🚨 CISA Alert: Two critical flaws — in Broadcom Fabric OS (CVE-2025-1976) and Commvault Web Server (CVE-2025-3928) — are now on the Known Exploited Vulnerabilities (KEV) list. 🔹 Both bugs are actively exploited. 🔹 Admin access can lead to full system compromise. 🔹 Patching

20 Must-Read API Security Tips #infosec #cybersecurity #cybersecuritytips #microsoft #redteam #informationsecurity #CyberSec #ai #offensivesecurity #infosecurity #cyberattacks #security #oscp #cybersecurityawareness #bugbounty #bugbountytips

Aws Pentest Checklist #infosec #cybersecurity #cybersecuritytips #microsoft #redteam #informationsecurity #CyberSec #ai #offensivesecurity #infosecurity #cyberattacks #security #oscp #cybersecurityawareness #bugbounty #bugbountytips

Nation-state threats are rising 📈 Our new white paper, "Securing Nations in the Digital Age: Google Cloud Cybershield™️,” outlines how governments can build stronger cyber defenses with actionable insights and capabilities. Learn more: bit.ly/4mLJty6

ADCS Cheat Sheet, by Swissky swisskyrepo.github.io/InternalAllThe…

Microsoft Exchange checklist, by Panos Gkatziroulis 🦄 github.com/netbiosX/Check…

What do you do if you have compromised a server administrator? Hunt for domain admins🏹 This is what NetExec's latest module "presence" does. It checks for DAs in: - C:\Users folder - Processes - Scheduled Tasks All done with native Windows protocols. Made by crosscutsaw and me

Best of Credential Dumping NTDS.dit hackingarticles.in/credential-dum… DCSync Attack hackingarticles.in/credential-dum… LAPS hackingarticles.in/credential-dum… Domain Cache Credential hackingarticles.in/credential-dum… Wireless hackingarticles.in/credential-dum… Group Policy Preferences (GPP) hackingarticles.in/credential-dum… Windows

Building on our latest #voicephishing research, Mandiant experts share how #AI voice cloning is changing social engineering. Listen to the full episode and get expert insights from the frontline: goo.gle/40aATzl

Detecting and preventing LSASS credential dumping attacks microsoft.com/en-us/security…

ACTIVE DIRECTORY SECURITY: WINDOWS FIREWALL ENABLED BY DEFAULT RIGHT? AND LOGGING RIGHT? There is absolutely no excuse for turning off the built-in Windows Firewall. None. It is integrated into the network stack. It goes into a form of Limp Mode and that means being blind to

Entra ID App Escalations: Attacks & Defenses beyondtrust.com/blog/entry/ent…

SentinelOne Must-Have Custom Detection Rules #DFIR Part 1 medium.com/@cyberengage.o… Part 2 medium.com/@cyberengage.o… Part 3 medium.com/@cyberengage.o…

Oracle's FREE Cloud certifications are back! You can become a certified cloud developer in 6 weeks! education.oracle.com/race-to-certif… Digital training in AI, Cloud Infrastructure, Multicloud & Data Platform. 📅 Ends on 10/31 ✔️5 FREE certification exams 💻Hands-on Labs for beginners!

From a recent Active Directory Security Assessment (ADSA) I did: * AD admin accounts with passwords older than 5 years (likely Kerberoastable) * Group Policy Objects (GPOs) linked to the Domain root with modify rights delegated to non-AD admins * Service accounts with really

CVE-2025-5777, aka #CitrixBleed 2, allows leaking of memory in the response which can allow for compromising session tokens, and other sensitive information. A deep-dive to follow next week.

Love this initiative. Fernando Tomlinson and I did a presentation last year highlighting the growing threats of RMMs. As part of our discussion, we shared some threat hunting scripts using PowerShell (github.com/WiredPulse/PS_…) and Google SecOps (github.com/WiredPulse/RMM…)

When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (Ian Carroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds

Threat hunters this one's for you! Join Google Threat Intelligence for a hands-on webinar — spot advanced threats, hunt by behavior, and stay ahead of evolving patterns. Register today ⬇️ 📅 July 16 (EN): goo.gle/4eLXLve 📅 July 23 (ES): goo.gle/3IEqWnO

AWS offers free training & certs for Cloud Practitioner, Solutions Architect, Developer Associate, SysOps Admin, Data & ML Engineer in AWS Educate awseducate.com You learn on Skill Builder, complete practice tests & earn vouchers thriugh points! skillbuilder.aws/learn