November 7, 2025

                        November 7, 2025

            November 7, 2025

                    November 7, 2025

#Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):https://t.co/aYK8gTJVXY
— Sam Stepanyan (@securestep9) November 6, 2025

woot nice vuln find from @joernchen .. Anyone using LangGraph better upgrade. RCE via json deserialization in graph.invoke() which is the main apihttps://t.co/KrKrOsZv1z
— Richard Johnson (@richinseattle) November 6, 2025

Part 2 of @DomainTools research is out: Inside the Great Firewall Part 2: Technical Infrastructurehttps://t.co/RrCCR3muN3
— Silas Cutler (p1nk) (@silascutler) November 6, 2025

Sometimes you still find on-prem Exchange servers on the Internet. In such case you might wanna check out our fork of peas. It's Python 3 (ported by Codex) and grants full control over the appearance of the fake ActiveSync device (serial, model, OS, etc).https://t.co/P0oV0uQyAi
— Daniel (@0x64616e) November 5, 2025

Zero Trust is not a product it is an approach - at the @NCSC we have just released demystifying zero trust which addresses common misconceptions, and provides practical advice on when and how it should be adopted.https://t.co/nnyn1iURHw
— Ollie Whitehouse (@ollieatnowhere) November 6, 2025

📋 In the latest Microsoft report, the DART team discovered a new backdoor dubbed SesameOp, abusing the OpenAI Assistants API to run covert C2 communication without any model inference! 

I made a diagram to show how the backdoor works!

Great work 👏https://t.co/3uOrlQMzxq pic.twitter.com/cufgECf3WY
— Thomas Roccia 🤘 (@fr0gger_) November 6, 2025

Great news for browser security (and not just because it cites my XSLT research :)). A lot of younger folks don't even know this feature exists, yet is/was the default attack surface in all major web browsers with a history of exploitation. https://t.co/ytSoYcSRVw
— Ivan Fratric 💙💛 (@ifsecure) November 6, 2025

Incredible reporting by @Reuters. Meta makes more money from ad fraud - as much as $16 billion - than all the NFL TV partners put together make on NFL ad sales. Theft on an epic scale. https://t.co/JeM8lWO60I
— Michael Mulvihill (@mulvihill79) November 6, 2025

I wrote a thing. https://t.co/lBBAyZB3sa
— Thomas H. Ptacek (@tqbf) November 6, 2025

Don't miss what's next. Subscribe to the grugq's newsletter:

Start the conversation: