvantage for Researchers?
https://www.digitaloperatives.com/2023/07/29/bug-bounty-an-economic-disadvantage-for-researchers/
-
Google Pixel Titan M with Persistence - Zero click Up to $1,000,000
-
Facebook Full Mobile Remote Code Execution exploit is $300,000
https://www.facebook.com/whitehat/payout_guidelines/mobile_rce
-
When Can A Quantum Computer Steal Your Money? When There Is A Data Point At 256 On The Graph Below
Research
-
Time-of-Check Time-of-Use Attacks Against LLMs
https://www.schneier.com/blog/archives/2025/09/time-of-check-time-of-use-attacks-against-llms.html
-
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory
-
New Cryptanalysis of the Fiat-Shamir Protocol
https://www.schneier.com/blog/archives/2025/09/new-cryptanalysis-of-the-fiat-shamir-protocol.html
-
Detect Suspicious/Malicious ICMP Echo Traffic - Using Behavioral and Protocol Semantic Analysis
https://www.reddit.com/r/netsec/comments/1nbnsra/detect_suspiciousmalicious_icmp_echo_traffic/
-
Introducing ICMP Echo Streams (iStreams)
https://www.reddit.com/r/netsec/comments/1n5n0qk/introducing_icmp_echo_streams_istreams/
Videos
-
Operation Triangulation: What You Get When Attack iPhones of Researchers
-
Our Polymorphic Reverse Shell Generator beat EVERY AV!
-
How Hackers Hide From Memory Scanners
-
How Hackers Exploit Vulnerable Drivers
-
DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK
Social
-
FX of Phenoelit - @41414141
-
vx-underground - @vx-underground
-
BTCillustrated - @BTCillustrated
-
Halvar Flake - @halvarflake
-
Dave Aitel - @daveaitel
Artificial Intelligence (AI)
-
A Safer Chat: OpenAI Unveils ChatGPT for Teens
https://securityonline.info/a-safer-chat-openai-unveils-chatgpt-for-teens/
-
YouTube Unveils AI-Powered Creator Tools to Revolutionize Content Creation
-
OpenAI's new GPT-5 Codex model takes on Claude Code
-
Grok, ChatGPT, other AIs happy to help phish senior citizens
-
The AI Fix #68: AI telepathy, and rights for robots
Threat Intelligence
-
SystemBC malware turns infected VPS systems into proxy highway
-
Disrupted phishing service was after Microsoft 365 credentials
-
UK arrests 'Scattered Spider' teens linked to Transport for London hack
-
Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service
-
CopyCop Deepens Its Playbook with New Websites and Targets
https://www.recordedfuture.com/research/copycop-deepens-its-playbook-with-new-websites-and-targets
Bitcoin and Alt
-
CoinTelegraph Hacked: Fake CTG Airdrop Scam Steals Crypto Via Malicious Pop-Ups
-
Cencora’s $75 Million Ransom: A New High in Cyber Extortion
https://securityonline.info/cencoras-75-million-ransom-a-new-high-in-cyber-extortion/
-
FBI warns against using unlicensed crypto transfer services
-
iOS v17.4 Beta 2 Nerfs (Some) Progressive Web Apps for EU Users
https://www.nobsbitcoin.com/ios-v17-4-beta2-undermines-progressive-web-apps-pwas-for-eu-users/
-
CoinCenter: Broad, Ambiguous, or Delegated: Constitutional Infirmities of the Bank Secrecy Act
Privacy
-
Gaps in California Privacy Law: Half of Data Brokers Ignore Requests
-
Proton Unveils Lumo AI Assistant: Fully Encrypted, No Data Logging, European-Hosted AI for Ultimate Privacy
-
CapCut’s New Terms: ByteDance Gains Perpetual Rights to User Content, Likeness, & Voice Globally
-
Subaru Starlink flaw let hackers hijack cars in US and Canada
-
Cloudflare CDN flaw leaks user location data, even through secure chat apps
Censorship
-
Tor needs 200 new WebTunnel bridges to fight censorship
-
EFF: The U.K. Government Is Very Close To Eroding Encryption Worldwide
https://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide
-
Meta plans retention 'hooks' for Threads as more than half of users leave app
-
Learn about NOSTR - Earn Zaps! ⚡️
-
As 'Threads' Continues To Face-Plant, House Judiciary Demands Answers Over Censorship
Infographics
-
Aircrack Cheat Sheet
https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/aircrack/Aircrack-ng%20%20UHD.png
-
How a Load Balancer Works
https://pbs.twimg.com/media/F5-ByLvXkAASw3j?format=jpg&name=4096x4096
-
Process Injection
-
Argument Map on Restricting Encryption
-
OSCP Enumeration Cheat Sheet
https://pbs.twimg.com/media/F2HWy_LWgAI5hT1?format=jpg&name=4096x4096
Quantum Computing
-
Google Chrome's new post-quantum cryptography may break TLS connections
-
Companies, countries battle to develop quantum computers | 60 Minutes
-
An Efficient Quantum Factoring Algorithm
-
You Can’t Rush Post-Quantum-Computing Cryptography Standards
-
Supercomputer makes calculations in blink of an eye that take rivals 47 years
Paid Gigs
-
The Human Rights Foundation Announces 20 Btc Bounty Challenge For Bitcoin Development
-
Open-Sourcing the Design Guide: 2 BTC to port the Bitcoin UI Kit from Figma to an open-source Penpot project.
