I collect RSS feeds and have many thousands of articles and it's always growing. I have build this page which generates a list of recent links sorted by category, so it's easy to keep track of vulnerabilities, advisories, tools, exploits, 0days, etc... This list is going to be updated hourly automatically with a cron job.
Links
Table of contents
Trending
GPT-3
- News & Analysis | No. 275
- OpenAI's Text-Generating System GPT-3 is Now Spewing Out 4.5 Billion Words a Day
- The makers of Eleuther hope it will be an open source alternative to GPT-3
- OpenAI's Sam Altman: AI-Generated Wealth Will Enable a $13,500-a-Year Basic Income
- GPT-3 Powers the Next Generation of Apps
- Real World Examples of GPT-3 Plain Language Root Cause Summaries
- GPT-3 tries pickup lines
- AI Image Synthesis: What The Future Holds
- GPT-3 vs. 3M free-text trivia responses
- Scaling Kubernetes to 7,500 Nodes
Corona
- De: Another data breach in COVID-19 test centers
- Officials Use COVID To Create Statewide Vehicle Surveillance Programs Run By Rekor Systems
- Wormable Android Malware Spotted in Android Play Store Spreads Malware via WhatsApp
- Wochenrückblick KW 14: Im April ist nicht nur das Wetter durchwachsen
- The post-COVID world this week: Brazil’s latest wave, keys to Africa’s recovery, and how startups can play a role in an economic rebound
- Sicherheitslücke: Wieder Datenpanne in Corona-Testzentren
- India uses controversial Aadhaar facial biometrics to identify COVID vaccination recipients
- Android apps targeting JIO users in India
- Watch Out For United Nations COVID-19 Compensation Email Scams
- Berliner Datenschützer: Ärger mit Corona – und der Polizei
Zoom
- Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input
- CVE-2021-30480
- Pwn2Own 2021: Zero-click Zoom exploit among winners as payout record smashed
- Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool
- Zoom zero-day discovery
- Gehackt: Windows, Ubuntu, Exchange, Teams, Zoom, Chrome, Safari und Edge
- 6 Simple Remote Work Security Mistakes and How to Avoid Them
- Critical Zoom vulnerability triggers remote code execution without user input
- These Zoom security flaws could allow hackers to hijack your device
- Windows 10 hacked again at Pwn2Own, Chrome and Zoom also fall
TikTok
- Adware Spreads via Fake TikTok App, Laptop Offers
- Android apps targeting JIO users in India
- 關於 TikTok 與抖音的常見問題
- YouTube Is Once Again the Most Popular Social Media Platform
- Emerging deepfake technology could have security implications for businesses
- Secjuice Squeeze 60
- EFF to Court: Don’t Let Pseudo-IP Thwart Speech, Innovation, and Competition
- Is TikTok Really a National Security Threat? New Report From University of Toronto Says No
- Christopher Parsons Delivers Testimony to Special Committee on Canada-China Relations
- Red Room Research for the BBC
Application Security
Tools
- Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques
- Study claims Facebook’s ad tools present gender inequality in its approach
- 5 Awesome Digital Tools That Will Make Your Business Grow
- SNOWCRASH - A Polyglot Payload Generator
- How To Improve Code Quality With Code Reviews and Refactoring
- PoisonApple - macOS Persistence Tool
- Monster Mash: A Sketch-Based Tool for Casual 3D Modeling and Animation
- GRAudit Grep Auditing Tool 2.9
- MDR Vendor Must-Haves, Part 5: Multiple Threat Detection Methodologies, Including Deep Attacker Behavior Analysis
- Fraudsters Flooding Collaboration Tools With Malware
Vulnerabilities
- Compiling C to printable x86 to make an executable research paper (2017) [video]
- Hotlinking and Cool Exploits
- Valve accused of ignoring existing RCE vulnerability in Source games for 2 years
- Ca: Durham Region hit by cyberattack
- Cyberthreat update from Acronis CPOCs: Week of April 5, 2021
- SerpScan -Automate your Recon using search engines
- Why was cycling not included in the ancient Olympics? (2004) [pdf]
- Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input
- Financial industry preps for proposal that would require 36-hour breach notification
- Zerodium will pay $300K for WordPress RCE exploits
Exploits
- Hotlinking and Cool Exploits
- WhatsApp Two Factory-Auth 2FA Bypass
- Atlassian Jira Service Desk 4.9.1 Cross Site Scripting
- Ignition 2.5.1 Remote Code Execution
- Composr 10.0.36 | Remote Code Execution RCE
- Mmcct | SQL injection Vulnerability
- WhatsApp Two Factory-Auth (2FA) Bypass
- Ignition 2.5.1 Remote Code Execution
- Atlassian Jira Service Desk 4.9.1 Cross Site Scripting
- Composr 10.0.36 | Remote Code Execution (RCE)
Advisories
- DSA-4887 lib3mf
- Rewterz Threat Advisory – CVE-2021-24027 – WhatsApp for Android and WhatsApp Business for Android information disclosure
- CB-K20/1076 Update 21
- CB-K20/0644 Update 9
- CB-K21/0241 Update 5
- CB-K21/0362
- CB-K21/0081 Update 4
- CB-K20/1049 Update 15
- CB-K20/0038 Update 21
- CB-K20/0093 Update 12
Zero Days
- Google’s Project Zero Exposed Zero-Day Bugs Being Exploited by Western Counterterrorism Agencies
- Zoom zero-day discovery
- Digging Into the Third Zero-Day Chrome Flaw of 2021
- Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers
- Google’s Project Zero Finds a Nation-State Zero-Day Operation
- Zoom zero-day discovery makes calls safer, hackers $200,000 richer
- Gods of cyberwar: the booming of an unregulated zero-day industry
- TIM’s Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product
- Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
- Clean Sweep: A 30-Day Guide to a New Cybersecurity Plan
Privacy
Surveillance
- Facebook had ample warning about privacy problems with “contact import” feature
- Pihole-Antitelemetry
- Major Advertiser Works With China to Try Bypassing Apple's Privacy Rules
- Officials Use COVID To Create Statewide Vehicle Surveillance Programs Run By Rekor Systems
- Effective dates for amended Data Privacy law in Japan announced
- More privacy news from here and there…
- Cops Are Using Facial Recognition Technology More Than Previously Revealed
- Alaska’s Consumer Data Privacy Act: Another CCPA Copycat, but With Its Own Unanswered Questions
- Tracking the Russian military buildup near Ukraine
- Am I FLoCed? A New Site to Test Google's Invasive Experiment
Leaks
- De: Another data breach in COVID-19 test centers
- Br: Leak exposes 1.7 TB of customer data from Brazilian fintech iugu
- SG: Possible data breach involving 62,000 e-mails sent to Certis
- Clubhouse data leak: 1.3 million user records leaked online for free
- Cyber Breach Disclosures Still Take More Than a Month
- Follow-up: Adventist Health Physician’s Network fined $40,000 for 2018 breach incident
- Scientists who say the lab-leak hypothesis for SARS-CoV-2 shouldn't be ruled out
- 2 scraped LinkedIn databases with 500m and 827m records sold online
- Episode 112: Wix Takes Aim at WordPress With New Ad Campaign
- 310,000 Records Compromised In University Of Colorado Data Breach, Including Social Security Numbers & University Financial Information
OSINT
- 213-Hashes 101
- What is PII and how can you protect it?
- CA: Servers at El Monte City Hall being replaced; investigation of ‘unauthorized access’ continues
- Anatomy of a Twitter-augmented crypto scam
- Cybercriminals Continue to Exploit Human Nature Through Phishing and Spam Attacks
- DFRLab investigation leads to Facebook takedown of assets affiliated with Georgian March party
- Facebook data leak now under EU data regulator investigation
- Are You One of the 533M People Who Got Facebooked?
- Scylla - The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc...
- Ten Minute Tip: Image Geolocation Part 2
GDPR
- Deceptive Checkboxes Should Not Open Our Checkbooks
- Five Security Best Practices Public Sector Organisations Need to Consider
- Hefty Fine for Booking.com Due to Delayed Data Breach Notification; With Little Financial Information Stolen, Is the Amount Excessive?
- From California to Brazil: Europe’s privacy laws have created a recipe for the world
- Data protection officer career guide
- What is PII and how can you protect it?
