Cyber News
-
New UK laws to strengthen critical infrastructure cyber defenses
-
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
https://www.reddit.com/r/netsec/comments/1oo9ic9/critical_rce_vulnerability_cve202511953_puts/
-
Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered Cybersecurity
-
EU Spectrum War: Will the Upper 6GHz Band Go to Wi-Fi 7 or 6G Networks?
https://securityonline.info/eu-spectrum-war-will-the-upper-6ghz-band-go-to-wi-fi-7-or-6g-networks/
-
Sora 2 Makes Videos So Believable, Reality Checks Are Required
Exploits
-
Critical Fortinet FortiWeb WAF Bug Exploited in the Wild
-
Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal
-
RondoDox botnet malware now hacks servers using XWiki flaw
-
Microsoft Patch Tuesday, November 2025 Edition
https://krebsonsecurity.com/2025/11/microsoft-patch-tuesday-november-2025-edition/
-
Update now: November Patch Tuesday fixes Windows zero-day exploited in the wild
Tools
-
Pentesting Next.js Server Actions
https://www.reddit.com/r/netsec/comments/1of84hu/pentesting_nextjs_server_actions/
-
Modding And Distributing Mobile Apps with Frida
https://www.reddit.com/r/netsec/comments/1oe43pb/modding_and_distributing_mobile_apps_with_frida/
-
pyLDAPGui - Python based GUI for browsing LDAP
https://www.reddit.com/r/netsec/comments/1nh8qvn/pyldapgui_python_based_gui_for_browsing_ldap/
-
pyghidra-mcp: Headless Ghidra MCP Server for Project-Wide, Multi-Binary Analysis
https://www.reddit.com/r/netsec/comments/1muobce/pyghidramcp_headless_ghidra_mcp_server_for/
-
Snoop - OSINT Tool For Research Social Media Accounts By Username
http://www.kitploit.com/2025/04/snoop-osint-tool-for-research-social.html
Knowledge
-
Implementing the Etherhiding technique
https://www.reddit.com/r/netsec/comments/1orqn0f/implementing_the_etherhiding_technique/
-
Privescing a Laptop with BitLocker + PIN
https://www.reddit.com/r/netsec/comments/1oe6hrc/privescing_a_laptop_with_bitlocker_pin/
-
Yet Another Random Story. VBScript's Randomize Internals.
https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/
-
Fine-grained HTTP filtering for Claude Code
https://www.reddit.com/r/netsec/comments/1nff57n/finegrained_http_filtering_for_claude_code/
-
Practical guide for hunters: how leaked webhooks are abused and how to defend them
https://www.reddit.com/r/netsec/comments/1njbx3q/practical_guide_for_hunters_how_leaked_webhooks/
Cyber Jobs
-
HPC Technical Expert - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Technical Writer II - Cyber - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Information System Security Engineer 2 - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Windows Cyber Software Engineer - TS
Company: CrowdCyber
Location: Chantilly, VA
-
CyberSecurity Engineer - TS/SCI
Company: CrowdCyber
Location: Annapolis Junction, MD
Candidates
-
Windows Reverse Engineer - Top Secret - Full Scope
-
Linux Cyber Software Engineer - Top Secret - Full Scope
-
Apple iOS Cyber Software Engineer - Top Secret SCI
-
Mobile Android Cyber Software Engineer - Top Secret - Poly
-
Windows Vulnerability Researcher - Top Secret - Full Scope Poly
Bounties
-
Apple’s Bug Bounty Program
https://www.schneier.com/blog/archives/2025/10/apples-bug-bounty-program.html
-
Zeroday Cloud hacking contest offers $4.5 million in bounties
-
Google now pays $250,000 for KVM zero-day vulnerabilities
-
Bug Bounty: An Economic Disadvantage for Researchers?
https://www.digitaloperatives.com/2023/07/29/bug-bounty-an-economic-disadvantage-for-researchers/
-
Google Pixel Titan M with Persistence - Zero click Up to $1,000,000
Research
-
Whisper Leak: Attack Infers Encrypted AI Chat Topics with 98%+ Accuracy
https://securityonline.info/whisper-leak-attack-infers-encrypted-ai-chat-topics-with-98-accuracy/
-
Quantifying Swiss Cheese, the Bayesian Way
https://www.reddit.com/r/netsec/comments/1oluzam/quantifying_swiss_cheese_the_bayesian_way/
-
Evading Elastic EDR's call stack signatures with call gadgets
https://www.reddit.com/r/netsec/comments/1opyr37/evading_elastic_edrs_call_stack_signatures_with/
-
[Research] Unvalidated Trust: Cross-Stage Failure Modes in LLM/agent pipelines arXiv
https://www.reddit.com/r/netsec/comments/1onseux/research_unvalidated_trust_crossstage_failure/
-
The AI-Designed Bioweapon Arms Race
https://www.schneier.com/blog/archives/2025/10/the-ai-designed-bioweapon-arms-race.html
Videos
-
Operation Triangulation: What You Get When Attack iPhones of Researchers
-
Our Polymorphic Reverse Shell Generator beat EVERY AV!
