Security News

Morningstar Security News gathers all the most popular infosec and cyber security news headlines into a single page that auto-updates 24/7.

Vulnerabilities

Reversing/I like ASM

Locks/Social Engineering

Mainstream Media

Thirsty for more

Security Twitterverse

Most Popular Security News

PacketStorm

The Register

Infosec experts divided on AI's potential to assist red teams

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish

US reportedly mulls TP-Link router ban over national security risk

Microsoft won't let customers opt out of passkey push

Boffins trick AI model into giving up its secrets

Phishers cast wide net with spoofed Google Calendar invites

Interpol wants everyone to stop saying 'pig butchering'

Critical security hole in Apache Struts under exploit

Ireland fines Meta for 2018 'View As' breach that exposed 30M accounts

BlackBerry offloads Cylance's endpoint security products to Arctic Wolf

Australia moves to drop some cryptography by 2030 – before quantum carves it up

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

Reddit - NetSec

Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150 new

How an obscure PHP footgun led to RCE in Craft CMS

Understanding Logits And Their Possible Impacts On Large Language Model Output Safety

LLM for ABAP Code Scanner

Unsafe Archive Unpacking: Labs and Semgrep Rules

“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

Finding Bugs in Chrome with CodeQL

[Network tarpit] Scanners Beware: Welcome to the Network from Hell

Post: Mutation XSS: Explained, CVE and Challenge | Jorian Woltjer

Bleeping Computer

The Hacker News

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages new

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency

UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

Threat Wire

Exploits

Packet Storm Exploits

Acronis Cyber Protect/Backup Remote Code Execution

Fortinet FortiManager Unauthenticated Remote Code Execution

Asterisk AMI Originate Authenticated Remote Code Execution

Omada Identity Cross Site Scripting

Siemens Unlocked JTAG Interface / Buffer Overflow

ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service

ABB Cylon Aspect 3.08.01 mstpstatus.php Information Disclosure

ABB Cylon Aspect 3.08.01 diagLateThread.php Information Disclosure

AppleAVD AV1_Syntax::Parse_Header Out-Of-Bounds Reads

AppleAVD AV1_Syntax::f Out-Of-Bounds Reads

AppleAVD AV1_Syntax::Parse_Header Integer Underflow / Out-Of-Bounds Reads

Simple Chat System 1.0 Cross Site Scripting

Exploit-DB Webapps

Exploit-DB Local and Privilege Escalation

Exploit-DB DoS

Exploit-DB Shellcode

Exploit-DB Papers

Exploit-DB Remote

LiveOverflow

Bug Bounties

HackerOne Blog

Breaking Down the OWASP Top 10: Insecure Design

New York Releases AI Cybersecurity Guidance: What You Need to Know

Azure Cloud Configuration Review

How a Privilege Escalation Led to Unrestricted Admin Account Creation in Shopify

How Crypto and Blockchain Organizations Manage Complex Attack Surfaces With Competitive Security Testing Programs

Introducing the Wells Fargo Public Bug Bounty Program

Six Years of Proactive Defense: Deribit’s Journey with HackerOne

New Guidance for Federal AI Procurement Embraces Red Teaming and Other HackerOne Suggestions

Hack My Career: Saskia Braucher

Harnessing the Working Genius for Team Success

Hai’s Latest Evolution: Intelligence, Context, and More Intuitive UX

5 Questions to Assess Your Organization’s Bug Bounty Readiness

Reddit - BugBounty

So I found my first bug new

Is this a CORS exploit? new

Not able to find workaround input sanitation

Frida ssl pinning bypass script's issue with some android apps

is finding salesforce config access token in /strings.xml considered as bug?

CORS misconfiguration

Is this a valid bug?

I submitted my first report and something weird happened

This vulnerability in Safari is tricky! Anyone could help with root cause?

HTTP Request Smuggling Explained: A Beginner’s Guide on identification and mitigation. - Laburity

Open port 49443 open with ssl/ldap service running

Is xxs possible on img alt attribute?

Pentester Land

Portswigger

Take control of your security posture: The Burp Suite Enterprise Edition winter update

API Security: The 6 biggest challenges AppSec teams face, and how to solve them.

HackerOne Hacktivity

Vulnerabilities

Full Disclosure

Stored XSS with Filter Bypass - blogenginev3.3.8

[SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269)

[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities

RansomLordNG - anti-ransomware exploit tool

APPLE-SA-12-11-2024-9 Safari 18.2

APPLE-SA-12-11-2024-8 visionOS 2.2

APPLE-SA-12-11-2024-7 tvOS 18.2

APPLE-SA-12-11-2024-6 watchOS 11.2

APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2

APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2

APPLE-SA-12-11-2024-3 macOS Sequoia 15.2

APPLE-SA-12-11-2024-2 iPadOS 17.7.3

NIST National Vulnerability Database

Tools

Packet Storm Tools

Mandos Encrypted File System Unattended Reboot Utility 1.8.18

GNU Privacy Guard 2.4.7

Proxmark3 4.19552 Custom Firmware

Wireshark Analyzer 4.4.2

Cable .NET Post Exploitation Tool

PHP-CGI Argument Injection Susceptibility Scanner

Scapy Packet Manipulation Tool 2.6.1

TOR Virtual Network Tunneling Tool 0.4.8.13

GNUnet P2P Framework 0.22.2

Darknet

Exploit Dev

Reddit - Exploit Dev

Secure context from http page

Profit as exploit developer

Android security career questions

Remote Code Execution via Man-in-the-Middle (and more) in NASA's AIT-Core v2.5.2

Part 3: Exploiting a Squirrel Engine SBX 1day

Stuck in Pwn College - Program Interaction, help me to understand what's going on

