If you like bounties, I highly recommend this presentation from @tincho_508 on novel web cache deception techniques. It comes with @WebSecAcademy labs too!https://t.co/XdE0SN3Ccz

— James Kettle (@albinowax) November 26, 2024

Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernelshttps://t.co/9vpKhYgHTL pic.twitter.com/qWhidEZNOk

— Linux Kernel Security (@linkersec) November 26, 2024

While investigating yet another BEC incident, I stumbled upon..

{
"Name": "UserAgent",
"Value": "axios/1.7.7"
}

🥳 This becomes a really good IOC. https://t.co/XJEQcY2a5J

— Stephan Berger (@malmoeb) November 26, 2024

Friendly Reminder: If you have admin privileges but lack the necessary file permissions, you can leverage the SeBackup/SeRestore privileges directly from cmd.exe! There’s no need to elevate to LocalSystem, duplicate TrustedInstaller, or use similar methods. Simply enable the… pic.twitter.com/Q1dj5esZsr

— Grzegorz Tworek (@0gtweet) November 25, 2024

Q: what happens when a threat actor's "novel" opsec strategy involves harassing researchers?

A: 275 Years https://t.co/VgJKGuY92f

— Allison Nixon (@nixonnixoff) November 12, 2024

.@SimoKohonen did the math. Here is a list of every vendor and every high-severity CVE from the past 5 years.

Qualcomm: 97,388
Cisco: 15,833
Microsoft: 11,375
Intel: 9,323
Juniper: 5,550
Dell: 5,041
Hp: 4,448
Netgear: 3,855
Apple: 3,544
Siemens: 3,281
Zoho Corp: 2,636
Lexmark:…

— vx-underground (@vxunderground) November 27, 2024

Inside the Russian cyberagency targeting the Westhttps://t.co/mnnvCxZTKt

— Dr. Dan Lomas (@Sandbagger_01) November 27, 2024