🚀 open-sourced santamon — a lightweight macOS detection sidecar that reads Santa's ES telemetry, runs CEL detection rules locally, and only ships signals to a tiny backend. built for my home lab; might be useful for others too. bug reports + PRs welcome! https://t.co/C8Dv9yu7d8

— Adel Ka (@0x4D31) November 22, 2025

OWASP just dropped its 2025 Top 10 - and two new categories made the list.
Software Supply Chain Failures: Reflects the growing risk of attacks hiding in third-party components and dependencies.
Mishandling of Exceptional Conditions: Covers what happens when systems break in… pic.twitter.com/6zgFDOO1XB

— INFOSEC F0X 🔥 (@infosec_fox) November 22, 2025

XScreenSaver for Android was released, but Google required a privacy policy page. So, the author of XScreenSaver decided to follow "malicious compliance" in order to get XScreenSaver approved for the Play Store. The privacy page turned into a funny thing. pic.twitter.com/nBtADh8tp3

— nixCraft 🐧 (@nixcraft) November 23, 2025

With only 48 hours remaining in a bug bounty event, I used @HacktronAI CLI to perform large-scale analysis of several JDBC drivers. Netting $85,000 in total rewards.

This write-up shows how AI-assisted vulnerability research is speeding up the work of researchers and leading to… pic.twitter.com/5YLSbpg4dy

— Harsh Jaiswal (@rootxharsh) November 21, 2025

A simulation study by Chinese scientists shows how 🇨🇳 PLA could attempt to block Starlink across Taiwan.

Their findings — published on Nov 5 in the Chinese peer-reviewed journal Systems Engineering and Electronics — suggest that jamming Starlink across a region as large as… pic.twitter.com/M4bUjY4oMP

— Byron Wan (@Byron_Wan) November 23, 2025

Someone going by "wwwiesel" on GitHub picked up @securitymeta_’s tradition this year and dropped a full list of #BlackFriday deals in the #InfoSec space

Online Courses & Training
- 8kSec Academy
- AI Security Professional Course
- Altered Security
- Belkasoft
- Blu Raven Academy…

— Florian Roth ⚡️ (@cyb3rops) November 23, 2025

Funny story - every now and then I get messages from people wanting to help with getting MacOS supported in the EDR Telemetry Project. After I reply with details on what it will take and the plan for the work, they’re ghosting…

That happened at least 10 times this year. At…

— Kostas (@Kostastsale) November 23, 2025

is this the kind of info you are looking for (ES api subscriptions, network extension providers)?https://t.co/b6tqJw07Ib

— Kyle Avery (@kyleavery) November 23, 2025

Thinking more about this short piece I wrote in 2024. The emergent abilities of AI models are just weird machines in data. Agents are how we give these weird machines the autonomy necessary to explore the space of actions available to them.https://t.co/F5Dz2BVKa0

— chrisrohlf (@chrisrohlf) November 23, 2025

Some observations about the new X "About this account" information page.
First of all, it's awesome to see how many trolls are getting exposed this way. Kudos for transparency and for fighting against bots and trolls.
The "Account based in" field seems to be some kind of average…

— Costin Raiu (@craiu) November 24, 2025

PerfektBlue: A critical exploitation chain over Bluetooth to PWN multiple automotive vendors at once. Recently I released details about this sophisticated attack on #POC2025 and #codeblue2025, along with a table of potentially vulnerable devices https://t.co/yw8H5MBjYh pic.twitter.com/9e0mGqMbx9

— konata (@konatabrk) November 23, 2025