More Than DoS (Progress Telerik UI for ASP.NET AJAX Unsafe Reflection CVE-2025-3600) - watchTowr Labs

Roku accused of selling children’s data to advertisers and brokers

https://www.malwarebytes.com/blog/news/2025/10/roku-accused-of-selling-childrens-data-to-advertisers-and-brokers

Friday Squid Blogging: Squid Inks Philippines Fisherman

https://www.schneier.com/blog/archives/2025/10/friday-squid-blogging-squid-inks-philippines-fisherman.html

Generation AI: Why Today's Tech Graduates Are At a Disadvantage

https://www.darkreading.com/cybersecurity-operations/ai-tech-graduates-disadvantage

Using Real-Time Intelligence for Brand Protection

https://www.recordedfuture.com/blog/real-time-intelligence-brand-protection

NCSC warns companies to prepare for a day when your screens go dark

https://www.fortra.com/blog/ncsc-warns-companies-prepare-screens-dark

Privilege Escalation Flaw Discovered in MinIO Service Accounts — CVE-2025-62506

https://securityonline.info/privilege-escalation-flaw-discovered-in-minio-service-accounts-cve-2025-62506/

ConnectWise fixes Automate bug allowing AiTM update attacks

https://www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/

More Than DoS (Progress Telerik UI for ASP.NET AJAX Unsafe Reflection CVE-2025-3600) - watchTowr Labs

https://www.reddit.com/r/netsec/comments/1o3256f/more_than_dos_progress_telerik_ui_for_aspnet_ajax/

September 2025 CVE Landscape

https://www.recordedfuture.com/blog/september-2025-cve-landscape

yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242) - watchTowr Labs

https://www.reddit.com/r/netsec/comments/1o826c9/yikes_watchguard_fireware_os_ikev2_outofbounds/

pyLDAPGui - Python based GUI for browsing LDAP

https://www.reddit.com/r/netsec/comments/1nh8qvn/pyldapgui_python_based_gui_for_browsing_ldap/

pyghidra-mcp: Headless Ghidra MCP Server for Project-Wide, Multi-Binary Analysis

https://www.reddit.com/r/netsec/comments/1muobce/pyghidramcp_headless_ghidra_mcp_server_for/

Snoop - OSINT Tool For Research Social Media Accounts By Username

http://www.kitploit.com/2025/04/snoop-osint-tool-for-research-social.html

gitGRAB - This Tool Is Designed To Interact With The GitHub API And Retrieve Specific User Details, Repository Information, And Commit Emails For A Given User

http://www.kitploit.com/2025/04/gitgrab-this-tool-is-designed-to.html

Everyday Ghidra: How Platform Choice Influences Ghidra’s Binary Analysis

https://www.reddit.com/r/netsec/comments/1isfypx/everyday_ghidra_how_platform_choice_influences/

Yet Another Random Story. VBScript's Randomize Internals.

https://www.reddit.com/r/netsec/comments/1nq3i96/yet_another_random_story_vbscripts_randomize/

Fine-grained HTTP filtering for Claude Code

https://www.reddit.com/r/netsec/comments/1nff57n/finegrained_http_filtering_for_claude_code/

Practical guide for hunters: how leaked webhooks are abused and how to defend them

https://www.reddit.com/r/netsec/comments/1njbx3q/practical_guide_for_hunters_how_leaked_webhooks/

Mastering Digital Breadcrumbs to Stay Ahead of Evolving Threats

https://www.darkreading.com/vulnerabilities-threats/mastering-digital-breadcrumbs-stay-ahead-of-evolving-threats

New OpenSecurityTraining2 class: "TPM 2.0 Programming using Python and the tpm2-pytss libraries" (~13 hours)

https://www.reddit.com/r/netsec/comments/1nh6az4/new_opensecuritytraining2_class_tpm_20/

CyberSecurity Engineer - TS/SCI

Company: CrowdCyber

Location: Annapolis Junction, MD

HPC Technical Expert - TS/SCI/FSP

Company: CrowdCyber

Location: Annapolis Junction, MD

Windows Cyber Software Engineer - TS

Company: CrowdCyber

Location: Chantilly, VA

Technical Writer II - Cyber - TS/SCI/FSP

Company: CrowdCyber

Location: Annapolis Junction, MD

Information System Security Engineer 2 - TS/SCI/FSP

Company: CrowdCyber

Location: Annapolis Junction, MD

Windows Reverse Engineer - Top Secret - Full Scope

Email Us to talk about our Candidates!

Linux Cyber Software Engineer - Top Secret - Full Scope

Email Us to talk about our Candidates!

Apple iOS Cyber Software Engineer - Top Secret SCI

Email Us to talk about our Candidates!

