Malware Analysis, Phishing, and Email Scams #PhishingEvolution #AIEvasion #PromptInjection #AIDefenses #EmailSecurity https://malwr-analysis.com/2025/08/24/phishing-emails-are-now-aimed-at-users-and-ai-defenses/
Malware Analysis, Phishing, and Email Scams
Phishing Emails Are Now Aimed at Users and AI Defenses
Phishing has always been about deceiving people. But in this campaign, I discovered something new. The attackers weren’t only targeting users, they also attempted to manipulate AI-based defences. T…
🔥1
Security Alert | NX Compromised to Steal Wallets and Credentials #NXCompromise #CredentialTheft #SupplyChainAttack #SecurityAdvisory #Semgrep https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/
Semgrep
Security Alert | NX Compromised to Steal Wallets and Credentials
What is s1ngularity-repository? Nx is compromised and the malware steals wallets and API keys using Claude CLI or Gemini.
Magecart Skimmer Analysis: From One Tweet to a Campaign #Magecart #WebSkimming #JavaScriptMalware #ThreatHunting #ECommerceSecurity https://blog.himanshuanand.com/2025/09/magecart-skimmer-analysis-from-one-tweet-to-a-campaign/
Himanshu Anand :: Threat Notes
Magecart Skimmer Analysis: From One Tweet to a Campaign
Starting Point It all began with a tweet:
sdcyberresearch on X
This tweet hinted at a Magecart-style campaign involving malicious JavaScript injection to skim payment data.
Initial Sample The script was hosted at:
https://www.cc-analytics[.]com/app.js
The…
sdcyberresearch on X
This tweet hinted at a Magecart-style campaign involving malicious JavaScript injection to skim payment data.
Initial Sample The script was hosted at:
https://www.cc-analytics[.]com/app.js
The…
🔥1
IPv4/IPv6 Packet Fragmentation: Detection & Reassembly #IPFragmentation #PacketReassembly #PacketSmith #IPv4IPv6 #NetworkAnalysis https://packetsmith.ca/ip_frag_reassembly/
PacketSmith
IP Fragmentation Detection & Reassembly - PacketSmith
IPv4/IPv6 Packet Fragmentation: Detection & Reassembly Introduction A packet can be broken into smaller pieces, or fragments, at the network layer (by the IPv4 and IPv6 protocols) to fit within a specific Maximum Transmission Unit (MTU). For IPv4, a packet’s…
This House is Haunted: a decade old RCE in the AION client #AIONRCE #LuaExploit #HousingSystem #LegacyVulnerability #PrivateServers https://appsec.space/posts/aion-housing-exploit/
appsec & stuff
This House is Haunted: a decade old RCE in the AION client
TL;DR I found a RCE in the AION client starting from 3.0 (not confirmed the latest version vulnerable) using the built-in housing system. Private servers are still vulnerable. Important Note In the initial version of this post I wrote that the housing system…
The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309) #CrushFTP #CVE202554309 #RaceCondition #AdminBypass #ExploitedInWild https://labs.watchtowr.com/the-one-where-we-just-steal-the-vulnerabilities-crushftp-cve-2025-54309/
watchTowr Labs
The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309)
On July 18, 2025, users of CrushFTP woke up to an announcement:
As we’ve all experienced in 2025, 2025 has been the year of vendors burying their heads in the sand with regard to in-the-wild exploitation, even in the face of impressively indisputable evidence…
As we’ve all experienced in 2025, 2025 has been the year of vendors burying their heads in the sand with regard to in-the-wild exploitation, even in the face of impressively indisputable evidence…
Referral Beware, Your Rewards are Mine (Part 1) #ReferralPrograms #SecurityVulnerabilities #BusinessLogicFlaws #ReferralHijacking #WebExploits https://rhinosecuritylabs.com/research/referral-beware-your-rewards-are-mine-part-1/
Rhino Security Labs
Referral Beware, Your Rewards are Mine (Part 1)
Referral rewards programs are nearly ubiquitous today, from consumer tech to SaaS companies, but are rarely given much security oversight.
Sliding into your DMs: Abusing Microsoft Teams for Malware Delivery #MicrosoftTeams #Malware #SocialEngineering #CyberThreats #Ransomware https://permiso.io/blog/sliding-into-your-dms-abusing-microsoft-teams-for-malware-delivery
permiso.io
Sliding into your DMs: Abusing Microsoft Teams for Malware Delivery
Malware delivery through Microsoft Teams is an emerging threat. Discover how attackers exploit external chats, which regions they target, and key IOCs defenders must track.
We've published a large-scale characterization of the macOS threat landscape! Mapping TTPs from 2006–2024 to uncover how adversaries behave. Check out our blog:
#ThreatIntelligence #macOSMalware #Forensics #InfoSecResearch #macOSMalware #AppleSecurity https://reversea.me/index.php/how-malware-takes-a-bit-out-of-the-apple/
#ThreatIntelligence #macOSMalware #Forensics #InfoSecResearch #macOSMalware #AppleSecurity https://reversea.me/index.php/how-malware-takes-a-bit-out-of-the-apple/
Intercepting LDAP With InterceptSuite #LoadingScreen #EnableJavaScript #AllowCookies #BrowserSettings #WebsiteAccess https://infosecwriteups.com/intercepting-ldap-with-interceptsuite-45d219c14943
Medium
Intercepting LDAP With InterceptSuite
LDAP authentication is everywhere in networks, but intercepting encrypted LDAP traffic can be challenging. LDAP authentication in the web…
Hidden in Plain Sight: A Misconfigured Upload Path That Invited Trouble #MisconfiguredPath #WebServerBreach #WebShellDetected #FileUploadRisk #CybersecurityIncident https://www.varonis.com/blog/misconfigured-upload-path
Varonis
Hidden in Plain Sight: A Misconfigured Upload Path That Invited Trouble
A misconfigured upload path exposed a Linux web server to attack. Varonis Threat Labs reveals how it happened and how to prevent future breaches.
Advisory - Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309) Please provide the text you would like me to summarize in 5 hashtags! https://blog.amberwolf.com/blog/2025/august/advisory---netskope-client-for-windows---local-privilege-escalation-via-rogue-server/
Amberwolf
Advisory - Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309)
AmberWolf Security Research Blog
👍1
Papers and code are great, but our team is what makes it happen. ❤️
Reflecting on 2025: A year of hard work, sleepless nights, and incredible success.
A huge thank you to everyone involved. Here's to 2026! 🥂 #Research #Awards #2025Summary https://reversea.me/index.php/a-year-of-breakthroughs-reflecting-on-2025/
Reflecting on 2025: A year of hard work, sleepless nights, and incredible success.
A huge thank you to everyone involved. Here's to 2026! 🥂 #Research #Awards #2025Summary https://reversea.me/index.php/a-year-of-breakthroughs-reflecting-on-2025/
🎉6
Happy New Year, folks! Happy 2026 vulnerability hunting season to all!🍾🥂
🍾3
ZERO-DAY ALERT: Automated Discovery of Critical CWMP Stack Overflow in TP-Link Routers https://blog.byteray.co.uk/zero-day-alert-automated-discovery-of-critical-cwmp-stack-overflow-in-tp-link-routers-0bc495a08679
Medium
ZERO-DAY ALERT: Automated Discovery of Critical CWMP Stack Overflow in TP-Link Routers
ZERO-DAY ALERT: Automated Discovery of Critical CWMP Stack Overflow in TP-Link Routers Update CVE assigned: CVE-2025–9961 NVD Awaiting Analysis This CVE record has been marked for NVD enrichment …
anti-patterns and patterns for achieving secure generation of code via AI #AICodeGeneration #SecureDevelopment #AIAgents #AntiPatterns #FutureOfCoding https://ghuntley.com/secure-codegen/
Geoffrey Huntley
anti-patterns and patterns for achieving secure generation of code via AI
I just finished up a phone call with a "stealth startup" that was pitching an idea that agents could generate code securely via an MCP server. Needless to say, the phone call did not go well. What follows is a recap of the conversation where I just shot down…
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel #CVE202450264 #LinuxKernel #UAFExploitation #RaceCondition #KernelHacking https://a13xp0p0v.github.io/2025/09/02/kernel-hack-drill-and-CVE-2024-50264.html
Alexander Popov
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel
Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher's life difficult. Working with such fragile vulnerabilities demands significant time and…