I may have broken @appsecfeed.bsky.socialβ¦
Thatβs what I get for making a small change without testing π.
Should be back up a day or two.
21.10.2025 11:41 β π 0 π 1 π¬ 0 π 0
ποΈ Better-auth account takeover (CVE-2025-61928) found via ZeroPath
π https://zeropath.com/blog/breaking-authentication-unauthenticated-api-key-creation-in-better-auth-cve-2025-61928
20.10.2025 11:31 β π 0 π 1 π¬ 0 π 0
ποΈ Cloudflare Image Proxy as a CSPT Gadget: A Cross-Origin CSPT Exploit
π https://blog.voorivex.team/cloudflare-image-proxy-as-a-cspt-gadget-a-cross-origin-cspt-exploit
20.10.2025 11:30 β π 0 π 1 π¬ 0 π 0
ποΈ Organizations Warned of Exploited Adobe AEM Forms Vulnerability
π https://www.securityweek.com/organizations-warned-of-exploited-adobe-aem-forms-vulnerability/
18.10.2025 11:30 β π 1 π 0 π¬ 0 π 0
ποΈ ZeroDisco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
π https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
17.10.2025 11:32 β π 0 π 0 π¬ 0 π 0
ποΈ New automated cybersecurity solution for vulnerability detection and remediation
π https://aisle.com/
17.10.2025 11:31 β π 0 π 0 π¬ 0 π 0
ποΈ Vulnerability scores, huh, what are they good for? Almost nothing
π https://www.theregister.com/2025/10/16/cve_cvss_scores_not_useful/
17.10.2025 11:30 β π 0 π 0 π¬ 0 π 1
ποΈ yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242)
π https://labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds-write-cve-2025-9242/
16.10.2025 11:33 β π 0 π 0 π¬ 0 π 0
ποΈ How App Integration Transactions Increase the Attack Surface of LLMs
π https://www.netspi.com/blog/executive-blog/adversarial-machine-learning/how-app-integration-transactions-increase-the-attack-surface-of-llms/
16.10.2025 11:32 β π 0 π 0 π¬ 0 π 0
ποΈ Client-Side Path Traversal: Exploiting CSRF in Header-Based Auth Scenarios
π https://blog.kulkan.com/client-side-path-traversal-exploiting-csrf-in-header-based-auth-scenarios-31c26a1baece
16.10.2025 11:31 β π 0 π 0 π¬ 0 π 0
ποΈ F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data
π https://www.securityweek.com/f5-blames-nation-state-hackers-for-theft-of-source-code-and-vulnerability-data/
16.10.2025 11:30 β π 0 π 0 π¬ 0 π 0
ποΈ .NET Security Feature Bypass Vulnerability
π https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
15.10.2025 11:35 β π 0 π 0 π¬ 0 π 0
ποΈ CVE-2025-55315: Asp.net Security Feature Bypass Vulnerability [9.9 Critical]
π https://nvd.nist.gov/vuln/detail/CVE-2025-55315
15.10.2025 11:34 β π 0 π 0 π¬ 0 π 0
ποΈ A modern approach to preventing CSRF in Go
π https://www.alexedwards.net/blog/preventing-csrf-in-go
15.10.2025 11:32 β π 0 π 0 π¬ 0 π 0
ποΈ Security firms dispute credit for overlapping CVE reports
π https://www.bleepingcomputer.com/news/security/security-firms-dispute-credit-for-overlapping-cve-reports/
15.10.2025 11:31 β π 0 π 0 π¬ 0 π 0
ποΈ Silencing a Kitchencook teatime kettle
π https://dustri.org/b/silencing-a-kitchencook-teatime-kettle.html
14.10.2025 11:31 β π 0 π 0 π¬ 0 π 0
ποΈ Gecko Security (YC Company) Allegedly Steals CVE Reporting Credit
π https://twitter.com/fuzzinglabs/status/1977720899114606745
14.10.2025 11:30 β π 0 π 0 π¬ 0 π 0
ποΈ Apple Introduces $2M Bug Bounty for Spyware-Level Exploits
π https://www.macrumors.com/2025/10/10/apple-bug-bounty-program-overhauled/
13.10.2025 11:32 β π 0 π 0 π¬ 0 π 0
ποΈ Research Worth Reading Week 41/2025
π https://pentesterlab.com/blog/research-worth-reading-week41-2025
13.10.2025 11:31 β π 0 π 1 π¬ 0 π 0
ποΈ GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
π https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/
13.10.2025 11:30 β π 0 π 0 π¬ 0 π 0
ποΈ Oracle Security Alert CVE-2025-61884 for E-Business Suite
π https://news.ycombinator.com/item?id=45554830
12.10.2025 11:33 β π 0 π 0 π¬ 0 π 0
ποΈ Ksmbd β Exploiting CVE-2025-37947
π https://blog.doyensec.com/2025/10/08/ksmbd-3.html
12.10.2025 11:32 β π 0 π 0 π¬ 0 π 0
ποΈ Oracle Security Alert Advisory β CVE-2025-61884
π https://www.oracle.com/developer/
12.10.2025 11:31 β π 0 π 0 π¬ 0 π 0
ποΈ CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
π https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
12.10.2025 11:30 β π 0 π 0 π¬ 0 π 0
ποΈ CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
π https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
11.10.2025 11:34 β π 0 π 0 π¬ 0 π 0
ποΈ Show HN: An open-source starter kit for implementing OWASP ASVS 5.0
π https://github.com/Kaademos/asvs-compliance-starter-kit
11.10.2025 11:33 β π 0 π 0 π¬ 0 π 0
ποΈ Hardware Vulnerability Allows Attackers to Hack AI Training Data β NC State News
π https://news.ncsu.edu/2025/10/ai-privacy-hardware-vulnerability/
11.10.2025 11:32 β π 0 π 0 π¬ 0 π 0
ποΈ Zero-day in file-sharing software leads to RCE, and attacks are ongoing
π https://www.theregister.com/2025/10/10/zeroday_in_filesharing_software_leads/
11.10.2025 11:31 β π 0 π 0 π¬ 0 π 0
ποΈ More Than DoS (Progress Telerik UI for ASP.NET AJAX Unsafe Reflection CVE-2025-3600)
π https://labs.watchtowr.com/more-than-dos-progress-telerik-ui-for-asp-net-ajax-unsafe-reflection-cve-2025-3600/
11.10.2025 11:30 β π 1 π 1 π¬ 0 π 0
ποΈ Critical 9.9 Redis vulnerability enables remote code execution
π https://www.scworld.com/news/critical-9-9-redis-vulnerability-enables-remote-code-execution
10.10.2025 11:30 β π 0 π 0 π¬ 0 π 0
