β³ Time is ticking! Black Friday is your chance to get πππΏπ½ ππΌππ»ππ π£πΏπΌ and πππΏπ½ ππΌππ»ππ ππΌ with 40% OFF!
π―Advanced customization, faster audits, and the power to detect vulnerabilities with less effort.
πDonβt wait! bountysecurity.ai
π―Advanced customization, faster audits, and the power to detect vulnerabilities with less effort.
πDonβt wait! bountysecurity.ai
π4β€3
Sonar launches integration program to unify code governance across the SDLC
https://www.sonarsource.com/blog/sonar-launches-integration-program/
https://www.sonarsource.com/blog/sonar-launches-integration-program/
Sonarsource
Sonar launches integration program to unify code governance across the SDLC
We are thrilled to announce the launch of the Sonar Integration Program. This strategic initiative formalizes and expands our partner ecosystem, unifying SonarQube's integrations with leading technology partners under a single, comprehensive program.
β€3
How I Hacked an AI Chatbot to Expose Thousands of Customer Records (IDOR + Prompt Injection)
https://medium.com/@sumitshahorg/how-i-hacked-an-ai-chatbot-to-expose-thousands-of-customer-records-idor-prompt-injection-760092ed99a4
https://medium.com/@sumitshahorg/how-i-hacked-an-ai-chatbot-to-expose-thousands-of-customer-records-idor-prompt-injection-760092ed99a4
Medium
How I Hacked an AI Chatbot to Expose Thousands of Customer Records (IDOR + Prompt Injection)
Hey there, security enthusiasts and fellow hackers! πββοΈ
β€12
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
Sonarsource
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
Enhance compliance and security with the new audit logs for SonarQube Cloud Enterprise plan. Get a chronological record of key IAM events, accessible via API to integrate with your SIEM tools.
π€2β€1
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
https://herish.me/blog/cache-poisoning-case-studies-part-1-foundational-attacks/
https://herish.me/blog/cache-poisoning-case-studies-part-1-foundational-attacks/
herish.me
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
Dive into $100K+ cache poisoning vulnerabilities. Part 1 covers real-world attacks on HackerOne, GitHub, and Shopify. Read the analysis!
β€6
Nuclei Templates - November 2025 β ProjectDiscovery Blog
https://projectdiscovery.io/blog/nuclei-templates-november-2025
https://projectdiscovery.io/blog/nuclei-templates-november-2025
ProjectDiscovery
Nuclei Templates - November 2025 β ProjectDiscovery Blog
Summary of Releases v10.3.2 & v10.3.4
This month, we had two releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
π November Stats
Release
New Templates Added
CVEs Added
First-time Contributors
Bountiesβ¦
This month, we had two releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
π November Stats
Release
New Templates Added
CVEs Added
First-time Contributors
Bountiesβ¦
π₯5β€4
CSP Bypasses: Advanced Exploitation Guide
https://www.intigriti.com/researchers/blog/hacking-tools/content-security-policy-csp-bypasses
https://www.intigriti.com/researchers/blog/hacking-tools/content-security-policy-csp-bypasses
Intigriti
CSP Bypasses: Advanced Exploitation Guide
Learn how to identify and hunt for Content Security Policy (CSP) bypasses using multiple testing methods. Read the article now!
β€3π₯2
PortSwigger x TryHackMe: Supporting Advent of Cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
PortSwigger Blog
PortSwigger x TryHackMe: Supporting Advent of Cyber
Every December, TryHackMeβs Advent of Cyber brings the security community together around a simple idea: learn something new by getting hands-on. Each day during the festive season reveals a beginner-
π5β€4
SonarQube Compare Community vs Developer vs Enterprise vs Data Center
https://www.sonarsource.com/blog/sonarqube-compare-editions/
https://www.sonarsource.com/blog/sonarqube-compare-editions/
Sonarsource
SonarQube Compare Community vs Developer vs Enterprise vs Data Center
SonarQube has emerged as a leading automated code review platform that empowers development teams to achieve a high level of code quality and code security.
