Defeating Visual Studio Code embedded reverse shell
Here is a blogpost that covers some techniques to block vscode tunnel. Any feedback will be greatly apreciated. submitted by /u/ipfyx
Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits
submitted by /u/nareksays
The WebP 0day
submitted by /u/MegaManSec2
New ways to inject system CA certificates in Android 14
submitted by /u/pimterry
RCE in Tutanota Desktop: How a single email could compromise your machine
submitted by /u/SonarPaul
Howtorotate.com – Open Source Guides on Key Rotations from the Most Popular Providers
submitted by /u/Phorcez
DEF CON 31 Main Stage Talks
submitted by /u/albinowax
Fileless Remote Code Execution on Juniper Firewalls
submitted by /u/chicksdigthelongrun
When MFA isn’t actually MFA
submitted by /u/_vavkamil_
Fuzzing with multiple servers in parallel: AFL++ with Network File Systems
submitted by /u/MegaManSec2
CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)
submitted by /u/AsahiLina
A Big Look at Security in OpenAPI
submitted by /u/keissiaresa
The bogus CVE problem
submitted by /u/keissiaresa
Meta Quest 2: Defense through offense
submitted by /u/poltess0
The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
submitted by /u/TupleType1
Column-Level Encryption 101: What is It, implementation & Benefits
submitted by /u/donofsue
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time.
"While this activity occurred around the same time and in some instances even simultaneously...
T-mobile exposes some customer data – but don’t call it a breach
PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...
