I collect RSS feeds and have many thousands of articles and it's always growing. I have build this page which generates a list of recent links sorted by category, so it's easy to keep track of vulnerabilities, advisories, tools, exploits, 0days, etc... This list is going to be updated hourly automatically with a cron job.
Links
Table of contents
Trending
GPT-3
- GPT-Neo – Building a GPT-3-sized model, open source and free
- Using GPT-3 for plain language incident root cause from logs
- News & Analysis | No. 263
- OpenAI's New AI Model Draws Images From Text
- DALL·E: Creating Images from Text
- CLIP: Connecting Text and Images
- OpenAI GPT-3 Wrote This Article About Webpack
- Organizational Update from OpenAI
- Your Right to a Refund From Microsoft's OpenAI
- OpenAI Licenses GPT-3 Technology to Microsoft
Corona
- COVID-19 Vaccine Themes Persist in Fraud Schemes
- Smartwatches Can Help Detect COVID-19 Days Before Symptoms Appear
- Hackers 'manipulated' stolen COVID-19 vaccine data before leaking it online
- Transparenzbericht November 2020: Unsere Einnahmen und Ausgaben und eine neue Realität
- Community: TikTok-Expertin trotz widriger Umstände
- 35+ COVID-19 cybersecurity statistics: Have threats increased?
- Man found 'living in airport for three months' over Covid fears
- 7% of Americans Have Had Covid-19
- Florida's Whistleblower Covid-19 Data Manager Arrested Today
- Washing Your Hands Online: Applying COVID-19 Lessons to Cybersecurity
Zoom
- 35+ COVID-19 cybersecurity statistics: Have threats increased?
- 5 Simple Strategies To Build Trust in Remote Teams
- Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers
- Zoom improvements requested by music schools
- How phishing attacks are evolving and why you should care
- 2021 Threat Predictions Report
- Breach of Trust: How Cyber-Espionage Thrives On Human Nature
- Cloudflare Radar's 2020 Year In Review
- Beyond Platforms: Private Censorship, Parler, and the Stack
- 2021 DC Cyber 9/12 Strategy Challenge
TikTok
- Community: TikTok-Expertin trotz widriger Umstände
- Online Far-Right Movements Fracture, as 'Gullible' QAnon Supporters Criticized
- This fake TikTok service promises free followers but gives you free malware instead
- Deplatforming-Debatte: Trump ist weg vom Fenster. Was nun?
- Andrew Yang Kicks Off NYC Mayoral Run With Basic Income Promise
- CISA tells agencies to consider ad blockers to fend off 'malvertising'
- Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole
- TikTok tightens up privacy controls for young users
- TikTok’s couterstance on being questioned upon its way of handling data of users below 18
- TikTok: All Under-16s' Accounts Made Private
Application Security
Tools
- 4 Tools to Schedule Google My Business Posts
- BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
- How to Choose a Tool
- Organizations Should Establish ‘Blame-Free Employee Reporting’ of Suspicious Activity, CISA Says
- Migrating from DC/OS to Kubernetes: The Challenges You May Face
- Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets
- Creating Comfy FreeBSD Jails Using Standard Tools
- ImHex - A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.
- Charting Uniswap Gems For The Next Bull Run: ChartEx Vs. TradingView Vs. Uniswap Vision
- Stop Introducing "Just Any" Software Into Your Business
Vulnerabilities
- Supply Chain Attacks
- 500K+ Records of C-level Individuals Allegedly Leaked on the Darkweb
- BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
- FBI Warns of Employee Credential Phishing via Phone, Chat
- Expired Domain Allowed Researcher to Hijack Country's TLD
- Uncovering Potential Issues with the Contact Form 7 Vulnerability: More Data Needed
- Organizations Should Establish ‘Blame-Free Employee Reporting’ of Suspicious Activity, CISA Says
- ManiMed: Market Analysis
- Secjuice Squeeze 51
- Exploiting Mixed Binaries [pdf]
Exploits
- BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
- Secjuice Squeeze 51
- IBM Spectrum LSF 10.1 / 10.2 Hardcoded Eauth Key / Eauth Key Exposure
- Microsoft Spooler Local Privilege Elevation
- OpenStego Free Steganography Solution 0.8.0
- Cisco UCS Manager 2.2(1d) Remote Command Execution
- Inteno IOPSYS 3.16.4 Root Filesystem Access
- Star Names Wordlist
- Ancient Greek Names Wordlist
- Constellation Names Wordlist
Advisories
- CB-K20/1225 Update 4
- CB-K21/0008 Update 5
- CB-K20/0130 Update 14
- CB-K21/0050
- CB-K19/0391 Update 11
- CB-K19/0080 Update 9
- CB-K20/1167 Update 9
- CB-K20/1097 Update 1
- CB-K20/1189 Update 5
- CB-K20/1096 Update 2
Zero Days
- Lots of zero-day vulnerabilities, and how’s your start of the year?
