Cyber News
-
CrowdStrike to Buy SGNL to Expand Identity Security Capabilities
-
New UK laws to strengthen critical infrastructure cyber defenses
-
Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered Cybersecurity
-
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
https://www.reddit.com/r/netsec/comments/1oo9ic9/critical_rce_vulnerability_cve202511953_puts/
-
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban/
Exploits
-
Urgent Django Update: Patches 3 Critical SQL Injections & DoS Risks
https://securityonline.info/urgent-django-update-patches-3-critical-sql-injections-dos-risks/
-
Hackers exploit critical React Native Metro bug to breach dev systems
-
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
-
Russian hackers exploit recently patched Microsoft Office bug in attacks
-
CISA flags critical SolarWinds RCE flaw as exploited in attacks
Tools
-
'Stanley' Toolkit Turns Chrome Into Undetectable Phishing Vector
https://www.darkreading.com/remote-workforce/stanley-toolkit-chrome-undetectable-phishing
-
New ErrTraffic service enables ClickFix attacks via fake browser glitches
-
Kali Linux 2025.4 released with 3 new tools, desktop updates
-
'Matrix Push' C2 Tool Hijacks Browser Notifications
-
Pentesting Next.js Server Actions
https://www.reddit.com/r/netsec/comments/1of84hu/pentesting_nextjs_server_actions/
Knowledge
-
How to Mitigate Supply Chain Attacks
-
Threat Intelligence Automation
https://www.recordedfuture.com/blog/threat-intelligence-automation
-
Implementing the Etherhiding technique
https://www.reddit.com/r/netsec/comments/1orqn0f/implementing_the_etherhiding_technique/
-
Privescing a Laptop with BitLocker + PIN
https://www.reddit.com/r/netsec/comments/1oe6hrc/privescing_a_laptop_with_bitlocker_pin/
-
Yet Another Random Story. VBScript's Randomize Internals.
https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/
Cyber Jobs
-
CyberSecurity Engineer - TS/SCI
Company: CrowdCyber
Location: Annapolis Junction, MD
-
HPC Technical Expert - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Information System Security Engineer 2 - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Windows Cyber Software Engineer - TS
Company: CrowdCyber
Location: Chantilly, VA
-
HPC System Administrator - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
Candidates
-
Windows Reverse Engineer - Top Secret - Full Scope
-
Linux Cyber Software Engineer - Top Secret - Full Scope
-
Apple iOS Cyber Software Engineer - Top Secret SCI
-
Mobile Android Cyber Software Engineer - Top Secret - Poly
-
Windows Vulnerability Researcher - Top Secret - Full Scope Poly
Bounties
-
Microsoft bounty program now includes any flaw impacting its services
-
Apple’s Bug Bounty Program
https://www.schneier.com/blog/archives/2025/10/apples-bug-bounty-program.html
-
Zeroday Cloud hacking contest offers $4.5 million in bounties
-
Google now pays $250,000 for KVM zero-day vulnerabilities
-
Bug Bounty: An Economic Disadvantage for Researchers?
https://www.digitaloperatives.com/2023/07/29/bug-bounty-an-economic-disadvantage-for-researchers/
Research
-
Rublevka Team: Anatomy of a Russian Crypto Drainer Operation
https://www.recordedfuture.com/research/rublevka-team-anatomy-russian-crypto-drainer-operation
-
The Double-Edged Sword of Non-Human Identities
https://www.bleepingcomputer.com/news/security/the-double-edged-sword-of-non-human-identities/
-
The “IClickFix” Trap: 3,800+ WordPress Sites Poisoned by Fake CAPTCHAs
https://securityonline.info/the-iclickfix-trap-3800-wordpress-sites-poisoned-by-fake-captchas/
-
[Research] Analysis of 74,636 AI Agent Interactions: 37.8% Contained Attack Attempts - New "Inter-Agent Attack" Category Emerges
https://www.reddit.com/r/netsec/comments/1qp3rpz/research_analysis_of_74636_ai_agent_interactions/
-
The Invisible Trap: GenAI Now Creates “Living” Polymorphic Phishing Pages
https://securityonline.info/the-invisible-trap-genai-now-creates-living-polymorphic-phishing-pages/
Videos
-
Operation Triangulation: What You Get When Attack iPhones of Researchers
-
Our Polymorphic Reverse Shell Generator beat EVERY AV!
