2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#tools
#DFIR
#Malware_analysis
1⃣ Official IOCX Project
// An extensible IOC extraction engine for PE binaries and text, built for SOC automation and modern threat‑analysis pipelines
2⃣ Crow Eye - Windows Forensics Engine
// Comprehensive Windows forensics tool
3⃣ Microsoft Sentinel SIEM Log Source Analyzer
// PowerShell module that connects to your MS Sentinel workspace (and Defender XDR), pulls every log table you’re ingesting
#exploit
#Kernel_Security
1⃣ Multiple vulnerabilities in AppArmor
https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt
// AppArmor + Sudo + Postfix = root
2⃣ CVE-2026-29923:
LPE Attack via pstrip64.sys
https://github.com/athenasec16/CVE-2026-29923
// pstrip64.sys - legacy kernel-mode component. While its legitimate purpose is to enable advanced graphics card display tweaking, its deep system privileges make it a highly attractive target for attackers..
// Disclaimer
#Malware_analysis
1⃣ VIPERTUNNEL Python Backdoor
https://labs.infoguard.ch/posts/slithering_through_the_noise
2⃣ We Dumped a Live Kimsuky C2 and Recovered Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger
https://intel.breakglass.tech/post/kimsuky-chm-nidlog-c2-dump-full-payload-recovery
3⃣ Inside an AI‑enabled device code phishing campaign
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026
#NetSec
#Tech_book
"Wireshark Essentials: Simplifying Network Security and Troubleshooting", 2026.
// Throughout this book, we delve into the practical applications of Wireshark, with a special focus on crafting effective filters that serve both security and troubleshooting purposes. Each chapter is structured to build your skills progressively, starting from basic concepts and moving toward complex scenarios
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (Apr.4-11, 2026)
1⃣ OpenSSL maintenance releases
// OpenSSL 3.6.2, 3.5.6, 3.4.5, 3.3.7, which fix 7 vulnerabilities, incl. CVE-2026-31790
2⃣ GlassWorm goes native:
New Zig dropper infects every IDE on your machine
// Extension impersonates WakaTime, popular developer time-tracking tool, and ships a Zig-compiled native binary alongside its JavaScript code
3⃣ Claude Mythos - new LLM from Anthropic
// Assessing Claude Mythos cybersecurity capabilities
4⃣ Node.js Trust Falls:
Dangerous Module Resolution on Windows
// Node.js on Windows defaults to insecure module resolution in C:\node_modules, enabling privilege escalation, with major vendors dismissing the security risk despite longstanding awareness since 2013...
5⃣ High-tech vulnerability in PDF files
// Such a mechanism allows the threat actor to collect user information, steal local data, perform advanced fingerprinting, and launch future attacks: if the target meets the attacker's conditions, the attacker may deliver additional exploit to achieve RCE/SBX
6⃣ Apache Solr Path Traversal RCE Attack
// CVE-2024-52012 is a Zip Slip vulnerability in Apache Solr’s ConfigSet Upload API allowing unauthenticated RCE via crafted ZIP files with path traversal sequences
7⃣ Microsoft Speech
// SpeechRuntime.exe can be exploited for lateral movement through COM hijacking and session enumeration
]-> Analytical review (Mar.28-Apr.4, 2026)
#AIOps
"SkillTrojan: Backdoor Attacks on Skill-Based Agent Systems", Apr.2026.
// SkillTrojan - backdoor attack that targets skill implementations rather than model parameters or training data
#tools
#AIOps
#MLSecOps
#Offensive_security
Recursive Autonomous Penetration Testing and Observation Robot
https://github.com/gadievron/raptor
// Autonomous Offensive/Defensive Security Research Framework, based on Claude Code
#Tech_book
#Blue_Team_Techniques
"Blue Team Handbook: Incident Response", 2026.
]-> Code from book chapters, commands, and manuals
// This trusted and widely used f ield guide for cybersecurity incident responders, SOC analysts, and defensive security professionals distills incident response essentials into a concise, field-ready format
#tools
#AIOps
"Evaluating Privilege Usage of Agents on Real-World Tools", Mar. 2026.
// GrantBox - security evaluation framework designed to systematically assess how autonomous agents handle privilege usage when interacting with real-world tools and services
#Whitepaper
#Threat_Research
#WebApp_Security
"OWASP Automated Threats Handbook:
Web Applications", Version 1.3, Mar. 2026.
