How Android provides the most effective protection to keep you safe from mobile scams
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Google Online Security Blog
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Ab...
❤2
Modular DS Adds Patchstack-Powered Security: Introducing Patch & Protect - Patchstack
https://patchstack.com/articles/modular-ds-adds-patchstack-powered-security-introducing-patch-protect/
https://patchstack.com/articles/modular-ds-adds-patchstack-powered-security-introducing-patch-protect/
❤3
Forwarded from Android Security & Malware
[beginners] Deep dive into Android Pentesting
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
❤11
Intigriti Bug Bytes #229 - October 2025 🚀
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-229-october-2025
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-229-october-2025
The cryptography behind electronic passports
https://blog.trailofbits.com/2025/10/31/the-cryptography-behind-electronic-passports/
https://blog.trailofbits.com/2025/10/31/the-cryptography-behind-electronic-passports/
The Trail of Bits Blog
The cryptography behind electronic passports
This blog post describes how electronic passports work, the threats within their threat model, and how they protect against those threats using cryptography. It also discusses the implications of using electronic passports for novel applications, such as…
❤6
Hacktober 2025 - Nuclei Templates — ProjectDiscovery Blog
https://projectdiscovery.io/blog/hacktober-2025-nuclei-templates
https://projectdiscovery.io/blog/hacktober-2025-nuclei-templates
ProjectDiscovery
Hacktober 2025 - Nuclei Templates — ProjectDiscovery Blog
Summary of Releases v10.3.0 & v10.3.1
This month, we had two major releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
🚀 Hacktober Stats
Release
New Templates Added
CVEs Added
First-time Contributors…
This month, we had two major releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
🚀 Hacktober Stats
Release
New Templates Added
CVEs Added
First-time Contributors…
How Android provides the most effective protection to keep you safe from mobile scams
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Google Online Security Blog
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Ab...
❤1
Release v3.4.5 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.5
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.5
GitHub
Release v3.4.5 · projectdiscovery/nuclei
What’s Changed
Bug Fixes
Fix memory blowup in multi-protocol templates by @dwisiswant0 #6258
Fix JSON unmarshalling for dynamic auth type in authx by @dwisiswant0 #6268
Use proxy settings in DNS a...
Bug Fixes
Fix memory blowup in multi-protocol templates by @dwisiswant0 #6258
Fix JSON unmarshalling for dynamic auth type in authx by @dwisiswant0 #6268
Use proxy settings in DNS a...
❤3
How has AI changed your workflow? Share your story in Sonar
https://www.sonarsource.com/blog/developer-survey-request/
https://www.sonarsource.com/blog/developer-survey-request/
Sonarsource
How has AI changed your workflow? Share your story in Sonar's State of Code developer survey
Artificial intelligence is rapidly changing how we develop software. But beyond the hype, how are developers like you actually using these new tools in your daily workflows? To find out, we're kicking off our first annual State of Code developer research…
❤5
Next.js Security Testing Guide for Bug Hunters and Pentesters
https://deepstrike.io/blog/nextjs-security-testing-bug-bounty-guide
https://deepstrike.io/blog/nextjs-security-testing-bug-bounty-guide
DeepStrike
Next.js Security Testing Guide for Bug Hunters and Pentesters
Learn how to assess Next.js apps for SSRF, XSS, CSTI, SSTI, CSRF, cache issues, and data leaks. Practical tips, checks, and tools for bug bounty and pentesting.
❤14
CVE-2025-52665 - RCE in Unifi Access ($25,000)
https://www.catchify.sa/post/cve-2025-52665-rce-in-unifi-os-25-000
https://www.catchify.sa/post/cve-2025-52665-rce-in-unifi-os-25-000
Catchify
CVE-2025-52665 - $25K RCE in UniFi Access | Catchify
Technical writeup: Pre-auth RCE via command injection in Ubiquiti UniFi Access backup API. Discovered by Catchify Security.
