December 2-3, 2025
December 2-3, 2025
Rest In Peace, Stealth
Stealth died š¢ A member of Team-Teso, Phrack staff, and many other groups. A true hackerāperhaps as true as a hacker can ever be. WE MISS YOU. š©·
ā The Hacker's Choice (@thc@infosec.exchange) (@hackerschoice) December 2, 2025
More: https://t.co/Jx0JYfrjnG
<stealth> we had joy we had fun we had a rootshell on a sun. pic.twitter.com/gV2TxT7uRb
Impressively AI security tooling
Introducing RAPTOR, an Autonomous Offensive/Defensive Research Framework based on Anthropic's Claude Code, written by @dcuthbert, @halvarflake, @mbrg0, and myself.
ā Gadi Evron (@gadievron) December 2, 2025
Let's rock. Get it from GitHub, here: https://t.co/giBaCtIexB
11/30/2025: Every week I share a curated list of red team-specific jobs (or similar/adjacent) that caught my attention or were shared with me by others in the community. My goal is to help job hunters in the offensive security space find a red team-specific role.
ā Nick VanGilder (@nickvangilder) December 1, 2025
š Company +ā¦ pic.twitter.com/w9418jsObv
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research.https://t.co/YMIJy7WEtq
ā Pavol LuptĆ”k (@wilderko) December 1, 2025
I wrote a blog post on CVE-2025-48593, an issue patched in Android's November Security Bulletin that only affected devices which act as Bluetooth headphones, such as smartwatches, smart glasses, and cars.
ā Zhuowei Zhang (@zhuowei) December 2, 2025
I examined the patch and wrote a proof-of-concept:https://t.co/bBhoMUGXn6
Last week I hosted family for Thanksgiving.
ā IT Unprofessional (@it_unprofession) December 1, 2025
My 12-year-old nephew asked for the WiFi password.
He wanted to play Roblox on his iPad.
I looked at the device.
Unmanaged. No antivirus. No encryption.
Iām an IT Professional. I don't run an open network.
So I didnāt give him theā¦
Last month my intern asked for help with a Kubernetes error.
ā IT Unprofessional (@it_unprofession) December 2, 2025
He was stuck on a YAML file.
He looked desperate.
I make $275,000 a year.
I haven't written a line of code since 2017.
I don't even know what a "pod" is.
But I didn't tell him that.
I leaned back in my Hermanā¦
"Windows has a design flaw in driver validation. If certificate revocation checks fail or time out (which happens often), Windows assumes the certificate is fine and loads the driver anyway."š„“
ā š³ (@sekurlsa_pw) December 2, 2025
source: https://t.co/bBM6KAmbGkhttps://t.co/ExN8StWw8Z
IOCs: https://t.co/sMdxKqRdxv https://t.co/qhaw2EMisv
"Using Cobalt Strike to find (more) Cobalt Strike"
ā Silas Cutler (p1nk) (@silascutler) December 2, 2025
There are a lot of cool ways to find #CobaltStrike, these are some of the coolest:https://t.co/XPuQhqkErf pic.twitter.com/ewnFPVFC5q
š§µApple just devalued full TCC bypasses from 30,5k to 5k. Hard to interpret this in a good way. It feels like
ā Csaba Fitzl (@theevilbit) December 2, 2025
- we admit we canāt fix this shit and we donāt care or at least not willing to pay for it
- we donāt care about privacyhttps://t.co/jGd553oHw0
Weāre thrilled to see Slither being used by Anthropic to augment their agentic smart contract research.
ā Trail of Bits (@trailofbits) December 2, 2025
If youāre interested in adding Slither to your LLM-based agents or workflows, check out our newly released slither-mcp: https://t.co/SEK4mJPHs9 https://t.co/FlaqIa5ndO pic.twitter.com/uzcqS2knaN
Analysis of 3,655 "local cures" from an Irish folklore database shows that magical and religious treatments are associated with diseases likely to have causes and mechanisms that would be unclear to the patients.https://t.co/5LUfwqXbch
ā Alberto Acerbi (@acerbialberto) December 2, 2025
I am writing for @WarOnTheRocks about Austro-Hungarian military failures in the first months of the First World War and the lessons they offer for Ukraine today. The two sieges of PrzemyÅl highlight a fundamental principle of static defense doctrine: it can serve a legitimateā¦
ā Franz-Stefan Gady (@HoansSolo) December 2, 2025
Low-Level Software Security for Compiler Developers
ā Alex Plaskett (@alexjplaskett) December 2, 2025
If you ever wanted a textbook-style guide to memory safety bugs, undefined behavior, exploit mitigations, side channels, etc.
All in one spot, this free book is it:https://t.co/XfY21Uzen1 pic.twitter.com/yOqItr8Nd5
"Counterintelligence officers from the Security Service of Ukraine (SBU), together with UK intelligence agencies, have exposed a British national named Ross David Cutmore who, on instructions from Russian intelligence, conducted espionage and sabotage activities on Ukrainianā¦ pic.twitter.com/ufkbdu4yiJ
ā Rob Lee (@RALee85) December 2, 2025
A new evasion technique known as "EDR-Freeze" has emerged, changing the way attackers neutralize endpoint security. Unlike traditional methods that attempt to crash or terminate security software (which often triggers alerts), EDR-Freeze suspends the security process entirely,ā¦ pic.twitter.com/hGIaTghbBA
ā blackorbird (@blackorbird) December 2, 2025
Add a comment: