Cyber News
-
New UK laws to strengthen critical infrastructure cyber defenses
-
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
https://www.reddit.com/r/netsec/comments/1oo9ic9/critical_rce_vulnerability_cve202511953_puts/
-
Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered Cybersecurity
-
EU Spectrum War: Will the Upper 6GHz Band Go to Wi-Fi 7 or 6G Networks?
https://securityonline.info/eu-spectrum-war-will-the-upper-6ghz-band-go-to-wi-fi-7-or-6g-networks/
-
Sora 2 Makes Videos So Believable, Reality Checks Are Required
Exploits
-
Critical Ray AI Flaw Exposes Devs via Safari & Firefox (CVE-2025-62593)
https://securityonline.info/critical-ray-ai-flaw-exposes-devs-via-safari-firefox-cve-2025-62593/
-
Security Alert: Apache SkyWalking Stored XSS Vulnerability (CVE-2025-54057)
-
Critical Alert: Apache Kvrocks ‘RESET’ Command Flaw Grants Admin Privileges
-
New ShadowV2 botnet malware used AWS outage as a test opportunity
-
The AI Attack Surface: How Agents Raise the Cyber Stakes
https://www.darkreading.com/application-security/ai-attack-surface-agents-cyber-stakes
Tools
-
'Matrix Push' C2 Tool Hijacks Browser Notifications
-
Pentesting Next.js Server Actions
https://www.reddit.com/r/netsec/comments/1of84hu/pentesting_nextjs_server_actions/
-
Modding And Distributing Mobile Apps with Frida
https://www.reddit.com/r/netsec/comments/1oe43pb/modding_and_distributing_mobile_apps_with_frida/
-
pyLDAPGui - Python based GUI for browsing LDAP
https://www.reddit.com/r/netsec/comments/1nh8qvn/pyldapgui_python_based_gui_for_browsing_ldap/
-
pyghidra-mcp: Headless Ghidra MCP Server for Project-Wide, Multi-Binary Analysis
https://www.reddit.com/r/netsec/comments/1muobce/pyghidramcp_headless_ghidra_mcp_server_for/
Knowledge
-
Implementing the Etherhiding technique
https://www.reddit.com/r/netsec/comments/1orqn0f/implementing_the_etherhiding_technique/
-
Privescing a Laptop with BitLocker + PIN
https://www.reddit.com/r/netsec/comments/1oe6hrc/privescing_a_laptop_with_bitlocker_pin/
-
Yet Another Random Story. VBScript's Randomize Internals.
https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/
-
Fine-grained HTTP filtering for Claude Code
https://www.reddit.com/r/netsec/comments/1nff57n/finegrained_http_filtering_for_claude_code/
-
Practical guide for hunters: how leaked webhooks are abused and how to defend them
https://www.reddit.com/r/netsec/comments/1njbx3q/practical_guide_for_hunters_how_leaked_webhooks/
Cyber Jobs
-
Windows Cyber Software Engineer - TS
Company: CrowdCyber
Location: Chantilly, VA
-
HPC Technical Expert - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Information System Security Engineer 2 - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Technical Writer II - Cyber - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
CyberSecurity Engineer - TS/SCI
Company: CrowdCyber
Location: Annapolis Junction, MD
Candidates
-
Windows Reverse Engineer - Top Secret - Full Scope
-
Linux Cyber Software Engineer - Top Secret - Full Scope
-
Apple iOS Cyber Software Engineer - Top Secret SCI
-
Mobile Android Cyber Software Engineer - Top Secret - Poly
-
Windows Vulnerability Researcher - Top Secret - Full Scope Poly
Bounties
-
Apple’s Bug Bounty Program
https://www.schneier.com/blog/archives/2025/10/apples-bug-bounty-program.html
-
Zeroday Cloud hacking contest offers $4.5 million in bounties
-
Google now pays $250,000 for KVM zero-day vulnerabilities
-
Bug Bounty: An Economic Disadvantage for Researchers?
https://www.digitaloperatives.com/2023/07/29/bug-bounty-an-economic-disadvantage-for-researchers/
-
Google Pixel Titan M with Persistence - Zero click Up to $1,000,000
Research
-
New Security Tools Target Growing macOS Threats
https://www.darkreading.com/vulnerabilities-threats/new-security-tools-target-growing-macos-threats
-
Prompt Injection Through Poetry
https://www.schneier.com/blog/archives/2025/11/prompt-injection-through-poetry.html
-
Public GitLab repositories exposed more than 17,000 secrets
-
Advanced Security Isn't Stopping Ancient Phishing Tactics
https://www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
-
Cloud Break: IoT Devices Open to Silent Takeover Via Firewalls
https://www.darkreading.com/cybersecurity-operations/cloud-iot-devices-takeover-firewalls
Videos
-
Operation Triangulation: What You Get When Attack iPhones of Researchers
-
Our Polymorphic Reverse Shell Generator beat EVERY AV!
