#SecurityResearch

@securitywithtom.bsky.social

5 days ago

A Token of Appreciation - JWTs & Microsoft Authentication for Security Research A practical foundation for Microsoft security research - covering JWT structure, token claims, OAuth 2.0 flows, and why proper validation is where vulnerabilities hide.

If you're curious about how Microsoft access tokens work under the hood, maybe it's useful to you too. I call it "A Token of Appreciation" 😜

securitywithtom.com/posts/A-Toke...

#Microsoft #EntraID #JWT #IdentitySecurity #SecurityResearch

0 0 0 0

Negative PID

@negativepid.bsky.social

6 days ago

How to become a bug bounty hunter - Negative PID Many people entering the cybersecurity field believe that the only way to demonstrate their skills to a prospective employer is to hack into their systems.

How to become a bug bounty hunter

negativepid.blog/how...

#bugBounty #securityResearch #cybersecurityCareers #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid #offSec

0 0 0 0

Winbuzzer

@winbuzzer.com

1 week ago

Anthropic's Claude AI Writes Full FreeBSD Kernel Exploit in Four Hours Anthropic's Claude AI has autonomously developed two working remote root exploits for FreeBSD kernel flaw CVE-2026-4747 in four hours of compute.

winbuzzer.com/2026/04/01/c...

Claude AI Writes Full FreeBSD Kernel Exploit in Four Hours

#AI #Anthropic #Claude #Cybersecurity #ZeroDay #Exploits #SecurityResearch #AIArmsRace #Linux #FreeBSD

2 0 0 0

Negative PID

@negativepid.bsky.social

1 week ago

How to become a bug bounty hunter - Negative PID Many people entering the cybersecurity field believe that the only way to demonstrate their skills to a prospective employer is to hack into their systems.

How to become a bug bounty hunter

negativepid.blog/how...

#bugBounty #securityResearch #cybersecurityCareers #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid #offSec

0 0 0 0

BSidesLuxembourg

@bsidesluxembourg.infosec.exchange.ap.brid.gy

2 weeks ago

𝗙𝗥𝗢𝗠 𝗖𝗢𝗗𝗘 𝗧𝗢 𝗖𝗢𝗠𝗣𝗥𝗢𝗠𝗜𝗦𝗘: 𝗧𝗨𝗥𝗡𝗜𝗡𝗚 𝗠𝗢𝗗𝗘𝗥𝗡 𝗗𝗔𝗬 𝗜𝗗𝗘𝗦 𝗜𝗡𝗧𝗢 𝗔𝗧𝗧𝗔𝗖𝗞 𝗩𝗘𝗖𝗧𝗢𝗥𝗦 𝗩𝗜𝗔 𝗠𝗔𝗟𝗜𝗖𝗜𝗢𝗨𝗦 𝗘𝗫𝗧𝗘𝗡𝗦𝗜𝗢𝗡𝗦 (2h Workshop) Debjeet Banerjee ( @whokilleddb )

Visual Studio Code isn’t just a developer favorite — it’s now a high-value target for stealthy supply-chain attacks […]

[Original post on infosec.exchange]

0 1 0 0

BaseFortify.eu

@basefortify.bsky.social

2 weeks ago

Screenshot of BaseFortify CVE report showing CVE-2026-4606 details, including description of SYSTEM-level privilege escalation, CVSS score of 10.0, and affected GeoVision ERM product.

Technical details:

• CWE-250: Execution with excessive privileges
• SYSTEM-level processes spawned incorrectly
• File dialogs run as SYSTEM
• Modify/delete protected files

Impact: Full system compromise from local access

#Vulnerability #InfoSec #CWE250 #SecurityResearch

0 0 1 0

thedailyperspective.org

@thedailyperspective.org

3 weeks ago

The Xbox One's 13-year security run ends in a shower of sparks Security researcher Markus Gaasedelen cracks Microsoft's supposedly unbreakable Xbox One using a hardware voltage glitch attack on the boot ROM.

The Xbox One's 13-year security run ends in a shower of sparks

#XboxOne #Hacking #SecurityResearch #Gaming #AusNews

thedailyperspective.org/article/2026-03-15-the-x...

2 0 1 0

Awesome Agents

@awesomeagents.bsky.social

4 weeks ago

Anthropic's Claude Found 22 Firefox CVEs in 14 Days Claude Opus 4.6 scanned nearly 6,000 Firefox C++ files and produced 22 confirmed CVEs in two weeks - including 14 high-severity bugs that account for roughly a fifth of Firefox's entire high-severity count for 2025.