Mobile Android Cyber Software Engineer - Top Secret - Poly

Email Us to talk about our Candidates!

Windows Vulnerability Researcher - Top Secret - Full Scope Poly

Email Us to talk about our Candidates!

Apple’s Bug Bounty Program

https://www.schneier.com/blog/archives/2025/10/apples-bug-bounty-program.html

Zeroday Cloud hacking contest offers $4.5 million in bounties

https://www.bleepingcomputer.com/news/security/zeroday-cloud-hacking-contest-offers-45-million-in-bounties/

Google now pays $250,000 for KVM zero-day vulnerabilities

https://www.bleepingcomputer.com/news/security/google-now-pays-250-000-for-kvm-zero-day-vulnerabilities/

Bug Bounty: An Economic Disadvantage for Researchers?

https://www.digitaloperatives.com/2023/07/29/bug-bounty-an-economic-disadvantage-for-researchers/

Google Pixel Titan M with Persistence - Zero click Up to $1,000,000

https://bughunters.google.com/about/rules/6171833274204160/android-and-google-devices-security-reward-program-rules

Singularity: Deep Dive into a Modern Stealth Linux Kernel Rootkit – Kyntra Blog

https://www.reddit.com/r/netsec/comments/1o7bh9p/singularity_deep_dive_into_a_modern_stealth_linux/

Blind Enumeration of gRPC Services

https://www.reddit.com/r/netsec/comments/1o4eyuc/blind_enumeration_of_grpc_services/

A $50 'Battering RAM' Can Bust Confidential Computing

https://www.darkreading.com/cloud-security/50-battering-ram-bust-confidential-computing

Image Forensics: Detecting AI Fakes with Compression Artifacts

https://www.reddit.com/r/netsec/comments/1noml13/image_forensics_detecting_ai_fakes_with/

New EDR-Freeze tool uses Windows WER to suspend security software

https://www.bleepingcomputer.com/news/security/new-edr-freeze-tool-uses-windows-wer-to-suspend-security-software/

Operation Triangulation: What You Get When Attack iPhones of Researchers

https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers

Our Polymorphic Reverse Shell Generator beat EVERY AV!

https://m.youtube.com/watch?v=9kAq-OO72Uk

How Hackers Hide From Memory Scanners

https://youtu.be/WYuhJzngfVc?si=KYvedCuIOsItE7sc

How Hackers Exploit Vulnerable Drivers

https://youtu.be/ELVdDwvELKY?feature=shared

DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK

https://m.youtube.com/watch?v=3T2Al3jdY38&feature=youtu.be

FX of Phenoelit - @41414141

https://twitter.com/41414141

vx-underground - @vx-underground

https://twitter.com/vx-underground

BTCillustrated - @BTCillustrated

https://www.twitter.com/btcillustrated

Halvar Flake - @halvarflake

https://twitter.com/halvarflake

Dave Aitel - @daveaitel

https://twitter.com/daveaitel

The AI Fix #69: How we really use ChatGPT, and will AI agents crash the economy?

https://grahamcluley.com/the-ai-fix-69/

Google Unveils Veo 3.1 AI Video Generator with Enhanced Image-to-Video and Synchronized Audio Generation

https://securityonline.info/google-unveils-veo-3-1-ai-video-generator-with-enhanced-image-to-video-and-synchronized-audio-generation/

AI and the Future of American Politics

https://www.schneier.com/blog/archives/2025/10/ai-and-the-future-of-american-politics.html

Hacking with AI SASTs: An overview of 'AI Security Engineers'

https://www.reddit.com/r/netsec/comments/1o2tait/hacking_with_ai_sasts_an_overview_of_ai_security/

Meet Varonis Interceptor: AI-Native Email Security

https://www.bleepingcomputer.com/news/security/meet-varonis-interceptor-ai-native-email-security/

Video call app Huddle01 exposed 600K+ user logs

https://www.malwarebytes.com/blog/news/2025/10/video-call-app-huddle01-exposed-600k-user-logs

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

https://securityonline.info/north-koreas-famous-chollima-apt-uses-trojanized-node-js-app-to-deploy-ottercookie-rat-for-crypto-theft/

Fake LastPass, Bitwarden breach alerts lead to PC hijacks

https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/

Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks

https://www.darkreading.com/cybersecurity-operations/chinese-hackers-velociraptor-ir-tool-ransomware-attacks

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

https://www.bleepingcomputer.com/news/security/malicious-crypto-stealing-vscode-extensions-resurface-on-openvsx/

CoinTelegraph Hacked: Fake CTG Airdrop Scam Steals Crypto Via Malicious Pop-Ups

https://securityonline.info/cointelegraph-hacked-fake-ctg-airdrop-scam-steals-crypto-via-malicious-pop-ups/

