InQL v6.1.0 Just Landed with New Features and Contribution Swag! 🚀 · Doyensec's Blog
https://blog.doyensec.com/2025/12/02/inql-v610.html
https://blog.doyensec.com/2025/12/02/inql-v610.html
Doyensec
InQL v6.1.0 Just Landed with New Features and Contribution Swag! 🚀
We are excited to announce a new release of our Burp Suite Extension - InQL v6.1.0! The complete re-write from Jython to Kotlin in our previous update (v6.0.0) laid the groundwork for us to start implementing powerful new features, and this update delivers…
❤2
Forwarded from Android Security & Malware
Reverse engineering Bluetooth on Amazon Kindle eReaders
https://sighery.com/posts/reverse-engineering-bluetooth-on-kindle-ereaders/
https://sighery.com/posts/reverse-engineering-bluetooth-on-kindle-ereaders/
Sighery
Reverse engineering Bluetooth on Amazon Kindle eReaders
A journey of learning C and reverse engineering to be more efficiently lazy
❤6
Forwarded from Android Security & Malware
[Beginners] All About Android Pentesting: A Complete Methodology
https://xcheater.medium.com/all-about-android-pentesting-f047b7c7e0f1
https://xcheater.medium.com/all-about-android-pentesting-f047b7c7e0f1
Medium
All About Android Pentesting: A Complete Methodology
Complete Android application security testing guide: Static & dynamic testing, root detection bypass, SSL pinning, and common vuln…
Critical RCE Vulnerabilities Discovered in React & Next.js | Wiz Blog
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
wiz.io
React2Shell (CVE-2025-55182): Critical React Vulnerability | Wiz Blog
React2Shell (CVE-2025-55182) is a critical RCE vulnerability in React Server Components. Learn which versions are impacted and how to mitigate.
❤11
Android expands pilot for in-call scam protection for financial apps
http://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
http://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Google Online Security Blog
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Goo...
❤3
Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
www.aikido.dev
Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks
AI-driven GitHub Actions expose new prompt-injection supply chain vulnerabilities.
❤6
Release v3.6.0 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.6.0
https://github.com/projectdiscovery/nuclei/releases/tag/v3.6.0
GitHub
Release v3.6.0 · projectdiscovery/nuclei
What's Changed
✨ New Features
Write resume file specified by flag by @circleous (#6616)
Javascript Multi-Port Support by @pussycat0x (#6501)
Direct fuzzing using target URL for OpenAPI/Swagger...
✨ New Features
Write resume file specified by flag by @circleous (#6616)
Javascript Multi-Port Support by @pussycat0x (#6501)
Direct fuzzing using target URL for OpenAPI/Swagger...
❤1
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
Sonarsource
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
Enhance compliance and security with the new audit logs for SonarQube Cloud Enterprise plan. Get a chronological record of key IAM events, accessible via API to integrate with your SIEM tools.
❤3
When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection
https://appomni.com/ao-labs/ai-agent-to-agent-discovery-prompt-injection/
https://appomni.com/ao-labs/ai-agent-to-agent-discovery-prompt-injection/
AppOmni
When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection
See how prompt injection attacks work in ServiceNow to perform unauthorized actions, and how to defend against it with AppOmni AgentGuard.
❤1
How to detect React2Shell with Burp Suite
https://portswigger.net/blog/how-to-detect-react2shell-with-burp-suite
https://portswigger.net/blog/how-to-detect-react2shell-with-burp-suite
❤8👎2
SonarQube Compare Community vs Developer vs Enterprise vs Data Center
https://www.sonarsource.com/blog/sonarqube-compare-editions/
https://www.sonarsource.com/blog/sonarqube-compare-editions/
Sonarsource
SonarQube Compare Community vs Developer vs Enterprise vs Data Center
SonarQube has emerged as a leading automated code review platform that empowers development teams to achieve a high level of code quality and code security.
❤3
PyTorch tensors, neural networks and Autograd: an introduction
https://www.sonarsource.com/blog/pytorch-tensors-neural-networks-and-autograd/
https://www.sonarsource.com/blog/pytorch-tensors-neural-networks-and-autograd/
Sonarsource
PyTorch tensors, neural networks and Autograd: an introduction
This guide is designed to demystify PyTorch's core components, providing you with a solid understanding of how it empowers the creation and training of sophisticated machine learning models.
❤3
CVE-2025-55182 and CVE-2025-66478 ("React2Shell") - All you need to know
https://jfrog.com/blog/2025-55182-and-2025-66478-react2shell-all-you-need-to-know/
https://jfrog.com/blog/2025-55182-and-2025-66478-react2shell-all-you-need-to-know/
JFrog
CVE-2025-55182 and CVE-2025-66478 ("React2Shell"): All you need to know - UPDATED
Updated and latest information regarding the critical React RCE vulnerability (React2Shell CVE-2025-55182) . Learn how to detect and protect with JFrog.
❤2
New Prompt Injection Attack Vectors Through MCP Sampling
https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/
https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/
Unit 42
New Prompt Injection Attack Vectors Through MCP Sampling
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors.
❤2👍1
Architecting Security for Agentic Capabilities in Chrome
http://security.googleblog.com/2025/12/architecting-security-for-agentic.html
http://security.googleblog.com/2025/12/architecting-security-for-agentic.html
Google Online Security Blog
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team Chrome has been advancing the web’s security for well over 15 years, and we’re committed to...
❤3👍1
HTTPS certificate industry phasing out less secure domain validation methods
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
Google Online Security Blog
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the...
❤2
Privilege Escalation Vulnerability in Soledad Theme Affecting 50k+ Sites - Patchstack
https://patchstack.com/articles/privilege-escalation-vulnerability-in-soledad-theme-affecting-50k-sites/
https://patchstack.com/articles/privilege-escalation-vulnerability-in-soledad-theme-affecting-50k-sites/
Patchstack
Privilege Escalation Vulnerability in Soledad Theme Affecting 50k+ Sites - Patchstack
A privilege escalation flaw in the Soledad theme allowed Subscribers to change site settings and gain admin access. Learn how it works and why updating to 8.6.9.1 is essential.
❤4