Looking for ressources for IOS exploit development

Source Incite

Remote Code Execution with Spring Properties

Google Project Zero

The Windows Registry Adventure #5: The regf file format

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit

Windows Tooling Updates: OleView.NET

Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

The Windows Registry Adventure #4: Hives and the registry layout

Effective Fuzzing: A Dav1d Case Study

Security Researchers

Detectify year in review 2024

2024 Wrapped: Outflank’s Top Tracks

When should we require that firmware be free?

Android privacy improvements break key attestation

Senior fellow Lex Gill delivers testimony to the Foreign Interference Commission

Something to Remember Us By: Device Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed

無處可逃：以數碼跨境鎮壓為目的的性別問題武器化

无处可逃：以数码跨国镇压为目的的性别问题武器化

Pas d’échappatoire : La militarisation du genre à des fins de répression numérique transnationale

Не убежать: Использование гендера в качестве орудия цифровых транснациональных репрессий

گریزناپذیر: استفاده از جنسیت به‌عنوان سلاح برای سرکوب فراملی دیجیتال

لا مفرّ: استغلال النّوع الاجتماعيّ لأغراض القمع الرقميّ العابر للحدود

Reversing/I like ASM

Reddit - Reverse Engineering

Deobfuscation of Lumma Stealer

Building a model extractor for Pool of Radiance: Ruins of Myth Drannor.

EMBA firmware security analyzer v1.5.1 is available - "Rise from the dead" or "Binwalk is back in town" with improved SBOM generation, speed improvements and…

Lunar Journal: A Tiny C (x86_64) Function Hooking Library

Reverse Engineering Gootkit with Ghidra

Do learning reverse engineering helps with creating mods in a video games ?

Lunar Journal: Mono/.NET Injection Under Linux

Lunar Journal: A simple GSC loader for CoD Black Ops 1

/r/ReverseEngineering's Weekly Questions Thread

I made a Wireshark dissector for the Suitelink protocol used in industrial automation

Free Call of duty cheats (actuall cheats not one of them malware ahhhh videos)

Hacking Car Cameras Through The Cloud

Reddit - Game Hacks

BO6 UNDETECTED UNLOCK ALL TOOL | PERMA UAV TOOL | AIMBOT,WALLS CHEATS | EXTERNAL | BOT LOBBIES new

AIMEX CHEATS SECURE COD BLACK OPS 6 / WARZONE CHEAT | Aimbot | ESP | Radar | Undetected + Streamproof | 247 Support new

BO6 UNDETECTED UNLOCK ALL TOOL | PERMA UAV TOOL | AIMBOT,WALLS CHEATS | EXTERNAL | BOT LOBBIES

Looking for a dev who may be possible to make a sorta unlock all on a game that has EAC

New esp tool bo6

Where is buy league of legends helper

OFFERING BLACK OPS 6 BOT LOBBIES - 3USD PER GAME

Xenox Injector CS2 Cheats

What's the name of the hack that automatically registers your shots as hits?

Looking for a developer

Reddit - REGames

StackExchange - ReverseEngineering

What does this function do? Why is one of the variables unresolved? new

Extracting NES roms from a modern Famiclone

Cuckoo instalation with windows10

How do I find the decryption key of an android app using Frida?

How to decrypt ZTE F670 router's encrypted config.bin with payload type 5 with telnet access?

Attach with X32Dbg behaves strange

How can I compare different execution traces of the same exe, but ran with different parameters?

How can I reverse engeneer a communication that looks to be always random?

Reverse Engineering S/EX RE-MAN BOARD INTERFACE SR2 SL (MRD-45-2276)

Find all calls of a given function with Ghidra

Analysing an executable with a 24bit segmented address space

can we decrypt a hash function of SHA256

Guided Hacking

Malware/APT

Reddit - Malware

What books or resources to get started on malware analysis.

OneDrive abused by phishers in a new HTML Blob Smuggling Campaign

Malware development courses

FilePup from VPN Proxy Master.

Looking for some malware samples to learn from....

[INFO] How Salt Typhoon Exploits Vulnerabilities to Stay Ahead

Microsoft’s Azure Blob Storage Abused in Phishing Campaigns

Malicious chrome extension

Some questions about EternalBlue/DoublePulsar for CS class report.

Desktop Machine Started daily port scans recently.

Linux devices hit with even more new malware, this time from Chinese hackers

RomCom exploits Firefox and Windows zero days in the wild.

Unit42

Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript

Effective Phishing Campaign Targeting European Companies and Organizations

LDAP Enumeration: Unveiling the Double-Edged Sword of Active Directory

Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration

Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation

Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams

Threat Assessment: Howling Scorpius (Akira Ransomware)

Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)

Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples

Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications

Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack

Crypto

Reddit - Crypto

modular sqrt(Q) in elliptic curves over F, where Q is a point and not an integer? new

Hashing conundrums new

Monthly cryptography wishlist thread

Why are Montgomery and twisted Edwards curve said to be all quadratic twist secure ?

