I added hover over text, it messed up some of the formatting. But whatever, I gotta go write my TPS report.

Krebs on Security

Dark Reading

The Hacker News [ THN ] - Best Security Blog

2025-12-05 - JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
2025-12-04 - Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
2025-12-04 - ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories
2025-12-04 - 5 Threats That Reshaped Web Security This Year [2025]
2025-12-04 - GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections
2025-12-04 - Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
2025-12-03 - Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
2025-12-03 - Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar
2025-12-03 - Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
2025-12-03 - WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
2025-12-03 - Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
2025-12-03 - Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage
2025-12-03 - Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
2025-12-03 - Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
2025-12-02 - India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
2025-12-02 - Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
2025-12-02 - GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
2025-12-02 - Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
2025-12-02 - Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
2025-12-02 - SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
2025-12-02 - Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
2025-12-01 - India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud
2025-12-01 - ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
2025-12-01 - ⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
2025-12-01 - Webinar: The "Agentic" Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams
2025-12-01 - New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control
2025-12-01 - Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

Schneier on Security

2025-12-02 - Future Politics,” British barrister Jamie Susskind wrote that the dominant question of the 20th century was “How much of our collective life should be determined by the state, and what should be left to the market and civil society?” But in the early decades of this century, Susskind suggested that we face a different question: “To what extent should our lives be directed and controlled by powerful digital systems—and on what terms?”

Artificial intelligence (AI) forces us to confront this question. It is a technology that in theory amplifies the power of its users: A manager, marketer, political campaigner, or opinionated internet user can utter a single instruction, and see their message—whatever it is—instantly written, personalized, and propagated via email, text, social, or other channels to thousands of people within their organization, or millions around the world. It also allows us to individualize solicitations for political donations, elaborate a grievance into a well-articulated policy position, or tailor a persuasive argument to an identity group, or even a single person...

">Like Social Media, AI Requires Difficult Choices
2025-12-01 - banning VPNs, because…think of the children!

As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN. The bill seeks to broadly expand the definition of materials that are “harmful to minors” beyond the type of speech that states can prohibit minors from accessing potentially encompassing things like depictions and discussions of human anatomy, sexuality, and reproduction...

">Banning VPNs
2025-12-01 - found dead on an Israeli beach. The species is rare in the Mediterranean.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

">Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
2025-12-01 - Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning LLM prompts into poetry resulted in jailbreaking the models:

Abstract: We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for Large Language Models (LLMs). Across 25 frontier proprietary and open-weight models, curated poetic prompts yielded high attack-success rates (ASR), with some providers exceeding 90%. Mapping prompts to MLCommons and EU CoP risk taxonomies shows that poetic attacks transfer across CBRN, manipulation, cyber-offence, and loss-of-control domains. Converting 1,200 ML-Commons harmful prompts into verse via a standardized meta-prompt produced ASRs up to 18 times higher than their prose baselines. Outputs are evaluated using an ensemble of 3 open-weight LLM judges, whose binary safety assessments were validated on a stratified human-labeled subset. Poetic framing achieved an average jailbreak success rate of 62% for hand-crafted poems and approximately 43% for meta-prompt conversions (compared to non-poetic baselines), substantially outperforming non-poetic baselines and revealing a systematic vulnerability across model families and safety training approaches. These findings demonstrate that stylistic variation alone can circumvent contemporary safety mechanisms, suggesting fundamental limitations in current alignment methods and evaluation protocols...

">Prompt Injection Through Poetry
2025-12-03 - World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from AI, but there are also opportunities.

We have just published the book Rewiring Democracy: How AI will Transform Politics, Government, and Citizenship. In it, we take a clear-eyed view of how AI is undermining confidence in our information ecosystem, how the use of biased AI can harm constituents of democracies and how elected officials with authoritarian tendencies can use it to consolidate power. But we also give positive examples of how AI is transforming democratic governance and politics for the better...