Anthropic's Claude Found 22 Firefox CVEs in 14 Days

https://awesomeagents.ai/news/claude-firefox-22-cves/

#MozillaFirefox #Claude #SecurityResearch

1 0 0 0

Lab401.com

@lab401.bsky.social

4 weeks ago

Build hands-on RFID experience with the iCopy-X Intermediate Tag Pack. A versatile selection of blank HF & LF tags designed for learning, testing, and development using iCopy-X. 🧪📶 l.lab401.com/58tAS
#RFIDTools #SecurityResearch #icopyx #Lab401

0 0 0 0

TechNadu

@technadu.com

4 weeks ago

AI Agents Now Utilized in Cyberattack Infrastructure Management: North Korean APTs Capitalize on This Evolution Threat actors, including North Korean groups, are using AI agents to manage attack infrastructure, increasing the speed and scale of cybercrime.

Read the full story:
www.technadu.com/ai-agents-no...

Do you think AI will ultimately strengthen cybersecurity defenses or empower attackers more? Share your thoughts below.
#CyberSecurity #ArtificialIntelligence #ThreatIntelligence #APT #Infosec #CyberThreats #SecurityResearch

0 0 0 0

Winbuzzer

@winbuzzer.com

1 month ago

Google Safe Browsing Misses 84% of Phishing Sites in Test Google Safe Browsing has missed 83.9% of confirmed phishing sites in February 2026, flagging just 41 of 254 — including sites on Google's own infrastructure.

winbuzzer.com/2026/03/07/g...

Google Safe Browsing Missed 84% of Phishing Sites

#Google #GoogleChrome #GoogleSafeBrowsing #WebBrowsers #PhishingAttacks #Cybersecurity #Cybercrime #Hackers #Malware #ThreatIntelligence #SecurityResearch #SecurityThreats #SecurityFlaws

0 0 0 0

ProxySocks5

@proxysocks5.bsky.social

1 month ago

Some phishing campaigns change behavior by region.

Residential routing helps analysts observe country-specific variants.

#securityresearch

0 0 0 0

@scrumly1.bsky.social

1 month ago

GitHub - HowWeLand/Self_Replicating_LLM_Artifacts: Research paper and artifacts documenting "Logical Prions"—self-replicating LLM failure modes discovered in shell bootstrap installers. Explores the i... Research paper and artifacts documenting "Logical Prions"—self-replicating LLM failure modes discovered in shell bootstrap installers. Explores the intersection of Ken Thompson’s "Tr...

Somewhere out there a hundred people cloned this: github.com/HowWeLand/Se...
If you did, maybe PayPal me.
Times got tight again
#cybersecurity #AI #securityresearch

0 0 0 0

BaseFortify.eu

@basefortify.bsky.social

1 month ago

🔎 Technical details: CVE-2026-22769

A hardcoded admin credential in the Tomcat Manager lets attackers deploy a malicious WAR file, execute commands as root, and maintain persistence.

Threat actors reportedly used web shells + custom backdoors.

#ZeroDay #ThreatIntel #BlueTeam #SecurityResearch

0 1 1 0

Christina Ayiotis

@christinaayiotis.bsky.social

1 month ago

#SecurityResearch @kimzetter.bsky.social

0 0 0 0

vict0ni

@vict0ni.bsky.social

1 month ago

Exploiting CVE-2023-52271 and evading AV/EDR by terminating their PPL processes via BYOVD. One of the few times I've dealt with #ReverseEngineering a PE and I must admit it was fun.

#infosec #hacking #securityresearch #offsec

1 1 0 0

Compass Security

@compass-security.com

1 month ago

John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC.

blog.compass-security.com/2026/02/from...

#Windows #CVE #SecurityResearch #PrivEsc

6 4 0 0

7h34ir4v474

@7h34ir4v474.bsky.social

2 months ago

New here - curious who’s into:
• Bug bounty
• Pentesting
• OSINT
• Security research

Let’s connect and grow together
.
.
.
.
.
#CyberSecurity
#InfoSec
#BugBounty
#Pentesting
#SecurityResearch
#OSINT
#AppSec
#RedTeam
#BlueTeam
#CTF
#WebSecurity
#EthicalHacking

0 0 0 0

Authentic8

@authentic8.bsky.social

2 months ago

Secure adversary research gives SOCs the context alerts often miss. That means fewer blind spots, stronger detection, and faster, intelligence-driven response without added risk.