Anyone from Australia care to explain themselves?

Weekly cryptography community and meta thread

What’s the name of this Diffie‑Hellman problem variant ?

StackExchange - Crypto

Why is there no AES-512 for CTR&variants to have good large nonces? new

Simulation Based Proof: Encryption scheme example new

Where to Study about Blind Signatures new

size of pedersen commitment new

How to proof Elgamal use simulator based on DDH and CDH problem？

SHA3 Openssl Assembly failure [closed]

Padding Oracle - DEcrypted Text decreasing

Yubikey/GPG Ed25519 signing without knowledge of the public key

Tornado cash hash verification

ZK-STARK's/FRI provable security reduction?

Post-quantum security of arithmetization-oriented hash functions

Using two different salts for one password ?(PBKDF2)

Seytonic

Podcasts

Security Weekly

When Public Payphones Become Smart Phones - Inbar Raz - PSW #855

Navigating Regulations in Supply Chain Security - Eric Greenwald - PSW #854

Hacker Gadgets - PSW #853

Hacker Heroes - Aaron Turner - PSW Vault

Confessions of a Cyber Criminal Stalker - Ken Westin - PSW #852

No CVE and No Accountability - Ed Skoudis - PSW #851

Cybersecurity For Schools - Kayne McGladrey - PSW #850

Shadow IT and Security Debt - Dave Lewis - PSW #849

Secure By Default - How do we get there? - Andy Syrewicze - PSW #848

Effective Operational Outcomes - Ken Dunham - PSW #847

The Code of Honor: Embracing Ethics in Cybersecurity - Ed Skoudis - PSW #846

Analyzing Malware at Scale - John Hammond - PSW #845

Risky.Biz

Risky Biz Soap Box: Cool compliance tricks with the Island enterprise browser

Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint

Wide World of Cyber: SentinelOne's Chris Krebs on Chinese cyber operations

Risky Business #774 -- Cleo file transfer appliances under widespread attack

Risky Biz Soapbox: Enterprise Yubikeys can now be pre-registered

Risky Business #773 -- Cybercriminals are dropping like flies in Russia

Risky Business #772 -- Salt Typhoon is truly a national security disaster

Risky Business #771 -- Palo Alto's firewall 0days are very, very stupid

Risky Business #770 -- A Russian IR guy discovers extremely cool spookware

Risky Biz Soap Box: Why black box email security is dead

Risky Business #769 -- Sophos drops implants on Chinese exploit devs

Risky Business #768 -- CSRB will investigate China's Wiretap Hacks

The CyberWire

Quishing for trouble. [Research Saturday] new

Ukraine’s fight to restore critical data. new

Breached but not broken.

Hacking allegations and antitrust heat.

The cost of peeking at U.S. traffic.

Rhode Island cyberattack exposes sensitive data.

Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]

Hackers in handcuffs.

When AI goes offline.

When exploits go wild and patches race the clock.

Buckets of trouble.

Cyber Security Interviews

ISC Daily Stormcast

ISC StormCast for Friday, December 20th, 2024

ISC StormCast for Thursday, December 19th, 2024

ISC StormCast for Wednesday, December 18th, 2024

ISC StormCast for Tuesday, December 17th, 2024

ISC StormCast for Monday, December 16th, 2024

ISC StormCast for Friday, December 13th, 2024

ISC StormCast for Thursday, December 12th, 2024

ISC StormCast for Wednesday, December 11th, 2024

ISC StormCast for Tuesday, December 10th, 2024

ISC StormCast for Monday, December 9th, 2024

Darknet Diaries

152: Stacc Attack

151: Chris Rock

Threat Intel

Reddit - Onions

From 0 to 10, how much do you trust the links listed on Daunt?

Can someone who's expert in PGP help me out?

Darknet Diaries

Looking for help collecting history of the biggest forums/markets.

How to use PGP on phone?

Why was just another library removed from Tor.taxi?

Reddit - Pwned

HaveIBeenPwned

French Citizens - 28,445,106 breached accounts

Young Living Essential Oils - 1,128,951 breached accounts

schenkYOU - 237,349 breached accounts

BitView - 63,127 breached accounts

Hopamedia - 23,835,870 breached accounts

MC2 Data - 2,122,280 breached accounts

Yonéma - 35,962 breached accounts

Tibber - 50,002 breached accounts

Senior Dating - 765,517 breached accounts

Ladies.com - 118,809 breached accounts

The Real World - 324,382 breached accounts

FlipaClip - 892,854 breached accounts

Privacy/VPNs

Slashdot - Rights

Justice Department Unveils Charges Against Alleged LockBit Developer new

Qualcomm Processors Properly Licensed From Arm, US Jury Finds new

Senators Rip Into Automakers For Selling Customer Data and Blocking Right To Repair new

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

Home Assistant's New Voice Assistant Answers To 'Hey Jarvis'

Craig Wright Convicted For Repeatedly Lying About Inventing Bitcoin

Montana Supreme Court Upholds Right To 'Stable Climate System' For Youngsters

Murder Mystery Solved By Google Street View

Hackers Can Jailbreak Digital License Plates To Make Others Pay Their Tolls, Tickets

