GitHub - actuator/DEFCON-33: Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G & 4G LTE Routers github.com/actuator/DEFCO…

First we saw APT28 using an LLM to generate commands in their malware and now, a ransomware is using an LLM to start file system encryption 👀

Google is a bad keeper of Android. The new "you need to give Google your ID for sideloadable apps" thing is a huge and disgusting overstep. I wish there was a serious, properly funded, open-source competitor in the phone space.

Infosec is primarily cyberjanitors because we’re asked to clean up shit nobody else wants to deal with.

🪓🌿 Claude found the APT! My first time sharing how I operationalized an LLM for defenders 👀 Hooked up my MCP → Splunk + Claude… what started as tuning an analytic turned into Claude uncovering real suspicious activity in my test AD environment 🔥 I’ll be sharing more

🚀v0.51.0 is out now! This version introduces two major updates in Workflow and Findings, along with improvements to the Backend SDK and various bug fixes: ✅ Workflow Run History ✅ Exporting Findings 🔗 Check out the full changelog: caido.io/blog/2025-08-2…

short write-up on the Intigriti CTF solution (chall 0825 by 0xblackbird), including a bit of nextjs, an SSRF and an RCE; good reading! zhero-web-sec.github.io/ctf-intigriti-…

all my homies hate LHDN

Last-minute hack reveals massive flaw

No thread, tak rajin: - TNG nak hire 150 people in 2025, hiring is challenging - CTO is 32 years old - 172K transactions per second masa one the events - Ada DB sharding, data center di MY - Microservices - SLO 99.99% - Weekly release - Lots of security measure untuk mobile app

國語友善XD blog.orange.tw/posts/2025-08-…

Police have arrested 400 people in a major raid on a scam call centre in Bangsar South, Kuala Lumpur. The syndicate, involving both Malaysians and foreigners, allegedly ran online scams and gambling operations across five floors in a commercial building.

btw be careful, me and my colleague identified a malicious SEO poisoned GitHub Desktop download website where it has AMOS stealer in it. This commit (github.com/desktop/deskto…) shows the threat actor modifying the README file to include his own download URL. #AMOS #Phishing

📍Comprehensive Security Assessments: Web, Mobile, API, Cloud, Network, and Code github.com/m14r41/Pentest…

Thanks to everyone that showed up to our session last night 🤗 I added some notes on why the API wasn't working as expected during the demo on my blog. RE:UN10N Sharing Session - Writing Your First Burp Extension - benkyou's blog benkyousec.github.io/posts/writing-…

Cache Me If You Can (Sitecore Experience Platform Cache Poisoning to RCE) labs.watchtowr.com/cache-me-if-yo… watchTowr #bugbounty

I’ll be in Da Nang for APNIC60 !

Recording is now available at youtu.be/JzxkIna0gnY?si… And a blog post of it by benkyou benkyousec.github.io/posts/writing-…

Rescue Ranger chi chi chi chip and dale

???