-
How Hackers Hide From Memory Scanners
-
How Hackers Exploit Vulnerable Drivers
-
DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK
Social
-
FX of Phenoelit - @41414141
-
vx-underground - @vx-underground
-
BTCillustrated - @BTCillustrated
-
Halvar Flake - @halvarflake
-
Dave Aitel - @daveaitel
Artificial Intelligence (AI)
-
Prompt Injection in AI Browsers
https://www.schneier.com/blog/archives/2025/11/prompt-injection-in-ai-browsers.html
-
AI App Spending Report: Where Are the Security Tools?
-
AI Agents Are Going Rogue: Here's How to Rein Them In
https://www.darkreading.com/cyber-risk/ai-agents-going-rogue
-
OpenAI plans to release GPT-5.1, GPT-5.1 Reasoning, and GPT-5.1 Pro
-
42.5 ExaFLOPS: Google Launches Ironwood TPU to Power Next-Gen Agentic AI
https://securityonline.info/42-5-exaflops-google-launches-ironwood-tpu-to-power-next-gen-agentic-ai/
Threat Intelligence
-
TamperedChef Malvertising Uses US Shell Companies to Sign Trojanized Apps with Valid Certificates, Deploying Stealth Backdoor
-
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
-
Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense
-
Akira RaaS Targets Nutanix VMs, Threatens Critical Orgs
https://www.darkreading.com/threat-intelligence/akira-raas-nutanix-vms-critical-orgs
-
North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware
Bitcoin and Alt
-
CoinTelegraph Hacked: Fake CTG Airdrop Scam Steals Crypto Via Malicious Pop-Ups
-
Cencora’s $75 Million Ransom: A New High in Cyber Extortion
https://securityonline.info/cencoras-75-million-ransom-a-new-high-in-cyber-extortion/
-
FBI warns against using unlicensed crypto transfer services
-
iOS v17.4 Beta 2 Nerfs (Some) Progressive Web Apps for EU Users
https://www.nobsbitcoin.com/ios-v17-4-beta2-undermines-progressive-web-apps-pwas-for-eu-users/
-
CoinCenter: Broad, Ambiguous, or Delegated: Constitutional Infirmities of the Bank Secrecy Act
Privacy
-
Flok License Plate Surveillance
https://www.schneier.com/blog/archives/2025/10/flok-license-plate-surveillance.html
-
Privacy Alert: Meta to Use User-AI Conversations to Target Ads Across Facebook and Instagram
-
LinkedIn will use your data to train its AI unless you opt out now
-
TikTok is misusing kids’ data, says privacy watchdog
https://www.malwarebytes.com/blog/news/2025/09/tiktok-is-misusing-kids-data-says-privacy-watchdog
-
Police using drones to read your license plates, warns EFF
Censorship
-
Details About Chinese Surveillance and Propaganda Companies
-
The Great Firewall Leaks: A 600GB Trove of Secrets Exposed
https://securityonline.info/the-great-firewall-leaks-a-600gb-trove-of-secrets-exposed/
-
Tor needs 200 new WebTunnel bridges to fight censorship
-
Meta plans retention 'hooks' for Threads as more than half of users leave app
-
EFF: The U.K. Government Is Very Close To Eroding Encryption Worldwide
https://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide
Infographics
-
Aircrack Cheat Sheet
https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/aircrack/Aircrack-ng%20%20UHD.png
-
How a Load Balancer Works
https://pbs.twimg.com/media/F5-ByLvXkAASw3j?format=jpg&name=4096x4096
-
Process Injection
-
Argument Map on Restricting Encryption
-
OSCP Enumeration Cheat Sheet
https://pbs.twimg.com/media/F2HWy_LWgAI5hT1?format=jpg&name=4096x4096
Quantum Computing
-
Google Chrome's new post-quantum cryptography may break TLS connections
-
Companies, countries battle to develop quantum computers | 60 Minutes
-
An Efficient Quantum Factoring Algorithm
-
You Can’t Rush Post-Quantum-Computing Cryptography Standards
-
Supercomputer makes calculations in blink of an eye that take rivals 47 years
Paid Gigs
-
The Human Rights Foundation Announces 20 Btc Bounty Challenge For Bitcoin Development
-
Open-Sourcing the Design Guide: 2 BTC to port the Bitcoin UI Kit from Figma to an open-source Penpot project.