-
How Hackers Hide From Memory Scanners
-
How Hackers Exploit Vulnerable Drivers
-
DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK
Social
-
FX of Phenoelit - @41414141
-
vx-underground - @vx-underground
-
BTCillustrated - @BTCillustrated
-
Halvar Flake - @halvarflake
-
Dave Aitel - @daveaitel
Artificial Intelligence (AI)
-
Tenable Tackles AI Governance, Shadow AI Risks, Data Exposure
https://www.darkreading.com/cyber-risk/tenable-tackles-ai-governance-shadow-ai-risks-data-exposure
-
Torq Moves SOCs Beyond SOAR With AI-Powered Hyper Automation
https://www.darkreading.com/remote-workforce/torq-moves-socs-soar-ai-powered-hyper-automation
-
Copilot's No-Code AI Agents Liable to Leak Company Data
https://www.darkreading.com/application-security/copilot-no-code-ai-agents-leak-company-data
-
New Startup Mate Launches With AI-Driven Security Operations Platform
-
Malicious LLMs empower inexperienced hackers with advanced tools
Threat Intelligence
-
AI Hub Hijacked: Polymorphic Android RAT Abuses Hugging Face to Steal Data
-
GlassWorm Malware Returns to Shatter Developer Ecosystems
https://www.darkreading.com/application-security/glassworm-malware-developer-ecosystems
-
AI-Coded Oppression: “RedKitten” Malware Targets Iranian Protesters
https://securityonline.info/ai-coded-oppression-redkitten-malware-targets-iranian-protesters/
-
Grid Sabotage: “Static Tundra” Hits Poland’s Energy Sector with DynoWiper
https://securityonline.info/grid-sabotage-static-tundra-hits-polands-energy-sector-with-dynowiper/
-
Fancy Bear Returns: APT28 Exploits Office Flaw in “Operation Neusploit”
https://securityonline.info/fancy-bear-returns-apt28-exploits-office-flaw-in-operation-neusploit/
Bitcoin and Alt
-
CoinTelegraph Hacked: Fake CTG Airdrop Scam Steals Crypto Via Malicious Pop-Ups
-
Cencora’s $75 Million Ransom: A New High in Cyber Extortion
https://securityonline.info/cencoras-75-million-ransom-a-new-high-in-cyber-extortion/
-
FBI warns against using unlicensed crypto transfer services
-
iOS v17.4 Beta 2 Nerfs (Some) Progressive Web Apps for EU Users
https://www.nobsbitcoin.com/ios-v17-4-beta2-undermines-progressive-web-apps-pwas-for-eu-users/
-
CoinCenter: Broad, Ambiguous, or Delegated: Constitutional Infirmities of the Bank Secrecy Act
Privacy
-
Urban VPN Proxy Surreptitiously Intercepts AI Chats
-
Browser Extension Harvests 8M Users' AI Chatbot Data
https://www.darkreading.com/endpoint-security/chrome-extension-harvests-ai-chatbot-data
-
Flok License Plate Surveillance
https://www.schneier.com/blog/archives/2025/10/flok-license-plate-surveillance.html
-
Privacy Alert: Meta to Use User-AI Conversations to Target Ads Across Facebook and Instagram
-
TikTok is misusing kids’ data, says privacy watchdog
https://www.malwarebytes.com/blog/news/2025/09/tiktok-is-misusing-kids-data-says-privacy-watchdog
Censorship
-
Details About Chinese Surveillance and Propaganda Companies
-
The Great Firewall Leaks: A 600GB Trove of Secrets Exposed
https://securityonline.info/the-great-firewall-leaks-a-600gb-trove-of-secrets-exposed/
-
Tor needs 200 new WebTunnel bridges to fight censorship
-
Meta plans retention 'hooks' for Threads as more than half of users leave app
-
EFF: The U.K. Government Is Very Close To Eroding Encryption Worldwide
https://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide
Infographics
-
Aircrack Cheat Sheet
https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/aircrack/Aircrack-ng%20%20UHD.png
-
How a Load Balancer Works
https://pbs.twimg.com/media/F5-ByLvXkAASw3j?format=jpg&name=4096x4096
-
Process Injection
-
Argument Map on Restricting Encryption
-
OSCP Enumeration Cheat Sheet
https://pbs.twimg.com/media/F2HWy_LWgAI5hT1?format=jpg&name=4096x4096
Quantum Computing
-
Google Chrome's new post-quantum cryptography may break TLS connections
-
Companies, countries battle to develop quantum computers | 60 Minutes
-
An Efficient Quantum Factoring Algorithm
-
You Can’t Rush Post-Quantum-Computing Cryptography Standards
-
Supercomputer makes calculations in blink of an eye that take rivals 47 years
Paid Gigs
-
The Human Rights Foundation Announces 20 Btc Bounty Challenge For Bitcoin Development
-
Open-Sourcing the Design Guide: 2 BTC to port the Bitcoin UI Kit from Figma to an open-source Penpot project.