- Emerging Edge Computing Use Cases
- Booking.com fined $560,000 for GDPR data breach violation
- Irish Regulator Probes 'Old' Facebook Data Dump
- Securing the Online Storefront: Digital Transformation for Growing eCommerce Businesses
Scams
Phishing
- Hotlinking and Cool Exploits
- Ca: Durham Region hit by cyberattack
- Clubhouse data leak: 1.3 million user records leaked online for free
- Attackers deliver legal threats, IcedID malware via contact form
- Episode 112: Wix Takes Aim at WordPress With New Ad Campaign
- Profiles and Associated Info of Half a Billion LinkedIn Users For Sale on Hacking Forum
- Attackers deliver legal threats, IcedID malware via contact forms
- A deep dive into Saint Bot, a new downloader
- Facebook ads dropped malware posing as Clubhouse app for PC
- Data belonging to over 500 million LinkedIn users sold online to hackers
SPAM
- Hotlinking and Cool Exploits
- Crooks abuse website contact forms to deliver IcedID malware
- Deceptive Checkboxes Should Not Open Our Checkbooks
- Rewterz Threat Alert – Nanocore – Active IoCs
- Android apps targeting JIO users in India
- SMS-Spam nach Datenleck: Facebook will Betroffene nicht informieren
- Rewterz Threat Alert – Active Nanocore IoCs
- Rewterz Threat Alert – LokiBot Malware – IOCs
- Threat Source Newsletter (April 8, 2021)
- Why E-Commerce Security Matters Now More Than Ever
Frauds
- How To Protect Yourself From Fraud and Identity Theft Online
- SEC Accuses Actor of $690 Million Fraud Based on Fake Netflix Deal
- Visa Describes New Skimming Attack Tactics
- Microsoft Open-Sources 'CyberBattleSim' Enterprise Environment Simulator
- CISA Releases Tool to Detect Microsoft 365 Compromise
- The Role of Predictive KYC in Fighting Money Laundering
- Online testing firm agrees to security audit after inquiry from senator
- 330K stolen payment cards and 895K stolen gift cards sold on dark web
- No honor among thieves: Scammers target stolen credit card hubs
- Swarmshop – What goes around comes around: hackers leak other hackers’ data online
Malware
Badware
- Android malware found embedded in APKPure store application
- Crooks abuse website contact forms to deliver IcedID malware
- Cyberthreat update from Acronis CPOCs: Week of April 5, 2021
- Attackers deliver legal threats, IcedID malware via contact form
- Ransomware attacks: Ansal fears data loss
- Wormable Android Malware Spotted in Android Play Store Spreads Malware via WhatsApp
- Fr: City of Isle-sur-la-Sorgue victim of ransomware; won’t pay €500,000 demand
- 2021-04-09 - IcedID (Bokbot) infection from zipped JS file
- The Week in Ransomware - April 9th 2021 - Massive ransom demands
- Maze/Egregor ransomware cartel estimated to have made $75 million
Antivirus (snakeoil)
- APKPure is not safe, distributes Trojans | Kaspersky official blog
- Coordinated Cyberattack Targets EU Institutions | Avast
- Text files weaponized by vulnerability in macOS | Kaspersky official blog
- CB-K21/0354
- CB-K21/0350
- Tech support scammers lure victims with fake antivirus billing emails
- What is PII and how can you protect it?
- CVE-2021-1404
- CVE-2021-1405
- CVE-2021-1252
Ransomware
- Crooks abuse website contact forms to deliver IcedID malware
- Cyberthreat update from Acronis CPOCs: Week of April 5, 2021
- Attackers deliver legal threats, IcedID malware via contact form
- Ransomware attacks: Ansal fears data loss
- Fr: City of Isle-sur-la-Sorgue victim of ransomware; won’t pay €500,000 demand
- The Week in Ransomware - April 9th 2021 - Massive ransom demands
- Maze/Egregor ransomware cartel estimated to have made $75 million
- CZ: Olomouc paralyzed by a cyberattack. All municipal services remain unavailable.
- Financial industry preps for proposal that would require 36-hour breach notification
- Dutch transport company Bakker Logistiek impacted by ransomware attack
Trojans, RATs
- PHP Team Averted a Supply Chain Attack After Hackers Compromised Their Self-Hosted Git Server and Inserted a Backdoor
- Malicious code in APKPure app
- APKPure is not safe, distributes Trojans | Kaspersky official blog
- Trojan.Win32.Hotkeychick.d / Insecure Permissions
- Trojan-Downloader.Win32.Genome.omht / Insecure Permissions
- Trojan.Win32.Hotkeychick.d / Insecure Permissions
- Trojan-Downloader.Win32.Genome.omht / Insecure Permissions
- Backdoor Added — But Found — in PHP
- No Python interpreter? this simple RAT installs its own copy
- Trojan detected in APKPure Android app store client software
Operating systems
Windows
- Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques
- Hands-on with Windows 10's new Google Discover-like news feature
- Windows 10 will soon let you tell Microsoft how you use your PC
- Windows 10 will soon let you configure six different usage modes
- Wormable Android Malware Spotted in Android Play Store Spreads Malware via WhatsApp
- SNOWCRASH - A Polyglot Payload Generator
- SerpScan -Automate your Recon using search engines
- Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input
- CVE-2021-30480
- CVE-2021-21196
Linux
- Reactions to Arch Linux's New Guided Installer
- Stable kernels for the weekend
- Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques
- SNOWCRASH - A Polyglot Payload Generator
- Linux kernel incorrect computation of branch displacements in BPF JIT compiler
- CVE-2021-21199
- CVE-2021-21432
- Episode 112: Wix Takes Aim at WordPress With New Ad Campaign
- Rewterz Threat Advisory – CVE-2021-29154 – Linux Kernel privilege escalation
- Rewterz Threat Advisory – CVE-2021-3483 – Linux Kernel code execution
Android
- Android malware found embedded in APKPure store application
- Hackers compromised APKPure client to distribute infected Apps
- Wormable Android Malware Spotted in Android Play Store Spreads Malware via WhatsApp
- 7 Benefits of Using Flutter For Your Next Software Development Project
- Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input
- CVE-2021-25373
- CVE-2021-25381
- CVE-2021-25374
- CVE-2021-25377
- CVE-2021-25357
Apple
- Last Week on My Mac: Big Sur’s broken clock
- Acorn 7.0
- Reactions to Arch Linux's New Guided Installer
- Major Advertiser Works With China to Try Bypassing Apple's Privacy Rules
- The patent troll that won a $308M jury trial against Apple
- PoisonApple - macOS Persistence Tool
- Episode 112: Wix Takes Aim at WordPress With New Ad Campaign
- ★ Et tu, Procter & Gamble?