Read more: https://bit.ly/4r9mL5b

#threatintelligence #SOC #securityresearch

0 0 0 0

Manuel Bissey

@mbissey.bsky.social

2 months ago

What motivates hackers and what makes them walk away - Help Net Security Bugcrowd research explores the hacker community, showing how hackers collaborate, build skills, and use AI in security testing.

Hacker communities are reshaping vulnerability discovery — collaboration, incentives, and scale are accelerating security research. The crowd is becoming a force multiplier. 🧠⚡️ #BugBounty #SecurityResearch

buff.ly/cnj32AX

0 0 0 0

SCENOR | The Science Crew

@scenor.at

2 months ago

Introductory slide with the SCENOR – The Science Crew logo and the title “FACT VS FICTION”. Subheading states: “Debunking myths about extremism, terrorism and more.” Neutral blue-grey background with minimal graphic elements.

Slide titled “FICTION”. Text states: “Deradicalisation programmes do not work and fail to prevent reoffending.” Clean layout with a white text box on a blue-grey background and a visual cue to swipe for the fact.

Slide titled “FACT”. Text explains that deradicalisation does not require full ideological change to be effective. It highlights risk reduction through disengagement from violence, weakening harmful networks, and improved social functioning. Source cited: RAN Rehabilitation Manual.

Slide titled “WHY IT MATTERS”. Text explains that judging success only by belief change creates blind spots in policy and practice. It stresses assessing outcomes based on reduced risk, sustained disengagement, and social reintegration rather than ideological transformation alone.

NEW FACT VS FICTION EDITION

What does research really tell us about deradicalisation and how success should be understood in prevention work?

Source:
buff.ly/7Na8FUE

Follow SCENOR for new FACT vs FICTION editions every two weeks.

#FactVsFiction #Deradicalisation #SecurityResearch #SCENOR

0 0 0 0

Manish_SOC_Analyst

@manish-rawat.bsky.social

2 months ago

GitHub - Manishrawat21/Analysis: I analyzed some famous attack tecniques here I analyzed some famous attack tecniques here. Contribute to Manishrawat21/Analysis development by creating an account on GitHub.

Published my DLL hijacking research on GitHub.

GitHub: DLL Hijacking Detection - Theory, Evidence, and Telemetry

37 real Sysmon events. Complete analysis. Open to feedback.

github.com/Manishrawat2...

#ThreatHunting #SecurityResearch #Github #Analysis #Cybersecurity #Windows #Sysmon #Splunk #hack

0 0 0 0

0x00Sec

@0x00sec.org

2 months ago

Welcome back, hackers! After a long break, we’re relaunching 0x00sec and opening the doors to what it was always meant to be: a place for hackers, researchers, students, and curious minds to share real work, learn from each...

Welcome back, hackers.

0x00sec is live again with new security research, active forums, and community-driven offensive security content.

0x00sec.org/welcome-back...

#infosec #hacking #offsec #securityresearch #ctf #0x00sec

2 2 0 0

SCENOR | The Science Crew

@scenor.at

2 months ago

PRIORITY ACCESS TO RESEARCH ON EXTREMISM.

#SCENOR’s Science Hive shares early research, updates, and events on political extremism and prevention.

Join here: buff.ly/391R9bz

What would you change in current responses to violent extremism?

#PoliticalExtremism #SecurityResearch #Radicalisation

0 0 0 0

TechNadu

@technadu.com

3 months ago

Founder of pcTattletale Spyware App Pleads Guilty in Federal Stalkerware Case Bryan Fleming, the pcTattletale founder, pleaded guilty to charges of computer hacking and the unlawful advertising of surveillance software in a historic stalkerware legal case.

Read more via TechNadu and follow for objective infosec coverage:
www.technadu.com/founder-of-p...

#Infosec #Privacy #Stalkerware #CyberLaw #DigitalSurveillance #SecurityResearch

0 0 0 0

CRYPTOACTION EU

@cryptoaction.bsky.social

3 months ago

🚀 We’re excited to announce the launch of the CRYPTOACTION website!

The CryptoACTION website is officially live.
Visit: lnkd.in/dFbJh-Ya

💥 This is just the beginning. More features and updates are on the way.

#CryptoACTION #Website #Launch #HorizonEurope #SecurityResearch #Innovation #CFCT