Generated 02/07/2026, 09:25. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources6
Tweets / X9
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.
Tweets / X
9 items
mrgretzky @mrgretzky
01 Jul, 05:51 · core
0.74
Markus Vervier ( @marver ) breaks down a wild ride to achieving RCE in VSCode and forcing GitHub Copilot to inject malicious code. Discover why "context" is the new attack surface and why attacking these systems requires your own AI agents! More info: https:// offbyone.sg/talk/ma
Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration. https:// cs.co/6015BDLH
Just open-sourced CredSpy Couldn't find any tools that allowed unauthenticated enumeration of auth methods for @Microsoft accounts, so I created it. Shows whether target accounts use Passkeys, certificate auth, passwordless push, etc... Find it here: https:// github.com/RedByte13
The Sysdig TRT just documented what we assess to be the first-ever agentic ransomware operation. We're calling the operator JADEPUFFER. It exploited CVE-2025-3248 in an internet-facing Langflow instance, then ran a full…
Bypassing LLM security guardrails for AI red teaming usually means crafting payloads from scratch every time... P4RS3LT0NGV3 by @elder_plinius is a web-based toolkit that automatically transforms prompts using a wide range of obfuscation and encoding techniques to help test
OAuth - More oBroken Than You Think oBroken is here. The first tool to autonomously find, exploit and prove OAuth authorization bypasses end to end. Our new proprietary OAuth Authorization Bypass Scanner, exclusive to Brute One, covers 23 techniques across 17 vulnerability OAuth
Detection gets easier when you understand the tradecraft behind the techniques. Join our Tradecraft Analysis course at #BHUSA to connect attacker behavior with the telemetry and detection opportunities that matter. Save your spot https:// ghst.ly/43eLw5s
Phishing attacks topped 3.8 million in 2025 - and AI is making them harder to catch than ever. So we built an AI agent to fight back. Our latest blog breaks down how Red Canary's phishing triage agent blends machine learning, a rules engine, agentic AI, and LLMs into an
Yaaaa, AI can scan at scale, but it lacks the instinct to exploit business logic. Bugcrowd Chief Strategy and Trust Officer @treyford notes that specialized human talent remains irreplaceable "My expectation is bug bounty hunters will achieve a level of specialization
New ChocoPoC malware targets researchers via trojanized PoC exploits
Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands an…
Posted by Abhinav Agarwal on Jul 01 CISA has published an advisory for five vulnerabilities in OFFIS DCMTK https://www.cisa.gov/news-events/ics-medical-advisories/icsma-…
'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Re…
0.95exploit · 01 Jul, 23:212 mentionsseclists.org
Re: check_icmp (Monitoring Plugins): host-count overflow leads to heap buffer overflow in setuid-root binary
Posted by Michael Orlitzky on Jul 01 If anyone was wondering, nagios-plugins has the same problem. https://github.com/nagios-plugins/nagios-plugins/pull/833 | Posted by Holger Weiß on Jul 01 We released Monitoring Plugins 3.0.1, which fixes a security issue in the check_icmp plugin. Product: Monitoring Plugins (check_icmp) Dat…
Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls
Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tight…