- Samsung’s ‘iTest’ Lets You Try a Simulated Galaxy Device on Your iPhone
- Drought in Taiwan Pits Chip Makers Against Farmers
BSD
- FreeBSD/arm64 becoming Tier 1 in FreeBSD 13
- Tree.h in OpenBSD: dependency-free intrusive binary tree (2002)
- Run Bhyve in FreeBSD jails – The view from inside the forest (2020)
- OpenBSD OpenSMTPD 6.6 Remote Code Execution
- UAC - Unix-like Artifacts Collector
- I got the GNU Modula-2 compiler working on OpenBSD
- OpenBSD adds support for Coordinated Mars Time
- SharpDPAPI - A C# Port Of Some Mimikatz DPAPI Functionality
- Seatbelt - A C# Project That Performs A Number Of Security Oriented Host-Survey "Safety Checks" Relevant From Both Offensive And Defensive Security Perspectives
- Rubeus - C# Toolset For Raw Kerberos Interaction And Abuses
Emacs
- Weekly review: Week ending April 9, 2021
- formatting updates.
- Xah Talk Show 2021-04-09 beginner emacs lisp tutorial. xah-html-copy-change-relative-link
- Emacs: Undo/Redo Saga
- Native Compilation: Ready to Merge
- GLT21: Emacs Org mode Features You May Not Know
- Grabbing the Youtube auto-generated captions is pretty useful when making Emacs News
- Running a Shell Command from Emacs
- 2021-04-05 Emacs news
- Reading PDF Files with DocView
Phishing
- Hotlinking and Cool Exploits
- Ca: Durham Region hit by cyberattack
- Clubhouse data leak: 1.3 million user records leaked online for free
- Attackers deliver legal threats, IcedID malware via contact form
- Episode 112: Wix Takes Aim at WordPress With New Ad Campaign
- Profiles and Associated Info of Half a Billion LinkedIn Users For Sale on Hacking Forum
- Attackers deliver legal threats, IcedID malware via contact forms
- A deep dive into Saint Bot, a new downloader
- Facebook ads dropped malware posing as Clubhouse app for PC
- Data belonging to over 500 million LinkedIn users sold online to hackers
SPAM
- Hotlinking and Cool Exploits
- Crooks abuse website contact forms to deliver IcedID malware
- Deceptive Checkboxes Should Not Open Our Checkbooks
- Rewterz Threat Alert – Nanocore – Active IoCs
- Android apps targeting JIO users in India
- SMS-Spam nach Datenleck: Facebook will Betroffene nicht informieren
- Rewterz Threat Alert – Active Nanocore IoCs
- Rewterz Threat Alert – LokiBot Malware – IOCs
- Threat Source Newsletter (April 8, 2021)
- Why E-Commerce Security Matters Now More Than Ever
Frauds
- How To Protect Yourself From Fraud and Identity Theft Online
- SEC Accuses Actor of $690 Million Fraud Based on Fake Netflix Deal
- Visa Describes New Skimming Attack Tactics
- Microsoft Open-Sources 'CyberBattleSim' Enterprise Environment Simulator
- CISA Releases Tool to Detect Microsoft 365 Compromise
- The Role of Predictive KYC in Fighting Money Laundering
- Online testing firm agrees to security audit after inquiry from senator
- 330K stolen payment cards and 895K stolen gift cards sold on dark web
- No honor among thieves: Scammers target stolen credit card hubs
- Swarmshop – What goes around comes around: hackers leak other hackers’ data online