#ScatteredSpider: 3 teenagers aged 17-19 and a 20-year-old woman arrested in the UK this morning in connection with cyber attacks on Marks & Spencer (M&S) and Co-op retail chains in April-May this year (luxury store Harrods was also affected):.👇.

RT @Hesamation: some guy at Mastercard prompt injected a job posting and just days later it tricked somebody’s ai 😂

#McDonald's #AI hiring bot exposed 64 million job applicants' personal data in McHire platform through #IDOR security vulnerability and weak password "123456.":.👇.

#WhatsApp: Google Gemini can now read your WhatsApp chats without you knowing (and how to disable it):.

#Azure: Security researchers have identified a combination of over-privileged built-in roles and API implementation flaws in Microsoft Azure that create dangerous attack vectors:.#CloudSecurity.👇.

#Linux: #DjVuLibre vulnerability CVE-2025-53367 could be exploited to gain code execution on a Linux Desktop system when the user tries to open a crafted PDF document. The POC works on a fully up-to-date Ubuntu 25.04 (x86_64):.👇.

RT @OWASPLondon: The next OWASP London Chapter in-person Meetup will take place on Thursday 17th July 2025 kindly hosted by Civo Tech Junct….

#Cisco: Unified Communications Manager systems could allow remote attackers to gain root-level access The vulnerability CVE-2025-20309 with a maximum CVSS 10.0, stems from hardcoded SSH root credentials that cannot be modified or removed .👇.

Goodbye @contrastsec Community Edition! Very sad to see yet another #AppSec vendor’s promise to support their community version “forever” abruptly end with the users having the rug pulled out from under them. 😢.Hoping other vendors will continue to invest in the community!

#CISCO: Critical severity CVSS 10 CVE-2025-20281 and CVE-2025-20282 vulnerabilities allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root! Updates released - patched now:.👇.

Actively exploited vulnerability in CVE-2024-54085 in AMI MegaRAC gives attackers extraordinary control over server fleets by allowing a remote attacker to create an admin account without any authentication:.👇.

RT @OWASPLondon: Our meetup has started! We have @anantshri on stage right now speaking about: "You secured your code dependencies, is tha….

#Citrix Critical Netscaler #vulnerability CVE-2025-5777 patch released!.Like CtirixBleed this vulnerability allows attackers to grab valid session tokens from the memory of internet-facing #Netscaler devices by sending malformed request:.

Who needs developers? #GitHub has just announced that any open GitHub issues can now be assigned to an #AI Agent who will do all the work: 😮. * Fix bugs.* Implement new features.* Improve test coverage.* Update documentation.* Address technical debt.👇.

#JWT: 'Attacking JWT using X509 Certificates': how an attacker could sign the JWT token with their own private key and modify the header value to specify their public key for signature verification:.#AppSec.#APIsecurity.

RT @OWASPLondon: The next OWASP London Chapter in-person Meetup will take place on Thursday 26th June 2025 kindly hosted by @thoughtmachine….

#Nettacker: very pleased to see @helpnetsecurity publishing an article about our #OWASP Nettacker project!.👇.

RT @helpnetsecurity: OWASP Nettacker: Open-source scanner for recon and vulnerability assessment - - @owasp #OpenSo….

#NPM: New Supply Chain #Malware Hits NPM and #PyPI Package Ecosystems. #ReactNative-Aria & #GlueStack packages with cumulative 1mln+ weekly downloads backdoored overnight - check your dependencies!.#SoftwareSupplyChainSecurity.👇.

RT @NahamSec: In case you missed it, we released all of the talks from this year’s #NahamCon on our website for free! Link down below 👇🏽 ht….