Tracker Firm Hapn Spilling Names of Thousands of GPS Tracking Customers

Nebraska Sues UnitedHealth Unit Over 100 Million Patient Data Breach

Spain Introduces Bill To Combat Online Fake News

Reddit - Privacy

Meta settles [A$50 million] with Australia's privacy watchdog over Cambridge Analytica new

Say you wanted to remove your digital footprint on iphone how would you go about it? new

Proposed changes to Alberta’s Freedom of Information and Protection of Privacy Act: A new era for public-sector privacy legislation in Alberta new

Illinois Department of Human Services privacy breach exposes more than 4,500 Social Security numbers new

Is it possible that social media apps are actually listening to us? I tried to research it and I saw a lot of arguments for… new

Apple complains Meta requests risk privacy amid EU effort to widen iPhone tech access new

Online privacy and data integrity — a crisis of trust new

Massive data breach at federal credit union exposes 240,000 members

Forget Chrome—Google Starts Tracking All Your Devices In 8 Weeks

Florida residents to lose access to PornHub amid new ID verification law for adult sites

Cashless society is an alarming trend: the case of Sweden

Reddit - VPN

Do I need to keep the VPN on for the whole duration of torrent download? new

VPN causes Internet connection to drop repeatedly? new

Embed VPN in a router. new

Youtube blocks embeded videos

Tablets with no GPS

How to get YouTube premium using a VPN?

How to have a specific IP Address every time I use VPN

Android Won't Auto-Connect On VPN Enabled Router

Http injector experts?

Can my parents see my search history if I have a vpn

PrivacyTools.io

EFF

Ninth Circuit Gets It: Interoperability Isn’t an Automatic First Step to Liability new

Customs & Border Protection Fails Baseline Privacy Requirements for Surveillance Technology new

The Breachies 2024: The Worst, Weirdest, Most Impactful Data Breaches of the Year

Saving the Internet in Europe: Defending Free Expression

We're Creating a Better Future for the Internet 🧑‍🏭

There’s No Copyright Exception to First Amendment Protections for Anonymous Speech

UK Politicians Join Organizations in Calling for Immediate Release of Alaa Abd El-Fattah

What You Should Know When Joining Bluesky

Australia Banning Kids from Social Media Does More Harm Than Good

EFF Statement on U.S. Supreme Court's Decision to Consider TikTok Ban

Speaking Freely: Winnie Kabintie

“Can the Government Read My Text Messages?”

Help Wanted

Reddit - AskNetSec

Nmap Scan on my home network's public IP returned an open 2034 port with `tcpwrapped`. Should I be concerned? new

Firewall activity log issue

OpenVas scan not working

How can I setup vulnerability management (not one time assessment) in my cybersecurity practice?

Google drive is somehow blocked even though I have open port for 443 traffic in firewall (Zyxell)

I want to give my grandparent an amazon echo. How should I protect it?

Authentication solutions

Network homeland help

Struggling to decrypt iOS TLS traffic. Is Snapchat using TLS pinning now?

Fake It Until You Make It: Now I Panic.

Can my school see what I do on my personal computer?

Autonomous SOC vs SOAR vs XDR

Reddit - Netsec Students

Should i go for a cybersecurity masters in Germany? new

trying to get into the field | need advice

Advice Needed: Starting a Cybersecurity Career in GRC Without Security+

Stackoverflow - Security

Copilot permissions on GitHub account [closed] new

I have a main binary file that I want to capture the flag in it using reversed engineering [closed] new

How can I make a React and Firebase web app more secure? new

OPC-UA Python asyncua, Authentification using certificats

Upgrading Java 11 to 17 [closed]

How to protect CSRF Token API endpoint

Snyk delta throw Snyk CLI, behavior, report to platform azure DevOps, how can I break the pipeline?

eToken Challenge/Response, How to process the challenge [closed]

Generate SBOM using CycloneDX for repository containing multiple languages

System.ArgumentNullException on new MutexAccessRule

How can I implement user authentication and authorization in a GridDB application? [closed]

How to add SMS OTP validation after username and password authentication in Keycloak with a custom Angular UI?

Stack Exchange

Receiving verification emails for sites I did not sign up to [duplicate] new

Are there any true TLS-based VPNs? [closed] new

Is RTSP sniffable in the sense of confidentiality?

Best Practices for Managing Open-Source Vulnerabilities in Enterprise Deployments

How can I learn cyber security engineering without knowledgeable background [closed]

implement csrf protection middleware in express framework node js [closed]

Why is using a password manager considered a good practice? [duplicate]

Does a HTTP proxy assign a fixed egress port to a client, and if so, for how long? [closed]

How can I know whether a Window Security pop-up asking me for my Windows PIN is legit?

data recovery after wiping encrypted ssd

Website shows unexpected message instead of localised text [closed]

How to generate a p12 with javascript generated key pair and server side internal CA

Locks/Social Engineering

Reddit - Lockpicking

Getting a beginners set for my dad new

Brinks 164 Picked with Nothing but a Tensioner new

44 Delta 40/50 cracked at work 💪 new

Excellent Mail Call new

Brinks 164, only have to pick 2 pins? new

Made this for a $5 thrift store deadbolt today new

What are the chances? new

Swick worth double the price of other jackknife brands? new

M & C Condor picked new

More more more new

Purple belts.... new

Still rusty but im slowly getting back where i was new

Reddit - Social Engineering

How do i get information out of someone new

How American Media Lies For The CIA new

When someone tells a story, what kind of questions can you ask which shows your engaged?