-
Serverless Payjoin: 2 BTC to deploy a production-ready version 2 payjoin protocol which may send and receive Payjoin transactions without requiring a sender or recipient to operate a public server.
-
E2EE Group Chats: 2 BTC for the creation of end to end encrypted group chats powered by any popular Nostr client that does not leak metadata
-
Silent payments: 2 BTC for a mobile wallet which can send and receive Silent Payments in a private manner without requiring the user to run a full node
Cryptography
-
Microsoft Is Finally Killing RC4
https://www.schneier.com/blog/archives/2025/12/microsoft-is-finally-killing-rc4.html
-
IACR Nullifies Election Because of Lost Decryption Key
-
Free test for Post-Quantum Cryptography TLS
https://www.reddit.com/r/netsec/comments/1oqsojn/free_test_for_postquantum_cryptography_tls/
-
Signal’s Post-Quantum Cryptographic Implementation
-
Part Four of The Kryptos Sculpture
https://www.schneier.com/blog/archives/2025/10/part-four-of-the-kryptos-sculpture.html
Cloud
-
The Cloudflare Outage May Be a Security Roadmap
https://krebsonsecurity.com/2025/11/the-cloudflare-outage-may-be-a-security-roadmap/
-
Cloudflare Blames Outage on Internal Configuration Error
https://www.darkreading.com/cyber-risk/cloudflare-blames-outage-internal-error
-
The Cloud Edge Is the New Attack Surface
https://www.darkreading.com/cloud-security/cloud-edge-new-attack-surface
-
Hybrid Clouds Provide a Practical Approach to Post-Quantum Migration
-
Cloud Threat Hunting and Defense Landscape
https://www.recordedfuture.com/research/cloud-threat-hunting-defense-landscape
Github Cyber Projects
-
vuls: Vuls is an agent-less vulnerability scanner for various platforms and applications. 6 recent commits. Latest release: v0.35.1.
-
devguard: DevGuard secures software supply chains through attestation-based compliance and vulnerability management. 22 recent commits. Latest release: v0.17.5.
-
BBtool: BBtool is a user-friendly penetration testing tool for security researchers and ethical hackers. 1 recent commits.
-
Mobile-Security-Framework-MobSF: Mobile-Security-Framework-MobSF performs automated mobile app security testing and analysis for Android, iOS, and Windows devices. 1 recent commits. Latest release: v4.4.2.
-
CVE-2016-10708: This project exploits a vulnerability in OpenSSH versions prior to 7.4 through malicious SSH packets. 2 recent commits.
Top Github Devs
-
Joas A Santos (@CyberSecurityUP): Joas A Santos is a cybersecurity expert with experience as a Red Team Lead and Information Security Researcher. 4064 followers. Known for ShadowPhish (209 stars). Expert in Red Team Operations.
-
sonyahack1 (@sonyahack1): SonyaHack1 is a cybersecurity developer specializing in penetration testing and red team operations with notable work on VulnHub and HackTheBox. 42 followers. Known for kids_2.0-Tasks (0 stars). Expert in Penetration Testing, Red Team Operations.
-
Art of Hacking (@The-Art-of-Hacking): Omar Santos is a cybersecurity developer specializing in ethical hacking, penetration testing, and digital forensics with notable tools like h4cker and Weevely. 2983 followers. Known for h4cker (23348 stars). Expert in Exploit Development, Incident Response.
-
sickcodes (@sickcodes): Sickcodes is a cybersecurity developer with expertise in security research and open-source development of notable projects like no-sandbox and Docker-OSX. 2664 followers. Known for no-sandbox (186 stars). Expert in Exploit Development, Security Scanning.
-
kader m (@cyn00b): kader m is a cybersecurity developer specializing in API and framework vulnerability testing with notable open-source contributions. 61 followers. Known for Windows-Exploit-Suggester (1 stars). Expert in Exploit Development.