Chromium Blog: Fighting cookie theft using device bound sessions
https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html
CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf
https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf
CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED) | Rapid7 Blog
https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed/
GitHub - vu-ls/Crassus
https://github.com/vu-ls/Crassus
Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks
https://thehackernews.com/2024/04/google-chrome-beta-tests-new-dbsc.html
Persistence – DLL Proxy Loading – Penetration Testing Lab
https://pentestlab.blog/2024/04/03/persistence-dll-proxy-loading/
Binarly XZ backdoor detector
https://xz.fail/
Agent Tesla Targeting United States & Australia: Revealing the Attackers' Identities - Check Point Research
https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/
60 Hacking Commands You NEED to Know - YouTube
https://youtu.be/gL4j-a-g9pA
U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
https://thehackernews.com/2024/04/us-cyber-safety-board-slams-microsoft.html
CVE-2024-3159 enumcache oob v2.0 - Google ドキュメント
https://docs.google.com/document/d/1ke0S2NrhPIo7VX2zpEKyMVURVOk-v22mNvAovlL6EeM/
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind | WIRED
https://www.wired.com/story/jia-tan-xz-backdoor/
SCCM / MECM LAB - Part 0x3 - Admin User | Mayfly
https://mayfly277.github.io/posts/SCCM-LAB-part0x3/
MalwareBazaar | SHA256 65da6d9f781ff5fc2865b8850cfa64993b36f00151387fdce25859781c1eb711 (Latrodectus)
https://bazaar.abuse.ch/sample/65da6d9f781ff5fc2865b8850cfa64993b36f00151387fdce25859781c1eb711/
The Amazingly Scary XZ SSHD Backdoor - YouTube
https://www.youtube.com/live/HTNKS3tw3xk?si=GGCSWqIvjQjdop0Z
Google fixed two actively exploited Pixel vulnerabilities
https://securityaffairs.com/161428/security/google-fixed-actively-exploited-pixel-flaws.html
NDSS 2024 Keynote - Corruption of Memory: Those who don’t know history are doomed to repeat it - YouTube
https://www.youtube.com/watch?v=vhj2We2vjqs
‘Lavender’: The AI machine directing Israel’s bombing spree in Gaza
https://www.972mag.com/lavender-ai-israeli-army-gaza/
AI-enabled Crime - YouTube
https://www.youtube.com/watch?v=Wc1yCYgwjfg
Omni Hotels experiencing nationwide IT outage since Friday
https://www.bleepingcomputer.com/news/security/omni-hotels-experiencing-nationwide-it-outage-since-friday/
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies
https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html
Hosting firm's VMware ESXi servers hit by new SEXi ransomware
https://www.bleepingcomputer.com/news/security/chilean-hosting-firms-vmware-esxi-servers-hit-by-new-sexi-ransomware/
Mispadu Trojan Targets Europe, Thousands of Credentials Compromised
https://thehackernews.com/2024/04/mispadu-trojan-targets-europe-thousands.html
Analysis file.7z (MD5: A9A66A3B12E85D74D71D5F9677CD3601) Malicious activity - Interactive analysis ANY.RUN
https://app.any.run/tasks/6e0e4947-fd2e-4d97-855a-a3b4cc9d819b
TrustedSec Impede
http://impede.ai
Attack Surface Management vs. Vulnerability Management
https://thehackernews.com/2024/04/attack-surface-management-vs.html
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html
SLIDES_CoercionsandRelays-TheFirstCredistheDeepest.pdf
https://www.blackhillsinfosec.com/wp-content/uploads/2022/10/SLIDES_CoercionsandRelays-TheFirstCredistheDeepest.pdf
GitHub - projectmonke/burp2caido: A tool to migrate Burpsuite HTTP history to Caido.
https://github.com/projectmonke/burp2caido

Highly sensitive files mysteriously disappeared from EUROPOL headquarters
https://securityaffairs.com/161416/data-breach/europol-highly-sensitive-files-disappeared.html
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
https://www.bleepingcomputer.com/news/security/critical-flaw-in-layerslider-wordpress-plugin-impacts-1-million-sites/
Live Rust Malware Development - Writing Rust Malware and Introducing Python C2 Bugs! - YouTube
https://www.youtube.com/watch?v=N4S3nDrNwzQ
Stealing the Bitlocker key from a TPM – Systems Research
https://astralvx.com/stealing-the-bitlocker-key-from-a-tpm/
CyberSecPolitics: Jia Tan and SocialCyber
https://cybersecpolitics.blogspot.com/2024/04/jia-tan-and-socialcyber.html
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec – Krebs on Security
https://krebsonsecurity.com/2024/04/the-manipulaters-improve-phishing-still-fail-at-opsec/
Malware-IOCs/2024-04-02 XWorm IOCs at main · executemalware/Malware-IOCs · GitHub
https://github.com/executemalware/Malware-IOCs/blob/main/2024-04-02%20XWorm%20IOCs