// OWASP Automated Threat Handbook remains the definitive resource for security professionals seeking actionable information to defend against the abuse of valid web application functionality. Despite the ever-shifting threat landscape, the handbook’s core framework of twenty-one unique, unordered OWASP Automated Threats has proven remarkably resilient. This latest update, ver.1.3, ensures the project stays ahead of the curve as automated attacks continue to evolve
#cryptography
"Cryptanalysis of a Lightweight RFID Authentication Protocol Based on a Variable Matrix Encryption Algorithm", Mar. 2026.
// Taken together, our results indicate that the protocol is structurally insecure and admits a realistic route to full compromise in the lightweight parameter regime advocated for deployment
#Research
#Hardware_Security
"Attacking AI Accelerators by Leveraging Arithmetic Properties of Addition", Mar. 2026.
// A new hardware aging attack that exploits commutative properties of addition to disrupt the multiply-and-add operation that forms the backbone of almost all AI models. Experimental results demonstrates that the proposed attack degrades inference accuracy by up to 64% in 4 years, posing a significant threat to AI accelerators. The attack can also be extended to arithmetic units of general-purpose processors
#AIOps
#DevOps
#MLSecOps
AI Security Solutions Landscape
for LLM and Gen AI Apps, Q2 2026.
See also:
]-> AI Security Solutions Landscape for Agentic AI Q2 2026
]-> OWASP GenAI Data Security Risks & Mitigations 2026
#tools
#MLSecOps
"Claudini: Autoresearch Discovers State-of-the-Art Adversarial Attack Algorithms for LLMs", Mar. 2026.
]-> Code repository
// This paper demonstrates that LLM agents can automate AI safety research by autonomously discovering novel white-box adversarial attacks. The resulting algorithms significantly outperform over 30 existing methods, achieving up to 100% success rates in jailbreaking and prompt injection evaluations across various models. These findings highlight the potential for LLM agents to accelerate security red-teaming through iterative optimization and quantitative feedback
#AIOps
#Research
"Malicious Or Not: Adding Repository Context to Agent Skill Classification", Mar. 2026.
]-> Repo
// The largest empirical security analysis of the AI agent skill ecosystem
#AIOps
"The Blind Spot of Agent Safety: How Benign User Instructions Expose Critical Vulnerabilities in Computer-Use Agents", Apr. 2026.
]-> Code
]-> Dataset
// a benchmark that evaluates CUAs under unintended attack conditions, comprising 300 human-crafted tasks across 12 categories, 8 apps, and 2 threat clusters: environment-embedded threats and agent-initiated harms
#MLSecOps
"Unreal Thinking: Chain-of-Thought Hijacking via Two-stage Backdoor", Apr 2026.
]-> Repo
// Attackers can compromise LLMs by hijacking the Chain-of-Thought process to hide malicious behaviors within seemingly logical reasoning. To address data scarcity and instability in such attacks, the researchers introduced tools and mitigations for generating synthetic malicious CoTs
#Kernel_Security
#Sec_code_review
Security Checklist for C/C++ Programs
]-> Bug classes
]-> Linux usermode
]-> Linux Kernel
]-> Windows usermode
]-> Windows kernel
]-> Seccomp/BPF
// This security checklist, written for security auditors and secure development practitioners, provides a wide range of security issues to look for when reviewing C/C++ code. It covers both language-specific bug classes and environment-specific security issues spanning the Linux and Windows operating systems, including usermode applications and kernelmode drivers
#MLSecOps
#Whitepaper
"System Card: Claude Mythos Preview", April 8 2026.
// Claude Mythos Preview - new LLM from Anthropic. In particular, it has demonstrated powerful cybersecurity skills, which can be used for both defensive purposes (finding and fixing vulnerabilities in software code) and offensive purposes (designing sophisticated ways to exploit those vulnerabilities)
#Whitepaper
#Cloud_Security
"Zero Trust Security Architecture for Cloud-Native Applications: Complete Enterprise Implementation Guide", Jan. 2026.
// Code examples target Kubernetes 1.28+ with AWS EKS as the reference platform, though principles apply across cloud providers. The service mesh examples focus on Istio as the most widely deployed option, with additional coverage of Cilium for eBPF-based approaches. By the end of this guide, you will have a comprehensive understanding of how to design, implement, and operate Zero Trust security architectures for cloud-native applications, along with concrete implementation patterns that can be applied to your own environments
#WLAN_Security
#Mobile_Security
"LightGuard: Transparent WiFi Security via Physical-Layer LiFi Key Bootstrapping", Apr. 2026.
]-> https://github.com/Dorian47/Lightguard
// cryptographic key establishment can be offloaded from WiFi to a physically confined LiFi channel to mitigate the risk of key exposure over RF
#Analytics
#Threat_Research
2026 Radware Global Threat Analysis Report
Most beginners don’t fail at bug bounty because it’s “too hard.”
They fail because they jump between tools, watch random tutorials, and call that learning.
No structure = no results.
You don’t need more tools. You need a path.
Something that shows: what to learn → what to practice → how to actually find bugs.
That’s where these come in:
* https://resources.codelivly.com/product/bug-bounty-beginner-editions/
* https://resources.codelivly.com/product/the-ultimate-bug-bounty-starter-pack/
They’re not theory dumps. It’s the stuff you actually use—recon, XSS, SQLi, reporting—step by step.
If you’re tired of “learning” but not earning, this might fix that.
Check it out if it clicks.
#NetSec
#Threat_Research
"Policy-Guided Threat Hunting: An LLM enabled Framework with Splunk SOC Triage", Mar. 2026.
// By integrating Agentic AI with Splunk SIEM, we developed a unique threat hunting framework. The framework systematically and seamlessly integrates different threat hunting modules together, ranging from traffic ingestion to anomaly assessment using a reconstruction-based autoencoder, deep reinforcement learning with two layers for initial triage, and a LLM for contextual analysis
#tools
#AIOps
"SkillTester: Benchmarking Utility and Security of Agent Skills", Mar. 2026.
// Benchmark system for testing skills with a repeatable agent workflow
#Malware_analysis
1⃣ Bogus Avast website fakes virus scan, installs Venom Stealer instead
https://www.malwarebytes.com/blog/threat-intel/2026/03/bogus-avast-website-fakes-virus-scan-installs-venom-stealer-instead
2⃣ Supply Chain Attack on Axios
https://socket.dev/blog/axios-npm-package-compromised
3⃣ SHA Pinning Is Not Enough..
https://rosesecurity.dev/2026/03/24/sha-pinning-is-not-enough.html
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (Mar.21-28, 2026)
1⃣ Telegram 0-click RCE
// CVSS: 9.8
2⃣ litellm PyPI package (v1.82.7 + v1.82.8) compromised
// full timeline and status
3⃣ Claude security configurations
// Enhanced security configurations for Claude on MacOS
4⃣ Business TikTok accounts targeted with AITM phishing kits
5⃣ Exploiting AQL Injection Vulnerabilities in ArangoDB
// This post serves as a comprehensive reference for pentesters seeking detailed insight into AQL injections and how they can be exploited
6⃣ Infiniti Stealer
// New macOS infostealer using ClickFix and Python/Nuitka
7⃣ Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack
// On Mar.19,2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions
8⃣ strongSwan CVE-2026-25075:
Integer Underflow in VPN Authentication
// Critical integer underflow vulnerability in strongSwan 4.5.0-6.0.4 allows attackers to cause DoS via malformed EAP-TTLS messages
]-> P.S. The past week has demonstrated that attackers' focus has finally shifted to developer tools (AI libraries, CI/CD) ...
]-> Analytical review (Mar.14-21, 2026)
#AppSec
#WebApp_Security
"A Large-Scale Study of Telegram Bots", Mar. 2027.
]-> Dataset
// This research provides the first large-scale characterization of Telegram bots by analyzing over 32K bots and 492M messages. The authors developed an automated interaction system to classify bots, uncovering both beneficial applications and sophisticated malicious infrastructures
#NetSec
#cryptography
"Analyzing the WebRTC Ecosystem and Breaking Authentication in DTLS-SRTP", 2026.
]-> Repo
// In this work developing an automated MitM testing framework (DTLS-MitM-Scanner) to test the DTLS channel of a DTLS-SRTP connection
#Whitepaper
"Implementing Micro-Segmentation in a Legacy Enterprise Lab Network: A Zero Trust Approach to Reducing Lateral Movement, Improving Containment, and Controlling Operational Overhead", Jan. 2026.
// This study evaluates micro-segmentation as a practical Zero Trust control in a Windows Active Directory lab that models common legacy dependencies (directory services, file services, a web tier, and a database tier)