2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
We lost a great friend, a talented information security researcher two days ago. I hope you remember him in your prayers and contribute to spreading his articles so that his memory may endure.
https://lynguist0.medium.com/
https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies
Читать полностью…
#Malware_analysis
1⃣ Malicious use of virtual machine infrastructure
https://www.sophos.com/en-us/blog/malicious-use-of-virtual-machine-infrastructure
2⃣ Black Basta: Defense Evasion Capability Embedded in Ransomware Payload
https://www.security.com/threat-intelligence/black-basta-ransomware-byovd
3⃣ Technical Analysis of Marco Stealer
https://www.zscaler.com/blogs/security-research/technical-analysis-marco-stealer
4⃣ Another piece of XWorm: Interesting way to drop the trojan in another malicious script
https://isc.sans.edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682
#WebApp_Security
#Offensive_security
Top 10 New Web Hacking Techniques of 2025
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025
// The top web hacking techniques of 2025 include parser differentials, HTTP/2 CONNECT exploits, cross-origin leaks, cache poisoning, and novel SSRF methods
#Cloud_Security
#Threat_Research
"Cloud Edge Phishing: Breaking the Future of Auth",
OOTB 2025.
// This talk analyzes modern phishing techniques - including OAuth consent hijacking, browser-based MITM proxies, and token-binding attacks - and demonstrates two revolutionary serverless approaches that serve as the ultimate stealthy platforms for phishing Ops
See also:
]-> Authentication Downgrade Attacks: Deep Dive into MFA Bypass (Feb. 2026)
#hardening
#Whitepaper
#Cloud_Security
"Container Security: Docker & Kubernetes Hardening. Complete Enterprise Security Guide", Dec. 2025.
// This guide takes a practical, end-to-end approach to securing containerized environments, covering Docker, Kubernetes, networking, and the supply chain with an operational mindset. Each chapter examines specific security domains in depth, providing practical guidance, real-world examples, and production-ready configurations for securing containerized environments
#tools
#hardening
#MLSecOps
Detecting and Monitoring OpenClaw (clawdbot, moltbot)
1⃣ OpenClaw Detection Scripts
// Detection scripts for MDM deployment to identify OpenClaw installations on managed devices
2⃣ OpenClaw Telemetry Plugin
// Captures tool calls, LLM usage, agent lifecycle, and message events
3⃣ Advanced Cognitive Inoculation Prompt (ACIP)
// Fortifying LLMs against sophisticated prompt injection attacks
crypto-scanner: Open-source CLI tool to find quantum-vulnerable cryptography in your codebase
https://ift.tt/JxXf0lT
Submitted February 07, 2026 at 07:11AM by MindlessConclusion42
via reddit https://ift.tt/fWoIhw8
https://scriptjacker.in/blogs/Hyperlink-Injection-Bypass/
Читать полностью…
https://seth0x41.github.io/2023/12/24/jwt-attacks
Читать полностью…
https://blog.voorivex.team/9240-bounty-in-30-days-hunt-challenge
Читать полностью…
There are many such commands on Twitter and the Internet. Please stop these bad commands
I will never use any commands like this or those tools
It's all a lie
https://terrific-dart-70e.notion.site/Application-A-Example-294f4ca0f424810eaf56eb26f6a4ea4e
#notion #bugbounty #checklist
𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗪𝗼𝗿𝘁𝗵 𝗥𝗲𝗮𝗱𝗶𝗻𝗴 - 𝗪𝗲𝗲𝗸 𝟲, 𝟮𝟬𝟮𝟲
Busy week! AI, AI, AI and the death of Flash!
🤖 𝗦𝗲𝗺𝗴𝗿𝗲𝗽'𝘀 𝗔𝗴𝗲𝗻𝘁 𝗦𝗸𝗶𝗹𝗹𝘀
Semgrep released a set of agent skills worth looking into: github.com/semgrep/skills.
🤿 𝗦𝗵𝗮𝗸𝗶𝗻𝗴 𝘁𝗵𝗲 𝗠𝗖𝗣 𝗧𝗿𝗲𝗲: 𝗔 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗗𝗲𝗲𝗽 𝗗𝗶𝘃𝗲
You may think "just another MCP bug" but this post is actually worth reading: blog.voorivex.team/shaking-the-mc….
🤖 𝗘𝘃𝗮𝗹𝘂𝗮𝘁𝗶𝗻𝗴 𝗮𝗻𝗱 𝗺𝗶𝘁𝗶𝗴𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗲 𝗴𝗿𝗼𝘄𝗶𝗻𝗴 𝗿𝗶𝘀𝗸 𝗼𝗳 𝗟𝗟𝗠-𝗱𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝗲𝗱 𝟬-𝗱𝗮𝘆𝘀
This section resumes it: "Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models": red.anthropic.com/2026/zero-days/.
