Cyber News
-
CrowdStrike to Buy SGNL to Expand Identity Security Capabilities
-
New UK laws to strengthen critical infrastructure cyber defenses
-
Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered Cybersecurity
-
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
https://www.reddit.com/r/netsec/comments/1oo9ic9/critical_rce_vulnerability_cve202511953_puts/
-
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban/
Exploits
-
CVE-2025-13878: High-Severity BIND Flaw Exposes Servers to Remote Crash
https://securityonline.info/cve-2025-13878-high-severity-bind-flaw-exposes-servers-to-remote-crash/
-
Chainlit AI framework bugs let hackers breach cloud environments
-
GitLab Alert: High-Severity 2FA Bypass & DoS Flaws Patched in Urgent Update
-
Crypto Foundation Cracked: One-Byte Overflow in GNU libtasn1 (CVE-2025-13151)
-
Redis RCE Exposed: Researchers Detail Exploit for “Simple” Stack Overflow in Official Containers
Tools
-
New ErrTraffic service enables ClickFix attacks via fake browser glitches
-
Kali Linux 2025.4 released with 3 new tools, desktop updates
-
'Matrix Push' C2 Tool Hijacks Browser Notifications
-
Pentesting Next.js Server Actions
https://www.reddit.com/r/netsec/comments/1of84hu/pentesting_nextjs_server_actions/
-
Modding And Distributing Mobile Apps with Frida
https://www.reddit.com/r/netsec/comments/1oe43pb/modding_and_distributing_mobile_apps_with_frida/
Knowledge
-
Threat Intelligence Automation
https://www.recordedfuture.com/blog/threat-intelligence-automation
-
Implementing the Etherhiding technique
https://www.reddit.com/r/netsec/comments/1orqn0f/implementing_the_etherhiding_technique/
-
Privescing a Laptop with BitLocker + PIN
https://www.reddit.com/r/netsec/comments/1oe6hrc/privescing_a_laptop_with_bitlocker_pin/
-
Yet Another Random Story. VBScript's Randomize Internals.
https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/
-
Fine-grained HTTP filtering for Claude Code
https://www.reddit.com/r/netsec/comments/1nff57n/finegrained_http_filtering_for_claude_code/
Cyber Jobs
-
HPC System Administrator - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Information System Security Engineer 2 - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
CyberSecurity Engineer - TS/SCI
Company: CrowdCyber
Location: Annapolis Junction, MD
-
HPC Technical Expert - TS/SCI/FSP
Company: CrowdCyber
Location: Annapolis Junction, MD
-
Windows Cyber Software Engineer - TS
Company: CrowdCyber
Location: Chantilly, VA
Candidates
-
Windows Reverse Engineer - Top Secret - Full Scope
-
Linux Cyber Software Engineer - Top Secret - Full Scope
-
Apple iOS Cyber Software Engineer - Top Secret SCI
-
Mobile Android Cyber Software Engineer - Top Secret - Poly
-
Windows Vulnerability Researcher - Top Secret - Full Scope Poly
Bounties
-
Microsoft bounty program now includes any flaw impacting its services
-
Apple’s Bug Bounty Program
https://www.schneier.com/blog/archives/2025/10/apples-bug-bounty-program.html
-
Zeroday Cloud hacking contest offers $4.5 million in bounties
-
Google now pays $250,000 for KVM zero-day vulnerabilities
-
Bug Bounty: An Economic Disadvantage for Researchers?
https://www.digitaloperatives.com/2023/07/29/bug-bounty-an-economic-disadvantage-for-researchers/
Research
-
Spy vs. Spy: Predator Malware Now Hunts the Researchers
https://securityonline.info/spy-vs-spy-predator-malware-now-hunts-the-researchers/
-
VoidLink cloud malware shows clear signs of being AI-generated
-
PDFSIDER Discovered: New APT Malware Uses DLL Side-Loading to Evade Detection
-
AI Malware: Hype vs. Reality
https://www.recordedfuture.com/blog/ai-malware-hype-vs-reality
-
'VoidLink' Malware Poses Advanced Threat to Linux Systems
https://www.darkreading.com/cloud-security/voidlink-malware-advanced-threat-linux-systems
Videos
-
Operation Triangulation: What You Get When Attack iPhones of Researchers
-
Our Polymorphic Reverse Shell Generator beat EVERY AV!
