GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
https://github.com/amlweems/xzbot/tree/main
Bypassing DOMPurify with good old XML - Flatt Security Research
https://flatt.tech/research/posts/bypassing-dompurify-with-good-old-xml/
Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals
https://thehackernews.com/2024/04/malicious-apps-caught-secretly-turning.html
Chaining N-days to Compromise All: Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape) | by Theori Vulnerability Research | Apr, 2024 | Theori BLOG
https://medium.com/theori-blog/chaining-n-days-to-compromise-all-part-2-windows-kernel-lpe-a-k-a-chrome-sandbox-escape-44cb49d7a4f8
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities
https://thehackernews.com/2024/04/vultur-android-banking-trojan-returns.html
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
https://github.com/amlweems/xzbot
BSides Canberra 2024 :: pretalx
https://cfp.bsidescbr.com.au/bsides-canberra-2024/cfp
100% MITRE Coverage
https://attack.mitre.org/full-coverage.html
Ido Veltzman :: Security Research
https://idov31.github.io/posts/lord-of-the-ring0-p6
GitHub - s0md3v/Arjun: HTTP parameter discovery suite.
https://github.com/s0md3v/Arjun
Identity Providers for RedTeamers - XPN InfoSec Blog
https://blog.xpnsec.com/identity-providers-redteamers/
AI Hallucinated Packages Fool Unsuspecting Developers - SecurityWeek
https://www.securityweek.com/ai-hallucinated-packages-fool-unsuspecting-developers/
Malware Spotlight: Linodas aka DinodasRAT for Linux - Check Point Research
https://research.checkpoint.com/2024/29676/
Shopping platform PandaBuy data leak impacts 1.3 million users
https://www.bleepingcomputer.com/news/security/shopping-platform-pandabuy-data-leak-impacts-13-million-users/
GitHub - Sudistark/xss-writeups
https://github.com/Sudistark/xss-writeups
OWASP Data Breach Notification | OWASP Foundation
https://owasp.org/blog/2024/03/29/OWASP-data-breach-notification
DinodasRAT Linux variant targets users worldwide
https://securityaffairs.com/161255/malware/linux-variant-dinodasrat-backdoor.html
Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia
https://thehackernews.com/2024/04/indian-government-rescues-250-citizens.html
The amazingly scary xz sshd backdoor - SANS Internet Storm Center
https://isc.sans.edu/diary/30802
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
GitHub - lockness-Ko/xz-vulnerable-honeypot: An ssh honeypot with the XZ backdoor. CVE-2024-3094
https://github.com/lockness-Ko/xz-vulnerable-honeypot
Android Malware Vultur Expands Its Wingspan – Fox-IT International blog
https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor - SecurityWeek
https://www.securityweek.com/supply-chain-attack-major-linux-distributions-impacted-by-xz-utils-backdoor/
Reverse Engineering Dark Souls 3 Networking (#1 - Connection) - Tim Leonard's Website
https://timleonard.uk/2022/05/29/reverse-engineering-dark-souls-3-networking
Binarly XZ backdoor detector
http://xz.fail
Harvard Pilgrim data breach grows again, nearing 3M victims • The Register
https://go.theregister.com/feed/www.theregister.com/2024/04/01/in_brief_security/
Marco Ivaldi: "#Identity Providers for #RedTe…" - Infosec Exchange
https://infosec.exchange/@raptor/112194407775713800
Exploiting n-day in Home Security Camera
https://0xbigshaq.github.io/2024/01/05/tp-link-tapo-c100/
FTC: Americans lost $1.1 billion to impersonation scams in 2023
https://www.bleepingcomputer.com/news/security/ftc-americans-lost-11-billion-to-impersonation-scams-in-2023/
The Art of Finding Critical Vulnerabilities - YouTube
https://youtu.be/fk4bFzZfN8A
https://redsiege.com/sshishing
https://redsiege.com/sshishing
Bloop Suite Shorts - YouTube
https://youtu.be/xZuCrSMPvZ8