The security paradox of local LLMs #LLMSecurityParadox #PromptInjection #LocalLLMVulnerabilities #CodeGenerationThreats #AISoftwareSupplyChain https://quesma.com/blog/local-llms-security-paradox/
Quesma
The security paradox of local LLMs - Quesma Blog
Local LLMs prioritize privacy over security. Our research reveals a 95% backdoor injection success rate.
CVE-2025-8556 - Cryptographic Issues in Cloudflare’s CIRCL FourQ Implementation #CVE20258556 #CloudflareCIRCL #FourQ #InvalidPointAttack #EllipticCurveCrypto https://www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementation
www.botanica.software
CVE-2025-8556 - Cryptographic Issues in Cloudflare’s CIRCL FourQ Implementation
2 min read
Pit's Proof Of Concept #Frida #MobileModding #AppDistribution #FridaGadget #AndroidApps https://pit.bearblog.dev/modding-and-distributing-mobile-apps-with-frida/
Pit's Proof Of Concept
Modding And Distributing Mobile Apps with Frida
Walkthrough of how to embed frida scripts in apps to distribute proper mods. Supports frida 17+.
Leveraging Machine Learning to Enhance Acoustic Eavesdropping Attacks (Part 1 of 4) #AcousticEavesdropping #MachineLearning #SideChannelAttack #MobileSecurity #InertialSensors https://cc-sw.com/leveraging-machine-learning-to-enhance-acoustic-eavesdropping-attacks-part-1-of-4/
Privescing a Laptop with BitLocker + PIN #BitLocker #TPM #PINProtection #HardwareHacking #KeyRecovery https://www.errno.fr/Bitlocker_TPM_and_PIN_privesc
LockBit Returns — and It Already Has Victims #LockBit #Ransomware #Resurgence #CyberThreat #LockBit5.0 https://blog.checkpoint.com/research/lockbit-returns-and-it-already-has-victims/
TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware #TARmageddon #CVE202562518 #OpenSourceSecurity #Abandonware #RCEVulnerability https://edera.dev/stories/tarmageddon
Edera
CVE-2025-62518 Shows the Cost of Open Source Abandonware
Edera uncovers TARmageddon (CVE-2025-62518), a Rust async-tar RCE flaw exposing the real dangers of open-source abandonware and supply chain security.
Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office #ClubWPTHack #DataExposure #BackOfficeCompromise #Vulnerability #2FABypass https://samcurry.net/hacking-clubwpt-gold
samcurry.net
Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office
In June, 2025, Shubs Shah and I discovered a vulnerability in the online poker website ClubWPT Gold which would have allowed an attacker to fully access the core back office application that is used for all administrative site functionality.
WSO2 #1: 404 to arbitrary file read #WSO2 #XXE #FileRead #CVE20252905 #APIManager https://crnkovic.dev/wso2-404-to-arbitrary-file-read/
Hack-cessibility: When DLL Hijacks Meet Windows Helpers #DLLHijacking #WindowsPersistence #AccessibilityAbuse #LateralMovement #RedTeaming https://trustedsec.com/blog/hack-cessibility-when-dll-hijacks-meet-windows-helpers
TrustedSec
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
Desktop Window Manager Array Out Of Bounds LPE #DWM #OutOfBounds #LPE #WindowsVulnerability #CVE202555681 https://ssd-disclosure.com/desktop-window-manager-array-out-of-bounds-lpe/
SSD Secure Disclosure
Desktop Window Manager Array Out Of Bounds LPE - SSD Secure Disclosure
Vendor Response The vendor has released a patch for Windows that addresses this vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55681 CVE CVE-2025-55681 Credit The vulnerability was disclosed during our TyphoonPWN Windows category…
🔥2
How SOC Teams Operationalize Real-Time Defense Against Credential Replay Attacks #CredentialReplay #SOCteams #AccountTakeover #MFAbypass #RealTimeDefense https://www.memcyco.com/how-soc-teams-operationalize-real-time-defense-against-credential-replay-attacks/
Memcyco
Credential Replay Attack Defense for SOC Teams | Memcyco
Stop credential replay attacks early. See how SOC teams use real-time detection and decoy credentials to prevent escalation.
Threat Intelligence List #HelixGuard #OpenSource #SecurityResearch #CyberSecurity #InfoSec https://helixguard.ai/intelligence
We May Have Finally Fixed Python’s 25-Year-Old
Vulnerability #PythonSecurity #PickleModule #ContextTainting #Deserialization #VulnerabilityFix https://iyehuda.substack.com/p/we-may-have-finally-fixed-pythons
Vulnerability #PythonSecurity #PickleModule #ContextTainting #Deserialization #VulnerabilityFix https://iyehuda.substack.com/p/we-may-have-finally-fixed-pythons
Substack
We May Have Finally Fixed Python’s 25-Year-Old Vulnerability
A Context Tainting Approach to Mitigate Python Deserialization Attacks
Automating COM/DCOM vulnerability research #COM #DCOM #Fuzzing #VulnerabilityResearch #Automation https://www.incendium.rocks/posts/Automating-COM-Vulnerability-Research/
Remco van der Meer
Automating COM/DCOM vulnerability research
Diving into COM/DCOM and how to automate vulnerability research using a fuzzing approach.
A Deep Dive Into Warlock Ransomware Deployed Via ToolShell SharePoint Chained Vulnerabilities #WarlockRansomware #SharePointVulnerabilities #MalwareAnalysis #DefenseEvasion #HybridEncryption https://hybrid-analysis.blogspot.com/2025/10/a-deep-dive-into-warlock-ransomware.html
Blogspot
A Deep Dive Into Warlock Ransomware Deployed Via ToolShell SharePoint Chained Vulnerabilities
Author(s): Vlad Pasca Warlock ransomware was deployed by exploiting the SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 The ma...
GlobalCVE: A unified, open-source hub for global vulnerability intelligence. Built for clarity, collaboration, and security https://globalcve.xyz/
Updating Exploit Likelihood with Control Effectiveness https://stephenshaffer.io/quantifying-swiss-cheese-the-bayesian-way-b2b512472d85
Medium
Updating Exploit Likelihood with Control Effectiveness
Updating Exploitation Likelihood with Control Effectiveness
EDR-Redir V2: Blind EDR With Fake Program Files #BlindEDR #EDRRedirV2 #BindLinkExploit #FolderRedirection #DefenseEvasion https://www.zerosalarium.com/2025/11/EDR-Redir-V2-Blind-EDR-With-Fake-Program-Files.html
Zerosalarium
EDR-Redir V2: Blind EDR With Fake Program Files
EDR-Redir V2 uses bind link technique with Program Files folder. Create bind link for folder points to itself to break, bypass, block Antivirus, EDRs
Sniffing established BLE connections with HackRF One #BLESniffing #SoftwareDefinedRadio #HackRFOne #ChannelHopping #IoTSecurity https://blog.lexfo.fr/sniffing-ble-sdr.html
blog.lexfo.fr
Sniffing established BLE connections with HackRF One
<p>Tracking already-established BLE connections using SDR has its own challenges. With custom firmware and multi-channel listening, the presented approach quickly deduces the hidden hopping parameters needed to follow the connection.</p>