How to phrase question without coming across as interrogative?

Is it ok to manipulate people to get out of trouble if it’s not hurting anyone in the process?

My Gf (36F) is hard flirting with a co worker. How do I (29M) call her out?

How to have charisma?

What do you do when your friends you don't even know anymore?

Need help in finding a book 🙂

what small gifts are good to make strangers like you more?

'Social Engineering' Is Done Through The Unregulated Influence Industry Known As 'Strategic Communications' - Working In All Sectors From Politics & Advertising To Military &…

Hak5

Security Blogs

Kaspersky Blog

Tor Browser and anonymity: what you need to know | Kaspersky official blog

New 2024 NIST requirements for password strength and storage

Security and privacy settings in adidas Running | Kaspersky official blog

ID card selfie: pros and cons | Kaspersky official blog

Security and privacy settings in MapMyRun | Kaspersky official blog

Which cybersecurity processes can be automated with AI? | Kaspersky official blog

Security and privacy settings in Nike Run Club | Kaspersky official blog

What to do if you receive a sextortion email | Kaspersky official blog

Kaspersky apps are no longer available on Google Play: what to do? | Kaspersky official blog

Transatlantic Cable podcast episode 365 | Kaspersky official blog

How to snoop on what an Apple Vision Pro user is typing | Kaspersky official blog

Is technology increasing potential threats in relationships? | Kaspersky official blog

Adam Shostack & friends

Graham Cluley

Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme

It’s time to stop calling it “pig butchering”

The AI Fix #29: AI on OnlyFans, and the bot that wants to be a billionaire

Rydox cybercrime marketplace seized by law enforcement, suspected admins arrested

Doughnut orders disrupted! Krispy Kreme suffers hack attack

27 DDoS-for-hire services disrupted in run-up to holiday season

Smashing Security podcast #397: Snowflake hackers, and under the influence

“CP3O” pleads guilty to multi-million dollar cryptomining scheme

3AM ransomware: what you need to know

The AI Fix #28: Robot dogs with bombs, and who is David Mayer?

Russian money-laundering network linked to drugs and ransomware disrupted, 84 arrests

Smashing Security podcast #396: Dishy DDoS dramas, and mining our minds for data

Security Bloggers Network

Navigating the Future of Secure Code Signing and Cryptography new

The Rise of Agentic AI: How Hyper-Automation is Reshaping Cybersecurity and the Workforce new

DEF CON 32 – Laundering Money new

Top cyber attacks of 2024: Lessons from the year’s biggest breaches new

Will AI Drive Efficiency and Budget Growth? Risks, Rewards & Reality new

Best of 2023: Best online .apk virus scanners – Hackernet new

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #317 – Paywall new

Log4Shell Vulnerability | Why it Still Exists and How to Protect Yourself | Contrast Security new

AI-Powered Actions Cybersecurity Leaders Are Taking to Outwit Bad Actors new

Diamond Bank Addresses Spoof Websites new

Impart is now available in the AWS Marketplace | Impart Security new

DEF CON 32 – Measuring the Tor Network new

Rapid7

Metasploit Weekly Wrap-Up 12/20/2024 new

What’s New in Rapid7 Products & Services: Q4 2024 in Review

Take Command of Your Career: Practicing Self-Advocacy as a Woman in Tech

2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends

Metasploit Weekly Wrap-Up 12/13/2024

Navigating Choppy Waters: Top Security Predictions from Rapid7's 2025 Webinar

Modular Java Backdoor Dropped in Cleo Exploitation Campaign

Patch Tuesday - December 2024

Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)

Metasploit Weekly Wrap-Up 12/06/2024

Rapid7 Extends Cloud Security Capabilities with Updates to Exposure Command

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

ThreatPost

Hacker News (YCombinator) - Security

US judge finds Israel's NSO Group liable for hacking journalists via WhatsApp new

Hardware Security Exploit Research – Xbox 360

Revisiting Stereotype Threat

Mozilla: Proposals in US vs. Google threaten vital role of independent browsers

Show HN: TideCloak – Decentralized IAM for security and user sovereignty

What is metformin's secret sauce?

How an Indian startup hacked the world (2023)

Intel Inside, Gelsinger Outside

New H1-B Rule by Homeland Security

US Weighs Banning TP-Link Routers

US could ban TP-Link routers over hacking fears: report

Show HN: Brisk – Cross-Platform C++ GUI Framework: Declarative, Reactive, Fast

digitalmunition

Hacker Noon #Security

The HackerNoon Newsletter: EIP-1559: Separating Mechanisms From Memes (12/20/2024) new

Metaverse Growth Brings New Data Protection Headaches

Deus Wallet Introduces Duress Mode: The Revolutionary Solution For Cryptocurrency Security

The HackerNoon Newsletter: Heres Why High Achievers Feel Like Failures (12/19/2024)

The Sneaky Way Web Browsers Are Identifying You (Even When You Turn Off Cookies)

The TechBeat: Lumoz Protocol Mainnet Launch: MOZ Tokens and Node Claims Now Open! (12/19/2024)

What to Expect From Telehealth in 2025

Blockchain Security Meets AI: OpenLedger Secures $6B Infrastructure Deal for AI Development

Harnessing Shared Security For Secure Cross-Chain Interoperability

Goodbye Passwords, Hello Passkeys: The Future of Authentication

Installing Open-source Software on Your MacOS May Be Coming to an End

The TechBeat: Lumoz Protocol Mainnet Launch: MOZ Tokens and Node Claims Now Open! (12/17/2024)

Wired - Security

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

Congress Again Fails to Limit Scope of Spy Powers in New Defense Bill

Intel Officials Warned Police That US Cities Aren’t Ready for Hostile Drones

Drug Dealers Have Moved on to Social Media

Stop Calling Online Scams ‘Pig Butchering,’ Interpol Warns

The Top Cybersecurity Agency in the US Is Bracing for Donald Trump

Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets

The Simple Math Behind Public Key Cryptography

Microsoft’s AI Recall Tool Is Still Sucking Up Credit Card and Social Security Numbers

The New Jersey Drone Mystery May Not Actually Be That Mysterious

Why the US Military Can't Just Shoot Down the Mystery Drones

Worry About Misuse of AI, Not Superintelligence

Control C

Krebs on Security

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

How to Lose a Fortune with Just One Bad Click

How Cryptocurrency Turns to Cash in Russian Banks

Patch Tuesday, December 2024 Edition

U.S. Offered $10M for Hacker Just Arrested by Russia

Why Phishers Love New TLDs Like .shop, .top and .xyz

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Fintech Giant Finastra Investigating Data Breach

An Interview With the Target & Home Depot Hacker

Microsoft Patch Tuesday, November 2024 Edition

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Canadian Man Arrested in Snowflake Data Extortions

Elttam

Abusing Amazon VPC CNI plugin for Kubernetes

PwnAssistant - Controlling /home’s via a Home Assistant RCE

Naked Security

Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces

Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports

Year in Review 2024: The major headlines and moments from Sophos this year

DeepSpeed: a tuning tool for large language models

The Bite from Inside: The Sophos Active Adversary Report

Sophos excels in the 2024 MITRE ATT&CK® Evaluations: Enterprise

Keeping it real: Sophos and the 2024 MITRE ATT&CK Evaluations: Enterprise

December Patch Tuesday arrives bearing 71 gifts

Network security best practices for the holidays

Sophos AI to present on how to defang malicious AI models at Black Hat Europe

Sophos Named One of Computerworld’s 2025 Best Places to Work in IT

Upgrade your Sophos Firewall to v21 today

Schneier on Security

Friday Squid Blogging: Squid Sticker new

Mailbox Insecurity

New Advances in the Understanding of Prime Numbers

Hacking Digital License Plates

Short-Lived Certificates Coming to Let’s Encrypt

Upcoming Speaking Events

Friday Squid Blogging: Biology and Ecology of the Colossal Squid

Ultralytics Supply-Chain Attack

Jailbreaking LLM-Controlled Robots

Full-Face Masks to Frustrate Identification

Trust Issues in AI

Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device

Linux Security

Practical Strategies for Guarding Against the New cShell DDoS Linux Malware new

How Is Open Source Intelligence Shaping the Future of Cybersecurity? new

A Practical Guide to Securing Your TP-Link Router with OpenWRT new

MUT-1244: The Latest Threat To Your Sensitive Credentials

New Python Vuln Exposes Linux Systems to Memory Exhaustion Risks

Kali Linux 2024.4: Cutting-Edge Tools & Expanded Hardware Support

Containerizing WordPress: Best Practices for Robust Security and Management

Combating the Surge in WordPress Supply-Chain Backdoors

How Spectre Vulnerabilities Haunt Qualcomm CPUs in Linux

Securing Your Streams: A Linux Gamer's Guide to Cyber Threats

Best Practices for WordPress Site Security on Linux Webservers

Understanding Linux Vulnerabilities: Cyber Threats in Open-Source Systems

Dark Reading

How to Protect Your Environment From the NTLM Vulnerability new

How Nation-State Cybercriminals Are Targeting the Enterprise new

Managing Threats When Most of the Security Team Is Out of the Office new

Bridging the 'Keyboard-to-Chair' Gap With Identity Verification

Supply Chain Risk Mitigation Must Be a Priority in 2025

India Sees Surge in API Attacks, Especially in Banking, Utilities

Interpol: Can We Drop the Term 'Pig Butchering'?

