me.dm by Medium.com

0 posts0 participants0 posts today

Pyrzout :vm:This Week in Security: NPM, Kerbroasting, and The Rest of the Story <a href="https://hackaday.com/2025/09/12/this-week-in-security-npm-kerbroasting-and-the-rest-of-the-story/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackaday.com/2025/09/12/this-week-in-security-npm-kerbroasting-and-the-rest-of-the-story/</a> <a href="https://social.skynetcloud.site/tags/ObfuscatedCCodeContest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ObfuscatedCCodeContest</a> <a href="https://social.skynetcloud.site/tags/ThisWeekinSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThisWeekinSecurity</a> <a href="https://social.skynetcloud.site/tags/HackadayColumns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackadayColumns</a> <a href="https://social.skynetcloud.site/tags/SecurityHacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityHacks</a> <a href="https://social.skynetcloud.site/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> <a href="https://social.skynetcloud.site/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a>

DEFCON 201TOMORROW (4/8) at 6:30 PM EST, legendary <a href="https://defcon.social/@defcon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@defcon</a> speaker <a href="https://defcon.social/@RenderMan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@RenderMan</a> will be talking about his <a href="https://hostux.social/tags/intetnrtofdongs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intetnrtofdongs</a> project finding <a href="https://hostux.social/tags/vuln" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vuln</a> <a href="https://hostux.social/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> & <a href="https://hostux.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> research into smart sex toys for <a href="https://hostux.social/tags/DESCI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DESCI</a> NYC!RSVP Here: <a href="https://lu.ma/descinyc32" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://lu.ma/descinyc32</a><a href="https://hostux.social/tags/fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fediverse</a> <a href="https://hostux.social/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mastodon</a> <a href="https://hostux.social/tags/Hacker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hacker</a> <a href="https://hostux.social/tags/sextoys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sextoys</a> <a href="https://hostux.social/tags/dildos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dildos</a> <a href="https://hostux.social/tags/sextech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sextech</a>

Hackread.com🩹 Microsoft’s February <a href="https://mstdn.social/tags/PatchTuesday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PatchTuesday</a> addresses 63 security vulnerabilities, including two actively exploited <a href="https://mstdn.social/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a>. Update your systems now to protect against these threats. 🔒Read: <a href="https://hackread.com/patch-tuesday-microsoft-fixes-0-day-bugs/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackread.com/patch-tuesday-microsoft-fixes-0-day-bugs/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://mstdn.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerability</a>

Geekmaster 👽:system76:<a href="https://mastodon.social/@mcc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@mcc</a> <a href="https://mastodon.social/@Infoseepage" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Infoseepage</a> ah, makes sense. That's why I use Linux personally (for decades now). None of that AI stuff, unless you purposefully install it. IMHO Windows is great for gaming (tho many of my titles run on Linux now. Yay!), and in the enterprise of course (where I get my paycheck lol), and that's it. Something to keep in mind, W10 hits EOL this October, so it won't be patched further after then. <a href="https://ioc.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> groups will increase attacks using <a href="https://ioc.exchange/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> once MSFT ceases official support exponentially.You can still disable <a href="https://ioc.exchange/tags/Copilot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Copilot</a> in the registry of W11 24H3 (Pro and Enterprise SKUs, not Home as far as I can find). Not sure how long that will last though as <a href="https://ioc.exchange/tags/MSFT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MSFT</a> pushes hard to further integrate AI in everything they offer. At least on the Enterprise side they give us <a href="https://ioc.exchange/tags/sysadmins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sysadmins</a> control over a lot of that. Consumers have much less control. It's either you embrace it, or change to a different platform. Unfortunately (or fortunately), Linux is the only non-AI embedded OS left that I'm aware of. The next release of <a href="https://ioc.exchange/tags/macOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#macOS</a> has <a href="https://ioc.exchange/tags/AppleIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppleIntelligence</a> built in, <a href="https://ioc.exchange/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iOS</a> 18.0 and later has it baked in, the latest release of <a href="https://ioc.exchange/tags/ChromeOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ChromeOS</a> for Enterprise has <a href="https://ioc.exchange/tags/Gemini" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Gemini</a> baked in, and <a href="https://ioc.exchange/tags/Android13" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android13</a> has <a href="https://ioc.exchange/tags/Gemini" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Gemini</a> baked in on supported devices. As you know, W10 has Copilot optional with supporting hardware, W11 is baked in but can be toggled off. W12 will be a fully AI-OS. Even still, if you're running any of the latest <a href="https://ioc.exchange/tags/IntelUltra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IntelUltra</a> processors, they have AI built-in at the hardware level. The new <a href="https://ioc.exchange/tags/AMDRyzen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AMDRyzen</a> processors are doing the same.I decided to embrace the AI evolution rather than fight it. I use my knowledge and skills to protect myself, my family, and my company as much as is possible, and keep abreast of developments in the sector...I also use AI for <a href="https://ioc.exchange/tags/cyberdefense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberdefense</a>. Only way to keep up with the threat landscape anymore. For now, I still have control of my bubble lol, and that's about all I can do anymore, short of going completely dark. Not quite there yet lol.