">Four Ways AI Is Being Used to Strengthen Democracies Worldwide

ThreatPost

Sydney Morning Herald

New York Times

2025-12-04 - Meta Weighs Cuts to Its Metaverse Unit
2025-12-04 - A.I. Deal Making Is Getting Faster
2025-12-04 - Why One Man Is Fighting for Our Right to Control Our Garage Door Openers
2025-12-03 - Bitcoin’s Predicted Sky-High Prices Have Not Panned Out
2025-12-05 - Rebecca Heineman, Transgender Video Game Pioneer, Dies at 62
2025-12-04 - His Group Made World-Class Measurements of Atomic Elements
2025-12-02 - Beta Will Sell Motors to Another Electric Aircraft Company
2025-12-02 - Silicon Valley Builds Amazon and Gmail Copycats to Train A.I. Agents
2025-12-01 - College Students Choosing A.I. Majors Over Computer Science
2025-12-01 - Silicon Valley’s Man in the White House Is Benefiting Himself and His Friends

Wall Street Journal

BBC

2025-12-04 - Porn site fined £1m over age checks has never responded to Ofcom
2025-12-03 - New homes delayed by 'energy-hungry' data centres
2025-12-03 - Production halted at Chinese factory making 'childlike' sex dolls
2025-12-03 - India scraps order to pre-install state-run cyber safety app on smartphones
2025-12-02 - Bank of England warns of AI bubble risk
2025-12-02 - Dell family to seed Trump accounts for kids with $250
2025-12-02 - YouTuber Marques Brownlee shutting down phone wallpaper app
2025-12-02 - Fashion house Valentino criticised over 'disturbing' AI handbag ads
2025-12-02 - 'First of its kind' scanner to study blast trauma
2025-12-01 - Jorja Smith's record label hits out at 'AI clone' song
2025-12-01 - Virgin Media fined £24m for leaving vulnerable customers 'at risk of harm'
2025-12-02 - Tech Life

SecurityBrief AU

ITNews AU

2025-12-04 - India revokes order to preload cyber security app on smartphones
2025-12-04 - ASX outage caused by security software upgrade
2025-12-02 - Home Affairs to unleash AI on sensitive government data
2025-12-02 - South Korean police probe massive data leak at Coupang
2025-12-02 - Watt flags more fed insourcing after BoM website outrage
2025-12-01 - WA man jailed for at least five years for evil twin attack

BleepingComputer

2025-12-04 - Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
2025-12-04 - NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices
2025-12-04 - Predator spyware uses new infection vector for zero-click attacks
2025-12-04 - Russia blocks FaceTime and Snapchat for alleged use by terrorists
2025-12-04 - CISA warns of Chinese "BrickStorm" malware attacks on VMware servers
2025-12-04 - Contractors with hacking records accused of wiping 96 govt databases
2025-12-04 - Critical React, Next.js flaw lets hackers execute code on servers
2025-12-04 - How strong password policies secure OT systems against cyber threats
2025-12-04 - Microsoft 365 license check bug blocks desktop app downloads
2025-12-03 - Marquis data breach impacts over 74 US banks, credit unions
2025-12-03 - Critical flaw in WordPress add-on for Elementor exploited in attacks
2025-12-03 - French DIY retail giant Leroy Merlin discloses a data breach
2025-12-03 - Freedom Mobile discloses data breach exposing customer data

/r/NetSec

2025-12-01 -

Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.

Rules & Guidelines

Always maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.

Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.

If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.

Avoid use of memes. If you have something to say, say it with real words.

All discussions and questions should directly relate to netsec.

No tech support is to be requested or provided on r/netsec.

As always, the content & discussion guidelines should also be observed on r/netsec.

