Marius Avram
@securityshell
Web Application Security Consultant @PentestPeople Former @RandomStorm / @Accumuli_Sec / @NCCGroupplc / @DigitalXRAID. Two sons' proud dad!
You might like
💰 Up to $700K for HarmonyOS 0days — ZeroZenX Is Buying ZeroZenX announces premium rewards for critical HarmonyOS security research. We're investing in high-impact vulnerability discoveries across Huawei's ecosystem with top-tier compensation for qualified findings. Elite…
❗️Apple has submitted a DMCA request to take all repositories offline containing the source code. See: github.com/github/dmca/bl…
❗️ Apple App Store frontend source code was leaked because Apple forgot to disable sourcemaps in production.
1/10 - Microsoft Teams gets pwned, Google's AI finds Apple bugs, ransomware insiders get indicted, and AI starts writing its own research papers. Here's what matters today 🧵👇
Google reports at least five malware families using AI to self-modify code and generate new capabilities, signalling the rise of AI-driven malware. cloud.google.com/blog/topics/th…
‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware. Goldberg and two other insiders ran ransomware operations since…
Two bombshell stories all cybersecurity professionals must read: 1. Ex-ASD boss of US Exploiter Developer sold exploits to the Russians techcrunch.com/2025/11/03/how… 2. Employees of a US ransomware negotiation firm ran attacks with BlackCat ransomware chicago.suntimes.com/the-watchdogs/…
CyberSlop, meet the new threat actor, MIT and Safe Security doublepulsar.com/cyberslop-meet…
400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin wordfence.com/blog/2025/11/4…
🔥 Three of the internet’s most notorious hacker crews — Scattered Spider, LAPSUS$, and ShinyHunters — just merged into one cartel: Scattered LAPSUS$ Hunters. They’ve rebuilt their Telegram network 16 times in 80 days and now run extortion-as-a-service for affiliates. Details…
This is already happening and it's exactly as bad as you'd expect. Zerodium pays $2.5M for iOS exploits. NSO Group turned this into a business model. Zero-days get hoarded by nation-states instead of fixed. The data: Researches from Rand found exploited zero-days have a…
Ollama Remote Code Execution: Securing the Code That Runs LLMs sonarsource.com/blog/ollama-re…
MSSQL Exploitation - Run Commands Like A Pro r-tec.net/r-tec-blog-mss…
CVE-2025-10680 - Exploit of The OpenVPN 2.7_alpha1 through 2.7_beta1 releases are susceptible to script injection attacks when connecting to untrusted VPN services. #Pruva report: gist.github.com/N3mes1s/df7bae… It took literally 16 minutes, 180 turns. advs: community.openvpn.net/Security%20Ann…
🚨Alert🚨 CVE-2025-10680 : High-Severity OpenVPN Flaw Allows Script Injection on Linux/macOS via Malicious DNS Server 📊3.6M+ Services are found on the hunter.how yearly. 🔗Hunter Link:hunter.how/list?searchVal… 👇Query HUNTER : product.name="OpenVPN"…
‼️ The Iranian state actor is releasing more footage We can see they’re developing parts for what seems to be weapon systems. We can also see they expanded their operation this year by adding multiple Bambu Lab X1C printers to their arsenal.
🚨‼️ Israeli defense contractor breached Cyber Toufan, allegedly an Iranian state actor, just released security cam footage of defense contractor Maya. The cameras seem located in a meeting room (!) and a workshop. There are hours of footage of confidential conversations in the…
❗️ Hackers earned $522,500 for 34 unique bugs on the first day of Pwn2Own Ireland 2025. The event continues until Thursday, with a zero-click WhatsApp RCE demo worth $1M still planned.
bRPC-Web: A Burp Suite Extension for gRPC-Web blog.compass-security.com/2025/10/brpc-w…
SCOOP: A man who worked on developing hacking tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with spyware. It's unclear who targeted him, but he believes he was the scapegoat of a leak investigation. techcrunch.com/2025/10/21/app…
CVE-2025-55315 - ASP.NET Kestrel HTTP Request and Response Smuggling Another automated reproduction from #pruva - this time plus a bonus point: A Detection! gist.github.com/N3mes1s/d0897c… Link to the really good blogpost from @7urb01 turb0.one/pages/Abbrevia…
CVE-2025-49655 - Another (less than)1-day exploit, this time target Keras from #pruva 🐶 > Keras framework vulnerable to deserialization of untrusted data github.com/advisories/GHS… Automatically generated but you can find another one in the blogpost from @hiddenlayersec…
🚨 Multiple cybercriminals were arrested during Operation SIMCARTEL. Europol and Latvian law enforcement dismantled five servers, seized 1,200 SIM box devices and 40,000 active SIM cards. The criminals were linked to over 1,700 cyber fraud cases in Austria and 1,500 in Latvia,…
United States Trends
- 1. #Talus_Labs N/A
- 2. Lakers 77.4K posts
- 3. Luka 69.6K posts
- 4. Wemby 26.7K posts
- 5. Marcus Smart 6,068 posts
- 6. #LakeShow 5,692 posts
- 7. Blazers 8,725 posts
- 8. #AmphoreusStamp 6,989 posts
- 9. Russ 10.9K posts
- 10. Ayton 16.2K posts
- 11. Horford 2,027 posts
- 12. Will Richard 6,589 posts
- 13. #RipCity N/A
- 14. #dispatch 64.5K posts
- 15. Kuminga 3,368 posts
- 16. Unplanned 5,624 posts
- 17. Podz 2,431 posts
- 18. Klay 8,448 posts
- 19. Nico Harrison 1,915 posts
- 20. Deni 6,439 posts
You might like
-
Stephen Fewer
@stephenfewer -
HD Moore
@hdmoore -
ς๏гєɭคภς0๔3г ([email protected])
@corelanc0d3r -
Dino A. Dai Zovi
@dinodaizovi -
Jeremiah Grossman
@jeremiahg -
Robin
@digininja -
Wicked Pond
@WeldPond -
Ryan Dewhurst
@ethicalhack3r -
Bart
@bartblaze -
Xylitol
@Xylit0l -
SpiderLabs
@SpiderLabs -
mdowd
@mdowd -
Darkoperator | 🇺🇦
@Carlos_Perez -
Tarjei Mandt
@kernelpool -
Erin Jacobs
@SecBarbie
Something went wrong.
Something went wrong.