-
Serverless Payjoin: 2 BTC to deploy a production-ready version 2 payjoin protocol which may send and receive Payjoin transactions without requiring a sender or recipient to operate a public server.
-
E2EE Group Chats: 2 BTC for the creation of end to end encrypted group chats powered by any popular Nostr client that does not leak metadata
-
Silent payments: 2 BTC for a mobile wallet which can send and receive Silent Payments in a private manner without requiring the user to run a full node
Cryptography
-
Free test for Post-Quantum Cryptography TLS
https://www.reddit.com/r/netsec/comments/1oqsojn/free_test_for_postquantum_cryptography_tls/
-
Signal’s Post-Quantum Cryptographic Implementation
-
Part Four of The Kryptos Sculpture
https://www.schneier.com/blog/archives/2025/10/part-four-of-the-kryptos-sculpture.html
-
Signal adds new cryptographic defense against quantum attacks
-
Journeys in Hosting 1/x - Precomputed SSH Host Keys
https://www.reddit.com/r/netsec/comments/1no01xq/journeys_in_hosting_1x_precomputed_ssh_host_keys/
Cloud
-
The Cloud Edge Is the New Attack Surface
https://www.darkreading.com/cloud-security/cloud-edge-new-attack-surface
-
Hybrid Clouds Provide a Practical Approach to Post-Quantum Migration
-
Cloud Threat Hunting and Defense Landscape
https://www.recordedfuture.com/research/cloud-threat-hunting-defense-landscape
-
US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’
https://www.securityweek.com/us-senator-wyden-accuses-microsoft-of-cybersecurity-negligence/
-
The 10 Humorous But Immutable Laws of Cloud Security
https://www.digitaloperatives.com/2023/07/18/the-10-humorous-but-immutable-laws-of-cloud-security/
Github Cyber Projects
-
vuls: Vuls is an agent-less vulnerability scanner for various platforms and applications. 6 recent commits. Latest release: v0.35.1.
-
devguard: DevGuard secures software supply chains through attestation-based compliance and vulnerability management. 22 recent commits. Latest release: v0.17.5.
-
BBtool: BBtool is a user-friendly penetration testing tool for security researchers and ethical hackers. 1 recent commits.
-
Mobile-Security-Framework-MobSF: Mobile-Security-Framework-MobSF performs automated mobile app security testing and analysis for Android, iOS, and Windows devices. 1 recent commits. Latest release: v4.4.2.
-
CVE-2016-10708: This project exploits a vulnerability in OpenSSH versions prior to 7.4 through malicious SSH packets. 2 recent commits.
Top Github Devs
-
Joas A Santos (@CyberSecurityUP): Joas A Santos is a cybersecurity expert with experience as a Red Team Lead and Information Security Researcher. 4064 followers. Known for ShadowPhish (209 stars). Expert in Red Team Operations.
-
sonyahack1 (@sonyahack1): SonyaHack1 is a cybersecurity developer specializing in penetration testing and red team operations with notable work on VulnHub and HackTheBox. 42 followers. Known for kids_2.0-Tasks (0 stars). Expert in Penetration Testing, Red Team Operations.
-
Art of Hacking (@The-Art-of-Hacking): Omar Santos is a cybersecurity developer specializing in ethical hacking, penetration testing, and digital forensics with notable tools like h4cker and Weevely. 2983 followers. Known for h4cker (23348 stars). Expert in Exploit Development, Incident Response.
-
sickcodes (@sickcodes): Sickcodes is a cybersecurity developer with expertise in security research and open-source development of notable projects like no-sandbox and Docker-OSX. 2664 followers. Known for no-sandbox (186 stars). Expert in Exploit Development, Security Scanning.
-
kader m (@cyn00b): kader m is a cybersecurity developer specializing in API and framework vulnerability testing with notable open-source contributions. 61 followers. Known for Windows-Exploit-Suggester (1 stars). Expert in Exploit Development.