SignetToday's mission: find <a href="https://mstdn.business/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> in <a href="https://mstdn.business/tags/Signet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signet</a>!No, seriously, I'm writing tools to determine the impacts of a malicious client. What can the firmware defend against & what are its limitations?Whether the code is vulnerable or secure, we should have proof. Right now the proof is "it's open source, just read the code" and that's not good enough. I want any independent security professional to be able to audit the firmware in a weekend, by themselves.In summary <a href="https://mstdn.business/tags/PoCorGTFO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PoCorGTFO</a>

Synapsenkitzler 🌻 🌈<a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bsi</a> Viel Erfolg! 👍 Hoffentlich werden nicht <a href="https://digitalcourage.social/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a>/Sicherheitslücken genutzt/finanziert/offengelassen=unterstützt, sondern stattdessen an Schließung/Bekämpfung davon gearbeitet? Da gibt es ja ggf. einen Zielkonflikt mit anderen "Sicherheit"sbehörden.Ich musste bei hochmoderner Medientechnik i.V.m. Behörde erst denken an einen <a href="https://digitalcourage.social/tags/tageslichtprojektor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tageslichtprojektor</a>. 😉Hier ein "ki"-generiertes Bild zum textprompt: "eine behörde für cybersicherheit macht mit einem analogen alten tageslichtprojektor eine präsentation" quelle+3 weitere bilder: <a href="https://www.bing.com/images/create/eine-behc3b6rde-fc3bcr-cybersicherheit-macht-mit-einem-a/1-660e9dd147e84bbab49f529038da7740?FORM=GENCRE" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bing.com/images/create/eine-behc3b6rde-fc3bcr-cybersicherheit-macht-mit-einem-a/1-660e9dd147e84bbab49f529038da7740?FORM=GENCRE</a> <a href="https://digitalcourage.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://digitalcourage.social/tags/bsi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bsi</a> <a href="https://digitalcourage.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

Volexity :verified:In this blog post, Michael Hale Ligh & Andrew Case (<a href="https://infosec.exchange/@attrc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@attrc</a>) break down how <a href="https://infosec.exchange/@volexity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@volexity</a> used <a href="https://infosec.exchange/tags/memoryforensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#memoryforensics</a> to discover two <a href="https://infosec.exchange/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices. More details here: <a href="https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities</a><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a>

Bob CarverCybersecurity guru Mikko Hyppönen’s 5 most fearsome AI threats for 2024 <a href="https://thenextweb.com/news/mikko-hypponen-5-biggest-ai-cybersecurity-threats-2024" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thenextweb.com/news/mikko-hypponen-5-biggest-ai-cybersecurity-threats-2024</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ai</a> <a href="https://infosec.exchange/tags/deepfakes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#deepfakes</a> <a href="https://infosec.exchange/tags/automatedmalware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#automatedmalware</a> <a href="https://infosec.exchange/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a>

🦋 Ben West - 🐒🌻An interesting book about <a href="https://infosec.exchange/tags/0Days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0Days</a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>: This Is How They Tell Me the World Ends - by Nicole Perlroth from the NY Times.<a href="https://share.libbyapp.com/title/6312357" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://share.libbyapp.com/title/6312357</a>

