cyber
@bagder.mastodon.social.ap.brid.gy on Bluesky
https://bsky.app/profile/bagder.mastodon.social.ap.brid.gy/post/3ltodxecunfy2
It has officially begun. The CRA info request counter is no longer at zero.
Added 5 days ago
China breaks RSA encryption with a quantum computer - Earth.com
https://www.earth.com/news/china-breaks-rsa-encryption-with-a-quantum-computer-threatening-global-data-security/
Researchers in Shanghai break record by factoring 22-bit RSA key using quantum computing, threatening future cryptographic keys.
Added 3 weeks ago
Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack
https://blog.cloudflare.com/defending-the-internet-how-cloudflare-blocked-a-monumental-7-3-tbps-ddos/
In mid-May 2025, blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps).
Added 3 weeks ago
Scammers impersonating the ASD's ACSC | Cyber.gov.au
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/email-scammers-impersonating-asds-acsc
Scammers are impersonating the ASD's ACSC sending out phishing emails to the public with the email content suggesting to download a malicious antivirus program.
Designing Blue Team playbooks with Wazuh for proactive incident response
https://www.bleepingcomputer.com/news/security/designing-blue-team-playbooks-with-wazuh-for-proactive-incident-response/
Blue Team playbooks are essential—but tools like Wazuh take them to the next level. From credential dumping to web shells and brute-force attacks, see how Wazuh strengthens real-time detection and automated response.
Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux
https://cybersecuritynews.com/kali-gpt/
Kali GPT, a specialized AI model built on GPT-4 architecture, has been specifically developed to integrate seamlessly with Kali Linux, offering unprecedented support for offensive security professionals and students alike.
Covert Web-to-App Tracking via Localhost on Android
https://localmess.github.io/
Facebook and Yandex link Web and App usage via a localhost network connection
This no-code, security-focused n8n alternative works with everything, and it's free
https://www.xda-developers.com/cloud-based-n8n-alternative/
Tines is worth trying out for a fully cloud-based, secure solution to automation.
Added 1 month ago
GitHub - OperantAI/woodpecker: Red Teaming for AI and Cloud
https://github.com/OperantAI/woodpecker
Red Teaming for AI and Cloud. Contribute to OperantAI/woodpecker development by creating an account on GitHub.
Securing CI/CD workflows with Wazuh
https://thehackernews.com/2025/05/securing-cicd-workflows-with-wazuh.html?m=1
Added 1 month ago
ASD releases joint advice on AI data security – ARN
https://www.arnnet.com.au/article/3993677/asd-releases-joint-advice-on-ai-data-security.html
The Australian Securities Directorate (ASD), in collaboration with international partners, has come with new advice on best practices for securing data throughout the artificial intelligence (AI) and machine learning (ML) system lifecycle.
Added 1 month ago
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been…
Added 1 month ago
Have I Been Pwned 2.0 is Now Live!
https://www.troyhunt.com/have-i-been-pwned-2-0-is-now-live/
This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!
Feb last year is when I made the first commit to the public repo for the rebranded service, and we soft-launched the new brand in
Added 1 month ago
CISA extends funding to ensure 'no lapse in critical CVE services'
https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.
Added 1 month ago
CVE Foundation
https://www.thecvefoundation.org/home
The Common Vulnerabilities and Exposures (CVE) Program has become the cornerstone of vulnerability management. Nearly all technology vendors and service providers identify vulnerabilities with CVEs when they publish security advisories. Most security products and services related to vulnerabilities
Added 1 month ago
CVE program faces swift end after DHS fails to renew contract. Leaving security flaw tracking in limbo
https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html
After DHS did not renew its funding contract for reasons unspecified, MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge.
Added 1 month ago
The CVE program for tracking security flaws is about to lose federal funding
https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-funding
The federally funded organization behind the Common Vulnerabilities and Exposures (CVE) program confirmed that its contract to support the system will expire on April 16th.
Added 1 month ago
Enhancing your DevSecOps with Wazuh. The open source XDR platform
https://www.bleepingcomputer.com/news/security/enhancing-your-devsecops-with-wazuh-the-open-source-xdr-platform/
Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle.
Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring
https://search.app/1yiQn4N9PWiF9ZtL8
Frida 16.7.0, the latest version of the popular dynamic instrumentation toolkit, has been released with powerful new APIs specifically.
Added 1 month ago
The “S” in MCP Stands for Security
https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b
Added 1 month ago
Google launches Sec-Gemini v1. A new experimental cybersecurity model
https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html?m=1
Added 1 month ago
CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL
https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/
An exposed GitHub token could have been used to launch a supply chain attack on GitHub CodeQL, resulting in source code exposure and repository tampering of CodeQL users.
Added 1 month ago
Remote Code Execution Vulnerabilities in Ingress NGINX | Wiz Blog
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
Added 1 month ago
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
Added 1 month ago