♦️ 𝗖𝗼 -𝗥𝗲𝗱𝗧𝗲𝗮𝗺: 𝗢𝗿𝗰𝗵𝗲𝘀𝘁𝗿𝗮𝘁𝗲𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝘆 𝗮𝗻𝗱 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 𝘄𝗶𝘁𝗵 𝗟𝗟𝗠 𝗔𝗴𝗲𝗻𝘁𝘀
If you are working on a "LLM based hacker", you are going to want to read this: arxiv.org/pdf/2602.02164.
🚨 𝗔𝗻 𝗶𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻 𝘁𝗼 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 𝗟𝗟𝗠 𝗿𝗲𝗱 𝘁𝗲𝗮𝗺𝗶𝗻𝗴
Promptfoo is a neat tool to add to your red teaming arsenal: blog.nviso.eu/2026/02/05/an-….
🛠️ 𝗦𝗰𝗮𝗹𝗮𝗯𝗹𝗲 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝘁𝗼𝗼𝗹𝗶𝗻𝗴 𝗳𝗼𝗿 𝗮𝗴𝗲𝗻𝘁 𝘀𝘆𝘀𝘁𝗲𝗺𝘀
A great post on how to scale tooling for agent: knifecoat.com/Posts/Scalable….
🦝 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝗶𝗻𝗴 𝗡𝗲𝗴𝗮𝘁𝗶𝘃𝗲-𝗗𝗮𝘆𝘀 𝘄𝗶𝘁𝗵 𝗟𝗟𝗠 𝗪𝗼𝗿𝗸𝗳𝗹𝗼𝘄𝘀
That's something I toyed with in 2012 (Monitoring repositories for Fun and Profit - Ruxcon 2012), I used basic rules at the time. Obviously, having LLMs is a game changer for this kind of workload: spaceraccoon.dev/discovering-ne….
⚡️ 𝗪𝗵𝗮𝘁 𝗥𝗲𝗮𝗹𝗹𝘆 𝗞𝗶𝗹𝗹𝗲𝗱 𝗙𝗹𝗮𝘀𝗵 𝗣𝗹𝗮𝘆𝗲𝗿: 𝗔 𝗦𝗶𝘅-𝗬𝗲𝗮𝗿 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻 𝗼𝗳 𝗗𝗲𝗹𝗶𝗯𝗲𝗿𝗮𝘁𝗲 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 𝗪𝗼𝗿𝗸
The story of the death of Adobe Flash, a must-read for AppSec practitioners. medium.com/@aglaforge/wha….
#MLSecOps
#Infosec_Standards
NIST AI 800-2 (IPD):
"Practices for Automated Benchmark Evaluations of Language Models", Jan. 2026.
// This document identifies practices for conducting automated benchmark evaluations of language models and similar general-purpose AI models that output text. Evaluations of these models, often embedded into systems capable of functioning as chatbots and AI agents, are increasingly common. However, consistent practices to support the validity and reproducibility of such evaluations are only beginning to emerge. The practices presented in this document are intended to reflect best practices; where relevant, practices that are relatively less mature in ecosystem use are labeled as emerging practice
#AppSec
Application Audit Checklist, 2025.
// Checklist to support application audits across governance, access controls, configuration, data integrity, logging, change management, integrations, and recovery
#exploit
#AppSec
1⃣ CVE-2025-67813:
RCE via Quest Desktop Authority Named Pipe
// A vulnerability in Quest Desktop Authority allows authenticated users to remotely execute code and perform malicious operations via a named pipe, which can be mitigated by patches, firewalls, or disabling the service
2⃣ CVE-2026-24002:
RCE sandbox escape in Grist‑Core
// One malicious formula can turn a spreadsheet into a RCE beachhead...
3⃣ CVE-2025-49825:
Teleport remote authentication bypass
// CVE-2025-49825 is a critical Teleport vulnerability allowing attackers to bypass authentication and potentially gain root access via nested SSH certificates if unpatched
#MalDev
#Malware_analysis
#Offensive_security
MacOS Malware Persistence
Part 1 - LaunchAgents. Simple C example
]-> Source code in GitHub
Part 2 - Shell environment hijacking. Simple C example
]-> Source code in GitHub
// Disclaimer
#AIOps
#Tech_book
"Agentic Design Patterns: A Hands-On Guide to Building Intelligent Systems", Oct. 2025.
// A comprehensive guide presenting 21 design patterns for building AI agents, using frameworks like LangChain, Crew AI, and Google ADK to create autonomous intelligent systems
Tool: AST-based security scanner for AI-generated code (MCP server)
https://ift.tt/mc6CoVt
Submitted February 06, 2026 at 09:55PM by NoButterfly9145
via reddit https://ift.tt/rbwKiQ3