-
Serverless Payjoin: 2 BTC to deploy a production-ready version 2 payjoin protocol which may send and receive Payjoin transactions without requiring a sender or recipient to operate a public server.
-
E2EE Group Chats: 2 BTC for the creation of end to end encrypted group chats powered by any popular Nostr client that does not leak metadata
-
Silent payments: 2 BTC for a mobile wallet which can send and receive Silent Payments in a private manner without requiring the user to run a full node
Cryptography
-
1965 Cryptanalysis Training Workbook Released by the NSA
-
Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture
-
SHA-1 gets SHAttered
-
Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG
-
Demystifying Multivariate Cryptography
https://research.nccgroup.com/2023/08/18/demystifying-multivariate-cryptography/
Cloud
-
Hybrid Clouds Provide a Practical Approach to Post-Quantum Migration
-
Cloud Threat Hunting and Defense Landscape
https://www.recordedfuture.com/research/cloud-threat-hunting-defense-landscape
-
US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’
https://www.securityweek.com/us-senator-wyden-accuses-microsoft-of-cybersecurity-negligence/
-
The 10 Humorous But Immutable Laws of Cloud Security
https://www.digitaloperatives.com/2023/07/18/the-10-humorous-but-immutable-laws-of-cloud-security/
Github Cyber Projects
-
mcp-security-scanner: The project scans MCP servers for vulnerabilities and misconfigurations to generate a security report. 33 recent commits. Latest release: 0.1.1.
-
IoT-Security-Scanner: The IoT-Security-Scanner is a tool that discovers and assesses IoT device security on a network. 9 recent commits.
-
DLLForwardScanner: DLLForwardScanner is a security tool that detects hidden DLL forwarding vulnerabilities on Windows systems. 3 recent commits.
-
ZeroLeak: ZeroLeak is an AI-powered tool that scans source code for vulnerabilities and suggests fixes. 2 recent commits.
-
vulnhound: The vulnhound project delivers fresh web vulnerabilities and exploits to Discord for bug bounty hunters. 4 recent commits.
Top Github Devs
-
Th3H4cK3R_R4HUL (@Rahul-Thakur7): Th3H4cK3R_R4HUL is a certified security analyst with expertise in penetration testing and red team operations. 65 followers. Known for Penetration-Testing-Tools (0 stars). Expert in Exploit Development, Penetration Testing.
-
luijait (@luijait): luijait is a cybersecurity AI developer with expertise in exploit development and framework creation, notable for PwnKit-Exploit and MARA_Framework. 473 followers. Known for PwnKit-Exploit (99 stars). Expert in Security Scanning, Exploit Development.
-
BEIDI DINA SAMUEL (@samglish): BEIDI DINA SAMUEL is a cybersecurity expert with expertise in network and systems engineering and open-source development. 690 followers. Known for shodan_metasploit_cli (9 stars). Expert in Security Scanning, Exploit Development.
-
Cherishao (@Cherishao): Cherishao is a malware researcher and threat analyst with expertise in APT analysis, reverse engineering, and network security. 73 followers. Known for APT-Sample (173 stars). Expert in Threat Intelligence, Malware Analysis.
-
HackSys Team (@hacksysteam): HackSys Team is a cybersecurity developer with expertise in vulnerability research and exploitation, notable for discovering several critical CVEs. 1239 followers. Known for CVE-2023-21608 (274 stars). Expert in Vulnerability Research, Exploit Development.