👍3👎2
❤6
What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)
https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/
https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/
watchTowr Labs
What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)
Happy Friday, friends and.. others.
We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!
What’re We Doing Today, Mr Fox?
Today, in a tale that seems all too familar at this point,
We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!
What’re We Doing Today, Mr Fox?
Today, in a tale that seems all too familar at this point,
Infrastructure Collapse: How a Forgotten Folder in Coca-Cola’s Network Exposed Critical…
https://medium.com/legionhunters/infrastructure-collapse-how-a-forgotten-folder-in-coca-colas-network-exposed-critical-a4d9dc1ab8a6
https://medium.com/legionhunters/infrastructure-collapse-how-a-forgotten-folder-in-coca-colas-network-exposed-critical-a4d9dc1ab8a6
Medium
Infrastructure Collapse: How a Forgotten Folder in Coca-Cola’s Network Exposed Critical Administrative Data
Hello Bug Hunters!
👏2
At the forefront of ethical hacking: What’s Intigriti’s impact and position?
https://www.intigriti.com/blog/business-insights/at-the-forefront-of-ethical-hacking-what-s-intigriti-s-impact-and-position
https://www.intigriti.com/blog/business-insights/at-the-forefront-of-ethical-hacking-what-s-intigriti-s-impact-and-position
Intigriti
At the forefront of ethical hacking: What’s Intigriti’s impact and position?
Organizations are increasingly seeking platforms that prioritize quality over quantity, fast response times, and strict data compliance. Here are eight elements to consider when selecting your bug bounty provider.
Release v3.4.8 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.8
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.8
GitHub
Release v3.4.8 · projectdiscovery/nuclei
What's Changed
Features & Improvements
Remove singletons from Nuclei engine (continuation of #6210) (#6296) by @hdm
Address race conditions in http.Request and MemGuardian (#6321) by @hdm
...
Features & Improvements
Remove singletons from Nuclei engine (continuation of #6210) (#6296) by @hdm
Address race conditions in http.Request and MemGuardian (#6321) by @hdm
...
Exploiting JWT Vulnerabilities: Advanced Exploitation Guide
https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-jwt-vulnerabilities
https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-jwt-vulnerabilities
Intigriti
Exploiting JWT Vulnerabilities: Advanced Exploitation Guide
Learn how to identify and exploit JSON Web Token (JWT) vulnerabilities using several different testing methods. Read the article now!
Introducing Credential Monitoring — ProjectDiscovery Blog
https://projectdiscovery.io/blog/leaked-credential-monitoring
https://projectdiscovery.io/blog/leaked-credential-monitoring
ProjectDiscovery
Introducing Credential Monitoring — ProjectDiscovery Blog
Imagine discovering that your company's login credentials are sitting in plain sight on the internet, accessible to anyone who knows where to look. Unfortunately, this isn't hypothetical – it's happening right now to organizations worldwide through malware…
Release v3.4.6 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.6
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.6
GitHub
Release v3.4.6 · projectdiscovery/nuclei
What's Changed
Fixed context leak in flow by @tarunKoyalwar in #6282
Other Changes
fixed log level mismatch by @knakul853 in #6271
fixed hex dump issue by @knakul853 in #6273
fix(headless): ...
Fixed context leak in flow by @tarunKoyalwar in #6282
Other Changes
fixed log level mismatch by @knakul853 in #6271
fixed hex dump issue by @knakul853 in #6273
fix(headless): ...
Release v3.4.7 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.7
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.7
GitHub
Release v3.4.7 · projectdiscovery/nuclei
What's Changed
Other Changes
Fixed issue with go install (github.com/zmap/zgrab2 v0.2.0 => v0.1.8) by @dwisiswant0 in #6295
Full Changelog: v3.4.6...v3.4.7
Other Changes
Fixed issue with go install (github.com/zmap/zgrab2 v0.2.0 => v0.1.8) by @dwisiswant0 in #6295
Full Changelog: v3.4.6...v3.4.7