Cencora’s $75 Million Ransom: A New High in Cyber Extortion

https://securityonline.info/cencoras-75-million-ransom-a-new-high-in-cyber-extortion/

FBI warns against using unlicensed crypto transfer services

https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-unlicensed-crypto-transfer-services/

iOS v17.4 Beta 2 Nerfs (Some) Progressive Web Apps for EU Users

https://www.nobsbitcoin.com/ios-v17-4-beta2-undermines-progressive-web-apps-pwas-for-eu-users/

CoinCenter: Broad, Ambiguous, or Delegated: Constitutional Infirmities of the Bank Secrecy Act

https://www.coincenter.org/broad-ambiguous-or-delegated-constitutional-infirmities-of-the-bank-secrecy-act/

Flok License Plate Surveillance

https://www.schneier.com/blog/archives/2025/10/flok-license-plate-surveillance.html

Privacy Alert: Meta to Use User-AI Conversations to Target Ads Across Facebook and Instagram

https://securityonline.info/privacy-alert-meta-to-use-user-ai-conversations-to-target-ads-across-facebook-and-instagram/

LinkedIn will use your data to train its AI unless you opt out now

https://www.malwarebytes.com/blog/news/2025/09/linkedin-will-use-your-data-to-train-its-ai-unless-you-opt-out-now

TikTok is misusing kids’ data, says privacy watchdog

https://www.malwarebytes.com/blog/news/2025/09/tiktok-is-misusing-kids-data-says-privacy-watchdog

Police using drones to read your license plates, warns EFF

https://www.malwarebytes.com/blog/news/2025/09/police-using-drones-to-read-your-license-plates-warns-eff

Details About Chinese Surveillance and Propaganda Companies

https://www.schneier.com/blog/archives/2025/09/details-about-chinese-surveillance-and-propaganda-companies.html

The Great Firewall Leaks: A 600GB Trove of Secrets Exposed

https://securityonline.info/the-great-firewall-leaks-a-600gb-trove-of-secrets-exposed/

Tor needs 200 new WebTunnel bridges to fight censorship

https://www.bleepingcomputer.com/news/security/tor-needs-200-new-webtunnel-bridges-to-fight-censorship/

Meta plans retention 'hooks' for Threads as more than half of users leave app

https://www.reuters.com/business/media-telecom/meta-plans-retention-hooks-threads-more-than-half-users-leave-app-2023-07-28/?taid=64c3b01ee6cfe30001c4540f&utm_campaign=trueAnthem:+Trending+Content&utm

EFF: The U.K. Government Is Very Close To Eroding Encryption Worldwide

https://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide

Aircrack Cheat Sheet

https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/aircrack/Aircrack-ng%20%20UHD.png

How a Load Balancer Works

https://pbs.twimg.com/media/F5-ByLvXkAASw3j?format=jpg&name=4096x4096

Process Injection

https://4.bp.blogspot.com/-ixv5E0LMZCw/WWi5yRjL-_I/AAAAAAAAAnk/WO99S4Yrd8w6lfg6tITwUV02CGDFYAORACLcBGAs/s1600/Process%2BInjection%25281%2529.png

Argument Map on Restricting Encryption

https://www.argumentenfabriek.nl/wp-content/uploads/2021/11/EN-Argumentenkaart-inperking-encryptie.pdf

OSCP Enumeration Cheat Sheet

https://pbs.twimg.com/media/F2HWy_LWgAI5hT1?format=jpg&name=4096x4096

Google Chrome's new post-quantum cryptography may break TLS connections

https://www.bleepingcomputer.com/news/security/google-chromes-new-post-quantum-cryptography-may-break-tls-connections/

Companies, countries battle to develop quantum computers | 60 Minutes

https://youtu.be/K4ssT6Dzmnw

An Efficient Quantum Factoring Algorithm

https://arxiv.org/abs/2308.06572

You Can’t Rush Post-Quantum-Computing Cryptography Standards

https://www.schneier.com/blog/archives/2023/08/you-cant-rush-post-quantum-computing-standards.html?utm_source=dlvr.it&utm_medium=twitter

Supercomputer makes calculations in blink of an eye that take rivals 47 years

https://www.telegraph.co.uk/business/2023/07/02/google-quantum-computer-breakthrough-instant-calculations/

The Human Rights Foundation Announces 20 Btc Bounty Challenge For Bitcoin Development

https://bitcoinmagazine.com/business/human-rights-foundation-announces-20-btc-bounty-challenge-for-bitcoin-development