- ZDI-21-070: Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
- ZDI-21-069: Apple macOS process_token_BlitLibSetup2D Out-Of-Bounds Write Privilege Escalation Vulnerability
- ZDI-21-072: NETGEAR R7450 SOAP API RecoverAdminPassword Improper Access Control Information Disclosure Vulnerability
- ZDI-21-071: NETGEAR R7450 Password Recovery External Control of Critical State Data Authentication Bypass Vulnerability
- City0day database
- ZDI-21-065: SolarWinds Network Performance Monitor ExecuteVBScript Command Injection Remote Code Execution Vulnerability
- ZDI-21-059: Siemens JT2Go TGA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-21-060: Siemens JT2Go SGI and RGB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
- ZDI-21-062: Siemens JT2Go CG4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Privacy
Surveillance
- Clearview AI biometric data privacy suit sent back to state court
- With the Death of Cash, Privacy Faces a Deeply Uncertain Future
- Is a U.S. National Privacy Law on the Horizon?
- WhatsApp Clarifies New Privacy Policy Update, Says That Data Sharing With Facebook Will Be Limited To Communication With Businesses
- With the Death of Cash, Privacy Faces a Deeply Uncertain Future
- Venice combats overtourism by tracking visitors
- Tracking down a segfault that suddenly started happening
- Belgium: Digital fingerprints on ID cards – no violation of the right to privacy according to the Belgian Constitutional Court
- Selfie-Snapping Rioters Leave FBI a Trail of Over 140,000 Images, Internet sleuthing explodes, raising concerns
- What’s up with WhatsApp’s privacy policy?
Leaks
- Nitro - 0 breached accounts
- OpenWRT Forum User Data Stolen In Weekend Data Breach
- BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
- OpenWRT reports data breach after hacker gained access to forum admin account
- OpenWRT Forum user data stolen in weekend data breach
- VPN Providers Compared
- NZ Reserve Bank Governor Says He 'Owns' Breach
- Hackers 'manipulated' stolen COVID-19 vaccine data before leaking it online
- ‘Child’s Play’ – Kids breach and bypass Linux Mint screensaver lock
- 500K+ records of C-level people from Capital Economics leaked online
OSINT
- Joker’s Stash Carding Market to Call it Quits
- Secjuice Squeeze 51
- Lots of zero-day vulnerabilities, and how’s your start of the year?
- Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets
- Co: Pitkin County COVID-19 case investigations inadvertently exposed online
- 202-Parler: Privacy, Security, & OSINT
- SolarWinds Supply Chain Hack: Investigation Update
- Unemployment Fraud in the Criminal Underground
- Understanding Police Use of ‘Less Lethal’ Munitions
- How to become a Penetration Tester
GDPR
- 35+ COVID-19 cybersecurity statistics: Have threats increased?
- German laptop retailer fined €10.4m under GDPR for video-monitoring employees
- GDPR: German laptop retailer fined €10.4m for video-monitoring employees
- German laptop retailer fined $12.7M under GDPR for employee surveillance
- Polish DPA fines Virgin Mobile Polska €460,000: Incidental safeguards review is not regular testing of technical measures
- How a VPN can protect your online privacy
- It’s Business As Usual At WhatsApp
- Maze Ransomware is Dead. Or is it?
- Is your data your personal property?
- Cybersecurity Ethics: Establishing a Code for Your SOC
Scams
Phishing
- OpenWRT Forum User Data Stolen In Weekend Data Breach
- BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
- OpenWRT forum hacked, intruders stole user data
- FBI Warns of Employee Credential Phishing via Phone, Chat
- Organizations Should Establish ‘Blame-Free Employee Reporting’ of Suspicious Activity, CISA Says
- 18th January – Threat Intelligence Report
- COVID-19 Vaccine Themes Persist in Fraud Schemes
- Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million
- How Chrome Extensions Became an Attack Vector for Hackers (Part 1) 🔓
- A week in security (January 11 – January 17)
SPAM
- Rewterz Threat Alert – New Variant of Ursnif Using Invoice Malspam
- Rewterz Threat Alert – JavaScript RAT Targeting Asian Government and Financial Sector
- 35+ COVID-19 cybersecurity statistics: Have threats increased?