Recorded Future: Russia's 'Undesirable' Designation Is a Compliment

The Importance of Empowering CFOs Against Cyber Threats

Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

Thai Police Systems Under Fire From 'Yokai' Backdoor

Texas Tech Fumbles Medical Data in Massive Breach

Securelist

BellaCPP: Discovering a new BellaCiao variant written in C++

Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Lazarus group evolves its infection chain with old and new malware

Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations

Download a banker to track your parcel

Dark web threats and dark market predictions for 2025

Whitehat Security Blog

HITB News

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Here’s the paper no one read before declaring the demise of modern cryptography

OpenAI launches ChatGPT with Search, taking Google head-on

Chinese attackers accessed Canadian government networks – for five years

The RISKS Digest

Security in Mainstream Media

Google News Hacking

WhatsApp wins legal victory against NSO Group in Pegasus hacking case - Financial Times new

Major Victory for Meta: Israel’s NSO Group Found Guilty of Hacking WhatsApp - Beebom new

Judge rules Israeli firm NSO Group liable for damages in WhatsApp hacking case - CNN new

North Korean Hackers Stole $1.3 Billion In Crypto, Chainalysis Report Finds - Cryptonews new

Hackaday Podcast Episode 301: Hacking NVMe Into Raspberry Pi, Lighting LEDs With Microwaves, And How To Keep Your Fingers - Hackaday new

Apple Warns Users Of iPhone Spyware Attacks—What You Need To Know - Forbes new

Acquittal for Australian woman charged as hacker after blowing whistle on prolific child abuser - Boing Boing new

FBI warns against using two-factor text authentication - NewsNation Now new

North Korean hackers stole $1.3bn in crypto this year, report says - BBC.com

120,000 Bitcoin Theft: Bitfinex Hacker Refutes Netflix's Story - Bitcoinist

Feds Warn SMS Authentication Is Unsafe After ‘Worst Hack in Our Nation’s History’ - Gizmodo

North Korean hackers stole $1.3B in crypto in 2024 — Chainalysis - Cointelegraph

Google Cyber Security

Here Is My Top Cybersecurity Stock for 2025 - The Motley Fool new

Top cyber attacks of 2024: Lessons from the year’s biggest breaches - Security Boulevard new

Hackers sit on RIBridges data dump - Rhode Island Current new

Healthcare Cyber Security Market Generated Opportunities, Future Scope 2024-2031 - openPR new

Age of AI: The critical role of cybersecurity in future-proofing businesses - ETCISO.in new

Cyber security expert talks about concerns surrounding TP-Link products - KPRC Click2Houston new

Authorities Arrested LockBit Ransomware Developer & Team Core Member - CybersecurityNews new

Wood County agencies continue investigating ransomware attack - WTOL new

FTC Finalizes Order Requiring Marriott to Improve Data Security - PYMNTS.com new

Parents raise concerns over ongoing school technology issues in Racine, Cybersecurity expert weighs in - TMJ4 News new

Sweat the small stuff: Data protection in the age of AI - CIO new

Strengthening open source: A roadmap to enhanced cybersecurity - Nextgov/FCW new

Thirsty for more

Hacker News (YCombinator)

Kannel: Open-Source WAP and SMS Gateway new

UK Gov Open Consultation: Copyright and Artificial Intelligence new

The Christmas story of one tube station's 'Mind the Gap' voice (2019) new

The Ugly Truth About Spotify Is Finally Revealed new

Show HN:Free Online Tool to Experience Microsoft's MarkItdown new

Britannica Didn’t Just Survive. It’s an A.I. Company Now. new

Our remedies proposal in DOJ's search distribution case new

US judge finds Israel's NSO Group liable for hacking journalists via WhatsApp new

Compiling C to Safe Rust, Formalized new

A Raycaster in Bash new

Ask HN: Stanford cs 153 help new

Ask HN: Stanford CS 153 help new

Reddit - Cyberpunk

"Aureliana and Muffin". Drawing by me. new

Krista Bourgeois - Modular Live Set @ PRSPCT XL 33 [Industrial Hardcore] new

Cyberpunk LCD Neck Collar new

UnitedHealth could be the catalyst to a cyberpunk future. new

Anyone cyberpunk an appliance? Silver cube that replicates stuff feels like a good candidate. Ideas? new

Witnessing your first drone sighting in Cleveland, OH new

Cyberware doodle

Bro tweakin [sketch]

Saw someone else post their collection so I figured I'd share mine.

When your daily news starts to read like a cyberpunk anthology...

Ghost in the Shell (Playstation, 1997) opening was cyberpunk nirvana.

Peak dystopian fiction (Cyber City 808)

Reddit - Security CTF

Need help creating shellcode new

Need help with reconstructing PIN new

Help with "Web Socket - 0 protection" challenge from root-me.org

infosec community discord server

Blockchain challenge

I need Advice. What to do with INR 4000 prize?

University CTFs

HTB Academy or TryHackMe for learning about ctfs?

Need help with rev challenge

Reddit - Sysadmin

Still using these or nah new

Electric Precision Screwdriver with replaceable battery recommendations new

How many employees per IT staff does your department manage? new

Those who have participated in hiring processes: Do you honestly care if someone puts their /hobbies|passions|interests/ on a resume? new

I'm tired boss.. new

Comparing SecureCRT with PuTTY, MobaXterm, and Termius – Which One Do You Prefer? new

I am not thrilled about all users just having local persanol accounts on their computers. Am I wrong? new

Recommendations for upgrading/migrating hundreds of Windows 2003 servers new

I just dropped a near-production database intentionally.

