“It is possible to unintentionally offend others, not necessarily due to an incorrect stance, but rather due to a difference in perspective.”

When I write techniques, I like to make diagrams. Here is the visualisation of the Folder Redirection (Bind Link) Technique that I posted earlier. 🖊️ Article: https://t.co/gBA3xCKMQi

SEQRITE Labs APT-Team tracks "Operation Hanoi Thief", a spear-phishing campaign targeting Vietnamese IT departments and HR recruiters with fake resume documents that deliver a C++ DLL stealer named LOTUSHARVEST. https://t.co/r1TjWFQwFJ

Interesting: these malware operators use Revolt (now Stoat) as a communication channel, I don't think I've seen that before 👁️ Indicator to keep in mind (this is the official API): api[.]revolt[.]chat

Police takes down Cryptomixer cryptocurrency mixing service - @serghei https://t.co/Szj6NnPa3R https://t.co/Szj6NnPa3R

#APT36 Python Based ELF Malware Via spear-phishing emails with a ZIP archive containing a malicious .desktop file disguised as a document shortcut. Revised Malware Persistence Mechanisms in Linux (BOSS OS): Deploys a systemd user service in ~/.config/systemd/user/; enables via

Prompt Injection Through Poetry

A new RAT mobile malware called Albiriox has been exposed, targeting global finance and crypto wallets through the Google Play Store, operating as Malware-as-a-Service. #CyberSecurity #Malware

''Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks'' #infosec #pentest #redteam #blueteam https://t.co/js3v6B2Svh

AI slop security engineering: Okta's nextjs-0auth troubles @MegaManSec https://t.co/6JfMyLQotv

You don't necessarily need networking to connect to your Linux VM. No IP addresses. No SSH keys. No firewall rules. No routing tables. If you are on the same physical machine, TCP/IP can be just overhead. Meet AF_VSOCK. It’s a special address family in the Linux kernel

Getting RCE on Brother printer (MFC-J1010DW) by chaining three vulnerabilities https://t.co/3ovzAezfgr Credits Nguyên Đăng Nguyên & Manzel Seet & Amos Ng (@starlabs_sg) #infosec

Someone used Elon Musk's actual thinking framework as AI prompts. It's the closest thing to having a billionaire engineer rip apart your ideas and rebuild them from physics. Here are the 15 prompts that changed how I solve problems:

Opus 4.5 is insane. Just shipped v2 of my compounding engineering plugin—watch the video for my full thoughts on the model. Compounding engineering plugin v2: https://t.co/6LI5u1ZHTh This wouldn't have worked a week ago. Previous models would derail after the second parallel

DeepSeek-Math-V2 MODEL: https://t.co/D2uU8yeP3I PAPER: https://t.co/PPKTX6mUHw

This paper introduces a new memory system that lets AI agents research their own past on demand. AI agents create long chains of thoughts and tool calls that overflow the context window, so past information becomes hard to use. Most existing memories squash this history into

Great to see a new SOTSA for SWE-bench verified. The idea of using adversarial networks reminds me of GAN (Generative Adversarial Network) when it was invented for image generation, where two neural networks try to fool each other.

SentinelOne warns that the Sha1-Hulud Worm 2.0 escalates NPM supply chain attacks by harvesting cloud credentials in the preinstall phase, urging immediate action to secure AWS, Azure, and GCP environments. #CyberSecurity #ThreatAlert

Inside the GitHub Infrastructure Powering #Lazarus’ Contagious Interview npm Attacks , Adding 197 malicious packages. Two brothers who are inseparable : OtterCookie and BeaverTail https://t.co/NLrMtZEKx1

OpenAI has been hacked. If you have used their API services, hackers may now possess your name, location, user ID, and other information.

Found a possible injection point, but WAF is preventing you from executing JS code? Time to obfuscate your payload! 🤠 JS-DOMestify is a simple tool that helps convert any JS code to browser-runnable code with only ASCII characters and minimal, non-intrusive symbols. 👀 Check