Feedback

Feedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.

submitted by /u/albinowax
[link] [comments]">r/netsec monthly discussion & tool thread
2025-12-05 - /u/alt69785
[link] [comments]">Privilege escalation with SageMaker and there's more hiding in execution roles
2025-12-04 - /u/ScottContini
[link] [comments]">Prompt Injection Inside GitHub Actions
2025-12-05 - /u/WesternBest
[link] [comments]">Scam Telegram: Uncovering a network of groups spreading crypto drainers
2025-12-04 - /u/alt69785
[link] [comments]">How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files
2025-12-04 - /u/rebane2001
[link] [comments]">SVG Clickjacking: A novel and powerful twist on an old classic
2025-12-04 - /u/smode21
[link] [comments]">Second order prompt injection attacks on ServiceNow Now Assist
2025-12-03 - /u/theMiddleBlue
[link] [comments]">68% Of Phishing Websites Are Protected by CloudFlare
2025-12-04 - /u/Mempodipper
[link] [comments]">High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
2025-12-04 -

Rolling out a small research utility I have been building. It provides a simple way to look up proof-of-concept exploit links associated with a given CVE. It is not a vulnerability database. It is a discovery surface that points directly to the underlying code. Anyone can test it, inspect it, or fold it into their own workflow.

A small rate limit is in place to stop automated scraping. The limit is visible at:

https://labs.jamessawyer.co.uk/cves/api/whoami

An API layer sits behind it. A CVE query looks like:

curl -i "https://labs.jamessawyer.co.uk/cves/api/cves?q=CVE-2025-0282"

The Web Ui is

https://labs.jamessawyer.co.uk/cves/

submitted by /u/JS-Labs
[link] [comments]">CVE PoC Search
2025-12-04 - /u/Salt-Consequence3647
[link] [comments]">Hunting the hidden gems in libraries
2025-12-03 - /u/unknownhad
[link] [comments]">Critical Security Vulnerability in React Server Components – React
2025-12-03 - /u/AlmondOffSec
[link] [comments]">From Zero to SYSTEM: Building PrintSpoofer from Scratch
2025-12-03 - /u/SRMish3
[link] [comments]">PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
2025-12-03 -

Most open-source L7 DDoS mitigation and bot-protection approaches rely on challenges (e.g., CAPTCHA or JavaScript proof-of-work) or static rules based on the User-Agent, Referer, or client geolocation. These techniques are increasingly ineffective, as they are easily bypassed by modern open-source impersonation libraries and paid cloud proxy networks.

We explore a different approach: classifying HTTP client requests in near real time using ClickHouse as the primary analytics backend.

We collect access logs directly from Tempesta FW, a high-performance open-source hybrid of an HTTP reverse proxy and a firewall. Tempesta FW implements zero-copy per-CPU log shipping into ClickHouse, so the dataset growth rate is limited only by ClickHouse bulk ingestion performance - which is very high.

WebShield, a small open-source Python daemon:

periodically executes analytic queries to detect spikes in traffic (requests or bytes per second), response delays, surges in HTTP error codes, and other anomalies;
upon detecting a spike, classifies the clients and validates the current model;
if the model is validated, automatically blocks malicious clients by IP, TLS fingerprints, or HTTP fingerprints.

To simplify and accelerate classification — whether automatic or manual — we introduced a new TLS fingerprinting method.

WebShield is a small and simple daemon, yet it is effective against multi-thousand-IP botnets.

The full article with configuration examples, ClickHouse schemas, and queries.

submitted by /u/krizhanovsky
[link] [comments]">Using ClickHouse for Real-Time L7 DDoS & Bot Traffic Analytics with Tempesta FW
2025-12-03 - /u/Salt-Consequence3647
[link] [comments]">Newly allocated CVEs on an ICS 5G modem
2025-12-03 - /u/duduywn
[link] [comments]">Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
2025-12-03 -

https://invicti.com/blog/security-labs/security-research-in-the-age-of-ai-tools

submitted by /u/Ok_Information1453
[link] [comments]">Security research in the age of AI tools
2025-12-01 - /u/alt69785
[link] [comments]">Shai Hulud 2.0: Analysis and Community Resources
2025-12-01 - /u/smaury
[link] [comments]">Security Audit of OpenEXR · Luma
2025-12-01 - /u/netbiosX
[link] [comments]">Bind Link – EDR Tampering
2025-12-01 -

Hey everyone, if you manage cloud infrastructure, Kubernetes, or container workloads and use tools like CSPM / CNAPP / runtime protection / WAF / IDS, you probably hope they catch real attacks. But how if they work under real-world conditions?