-
How Hackers Hide From Memory Scanners
-
How Hackers Exploit Vulnerable Drivers
-
DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK
Social
-
FX of Phenoelit - @41414141
-
vx-underground - @vx-underground
-
BTCillustrated - @BTCillustrated
-
Halvar Flake - @halvarflake
-
Dave Aitel - @daveaitel
Artificial Intelligence (AI)
-
Copilot's No-Code AI Agents Liable to Leak Company Data
https://www.darkreading.com/application-security/copilot-no-code-ai-agents-leak-company-data
-
New Startup Mate Launches With AI-Driven Security Operations Platform
-
Malicious LLMs empower inexperienced hackers with advanced tools
-
Prompt Injection in AI Browsers
https://www.schneier.com/blog/archives/2025/11/prompt-injection-in-ai-browsers.html
-
AI App Spending Report: Where Are the Security Tools?
Threat Intelligence
-
Fake extension crashes browsers to trick users into infecting themselves
-
Complex VoidLink Linux Malware Created by AI
https://www.darkreading.com/threat-intelligence/voidlink-linux-malware-ai
-
Smishing Alert: Telegram Bots Power New PNB MetLife Phishing Campaign
https://securityonline.info/smishing-alert-telegram-bots-power-new-pnb-metlife-phishing-campaign/
-
'CrashFix' Scam Crashes Browsers, Delivers Malware
-
PurpleBravo’s Targeting of the IT Software Supply Chain
https://www.recordedfuture.com/research/purplebravos-targeting-it-software-supply-chain
Bitcoin and Alt
-
CoinTelegraph Hacked: Fake CTG Airdrop Scam Steals Crypto Via Malicious Pop-Ups
-
Cencora’s $75 Million Ransom: A New High in Cyber Extortion
https://securityonline.info/cencoras-75-million-ransom-a-new-high-in-cyber-extortion/
-
FBI warns against using unlicensed crypto transfer services
-
iOS v17.4 Beta 2 Nerfs (Some) Progressive Web Apps for EU Users
https://www.nobsbitcoin.com/ios-v17-4-beta2-undermines-progressive-web-apps-pwas-for-eu-users/
-
CoinCenter: Broad, Ambiguous, or Delegated: Constitutional Infirmities of the Bank Secrecy Act
Privacy
-
Urban VPN Proxy Surreptitiously Intercepts AI Chats
-
Browser Extension Harvests 8M Users' AI Chatbot Data
https://www.darkreading.com/endpoint-security/chrome-extension-harvests-ai-chatbot-data
-
Flok License Plate Surveillance
https://www.schneier.com/blog/archives/2025/10/flok-license-plate-surveillance.html
-
Privacy Alert: Meta to Use User-AI Conversations to Target Ads Across Facebook and Instagram
-
TikTok is misusing kids’ data, says privacy watchdog
https://www.malwarebytes.com/blog/news/2025/09/tiktok-is-misusing-kids-data-says-privacy-watchdog
Censorship
-
Details About Chinese Surveillance and Propaganda Companies
-
The Great Firewall Leaks: A 600GB Trove of Secrets Exposed
https://securityonline.info/the-great-firewall-leaks-a-600gb-trove-of-secrets-exposed/
-
Tor needs 200 new WebTunnel bridges to fight censorship
-
Meta plans retention 'hooks' for Threads as more than half of users leave app
-
EFF: The U.K. Government Is Very Close To Eroding Encryption Worldwide
https://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide
Infographics
-
Aircrack Cheat Sheet
https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/aircrack/Aircrack-ng%20%20UHD.png
-
How a Load Balancer Works
https://pbs.twimg.com/media/F5-ByLvXkAASw3j?format=jpg&name=4096x4096
-
Process Injection
-
Argument Map on Restricting Encryption
-
OSCP Enumeration Cheat Sheet
https://pbs.twimg.com/media/F2HWy_LWgAI5hT1?format=jpg&name=4096x4096
Quantum Computing
-
Google Chrome's new post-quantum cryptography may break TLS connections
-
Companies, countries battle to develop quantum computers | 60 Minutes
-
An Efficient Quantum Factoring Algorithm
-
You Can’t Rush Post-Quantum-Computing Cryptography Standards
-
Supercomputer makes calculations in blink of an eye that take rivals 47 years
Paid Gigs
-
The Human Rights Foundation Announces 20 Btc Bounty Challenge For Bitcoin Development
-
Open-Sourcing the Design Guide: 2 BTC to port the Bitcoin UI Kit from Figma to an open-source Penpot project.
-
Serverless Payjoin: 2 BTC to deploy a production-ready version 2 payjoin protocol which may send and receive Payjoin transactions without requiring a sender or recipient to operate a public server.
-
E2EE Group Chats: 2 BTC for the creation of end to end encrypted group chats powered by any popular Nostr client that does not leak metadata
-
Silent payments: 2 BTC for a mobile wallet which can send and receive Silent Payments in a private manner without requiring the user to run a full node
Cryptography
-
Microsoft Is Finally Killing RC4
https://www.schneier.com/blog/archives/2025/12/microsoft-is-finally-killing-rc4.html
-
IACR Nullifies Election Because of Lost Decryption Key
-
Free test for Post-Quantum Cryptography TLS
https://www.reddit.com/r/netsec/comments/1oqsojn/free_test_for_postquantum_cryptography_tls/
-
Signal’s Post-Quantum Cryptographic Implementation
-
Part Four of The Kryptos Sculpture
https://www.schneier.com/blog/archives/2025/10/part-four-of-the-kryptos-sculpture.html
Cloud
-
The Cloudflare Outage May Be a Security Roadmap
https://krebsonsecurity.com/2025/11/the-cloudflare-outage-may-be-a-security-roadmap/
-
Cloudflare Blames Outage on Internal Configuration Error
https://www.darkreading.com/cyber-risk/cloudflare-blames-outage-internal-error
-
The Cloud Edge Is the New Attack Surface
https://www.darkreading.com/cloud-security/cloud-edge-new-attack-surface
-
Hybrid Clouds Provide a Practical Approach to Post-Quantum Migration
-
Cloud Threat Hunting and Defense Landscape
https://www.recordedfuture.com/research/cloud-threat-hunting-defense-landscape
Github Cyber Projects
-
vuls: Vuls is an agent-less vulnerability scanner for various platforms and applications. 6 recent commits. Latest release: v0.35.1.
-
devguard: DevGuard secures software supply chains through attestation-based compliance and vulnerability management. 22 recent commits. Latest release: v0.17.5.
-
BBtool: BBtool is a user-friendly penetration testing tool for security researchers and ethical hackers. 1 recent commits.
-
Mobile-Security-Framework-MobSF: Mobile-Security-Framework-MobSF performs automated mobile app security testing and analysis for Android, iOS, and Windows devices. 1 recent commits. Latest release: v4.4.2.
-
CVE-2016-10708: This project exploits a vulnerability in OpenSSH versions prior to 7.4 through malicious SSH packets. 2 recent commits.
Top Github Devs
-
Joas A Santos (@CyberSecurityUP): Joas A Santos is a cybersecurity expert with experience as a Red Team Lead and Information Security Researcher. 4064 followers. Known for ShadowPhish (209 stars). Expert in Red Team Operations.
-
sonyahack1 (@sonyahack1): SonyaHack1 is a cybersecurity developer specializing in penetration testing and red team operations with notable work on VulnHub and HackTheBox. 42 followers. Known for kids_2.0-Tasks (0 stars). Expert in Penetration Testing, Red Team Operations.
-
Art of Hacking (@The-Art-of-Hacking): Omar Santos is a cybersecurity developer specializing in ethical hacking, penetration testing, and digital forensics with notable tools like h4cker and Weevely. 2983 followers. Known for h4cker (23348 stars). Expert in Exploit Development, Incident Response.
-
sickcodes (@sickcodes): Sickcodes is a cybersecurity developer with expertise in security research and open-source development of notable projects like no-sandbox and Docker-OSX. 2664 followers. Known for no-sandbox (186 stars). Expert in Exploit Development, Security Scanning.
-
kader m (@cyn00b): kader m is a cybersecurity developer specializing in API and framework vulnerability testing with notable open-source contributions. 61 followers. Known for Windows-Exploit-Suggester (1 stars). Expert in Exploit Development.