-
How Hackers Hide From Memory Scanners
-
How Hackers Exploit Vulnerable Drivers
-
DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK
Social
-
FX of Phenoelit - @41414141
-
vx-underground - @vx-underground
-
BTCillustrated - @BTCillustrated
-
Halvar Flake - @halvarflake
-
Dave Aitel - @daveaitel
Artificial Intelligence (AI)
-
Malicious LLMs empower inexperienced hackers with advanced tools
-
AI App Spending Report: Where Are the Security Tools?
-
Prompt Injection in AI Browsers
https://www.schneier.com/blog/archives/2025/11/prompt-injection-in-ai-browsers.html
-
AI Agents Are Going Rogue: Here's How to Rein Them In
https://www.darkreading.com/cyber-risk/ai-agents-going-rogue
-
OpenAI plans to release GPT-5.1, GPT-5.1 Reasoning, and GPT-5.1 Pro
Threat Intelligence
-
Iran-Nexus Threat Actor UNC1549 Takes Aim at Aerospace
-
Is Your Android TV Streaming Box Part of a Botnet?
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
-
Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime Within Hours
https://www.reddit.com/r/netsec/comments/1p5d4pm/shaihulud_returns_over_300_npm_packages_and_21k/
-
China's 'PlushDaemon' Hackers Infect Routers to Hijack Software Updates
https://www.darkreading.com/endpoint-security/chinese-apt-routers-hijack-software-updates
-
Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks
Bitcoin and Alt
-
CoinTelegraph Hacked: Fake CTG Airdrop Scam Steals Crypto Via Malicious Pop-Ups
-
Cencora’s $75 Million Ransom: A New High in Cyber Extortion
https://securityonline.info/cencoras-75-million-ransom-a-new-high-in-cyber-extortion/
-
FBI warns against using unlicensed crypto transfer services
-
iOS v17.4 Beta 2 Nerfs (Some) Progressive Web Apps for EU Users
https://www.nobsbitcoin.com/ios-v17-4-beta2-undermines-progressive-web-apps-pwas-for-eu-users/
-
CoinCenter: Broad, Ambiguous, or Delegated: Constitutional Infirmities of the Bank Secrecy Act
Privacy
-
Flok License Plate Surveillance
https://www.schneier.com/blog/archives/2025/10/flok-license-plate-surveillance.html
-
Privacy Alert: Meta to Use User-AI Conversations to Target Ads Across Facebook and Instagram
-
LinkedIn will use your data to train its AI unless you opt out now
-
TikTok is misusing kids’ data, says privacy watchdog
https://www.malwarebytes.com/blog/news/2025/09/tiktok-is-misusing-kids-data-says-privacy-watchdog
-
Police using drones to read your license plates, warns EFF
Censorship
-
Details About Chinese Surveillance and Propaganda Companies
-
The Great Firewall Leaks: A 600GB Trove of Secrets Exposed
https://securityonline.info/the-great-firewall-leaks-a-600gb-trove-of-secrets-exposed/
-
Tor needs 200 new WebTunnel bridges to fight censorship
-
Meta plans retention 'hooks' for Threads as more than half of users leave app
-
EFF: The U.K. Government Is Very Close To Eroding Encryption Worldwide
https://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide
Infographics
-
Aircrack Cheat Sheet
https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/aircrack/Aircrack-ng%20%20UHD.png
-
How a Load Balancer Works
https://pbs.twimg.com/media/F5-ByLvXkAASw3j?format=jpg&name=4096x4096
-
Process Injection
-
Argument Map on Restricting Encryption
-
OSCP Enumeration Cheat Sheet
https://pbs.twimg.com/media/F2HWy_LWgAI5hT1?format=jpg&name=4096x4096
Quantum Computing
-
Google Chrome's new post-quantum cryptography may break TLS connections
-
Companies, countries battle to develop quantum computers | 60 Minutes
-
An Efficient Quantum Factoring Algorithm
-
You Can’t Rush Post-Quantum-Computing Cryptography Standards
-
Supercomputer makes calculations in blink of an eye that take rivals 47 years
Paid Gigs
-
The Human Rights Foundation Announces 20 Btc Bounty Challenge For Bitcoin Development
-
Open-Sourcing the Design Guide: 2 BTC to port the Bitcoin UI Kit from Figma to an open-source Penpot project.