Open-Sourcing the Design Guide: 2 BTC to port the Bitcoin UI Kit from Figma to an open-source Penpot project.

https://hrfbounties.org/

Serverless Payjoin: 2 BTC to deploy a production-ready version 2 payjoin protocol which may send and receive Payjoin transactions without requiring a sender or recipient to operate a public server.

https://hrfbounties.org/

E2EE Group Chats: 2 BTC for the creation of end to end encrypted group chats powered by any popular Nostr client that does not leak metadata

https://hrfbounties.org/

Silent payments: 2 BTC for a mobile wallet which can send and receive Silent Payments in a private manner without requiring the user to run a full node

https://hrfbounties.org/

Signal adds new cryptographic defense against quantum attacks

https://www.bleepingcomputer.com/news/security/signal-adds-new-cryptographic-defense-against-quantum-attacks/

Journeys in Hosting 1/x - Precomputed SSH Host Keys

https://www.reddit.com/r/netsec/comments/1no01xq/journeys_in_hosting_1x_precomputed_ssh_host_keys/

1965 Cryptanalysis Training Workbook Released by the NSA

https://www.schneier.com/blog/archives/2025/09/1965-cryptanalysis-training-workbook-released-by-the-nsa.html

Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture

https://www.schneier.com/blog/archives/2025/08/jim-sanborn-is-auctioning-off-the-solution-to-part-four-of-the-kryptos-sculpture.html

SHA-1 gets SHAttered

https://evervault.com/blog/sha-1-gets-shattered

The Cloud Edge Is the New Attack Surface

https://www.darkreading.com/cloud-security/cloud-edge-new-attack-surface

Hybrid Clouds Provide a Practical Approach to Post-Quantum Migration

https://www.darkreading.com/cybersecurity-operations/a-practical-approach-for-post-quantum-migration-with-hybrid-clouds

Cloud Threat Hunting and Defense Landscape

https://www.recordedfuture.com/research/cloud-threat-hunting-defense-landscape

US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’

https://www.securityweek.com/us-senator-wyden-accuses-microsoft-of-cybersecurity-negligence/

The 10 Humorous But Immutable Laws of Cloud Security

https://www.digitaloperatives.com/2023/07/18/the-10-humorous-but-immutable-laws-of-cloud-security/

vuls: Vuls is an agent-less vulnerability scanner for various platforms and applications. 6 recent commits. Latest release: v0.35.1.

https://github.com/future-architect/vuls

devguard: DevGuard secures software supply chains through attestation-based compliance and vulnerability management. 22 recent commits. Latest release: v0.17.5.

https://github.com/l3montree-dev/devguard

BBtool: BBtool is a user-friendly penetration testing tool for security researchers and ethical hackers. 1 recent commits.

https://github.com/Physiotherapist16/BBtool

Mobile-Security-Framework-MobSF: Mobile-Security-Framework-MobSF performs automated mobile app security testing and analysis for Android, iOS, and Windows devices. 1 recent commits. Latest release: v4.4.2.

https://github.com/MobSF/Mobile-Security-Framework-MobSF

CVE-2016-10708: This project exploits a vulnerability in OpenSSH versions prior to 7.4 through malicious SSH packets. 2 recent commits.

https://github.com/lggcs/CVE-2016-10708

Joas A Santos (@CyberSecurityUP): Joas A Santos is a cybersecurity expert with experience as a Red Team Lead and Information Security Researcher. 4064 followers. Known for ShadowPhish (209 stars). Expert in Red Team Operations.

https://github.com/CyberSecurityUP

sonyahack1 (@sonyahack1): SonyaHack1 is a cybersecurity developer specializing in penetration testing and red team operations with notable work on VulnHub and HackTheBox. 42 followers. Known for kids_2.0-Tasks (0 stars). Expert in Penetration Testing, Red Team Operations.

https://github.com/sonyahack1

Art of Hacking (@The-Art-of-Hacking): Omar Santos is a cybersecurity developer specializing in ethical hacking, penetration testing, and digital forensics with notable tools like h4cker and Weevely. 2983 followers. Known for h4cker (23348 stars). Expert in Exploit Development, Incident Response.

https://github.com/The-Art-of-Hacking

sickcodes (@sickcodes): Sickcodes is a cybersecurity developer with expertise in security research and open-source development of notable projects like no-sandbox and Docker-OSX. 2664 followers. Known for no-sandbox (186 stars). Expert in Exploit Development, Security Scanning.

https://github.com/sickcodes

kader m (@cyn00b): kader m is a cybersecurity developer specializing in API and framework vulnerability testing with notable open-source contributions. 61 followers. Known for Windows-Exploit-Suggester (1 stars). Expert in Exploit Development.

https://github.com/cyn00b