- How Hackers Use SEO Spamming To Hijack Your Ranking Positions
- Rewterz Threat Alert – Fresh IOCs – Emotet
- Rewterz Threat Alert – LokiBot – Fresh IOCs
- Unemployment Fraud in the Criminal Underground
- Rewterz Threat Alert – Dridex Banking Malware
- How phishing attacks are evolving and why you should care
- FTC Settlement With Ever Orders Data and AIs Deleted After Facial Recognition Pivot
Frauds
- FBI Warns of Employee Credential Phishing via Phone, Chat
- Election Fraud Misinformation Dropped Significantly After Twitter Banned Trump
- COVID-19 Vaccine Themes Persist in Fraud Schemes
- Italian police accuse cryptocurrency exchange boss of huge fraud - Reuters India
- Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million
- Underground Carding Marketplace Joker's Stash Announces Shutdown
- How Online Merchants Can Reduce Credit Card Fraud
- 35+ COVID-19 cybersecurity statistics: Have threats increased?
- Online Misinformation Dropped Dramatically After Twitter Banned Trump
- Italian police accuse cryptocurrency exchange boss of huge fraud - Reuters India
Malware
Badware
- Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack
- IObit forums hacked in widespread DeroHE ransomware attack
- Secjuice Squeeze 51
- CHwapi hospital hit by ransomware; operations canceled, and another city hit
- Backdoor.Win32.Mnets Remote Stack Buffer Overflow
- Backdoor.Win32.Whgrx Remote Stack Buffer Overflow
- 18th January – Threat Intelligence Report
- Backdoor.Win32.Latinus.b Remote Buffer Overflow
- Backdoor.Win32.Nucleroot.t MaskPE 1.6 Local Buffer Overflow
- Backdoor.Win32.Nucleroot.bi MaskPE 2.0 Local Buffer Overflow
Antivirus (snakeoil)
- Supply Chain Attacks
- What happens if my phone is stolen?
- Government Data Sharing | Avast
- Private AI Research Institute | Avast
- WhatsApp Data Privacy | Avast
- AUTOBUY | AUTHENTIC SOFTWARE KEYS | NORTON, WINDOWS 10 PRO, OFFICE 365 AND MORE!
- SysWhispers2 - AV/EDR Evasion Via Direct System Calls
- Telegram security and privacy tips
- AI set to replace humans in cybersecurity by 2030, says Trend Micro
- Honoring Martin Luther King Jr.’s Legacy with McAfee’s African Heritage Community
Ransomware
- Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack
- IObit forums hacked in widespread DeroHE ransomware attack
- Secjuice Squeeze 51
- CHwapi hospital hit by ransomware; operations canceled, and another city hit
- 18th January – Threat Intelligence Report
- Lots of zero-day vulnerabilities, and how’s your start of the year?
- Scottish Environment Protection Agency refuses to pay ransomware crooks over 1.2GB of stolen data
- Stolen Employee Credentials Put Leading Gaming Companies at Risk of Severe Cyber Attacks
- Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million
- Hackers leverage sophisticated and novel techniques to break into networks
Trojans, RATs
- Backdoor.Win32.Mnets Remote Stack Buffer Overflow
- Backdoor.Win32.Whgrx Remote Stack Buffer Overflow
- Backdoor.Win32.Latinus.b Remote Buffer Overflow
- Backdoor.Win32.Nucleroot.t MaskPE 1.6 Local Buffer Overflow
- Backdoor.Win32.Nucleroot.bi MaskPE 2.0 Local Buffer Overflow
- Rewterz Threat Alert – JavaScript RAT Targeting Asian Government and Financial Sector
- Multiple backdoors and vulnerabilities discovered in FiberHome routers
- Backdoor.Win32.Whgrx / Remote Host Header Stack Buffer Overflow
- Backdoor.Win32.Mnets / Remote Stack Buffer Overflow UDP Proto
- Backdoor.Win32.Mnets / Remote Stack Buffer Overflow (UDP Proto)
Operating systems
Windows
- IObit forums hacked in widespread DeroHE ransomware attack
- Bug in Windows 10: Pfadangabe kann Bluescreen verursachen
- Secjuice Squeeze 51
- 18th January – Threat Intelligence Report
- What are Microsoft Windows Display Drivers? - A Brief Overview
- Lots of zero-day vulnerabilities, and how’s your start of the year?
- CVE-2020-7343
- full db guy4game.com WOW Gold
- A week in security (January 11 – January 17)
- How to manually configure a VPN on Windows 10
Linux
- Debian LTS: DLA-2528-1: gst-plugins-bad1.0 security update>
- Debian: DSA-4833-1: gst-plugins-bad1.0 security update>
- CB-K20/1225 Update 4
- OpenWRT forum hacked, intruders stole user data
- Mastering Kali Linux for Advanced Penetration Testing and more Likely
- RedHat: RHSA-2021-0037:01 Moderate: OpenShift Container Platform 4.6.12 bug>
- RedHat: RHSA-2021-0039:01 Moderate: OpenShift Container Platform 4.6.12>
- RedHat: RHSA-2021-0167:01 Important: postgresql:9.6 security update>
- RedHat: RHSA-2021-0166:01 Important: postgresql:10 security update>
- RedHat: RHSA-2021-0165:01 Important: libpq security update>
Android
- Parler CEO Brings Back Website, Promises Service Will Follow 'Soon'
- CB-K21/0008 Update 5
- Secjuice Squeeze 51
- 18th January – Threat Intelligence Report
- Top 9 TV App Builders To Create OTT TV Apps For Android, IOS, Smart TV's
- Lots of zero-day vulnerabilities, and how’s your start of the year?
