Oracle VM VirtualBox – VM Escape via VGA Device
https://github.com/google/security-research/security/advisories/GHSA-qx2m-rcpc-v43v
#HackerNews #OracleVM #VirtualBox #VMescape #VGADevice #SecurityResearch #CyberSecurity #Vulnerability
#securityresearch
Multiple Security Issues in GNU Screen
https://www.openwall.com/lists/oss-security/2025/05/12/1
#HackerNews #MultipleSecurityIssues #GNUScreen #Cybersecurity #Vulnerabilities #OpenSource #SecurityResearch
Security isn’t just a priority — it’s a passion. 🛡️
This Sunday at @BSidesSF, Tailscale’s @patrickod will share how he found a long-standing CSRF bug in the gorilla/csrf Go lib.
Don’t miss it 🔍 (theatre 14)
📅 https://bsidessf2025.sched.com/event/1x8UA
📺 https://bsidessf.org/streams
Wie gehen wir verantwortungsvoll mit IT-Sicherheitslücken um?
Eine Publikation unseres Kollegen Dr. Oliver Vettermann zeigt, wie Sicherheitsforschung, Recht & Praxis zusammenwirken können.
Hier 👉 frei als PDF:
🔗 https://digitalrecht-oe.uni-trier.de/index.php/droe/catalog/view/9/8/59
#ITSicherheit #SecurityResearch #teamFIZ #Digitalisierung #OpenAccess #EthicalHacking
New Tool Exposes How Ads in Apps Use Network Data Tracking to Trace Your Location
#MobilePrivacy #AppSec #DataPrivacy #AdTech #Privacy #Cybersecurity #InfoSec #LocationTracking #DataBroker #Surveillance #Android #iOS #PrivacyTools #SecurityResearch
European Union Vulnerability Database (EUVD)
#HackerNews #EuropeanUnion #VulnerabilityDatabase #EUVD #Cybersecurity #ENISA #SecurityResearch
PentestGPT, an AI-driven tool released in 2024, uses GPT-4 to guide penetration testers through hacking tasks, suggesting recon steps, exploitation commands, and analyzing results.
#pentestgpt #ai #penetrationtesting #cybersecurity #gpt #ethicalhacking #chatgpt #infosec #securitytools #openai #securityresearch #hackingassistant
https://www.darknet.org.uk/2025/04/pentestgpt-ai-powered-penetration-testing-assistant/
I'm transitioning to more of a #research role within my company and would really appreciate advice from experienced #researchers, whatever your specialty.
Our latest blog post is live, check it out!
🗞️ https://opalsec.io/daily-news-update-sunday-march-30-2025-australia-melbourne/
* 👾 Obscure Programming Languages in Malware: Malware authors are getting creative, using less common languages like Rust, Nim, Phix, Lisp and Haskell to evade detection - and it works.
* 💔 $8.2 Million Seized in Crypto Romance Baiting: The DOJ just seized millions in USDT from "romance baiting" scams (aka pig butchering), with links to human trafficking in Cambodia and Myanmar. This is a stark reminder of the human element in cybercrime.
Don't forget, you can subscribe to our newsletter here to get the updates straight to your inbox!
📨https://opalsec.io/daily-news-update-sunday-march-30-2025-australia-melbourne/#/portal/signup
#cybersecurity #malware #ransomware #cryptoscams #threatintel #infosec #rustlang #phishing #APT29 #pigbutchering #usdt #doj #fbi #cybercrime #securityresearch #zerotrust #threatdetection #reversengineering
I am looking for good #RSS / #Atom feeds about #Selfhosting #Linux #BSD #SecurityResearch #UnplugTrump #OpenSource #FOSS #EUPol
#VMware #Fediverse
📢We're delighted to launch our 20th issue of CREST Security Review (CSR), which focuses on counter-terrorism and counter-extremism evaluation 🔎
The articles reflect the challenges and opportunities of understanding ‘what works’ in this field, and describe recent developments in what is a vibrant field of research and practice.
Read, download & share for free ⬇️ https://crestresearch.ac.uk/magazine/evaluation/ #Evaluation #CVE #Counterterrorism #SecurityResearch
👨💻🎩 Oh, look! Another "groundbreaking" article where someone thinks they're the first to discover that #SAML #SSO can be bypassed with parser differentials. 🤡 Because clearly, #security researchers have never thought of this before. Bravo, #GitHub, for reinventing the wheel and calling it AI-powered! 🤣🔐
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/ #AIParserDifferentials #SecurityResearch #HackerNews #ngated
I'm thrilled to announce that I've joined Checkmarx Zero!
In the new role, I'm getting even deeper into security research, and I'll focus a lot of my time on making our findings even more understandable and practical for a wider audience.
I look forward to working with this world-class research team. Watch for upcoming papers, blogs, conference presentations, and industry collaborations!
The best ICS testing results don’t come from a single approach. Onsite testing has to be risk-averse, and lab testing can uncover deeper vulnerabilities. The key? A combined approach…
OT environments don't stand up to regular IT pen testing. Any pen tester that doesn't fully understand that could easily destroy systems and take out critical infrastructure.
By strategically selecting devices for lab testing based on onsite insights, you get the best of both worlds without unnecessary risk or cost.
In our latest blog, Head of Hardware Andrew Tierney explains how this method finds hidden threats in ICS networks: https://www.pentestpartners.com/security-blog/ics-testing-best-results-hint-blend-your-approach/
#cybersecurity #icsmonitoring #industrialsecurity #cyberdefense #securityresearch #operationaltechnology #incidentresponse #cyberawareness
🛠️ Using Compiler Optimizations… to Obfuscate?
Compiler optimizations are supposed to clean up code, make it faster, and sometimes even deobfuscate messy transformations. But what if we could flip that around and use them to make code harder to analyze instead? 🤔
Lately, I’ve been exploring this idea in my research, and it turns out that compiler optimizations can actually reinforce obfuscation when used strategically.
Most obfuscation techniques rely on structured transformations. Decompilers and specialized tooling exploit this structure to recognize and undo them. But if you pass your obfuscation through the right set of compiler optimizations, things get interesting: the compiler won’t fully deobfuscate the transformation, but it reshapes it just enough to break tools that try to reverse it.
End result? A more efficient and resistant obfuscation transformation—basically for free. I find that pretty neat.
There’s a delicate balance here: you need optimizations that shake things up but don’t simplify too much. When you hit that sweet spot, it makes reverse engineering way more painful.
💡 Ever tried messing with compiler behavior in unexpected ways? Would love to hear your thoughts! 👇
#ReverseEngineering #SoftwareProtection #Obfuscation #Compilers #CodeOptimization #SecurityResearch
Why yes, we had to do a MX lookup on the host part of an email address you provided in order send it an email. Given this was done by a 3rd party email provider, why do you think knowing the IP address of the server that did this DNS lookup poses a risk?
"Hello, I've lied to you twice about a security vulnerability I claimed I found in your app. Can I please report some more made up BS?"
@neverpanic @wifi_freak @fluepke Digging into ipsw and exploring macOS/iOS security feels like hacking a Rubik’s cube—complex, but super satisfying when it clicks. 🧩
Sure, it’s a challenge, but who doesn’t love a good puzzle? Let’s decode some Apple magic! 🍏
Been gifted a pair of #Rayban #Meta glasses for a development job and been told to keep them when done. Kind of interested in them from a security research perspective - what things, if any, are you interested in or curious about that I could take a look into? #security #securityresearch
Which packages do you absolutely uninstall when setting up a security research VM?
For a security research VM how paranoid are you with the username or other user info (full name, email address, git config name/email, etc)?
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst