You should probably not use this version. 8.8.1 CVE-2025-49144

updated my ADCS cheatsheet seriotonctf.github.io/ADCS-Attacks-w…

How attackers move between AD domains via trusts depends on trust type & config. We're replacing TrustedBy edge in BloodHound with new trust edges for better attack path mapping. Check out Jonas Bülow Knudsen's blog post to learn more. ghst.ly/4lj9C5T

That’s essentially my thesis on pentesting and low skill TA behaviors. Using known good/admin/defensive tools.

Btw, I'm here once again to remind detection platform owners that stealing sigma rules is not cool. Never contributing back is not cool. Adding FP filters privately or adding a new string doesn't make you an author or owner of said rules. Converting sigma rules into a

CISA warns of critical flaws in ControlID iDSecure On-premises, including SQL Injection (CVSS 9.1), auth bypass, and SSRF, risking vehicle access control systems. Update to 4.7.50.0. #ControlID #AccessControl #Cybersecurity #SQLi #CISA securityonline.info/cisa-warns-of-…

We’re going the wrong way! How to abuse symlinks and get LPE in Windows cicada-8.medium.com/were-going-the…

I need to build an SSH tunnel between my two laptops they both don't have any publicly addressable IPs and both are at different places, how can I do that ?

Structured way to find conditional access bypasses from Fabian Bader and Dirk-jan ☝️

Check Point Research look into an ongoing spear-phishing campaign targeting Israeli journalists, high-profile cybersecurity experts, and computer science professors from leading Israeli universities. research.checkpoint.com/2025/iranian-e…

#booking #fakecaptcha #clickfix 👇 booking.extranet-get-reserve.]com booking.extranet-find.]com 👇 h1dd-page.]com/km77qnz/trails.exe C2 #AsyncRat ⛔️185.156.72.]25:6565 ✅AnyRun app.any.run/tasks/6b2b75ce… ✅Samples bazaar.abuse.ch/browse/tag/h1d… cc Kelsey Mikhail Kasimov ܛܔܔܔܛܔܛܔܛ

Thanks to everyone who came to my TROOPERS Conference #TROOPERS25 talk today! The slides are available here - github.com/h4wkst3r/Confe…

Our team has just released the 2025 CTI Report. The key focus has been on tracking adversary infrastructure and is packed with our threat research insights alongside an in-depth view into the changing information stealers & ransomware ecosystems 🐧 Link: bridewell.com/insights/white…

Microsoft 365 'Direct Send' abused to send phishing as internal users - Lawrence Abrams bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Concerned about LLMs replacing pentesters? We've made enhancing your own workflow with AI easier than ever - you can now build your own AI features directly inside Repeater with Custom Actions. Here's one I built for myself which guesses param meanings:

🚨 Cisco just patched two 10.0 CVSS flaws in ISE and ISE-PIC—unauthenticated RCE as root. Attackers only need a crafted API call or file upload. No workaround. If you're running 3.3+ or 3.4, patch now. Details here → thehackernews.com/2025/06/critic…

Jailbroken AIs are helping cybercriminals to hone their craft malwarebytes.com/blog/news/2025…

⚠️ TP‑Link Router Flaw CVE‑2023‑33538 Exploited in the Wild thehackernews.com/2025/06/tp-lin… A critical command‑injection vulnerability in older TP‑Link models (WR940N, WR841N, WR740N) is being actively abused, allowing attackers to execute system commands remotely via the ssid1 HTTP

New in the BApp Store: AWS cURL Command Streamline AWS API testing with this extension: 🔐 Converts HTTP requests into AWS SigV4-signed curl commands 📋 Copies ready-to-use commands directly to your clipboard 🧰 Ideal for reproducing requests and debugging AWS APIs

New lore update on IntelBroker a/k/a Kai West - Did swatting and bomb threats as a teenager - Was raided by NCA UK - NCA enrolls Mr. West in a cybersecurity trainee program (steer him in positive direction) - Less than 2 years later he returns to cyber-crime