May 14, 2025
May 14, 2025
Happy to announce my new paper "The cryptoint library": https://t.co/Spc0eUGVdW Constant-time code is the main way that we avoid leaking secrets to timing attacks. This is a paper on how much progress there has been, what's left to do, and how to do it.
— Daniel J. Bernstein (@hashbreaker) April 24, 2025
Great news! The Pwnie awards nominations are now open!https://t.co/s9UnLrQ1z8
— Pwnie Awards (@PwnieAwards) May 13, 2025
knowing how to secure something is MUCH easier when you know all the attacks.
— rez0 (@rez0__) May 13, 2025
the vulnerablemcp[.]info is a fantastic resource for understanding all the ways that MCP servers can be vulnerable/malicious.
link below. pic.twitter.com/TiSwGWyW5r
The Vulnerable MCP Project: Tracking Model Context Protocol Vulnerabilities
A community-maintained database of known vulnerabilities, limitations, and security concerns with the Model Context Protocol (MCP)
Just dropped a blog post on a fun bug that our (former since it's reported long long time ago) intern, Devesh Logendran found in Visual Studio Code <= 1.89+
— starlabs (@starlabs_sg) May 14, 2025
We hope you will have fun reading it.https://t.co/RITe25O8u3
In recent incident responses with an Ivanti CSA compromise as the root cause, Synacktiv's CSIRT came across open-source tools used for post-exploitation. Our ninja @Cybiosity explores their functionalities and discusses detection capabilities.https://t.co/x7us3TGRGN
— Synacktiv (@Synacktiv) May 13, 2025
https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
I blogged about my discovery of CVE-2025-26684 - Microsoft Defender for Endpoint (MDE) on Linux Elevation of Privilege https://t.co/mjtUQ9YOmW
— Rich Mirch (@0xm1rch) May 13, 2025
There’s an Android-only open redirect technique using the intent:// scheme:
— Meydi (@neotrony) May 13, 2025
intent://trusted.com/#Intent;scheme=https;package=non.existent.app;S.browser_fallback_url=https://attacker.com/test;end
If checker function only validate the domain and the app isn’t installed,
….