Dirty Vanity: A New Approach to Code Injection & EDR Bypass Blog: deepinstinct.com/blog/dirty-van… Rust PoC: github.com/Whitecat18/Rus…

Hunting EDR Freeze... A recent EDR-Freeze technique by Two Seven One Three can suspend a given EDR process. Now it's time to hunt it down with few logs and clever correlation. The post: blog.axelarator.net/hunting-for-ed… #redteam #blueteam #maldev Hunting EDR Freeze... A recent EDR-Freeze

My first Huntress blog is live: we break down some funky ClickFix lures that lead to a loader which uses steganography to extract shellcode and ultimately deliver LummaC2/Rhadamanyths stealers. Big thanks to RussianPanda 🐼 🇺🇦 for the help! 😇 huntress.com/blog/clickfix-…

Kaspersky exposed ToddyCat APT's evolution: the group steals M365 OAuth tokens from memory and uses TCSectorCopy to steal locked Outlook OST files, allowing covert access to cloud email outside the perimeter #ToddyCat #M365Hack #Cyberespionage #OAuthToken securityonline.info/toddycat-apt-s…

GitHub - Red-Hex-Consulting/Ankou: A flexible, AI powered C2 framework built with operators in mind github.com/Red-Hex-Consul…

Golden dMSA - This tool exploits a new attack against delegated Managed Service Accounts called the "Golden DMSA" attack. The technique allows attackers to generate passwords for all associated dMSAs offline. meterpreter.org/golden-dmsa-to…

ICYMI: In this blog, Oddvar Moe goes over a clever DLL hijack that turns Windows Narrator into a persistence vector. Got questions? Our next Discord Livestream is on December 4 where he’ll be answering your questions on Windows Accessibility. Read now! trustedsec.com/blog/hack-cess…

🚩 CTM360 Exposes Global WhatsApp Infrastructure for Supply-Chain Attacks thehackernews.com/2025/11/ctm360… A server-side flaw in the CTM360 bulk-SMS platform allowed attackers to hijack push-delivery endpoints for over 2 billion #WhatsApp messages globally, enabling them to inject

🚨Alert🚨:CVE-2025-58360:XML External Entity Vulnerability in GeoServer WMS GetMap Operation 📊51.7K Services are found on the hunter.how yearly. 🔗Hunter Link:hunter.how/list?searchVal… 👇Query HUNTER : product.name="GeoServer"

𝗔 𝗹𝗮𝗻𝗱𝗺𝗮𝗿𝗸 𝗺𝗼𝗺𝗲𝗻𝘁 ➡️ a satellite signal travelling 𝗱𝗶𝗿𝗲𝗰𝘁𝗹𝘆 𝘁𝗼 𝗮 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝘀𝗺𝗮𝗿𝘁𝗽𝗵𝗼𝗻𝗲 and triggering an emergency alert instantly, securely and to everyday smartphones. No apps and no pairing, just true satellite-to-device capability,

This Cheatsheet helps you to pick the best model for your specific task. ♻️ Repost to help others.

InfraGraph and the Return of Infrastructure Inventory: Why Cloud Needs a Single Source of Truth medium.com/@saimsafder14/…

''Unpacking the AAD Broker LocalState Cache - SpecterOps'' #infosec #pentest #redteam #blueteam specterops.io/blog/2025/11/0…

It reminds me of earlier this year when I shared an investigation done with a particular industry tool, and someone quoted the post insisting it was Autopsy. He even claimed he works with the government and bet that Autopsy couldn’t do what I demonstrated simply because that’s

We review digital risk through the capabilities of malicious LLMs, using WormGPT and KawaiiGPT as examples. This discussion of LLMs as a cybercrime-as-a-service product stresses the call for accountability from developers, regulators and researchers. bit.ly/480laYa

How I Discovered an IDOR Vulnerability in a Parent/Child Management API infosecwriteups.com/how-i-discover… #bugbounty #bugbountytips #bugbountytip

Registration for #JSAC2026 is now open! Visit the website for details. Seats are reserved on a first-come, first-serve basis. Make sure to register early if you wish to attend! ^SY jsac.jpcert.or.jp/en/registratio…

Scattered Lapsus$ Hunters are reportedly intensifying the sale of compromised FortiOS access on DarkForums, with a focus on Central and South America, identifying 24 distinct victims including a major real estate firm in El Salvador. devel.group/blog/scattered…

#BreakingNews The safety inspections and required maintenance on #AirbusA320 aircraft is underway, the #UAE regulator confirmed to #KhaleejTimes on Saturday. khaleejtimes.com/uae/airbus-a32…

Era from Hack The Box has multiple IDOR vulnerabilities followed by a PHP injection invoking the PHP SSH module to run commands on the host. Then there's a signed Linux binary to negotiate for root. 0xdf.gitlab.io/2025/11/29/htb…