Bypassing DOMPurify with good old XML - Flatt Security Research
https://flatt.tech/research/posts/bypassing-dompurify-with-good-old-xml/
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
https://github.com/amlweems/xzbot
OffensiveCon24 :: pretalx
https://cfp.offensivecon.org/offensivecon24/cfp
research!rsc: Timeline of the xz open source attack
https://research.swtch.com/xz-timeline
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
New Chrome feature aims to stop hackers from using stolen cookies
https://www.bleepingcomputer.com/news/security/new-chrome-feature-aims-to-stop-hackers-from-using-stolen-cookies/
Dark Wire by Joseph Cox | Hachette Book Group
https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/#preorder
India rescues 250 citizens enslaved by Cambodian cybercrime gang
https://www.bleepingcomputer.com/news/security/india-rescues-250-citizens-enslaved-by-cambodian-cybercrime-gang/
New XZ backdoor scanner detects implant in any Linux binary
https://www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/
IBIS hotel check-in terminal keypad-code leakage | Pentagrid AG
https://www.pentagrid.ch/en/blog/ibis-hotel-check-in-terminal-keypad-code-leakage/
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs | Trend Micro (US)
https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html
Microsoft FAQ and guidance for XZ Utils backdoor - Microsoft Community Hub
https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/microsoft-faq-and-guidance-for-xz-utils-backdoor/ba-p/4101961
PandaBuy data breach allegedly impacted +1.3M customers
https://securityaffairs.com/161355/data-breach/pandabuy-data-breach.html
1311_05-08_mickens.pdf
https://www.usenix.org/system/files/1311_05-08_mickens.pdf
China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations
https://thehackernews.com/2024/04/china-linked-hackers-deploy-new.html
Attacking an EDR - Part 3
https://her0ness.github.io/2023-11-07-Attacking-an-EDR-Part-3/
Maldev using AI - YouTube
https://www.youtube.com/watch?v=syKnjf9iVWk
Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors
https://thehackernews.com/2024/04/massive-phishing-campaign-strikes-latin.html
ZAP – ZAP Updates - March 2024
https://www.zaproxy.org/blog/2024-04-02-zap-updates-march-2024/
Google now blocks spoofed emails for better phishing protection
https://www.bleepingcomputer.com/news/google/google-now-blocks-spoofed-emails-for-better-phishing-protection/
AIS247: AI Security Essentials for Business Leaders | SANS Institute
https://www.sans.org/u/1ukG
GitHub - caio-ishikawa/netscout: OSINT tool that finds domains, subdomains, directories, endpoints and files for a given seed URL.
https://github.com/caio-ishikawa/netscout
GitHub - janhq/jan: Jan is an open source alternative to ChatGPT that runs 100% offline on your computer
https://github.com/janhq/jan
Google to delete search data of millions who used 'incognito' mode : NPR
https://www.npr.org/2024/04/01/1242019127/google-incognito-mode-settlement-search-history
Russia charges suspects behind theft of 160,000 credit cards
https://www.bleepingcomputer.com/news/security/russia-charges-suspects-behind-theft-of-160-000-credit-cards/
OWASP Data Breach Caused by Server Misconfiguration - SecurityWeek
https://www.securityweek.com/owasp-data-breach-caused-by-server-misconfiguration/
Bypassing DOMPurify with good old XML - Flatt Security Research
https://bit.ly/4amINc3
Matt Johansen: Vulnerability and Mental Health in Cybersecurity. - YouTube
https://youtu.be/dOIdeUEqxFc
NVD - CVE-2024-3094
https://nvd.nist.gov/vuln/detail/CVE-2024-3094
FTC: Americans lost $1.1 billion to impersonation scams in 2023
https://www.bleepingcomputer.com/news/security/ftc-americans-lost-11-billion-to-impersonation-scams-in-2023/
Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement
https://thehackernews.com/2024/04/google-to-delete-billions-of-browsing.html
TROOPERS24
https://troopers.de/students/
INC Ransom claims 'cyber incident' at UK city council • The Register
https://go.theregister.com/feed/www.theregister.com/2024/04/02/inc_ransom_leicester_council/