Trend Zero Day InitiativeIt's the largest <a href="https://infosec.exchange/tags/Adobe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Adobe</a> patch Tuesday in recent memory. <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> has a smaller release, but is addressing three <a href="https://infosec.exchange/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> being actively exploited. Join <a href="https://infosec.exchange/@TheDustinChilds" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@TheDustinChilds</a> as he looks at the full release - which also includes more <a href="https://infosec.exchange/tags/Exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Exchange</a> patches. <a href="https://www.zerodayinitiative.com/blog/2023/11/14/the-november-2023-security-update-review" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.zerodayinitiative.com/blog/2023/11/14/the-november-2023-security-update-review</a>

Marco IvaldiSome nice <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/audit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#audit</a> work here 👍<a href="https://infosec.exchange/tags/Squid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Squid</a> Caching Proxy Security Audit: 55 <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerabilities</a> and 35 <a href="https://infosec.exchange/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a><a href="https://megamansec.github.io/Squid-Security-Audit/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://megamansec.github.io/Squid-Security-Audit/</a>

M Dell<a href="https://akademienl.social/@Frederik_Borgesius" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Frederik_Borgesius</a> 14.5 and 14.10 seem conflicting?We should stop the digital arms trade, selling <a href="https://mastodon.social/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> and / or <a href="https://mastodon.social/tags/spyware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spyware</a> should always be illegal. Without this there will be no <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a>

TechHelpKB.com 📚<a href="https://mastodon.social/tags/Researchers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Researchers</a> have discovered multiple <a href="https://mastodon.social/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> affecting major <a href="https://mastodon.social/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> platforms like <a href="https://mastodon.social/tags/Coinbase" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Coinbase</a> and <a href="https://mastodon.social/tags/Binance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Binance</a>. <a href="https://tchlp.com/3scBZfN" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://tchlp.com/3scBZfN</a>

Kevin Karhan :verified:<a href="https://mastodon.social/@krzyzanowskim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@krzyzanowskim</a> no!Because they are a <a href="https://mstdn.social/tags/GAFAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GAFAM</a> and they'd only make some <a href="https://mstdn.social/tags/proprietary" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#proprietary</a> <a href="https://mstdn.social/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleVendor</a> / <a href="https://mstdn.social/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleProvider</a> shit that has more <a href="https://mstdn.social/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Govware</a> <a href="https://mstdn.social/tags/backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#backdoors</a> than <a href="https://mstdn.social/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iOS</a> had <a href="https://mstdn.social/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> in it's history...

happygeek :unverified: + :verified: = $0First thing I’ve published since surgery seven weeks ago. That was an excruciating hour or so, but have to pay the rent. So, any and all sharing would be *hugely* appreciated.By me at Forbes, the latest iOS update (16.5) includes fixes for three zero-days impacting most all iPhone and iPad users. <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apple</a> <a href="https://infosec.exchange/tags/iphone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iphone</a> <a href="https://infosec.exchange/tags/ipad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ipad</a> <a href="https://infosec.exchange/tags/ios" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ios</a> <a href="https://infosec.exchange/tags/ios165" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ios165</a> <a href="https://infosec.exchange/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerabilities</a> <a href="https://www.forbes.com/sites/daveywinder/2023/05/19/ios-165-update-now-warning-issued-for-all-iphone-ipad-users/" rel="nofollow noopener noreferrer" target="_blank">https://www.forbes.com/sites/daveywinder/2023/05/19/ios-165-update-now-warning-issued-for-all-iphone-ipad-users/</a>

Chase :loading:Realized that I never did an <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#introduction</a> so here goes.My name is Chase or Charles from <a href="https://infosec.exchange/tags/Dallas" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Dallas</a> i’ve been in <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> for almost a decade. I started out in helpdesk in college and moved onto <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#appsec</a> and then <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> and malware reverse engineering. After my stint on the <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> side of the house I moved to <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> and <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> by getting my <a href="https://infosec.exchange/tags/OSCP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSCP</a> and <a href="https://infosec.exchange/tags/OSCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSCE</a> and worked there for 4 years where I got to do a lot of fun stuff like write a <a href="https://infosec.exchange/tags/c2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#c2</a> and find a number of <a href="https://infosec.exchange/tags/0days" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#0days</a>. Now I’m the CTO of Vector0 where we are building an attack surface management platform. Outside of work while at home I mainly spend time <a href="https://infosec.exchange/tags/gaming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gaming</a> or doing projects around my house and spending time in my pool. Otherwise I try to get as far away from a screen as possible by traveling and hiking/camping in places where I can’t be reached.

Recent searches

Search options

Administered by:

Server stats:

#0days