-
Serverless Payjoin: 2 BTC to deploy a production-ready version 2 payjoin protocol which may send and receive Payjoin transactions without requiring a sender or recipient to operate a public server.
-
E2EE Group Chats: 2 BTC for the creation of end to end encrypted group chats powered by any popular Nostr client that does not leak metadata
-
Silent payments: 2 BTC for a mobile wallet which can send and receive Silent Payments in a private manner without requiring the user to run a full node
Cryptography
-
Free test for Post-Quantum Cryptography TLS
https://www.reddit.com/r/netsec/comments/1oqsojn/free_test_for_postquantum_cryptography_tls/
-
Signal’s Post-Quantum Cryptographic Implementation
-
Part Four of The Kryptos Sculpture
https://www.schneier.com/blog/archives/2025/10/part-four-of-the-kryptos-sculpture.html
-
Signal adds new cryptographic defense against quantum attacks
-
Journeys in Hosting 1/x - Precomputed SSH Host Keys
https://www.reddit.com/r/netsec/comments/1no01xq/journeys_in_hosting_1x_precomputed_ssh_host_keys/
Cloud
-
Cloudflare Blames Outage on Internal Configuration Error
https://www.darkreading.com/cyber-risk/cloudflare-blames-outage-internal-error
-
The Cloud Edge Is the New Attack Surface
https://www.darkreading.com/cloud-security/cloud-edge-new-attack-surface
-
Hybrid Clouds Provide a Practical Approach to Post-Quantum Migration
-
Cloud Threat Hunting and Defense Landscape
https://www.recordedfuture.com/research/cloud-threat-hunting-defense-landscape
-
US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’
https://www.securityweek.com/us-senator-wyden-accuses-microsoft-of-cybersecurity-negligence/
Github Cyber Projects
-
vuls: Vuls is an agent-less vulnerability scanner for various platforms and applications. 6 recent commits. Latest release: v0.35.1.
-
devguard: DevGuard secures software supply chains through attestation-based compliance and vulnerability management. 22 recent commits. Latest release: v0.17.5.
-
BBtool: BBtool is a user-friendly penetration testing tool for security researchers and ethical hackers. 1 recent commits.
-
Mobile-Security-Framework-MobSF: Mobile-Security-Framework-MobSF performs automated mobile app security testing and analysis for Android, iOS, and Windows devices. 1 recent commits. Latest release: v4.4.2.
-
CVE-2016-10708: This project exploits a vulnerability in OpenSSH versions prior to 7.4 through malicious SSH packets. 2 recent commits.
Top Github Devs
-
Joas A Santos (@CyberSecurityUP): Joas A Santos is a cybersecurity expert with experience as a Red Team Lead and Information Security Researcher. 4064 followers. Known for ShadowPhish (209 stars). Expert in Red Team Operations.
-
sonyahack1 (@sonyahack1): SonyaHack1 is a cybersecurity developer specializing in penetration testing and red team operations with notable work on VulnHub and HackTheBox. 42 followers. Known for kids_2.0-Tasks (0 stars). Expert in Penetration Testing, Red Team Operations.
-
Art of Hacking (@The-Art-of-Hacking): Omar Santos is a cybersecurity developer specializing in ethical hacking, penetration testing, and digital forensics with notable tools like h4cker and Weevely. 2983 followers. Known for h4cker (23348 stars). Expert in Exploit Development, Incident Response.
-
sickcodes (@sickcodes): Sickcodes is a cybersecurity developer with expertise in security research and open-source development of notable projects like no-sandbox and Docker-OSX. 2664 followers. Known for no-sandbox (186 stars). Expert in Exploit Development, Security Scanning.
-
kader m (@cyn00b): kader m is a cybersecurity developer specializing in API and framework vulnerability testing with notable open-source contributions. 61 followers. Known for Windows-Exploit-Suggester (1 stars). Expert in Exploit Development.