Lobste.rs

dropping hyper new

Three web views for Common Lisp: build cross platform GUIs with Electron, WebUI or CLOG Frame new

Rules to avoid common extended inline assembly mistakes new

DOS APPEND command new

Turing Machines new

Hexagon page animations new

The jank programming language new

Phantom Menace: memory leak that wasn't there new

CandyFab: A DIY 3D Sugar Printer new

Rivet Actors, Cloudflare Durable Objects-like infrastructure built with Rust, FoundationDB, V8 Isolates new

The long and winding road to safe browser-based cryptography new

The CD Pipeline Manifesto new

Hackaday

Training a Self-Driving Kart new

3D Printing a Big LEGO Christmas Tree new

It’s Official: The North Pole is Moving new

Rudolph’s Sleigh on a North Pole PCB new

Making a Mechanical Watch From Scratch Is Fine Work new

Building a Diet Coke Button new

Hackaday Podcast Episode 301: Hacking NVMe into Raspberry Pi, Lighting LEDs with Microwaves, and How to Keep Your Fingers new

Embossing Leather With a Pipe Bender and 3D Printed Tooling new

Subchannel Stations: The Radio Broadcasts You Didn’t Know Were There new

Multimeter Gets Socket Upgrade To Use Nicer Probes

Watch a 3D Scan Become a Car Body Model

Old BBC Micro Gets Some Disk Help From A Raspberry Pi

Ars Technica

The New Glenn rocket’s second stage set to roll to the launch pad on Monday

The New Glenn rocket’s second stage set to roll to the launch pad on Monday

Audi replaces its bestseller—here’s the next Q5 SUV

Audi replaces its bestseller—here’s the next Q5 SUV

The Starliner spacecraft has started to emit strange noises

The Starliner spacecraft has started to emit strange noises

Agatha All Along’s latest teaser hints at one character’s true identity

Agatha All Along’s latest teaser hints at one character’s true identity

City of Columbus sues man after he discloses severity of ransomware attack

City of Columbus sues man after he discloses severity of ransomware attack

Harmful “nudify” websites used Google, Apple, and Discord sign-on systems

Harmful “nudify” websites used Google, Apple, and Discord sign-on systems

Wired

The 25 Best Movies on Amazon Prime Right Now (December 2024) new

Mystery Drone Sightings Lead to FAA Ban Despite No Detected Threats new

A Spacecraft Is About to Fly Into the Sun’s Atmosphere for the First Time new

To Improve Your Gut Microbiome, Spend More Time in Nature new

Music Can Thrive in the AI Era new

Nike Promo Codes and Deals: Up to 40% Off new

Design Within Reach Promo Codes: Extra 20% Off new

KitchenAid Promo Codes and Coupons: 10% Off new

2024 Was the Year the Bottom Fell Out of the Games Industry new

This Tropical Virus Is Spreading Out of the Amazon to the US and Europe new

OpenAI Upgrades Its Smartest AI Model With Improved Reasoning Skills new

I Used AI to Do All of My Holiday Shopping new

Slashdot

Startup Set To Brick $800 Kids Robot Is Trying To Open Source It First new

Axiom's Private Space Station Could Arrive As Early As 2028 new

10 Years Later: Malaysia To Resume Hunt For Flight MH370 new

Cory Doctorow's Prescient Novella About Health Insurance and Murder new

'Yes, I am a Human': Bot Detection Is No Longer Working new

EU Wants Apple To Open AirDrop and AirPlay To Android new

10,000 Amazon Workers Go On Strike Ahead of Holiday Rush new

Justice Department Unveils Charges Against Alleged LockBit Developer new

Qualcomm Processors Properly Licensed From Arm, US Jury Finds new

Arizona's Getting an Online Charter School Taught Entirely By AI new

CFPB Sues America's Largest Banks For 'Allowing Fraud To Fester' on Zelle new

Apple Pulls Lightning-Equipped iPhones From Swiss Stores Ahead of EU USB-C Mandate new

DZone Security

Deploying LLMs Securely With OWASP Top 10

Implementing OneLake With Medallion Architecture in Microsoft Fabric

Strengthening IAM Security for Cloud IaaS Accounts

Enhancing Security in Kubernetes: A Comparative Analysis of Cosign and Connaisseur

Dropwizard vs. Micronaut: Unpacking the Best Framework for Microservices

Securing APIs in Modern Web Applications

Mastering Seamless Single Sign-On: Design, Challenges, and Implementation

A Practical Guide to Securing NodeJS APIs With JWT

Demystifying Kubernetes in 5 Minutes

Building Secure Containers: Reducing Vulnerabilities With Clean Base Images

A General Overview of TCPCopy Architecture

Strengthening Your Kubernetes Cluster With Pod Security Admission

DZone

The Next Big Thing: How Generative AI Is Reshaping DevOps in the Cloud new

How to Test PATCH Requests for API Testing With Playwright Java new

Idea to Running: One Minute new

Strategic Roadmap for Modernizing Digital Operations: Transitioning from Legacy Development Models to Agile-Driven Integrated Frameworks

Docker Security Best Practices for Enterprise Applications: From Development to Production

Exploring the New Boolean Data Type in Oracle 23c AI

Using Java Class Extension Library for Data-Oriented Programming - Part 2

Java Application Containerization and Deployment

Redefining Ethical Web Scraping in the Wake of the Generative AI Boom

How to Write for DZone Publications: Trend Reports and Refcards

Automating Atlassian Data Center Application Upgrades

Zero Trust for AI: Building Security from the Ground Up