π3β€1
How AI is leveraged to enhance the Intigriti platform.
https://www.intigriti.com/blog/news/how-ai-is-leveraged-to-enhance-the-intigriti-platform
https://www.intigriti.com/blog/news/how-ai-is-leveraged-to-enhance-the-intigriti-platform
Intigriti
How AI is leveraged to enhance the Intigriti platform.
How Intigriti uses the implementation of AI to solve three key business challenges relating to vulnerability submissions.
β€2π2
Introducing constant-time support for LLVM to protect cryptographic code
https://blog.trailofbits.com/2025/12/02/introducing-constant-time-support-for-llvm-to-protect-cryptographic-code/
https://blog.trailofbits.com/2025/12/02/introducing-constant-time-support-for-llvm-to-protect-cryptographic-code/
The Trail of Bits Blog
Introducing constant-time support for LLVM to protect cryptographic code
Trail of Bits developed constant-time coding support for LLVM that prevents compilers from breaking cryptographic implementations vulnerable to timing attacks, introducing the __builtin_ct_select family of intrinsics that preserve constant-time propertiesβ¦
β€2
Introducing Neo, an AI security engineer for complex security tasks β ProjectDiscovery Blog
https://projectdiscovery.io/blog/introducing-neo
https://projectdiscovery.io/blog/introducing-neo
ProjectDiscovery
Introducing Neo, an AI security engineer for complex security tasks β ProjectDiscovery Blog
Neo is a cloud-based AI security engineer that works alongside your team and takes on real security tasks like a true co-engineer. As it operates, it continuously learns your systems and processes, improving over time just like an engineer ramping up on yourβ¦
π3β€2
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
Sonarsource
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
Enhance compliance and security with the new audit logs for SonarQube Cloud Enterprise plan. Get a chronological record of key IAM events, accessible via API to integrate with your SIEM tools.
β€3
InQL v6.1.0 Just Landed with New Features and Contribution Swag! π · Doyensec's Blog
https://blog.doyensec.com/2025/12/02/inql-v610.html
https://blog.doyensec.com/2025/12/02/inql-v610.html
Doyensec
InQL v6.1.0 Just Landed with New Features and Contribution Swag! π
We are excited to announce a new release of our Burp Suite Extension - InQL v6.1.0! The complete re-write from Jython to Kotlin in our previous update (v6.0.0) laid the groundwork for us to start implementing powerful new features, and this update deliversβ¦
β€2
Forwarded from Android Security & Malware
Reverse engineering Bluetooth on Amazon Kindle eReaders
https://sighery.com/posts/reverse-engineering-bluetooth-on-kindle-ereaders/
https://sighery.com/posts/reverse-engineering-bluetooth-on-kindle-ereaders/
Sighery
Reverse engineering Bluetooth on Amazon Kindle eReaders
A journey of learning C and reverse engineering to be more efficiently lazy
β€6
Forwarded from Android Security & Malware
[Beginners] All About Android Pentesting: A Complete Methodology
https://xcheater.medium.com/all-about-android-pentesting-f047b7c7e0f1
https://xcheater.medium.com/all-about-android-pentesting-f047b7c7e0f1
Medium
All About Android Pentesting: A Complete Methodology
Complete Android application security testing guide: Static & dynamic testing, root detection bypass, SSL pinning, and common vulnβ¦
Critical RCE Vulnerabilities Discovered in React & Next.js | Wiz Blog
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
wiz.io
React2Shell (CVE-2025-55182): Critical React Vulnerability | Wiz Blog
React2Shell (CVE-2025-55182) is a critical RCE vulnerability in React Server Components. Learn which versions are impacted and how to mitigate.
β€11
Android expands pilot for in-call scam protection for financial apps
http://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
http://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Google Online Security Blog
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Goo...
β€3
Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
www.aikido.dev
Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks
AI-driven GitHub Actions expose new prompt-injection supply chain vulnerabilities.
β€6