That’s where ARMO CTRL comes in: it’s a free, controlled attack lab that helps you simulate real web-to-cloud attacks, and validate whether your security stack actually detects them

What it does

Spins up a Kubernetes lab with intentionally vulnerable services, then runs attack scenarios covering common real-world vectors: command injection, LFI, SSRF, SQL injection
Lets you test detection across your full stack (API gateway / WAF / runtime policies / EDR / logging / SIEM / CNAPP) to see which tools fire alerts, which detect anomalous behavior, and which might miss something

submitted by /u/Hefty-Bullfrog-9436
[link] [comments]">ARMO CTRL: Cloud Threat Readiness Lab for Realistic Attack Testing
2025-12-01 - /u/unknownhad
[link] [comments]">How i found a europa.eu compromise

/r/InfoSecNews

2025-12-05 -

submitted by /u/quellaman
[link] [comments] ">Predator spyware uses new infection vector for zero-click attacks
2025-12-04 -

North Korean State Hacker's Device Infected with LummaC2 Infostealer Shows Links to $1.4B ByBit Breach, Tools, Specs and More

submitted by /u/jamessonnycrockett
[link] [comments] ">North Korean State Hacker's Device Infected with LummaC2 Infostealer Shows Links to $1.4B ByBit Breach, Tools, Specs and More
2025-12-04 -

submitted by /u/jamessonnycrockett
[link] [comments] ">Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack
2025-12-04 -

submitted by /u/quellaman
[link] [comments] ">Contractors with hacking records accused of wiping 96 govt databases
2025-12-04 -

submitted by /u/jamessonnycrockett
[link] [comments] ">WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
2025-12-04 -

submitted by /u/jamessonnycrockett
[link] [comments] ">Newly Sold Albiriox Android Malware Targets Banks and Crypto Holders
2025-12-04 -

submitted by /u/quellaman
[link] [comments] ">Kohler's Encrypted Smart Toilet Camera is not Actually end-to-end Encrypted
2025-12-04 -

submitted by /u/quellaman
[link] [comments] ">Marquis data breach impacts over 74 US banks, credit unions
2025-12-04 - /u/quellaman
[link] [comments]">GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections
2025-12-03 -

submitted by /u/quellaman
[link] [comments] ">French DIY retail giant Leroy Merlin discloses a data breach
2025-12-03 -

submitted by /u/quellaman
[link] [comments] ">Freedom Mobile discloses data breach exposing customer data
2025-12-03 - /u/quellaman
[link] [comments]">Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
2025-12-03 -

submitted by /u/jamessonnycrockett
[link] [comments] ">Fake ChatGPT Atlas Browser Used in ClickFix Attack to Steal Passwords
2025-12-03 -

submitted by /u/quellaman
[link] [comments] ">Deep dive into DragonForce ransomware and its Scattered Spider connection
2025-12-03 - /u/quellaman
[link] [comments]">Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
2025-12-03 - /u/quellaman
[link] [comments]">WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
2025-12-03 -

submitted by /u/quellaman
[link] [comments] ">Russia blocks Roblox over distribution of LGBT "propaganda"
2025-12-03 - /u/quellaman
[link] [comments]">Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
2025-12-03 -

submitted by /u/jamessonnycrockett
[link] [comments] ">7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users
2025-12-03 -

submitted by /u/quellaman
[link] [comments] ">Researchers spotted Lazarus’s remote IT workers in action
2025-12-03 -

submitted by /u/quellaman
[link] [comments] ">University of Phoenix discloses data breach after Oracle hack
2025-12-03 -

submitted by /u/quellaman
[link] [comments] ">Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack
2025-12-03 -

submitted by /u/quellaman
[link] [comments] ">Korea arrests suspects selling intimate videos from hacked IP cameras
2025-12-03 - /u/quellaman
[link] [comments]">Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
2025-12-03 - /u/quellaman
[link] [comments]">Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code