- DuckDuckGo Surpasses 100 Million Daily Search Queries For the First Time
- You're using your Android and Mac's fingerprint reader all wrong
- What happens if my phone is stolen?
- President Biden’s Peloton exercise equipment under scrutiny
Apple
- Sosumi Snap – Download and Install macOS in Ubuntu
- Apple’s MLK Quote
- Apple's iPhone 13 Could Ditch the Lightning Port, Feature Next-Gen Vapor Chamber Cooling and In-Screen Fingerprint Sensor
- Smartwatches Can Help Detect COVID-19 Days Before Symptoms Appear
- Popular Podcasts App Pocket Casts Is Up For Sale: Where Did It Go Wrong?
- Apple Pulls the Plug on User-Found Method To Sideload iOS Apps on Mac
- Top 9 TV App Builders To Create OTT TV Apps For Android, IOS, Smart TV's
- Safari 14 Added WebExtensions Support. So Where Are the Extensions?
- ZDI-21-070: Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
- ZDI-21-069: Apple macOS process_token_BlitLibSetup2D Out-Of-Bounds Write Privilege Escalation Vulnerability
BSD
- Creating Comfy FreeBSD Jails Using Standard Tools
- Jamie Zawinski Calls Cinnamon Screensaver Lock-Bypass Bug 'Unconscionable'
- FreeBSD 2020 Q4 Status Report
- BSD Release: GhostBSD 21.01.15
- Exploring Swap on FreeBSD
- Preliminary OpenBSD Support Added to OBS Studio
- Virtualize Your Network on FreeBSD with VNET
- Running BSDs on AMD Ryzen 5000 Series – FreeBSD/Linux Benchmarks
- FreeBSD src repository has transitioned from Subversion to Git
- Cybersecurity errors at Nakatomi
Emacs
- 2021-01-18 Emacs news
- The values of Emacs, the Neovim revolution, and the VSCode gorilla
- Jamie Zawinski Calls Cinnamon Screensaver Lock-Bypass Bug 'Unconscionable'
- Xah Emacs Fun Index
- Emacs: Novel Reading Mode
- Yesterday’s Date
- Xah Emacs Packages
- Emacs: Move Image File
- xah fly keys, setup major mode keys
- Emacs go-mode gofmt diff problem
Phishing
- OpenWRT Forum User Data Stolen In Weekend Data Breach
- BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
- OpenWRT forum hacked, intruders stole user data
- FBI Warns of Employee Credential Phishing via Phone, Chat
- Organizations Should Establish ‘Blame-Free Employee Reporting’ of Suspicious Activity, CISA Says
- 18th January – Threat Intelligence Report
- COVID-19 Vaccine Themes Persist in Fraud Schemes
- Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million
- How Chrome Extensions Became an Attack Vector for Hackers (Part 1) 🔓
- A week in security (January 11 – January 17)
SPAM
- Rewterz Threat Alert – New Variant of Ursnif Using Invoice Malspam
- Rewterz Threat Alert – JavaScript RAT Targeting Asian Government and Financial Sector
- 35+ COVID-19 cybersecurity statistics: Have threats increased?
- How Hackers Use SEO Spamming To Hijack Your Ranking Positions
- Rewterz Threat Alert – Fresh IOCs – Emotet
- Rewterz Threat Alert – LokiBot – Fresh IOCs
- Unemployment Fraud in the Criminal Underground
- Rewterz Threat Alert – Dridex Banking Malware
- How phishing attacks are evolving and why you should care
- FTC Settlement With Ever Orders Data and AIs Deleted After Facial Recognition Pivot
Frauds
- FBI Warns of Employee Credential Phishing via Phone, Chat
- Election Fraud Misinformation Dropped Significantly After Twitter Banned Trump
- COVID-19 Vaccine Themes Persist in Fraud Schemes
- Italian police accuse cryptocurrency exchange boss of huge fraud - Reuters India
- Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million
- Underground Carding Marketplace Joker's Stash Announces Shutdown
- How Online Merchants Can Reduce Credit Card Fraud
- 35+ COVID-19 cybersecurity statistics: Have threats increased?
- Online Misinformation Dropped Dramatically After Twitter Banned Trump
- Italian police accuse cryptocurrency exchange boss of huge fraud - Reuters India