Microsoft has discovered a side-channel attack (Whisper Leak) on the network communications between AI chatbots and their backend LLMs

www.microsoft.com/en-us/securi...

Moorty the MOO mascot holding a 386 CPU

I've officially released my real-mode emulator CPU test suite for the Intel 80386.

github.com/singlestepte...

#retrocomputing #emulation

Defeating KASLR by Doing Nothing at All Posted by Seth Jenkins, Project Zero Introduction I've recently been researching Pixel kernel exploitation and as part of this research I ...

New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩

googleprojectzero.blogspot.com/2025/11/defe...

[RSS] Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure


research.checkpoint.com ->


Original->

Interested in Jump The Wall? Applications close Nov 7 🔥
www.districtcon.org/jtw

Tap-and-Steal: The Rise of NFC Relay Malware on Mobile Devices NFC relay malware on Android devices is exploiting Tap-to-Pay systems, targeting financial institutions globally with sophisticated attacks and minimal user interaction.

Zimperium has discovered more than 760 Android apps that steal and relay NFC data to a remote attacker

zimperium.com/blog/tap-and...

BRONZE BUTLER exploits Japanese asset management software vulnerability The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932)

Sophos has linked the recent Lanscope zero-day to Bronze Butler (Tick)

news.sophos.com/en-us/2025/1...

[RSS] [Blog] A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS


code-white.com ->


Original->

Exploiting Ghost SPNs and Kerberos Reflection for SMB Privilege Elevation Understanding how attackers use Ghost Service Principal Names to initiate authentication reflection can help you avoid similar vulnerabilities.

Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here:
semperis.com/blog/exploit...
🙃

Tickets for BSides Seattle 2026 are open

www.bsidesseattle.com

We're officially announcing our speakers DistrictCon Year 1! Check out our incredible lineup: www.districtcon.org/speakers

This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge.

And don't forget, GA tickets go on sale November 16! See you in January! 🪩

CVE-2025-12220 - Busybox 1.31.1 - Multiple Known Vulnerabilities
CVE ID : CVE-2025-12220

Published : Oct. 25, 2025, 4:15 p.m. | 45 minutes ago

Description : Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19....

The Junkyard — DistrictCon

Junkyard closes TODAY!!!!
www.districtcon.org/junkyard

The CFP for RE//verse 2026 is open, but not for long! Submissions close November 14th. Share your best RE and security research with us here: sessionize.com/reverse-2026

The Linux kernel has patched a bug in the RDSEED entropy generator that caused AMD Zen5 chips to fail to produce random numbers.

The patch disables RDSEED and forces all AMD Zen5 processors to use RDRAND for generating random numbers.

lore.kernel.org/lkml/2025101...

[RSS] exploits.club Weekly Newsletter 89 - iOS GPU Driver Bugs, Kernel Stack UAFs, Hardware Wallet Auth Bypasses, and More


blog.exploits.club ->


Original->

Zero Day Initiative — Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! If you just want to read the rules, click here .  Now entering its third year, Pwn2Own Automotive returns to Automotive World in Tokyo on January 21 – 23, 2026. Over the last two years, ...

Announcing #Pwn2Own Automotive 2026! We're heading back to Tokyo and we're adding new targets Level 3 charging thanks to #Aplitronic & the OCTT thanks to the @openchargealliance.org. Tesla is back, too. Check out the details at www.zerodayinitiative.com/blog/2025/10...

Talks from the REcon 2025 security conference, which took place in June, are available on YouTube

www.youtube.com/@reconmtl/vi...

🚨 Save the Date for #offensivecon26

Mark your calendars, spread the word, and stay tuned for when registrations open!

📍 Hilton Berlin
🧠 Trainings: 11–14 May 2026
🎤 Conference: 15–16 May 2026

Visit 🔗offensivecon.org for more details.

Cyber giant F5 Networks says government hackers had 'long-term' access to its systems, stole code and customer data | TechCrunch The company, which provides cybersecurity defenses to most of the Fortune 500, said the DOJ allowed it to delay notifying the public on national security grounds.

This one's a wild/messy one: Cyber giant F5, which serves most of the Fortune 500, said unknown government hackers had 'long term' access to its network:

• stole source code, some customer data
• accessed undisclosed vulns in BIG-IP
• DOJ allowed F5 to delay public notice citing national security

Pwned Balancers: Commandeering F5 and Citrix for Persistent Access & C2 - Eclypsium | Supply Chain Security for the Modern Enterprise Summary The last 3 years have seen attackers turn their spotlights on initial network access through VPN concentrators, load balancers, routers, and IoT devices. Once the realm of only the most skille...

eclypsium.com/research/pwn... - This is the blog version of the Ekoparty talk I did in 2022; while the Chinese APTs have developed more advanced techniques, a lot of this may still be useful as you deal with the bombshell that dropped today.

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability · Issue #371 · dotnet/announcements Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability i...

It's Patch Tuesday and ASP.NET Core has a doozy, with a CVSS score of 9.9, our highest ever. Let's examine why.

The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...

* Thread- (1/7)

[RSS] Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers


blog.quarkslab.com ->


Original->

Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves


arxiv.org ->

#fromTwitter


Original->

Trend Micro's ZDI has reported 13 vulnerabilities in the Ivanti Endpoint Manager that are still unpatched after the vendor requested an extension until March next year

www.zerodayinitiative.com/advisories/p...

A major evolution of Apple Security Bounty, with the industry's top awards for the most advanced research - Apple Security Research Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards — up to $2 million and a maximum payout in excess of $5 million — expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards.

We're updating our bounty program with the top award now set at $2 million for zero-click remote exploit chains. In addition - there are increased awards for proximate wireless attacks, WebKit, and Gatekeeper

security.apple.com/blog/apple...

GitHub - bahorn/detect-unsigned-module: Some linux rootkit detection tricks Some linux rootkit detection tricks. Contribute to bahorn/detect-unsigned-module development by creating an account on GitHub.

github.com/bahorn/detec...

some rootkit detection stuff

one involving seeing if a line shows up in dmesg or not after loading a unsigned module, if it doesn't show something has been loaded in the past.

other diffs two ways of reading the kernel message buffer, getting logs hidden in one

Close your eyes and ✨imagine:

From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.

Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.

Our CFP is open! If you’re working on something exciting, we want to hear from you! Submit your talk for RE//verse 2026: sessionize.com/reverse-2026