[ News | Newsletters | Blogs | Reddits | Lists | Media | Jobs ] HoneyDB
  [ privacy | malware | research | vendor ]
Wiz - Incidents
NCC Group Research
Threat Research - Sophos
Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater”
November Patch Tuesday loads up everyone’s plate
VEEAM exploit seen used again with a new ransomware: “Frag”
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
From QR to compromise: The growing “quishing” threat
October Patch Tuesday harvest hauls in 117 CVEs
Standing on the Windows platform, waiting for change
September Patch Tuesday addresses 79 CVEs
Crimson Palace returns: New Tools, Tactics, and Targets 
Atomic macOS Stealer leads sensitive data theft on macOS
PortSwigger Research
New crazy payloads in the URL Validation Bypass Cheat Sheet
Concealing payloads in URL credentials
Introducing the URL validation bypass cheat sheet
Gotta cache 'em all: bending the rules of web cache exploitation
Splitting the email atom: exploiting parsers to bypass access controls
Listen to the whispers: web timing attacks that actually work
Fickle PDFs: exploiting browser rendering discrepancies
A hacking hat-trick: previewing three PortSwigger Research publications coming to DEF CON & Black Hat USA
onwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet
Refining your HTTP perspective, with bambdas
Google Project Zero
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
The Windows Registry Adventure #4: Hives and the registry layout
Effective Fuzzing: A Dav1d Case Study
The Windows Registry Adventure #3: Learning resources
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Driving forward in Android drivers
The Windows Registry Adventure #2: A brief history of the feature
The Windows Registry Adventure #1: Introduction and research results
First handset with MTE on the market
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
AI Research - Sophos
SophosAI team presents three papers on AI applied to cybersecurity at CAMLIS
Political Manipulation with Massive AI Model-driven Misinformation and Microtargeting
SophosAI at Virus Bulletin ’24: Using multimodal AI as a “sixth sense” for cyber defense
Benchmarking the Security Capabilities of Large Language Models
The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI
Sophos AI team to present at CAMLIS
SophosAI at DEF CON: Orchestrating large-scale scams using text, audio and image generative AI
And I Shall Call It Mini-Me GPT: Using Large Language Models to Classify the Uncharted Web
GPT for you and me: Applying AI language processing to cyber defenses
An open-source ML toolkit for automatically generating YARA rules
Unit 42
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 20)
Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them
ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI
Silent Skimmer Gets Loud (Again)
Automatically Detecting DNS Hijacking in Passive DNS
TA Phone Home: EDR Evasion Testing Reveals Extortion Actor's Toolkit
Jumpy Pisces Engages in Play Ransomware
Talos Intelligence
© 2024 RiskDiscovery | Sponsored by: Deception Logic