March 20, 2025
March 20, 2025
This has the potential to be either horrible or not: https://t.co/3x859Lb4e6
— Daniel Cuthbert (@dcuthbert) March 19, 2025
BLUF: Despite the rise of 32-bit devices, a large number of legacy embedded products in industrial, automotive, and consumer electronics still run on 8/16-bit architectures.
vibe coders when the vibe is off pic.twitter.com/Sg54ppwBTw
— ️ (@crackticker) March 18, 2025
One truth I've always stood by: attackers win by knowing your infrastructure better than you do. AI-enabled coding will bring amazing productivity, but the undiscovered cracks and seams built by vibe coding will be a massive attack surface for a while... https://t.co/jAcPBiacxW
— Rob Joyce (@RGB_Lights) March 18, 2025
There have been great women in malware writing and the VX scene:
— Greg Linares (Laughing Mantis) (@Laughing_Mantis) March 19, 2025
First and foremost: Gigabyte, she was a pioneer for many other women to get into VX. She was my best friend for many years, I owe so much of my VX years and introduction into cyber security because of her. She… https://t.co/lYzNOxqdov
New video in our archived content/footage playlist. This time about the lesser known MEK from the German BKA. A domestic law enforcement unit specialising in covert surveillance (among others).https://t.co/iDHcAOzhVK#German #surveillance #BKA #intelligence
— Spy Collection (@SpyCollection1) March 19, 2025
Using frida-trace to hook thousands of methods in one go and get clean, readable output for large, obfuscated mobile apps 📲. Another post from Reino’s to level up your dynamic analysis: https://t.co/fyfjNAeaLh pic.twitter.com/9TzHirarWY
— Orange Cyberdefense's SensePost Team (@sensepost) March 19, 2025
Not entirely sure why the “JFK files” include bulk disclosure of Operations policies, e.g. https://t.co/yvq6sEWRB6
— Nick Carr (@ItsReallyNick) March 19, 2025
but I suspect people will be generally interested in who was exempt from recruitment/training & why pic.twitter.com/zMa8VxEuse
I’m excited to introduce Namespace Confusion, a novel attack discovered during Gareth's and mySAML Roulette: The Hacker Always Wins research. We uncovered a brutal attack on XML signature validation that destroys authentication in Ruby-SAML! https://t.co/qgOHYjJZri pic.twitter.com/AJyEfzGGF8
— d4d (@d4d89704243) March 18, 2025
I don’t think astronauts should be allowed to come back. You made your choice.
— dog poisoner (@mrnastynodrama) March 20, 2025
CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers
— remy🐀 (@_mattata) March 20, 2025
Attack combines 2D barcodes (QR) and Bluetooth interception, allowing you to phishing passkeys.https://t.co/rTxP5nG8YK
“My ‘the f-35 has no kill switch’ t-shirt is raising a lot of questions already answered by the shirt.”
Pentagon denies that the F-35 has a “remote kill-switch”. That issued this message openly shows the gravity of the communication crisis. Still, it is clear that F-35 relies heavily on data, sensors and software. Software that almost no country controls. https://t.co/1qXUCX0Zb9 pic.twitter.com/C4coJis3pR
— Lukasz Olejnik (@lukOlejnik) March 20, 2025
Good Mandiant report on UNC3886 🇨🇳 to check out. The use "Operational Relay Boxes" (ORBs) is easy to demo here too. One of the C2 servers appears to be a popped a Plex Media Server via @shodanhq
— Will (@BushidoToken) March 13, 2025
1. https://t.co/5mLCU2GtTC
2. https://t.co/pSeuh3FCdB
3. https://t.co/FBFr6JLrQV pic.twitter.com/zVWs5NBd7q