May 27, 2025
May 27, 2025
This post from @s1guza should be mandatory reading for seceng. Playing whack-a-mole with first-order primitives or just patching vulnerabilities stand alone without disrupting exploit strategies is always going to be fighting a losing battle. https://t.co/1nBMHFFAY1
— Alex Plaskett (@alexjplaskett) May 25, 2025
Claude 4 just refactored my entire codebase in one call.
— vas (@vasumanmoza) May 25, 2025
25 tool invocations. 3,000+ new lines. 12 brand new files.
It modularized everything. Broke up monoliths. Cleaned up spaghetti.
None of it worked.
But boy was it beautiful. pic.twitter.com/wvmzh7IeAP
Interesting. Last year I ran an experiment comparing the latest models at the time (Sonnet 3.5, GPT-4o and Gemini 1.5). The task was to simulate a fuzzer by analysing C code and then generating inputs that hit both sides of each branch. Gemini 1.5 was the best back then as well. https://t.co/Hb3QEYwnjf
— Sean Heelan (@seanhn) May 26, 2025
Bypassing MTE with CVE-2025-0072 - The GitHub Blog
See how a vulnerability in the Arm Mali GPU can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
Interesting and highly detailed piece about the TSEC/KL-7 crypto machine, which was used by US military, intelligence agencies and NATO allies from 1953 to 1983: https://t.co/oNdCKRu9pu pic.twitter.com/hKxVpz5dxL
— Electrospaces (@electrospaces) May 26, 2025
Many missed this on #BadSuccessor: it’s also a credential dumper.
— Yuval Gordon (@YuG0rd) May 25, 2025
I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC. pic.twitter.com/MlLfRIVuuM
😈 BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked.
— Luca Beurer-Kellner (@lbeurerkellner) May 26, 2025
We discovered a new attack on agents using GitHub’s official MCP server, which can be exploited by attackers to access your private repositories.
creds to @marco_milanta
(1/n) 👇 pic.twitter.com/ES9nuv2lzc
Really cool blog dissecting DefendNot(https://t.co/3dymO8DPtr) and how to detect. Really like how they broke out the various detection surface of the tool. Gives blue a better understanding of what to look for and red a better understanding of what to change :) https://t.co/cIGRWwQZ40
— Octoberfest7 (@Octoberfest73) May 25, 2025
spaf: "On a more serious note... A letter about potenti…" - Mastodon 🐘
On a more serious note... A letter about potential strategy for cybersecurity and encryption in Europe: https://www.globalencryption.org/2025/05/joint-letter-on-the-european-internal-security-strategy-protecteu/
Recently declassified by the #NSA, an internal study from 1988 titled: "Fifty Years of Mathematical Cryptanalysis (1937-1987)" https://t.co/vQPYG9qihD
— Electrospaces (@electrospaces) May 27, 2025
China-linked ‘Silk Typhoon’ hackers accessed Commvault cloud environments, person familiar says | https://t.co/8AuqYZmvOG @NextgovFCW
— 780th Military Intelligence Brigade (Cyber) (@780thC) May 27, 2025