March 19, 2025
March 19, 2025

Secure Annex - Enterprise Browser Extension Security & Management Platform
An investigation into buying access to browsers through extensions
Back in 2023, I taught a full course on "Plenty of Phish in the Sea: Collecting and Investigating Email and Text Message Threats" in Japan.
— Lena (@LambdaMamba) March 18, 2025
I've now made the full course available to the public, and the slides can be accessed here: https://t.co/LDEJhEtPz1
This course provides a… pic.twitter.com/oqTHIFJ7gi
Our first video from RE//verse 2025 is live! Part journey of personal discovery, part technical deep-dive, this presentation from Markus Gaasedelen was the highest rated in the feedback survey and is a must-see talk: https://t.co/bxh4jotdoa
— RE//verse (@REverseConf) March 18, 2025
0day Today is the ultimate database of exploits and vulnerabilitieshttps://t.co/Fx5KrMKT4V pic.twitter.com/SQT0Ius29C
— Legion Hunter (@bGVnaW9u) March 17, 2025
https://t.co/l8nuchZeYL, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocked by CSP, https://t.co/fMZZpW1k4T
— Nicolas Krassas (@Dinosn) March 18, 2025
In other lowkey news, Iran's AFTA (CISA equivalent) briefly posted news about foiling allegedly APT15 activities and caught them squatting in multiple critical infrastructure and gov networks. This is an interesting case to look at.
— Hamid Kashfi (@hkashfi) March 18, 2025
No IoCs as usual, so VT retrohunt FTW! pic.twitter.com/whS3oc670D

BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique | Google Cloud Blog
The browser in the middle technique can enable compromises, especially if defenses and MFA aren't properly implemented.
Poland now has the largest quantum key distribution network in Europe, and second after China. Pionier-Q – 1 770 km. pic.twitter.com/BWFYt2zOJc
— Lukasz Olejnik (@lukOlejnik) March 18, 2025
