Security101
@security101.bsky.social
CISO enjoying every day of his profession.
Reposted by Security101
🚨 EUVD-2025-16605
📊 9.9/10
🏢 Roundcube
📝 Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-16605
#cybersecurity #infosec #cve #euvd
📊 9.9/10
🏢 Roundcube
📝 Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-16605
#cybersecurity #infosec #cve #euvd
December 22, 2025 at 10:32 PM
🚨 EUVD-2025-16605
📊 9.9/10
🏢 Roundcube
📝 Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-16605
#cybersecurity #infosec #cve #euvd
📊 9.9/10
🏢 Roundcube
📝 Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-16605
#cybersecurity #infosec #cve #euvd
Reposted by Security101
The latest update for #Apono includes "How Attackers Maintained Persistence in #AWS After Stealing Credentials" and "Top 10 Automated #AccessControl Systems".
#Cybersecurity #DigitalIdentity #Cloud #IAM https://opsmtrs.com/4gfczmn
#Cybersecurity #DigitalIdentity #Cloud #IAM https://opsmtrs.com/4gfczmn
Apono
Securely manage permissions and adhere to compliance requirements, while allowing employees to benefit from a frictionless user experience.
opsmtrs.com
December 22, 2025 at 5:52 AM
The latest update for #Apono includes "How Attackers Maintained Persistence in #AWS After Stealing Credentials" and "Top 10 Automated #AccessControl Systems".
#Cybersecurity #DigitalIdentity #Cloud #IAM https://opsmtrs.com/4gfczmn
#Cybersecurity #DigitalIdentity #Cloud #IAM https://opsmtrs.com/4gfczmn
Reposted by Security101
Best Security And Risk Management Courses for Beginners
read more: reconbee.com/best-securit...
#CyberSecurityAwareness #cybersecurity #security #RiskManagement #cyberrisk #courses
read more: reconbee.com/best-securit...
#CyberSecurityAwareness #cybersecurity #security #RiskManagement #cyberrisk #courses
Best Security And Risk Management Courses for Beginners
best security and risk management courses for beginners available on Coursera and Udemy into groups according to the suggested degree of skill
reconbee.com
December 22, 2025 at 8:26 AM
Best Security And Risk Management Courses for Beginners
read more: reconbee.com/best-securit...
#CyberSecurityAwareness #cybersecurity #security #RiskManagement #cyberrisk #courses
read more: reconbee.com/best-securit...
#CyberSecurityAwareness #cybersecurity #security #RiskManagement #cyberrisk #courses
Reposted by Security101
Session tokens give attackers a shortcut around MFA
🎥 Link to the video: www.helpnetsecurity.com/2025/12/22/s...
#cybersecurity #cybersecuritynews #authentication
🎥 Link to the video: www.helpnetsecurity.com/2025/12/22/s...
#cybersecurity #cybersecuritynews #authentication
Session tokens give attackers a shortcut around MFA - Help Net Security
Session token theft lets attackers bypass MFA by stealing browser based session tokens. Learn how it works, why teams miss it.
www.helpnetsecurity.com
December 22, 2025 at 8:51 AM
Session tokens give attackers a shortcut around MFA
🎥 Link to the video: www.helpnetsecurity.com/2025/12/22/s...
#cybersecurity #cybersecuritynews #authentication
🎥 Link to the video: www.helpnetsecurity.com/2025/12/22/s...
#cybersecurity #cybersecuritynews #authentication
Reposted by Security101
NIST tried to pull the pin on NTP servers after blackout caused atomic clock drift #security #cybersecurity
NIST tried to pull the pin on NTP servers after blackout caused atomic clock drift
Eyal Estrin
unread,
5:55 AM (14 minutes ago)
to
https://www.theregister.com/2025/12/21/nist_ntp_outage_warning/
Eyal Estrin
CISSP, CCSP, CISM, CISA, CDPSE, CCSK
Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv
Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social
Reply all
Reply to author
Forward
groups.google.com
December 22, 2025 at 12:09 PM
NIST tried to pull the pin on NTP servers after blackout caused atomic clock drift #security #cybersecurity
Reposted by Security101
Docker Hardened Images now open source and available for free #cybersecurity #hacking #news #infosec #security #technology #privacy
Docker Hardened Images now open source and available for free
More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license.
www.bleepingcomputer.com
December 22, 2025 at 12:09 PM
Docker Hardened Images now open source and available for free #cybersecurity #hacking #news #infosec #security #technology #privacy
Reposted by Security101
2026 breaches won’t start with passwords—they’ll ride your OAuth/refresh tokens and sketchy extensions. Salesloft/Drift was the trailer; your browser is the perimeter. 🔑🕵️
Skim the playbook and sub to stay ahead. -> blog.alphahunt.io/the-quiet-to...
#AlphaHunt #CyberSecurity #OAuth #Salesforce
Skim the playbook and sub to stay ahead. -> blog.alphahunt.io/the-quiet-to...
#AlphaHunt #CyberSecurity #OAuth #Salesforce
The Quiet Token Heist: Why 2026’s Biggest SaaS Breaches Won’t Start With Passwords
2026’s nastiest SaaS breaches will ride valid tokens + “trusted” apps. We already got the trailer with the Salesloft/Drift OAuth blast radius. And the browser? Yeah, it’s part of the perimeter now.…
blog.alphahunt.io
December 22, 2025 at 2:03 PM
2026 breaches won’t start with passwords—they’ll ride your OAuth/refresh tokens and sketchy extensions. Salesloft/Drift was the trailer; your browser is the perimeter. 🔑🕵️
Skim the playbook and sub to stay ahead. -> blog.alphahunt.io/the-quiet-to...
#AlphaHunt #CyberSecurity #OAuth #Salesforce
Skim the playbook and sub to stay ahead. -> blog.alphahunt.io/the-quiet-to...
#AlphaHunt #CyberSecurity #OAuth #Salesforce
Reposted by Security101
Sicherheit von Large-Language-Models
@CheckPointSW #Cybersecurity #Cybersicherheit #KI #künstlicheIntelligenz @Lakera #LargeLanguageModel #LLM #PromptInjection
netzpalaver.de/2025/...
@CheckPointSW #Cybersecurity #Cybersicherheit #KI #künstlicheIntelligenz @Lakera #LargeLanguageModel #LLM #PromptInjection
netzpalaver.de/2025/...
December 22, 2025 at 2:18 PM
Sicherheit von Large-Language-Models
@CheckPointSW #Cybersecurity #Cybersicherheit #KI #künstlicheIntelligenz @Lakera #LargeLanguageModel #LLM #PromptInjection
netzpalaver.de/2025/...
@CheckPointSW #Cybersecurity #Cybersicherheit #KI #künstlicheIntelligenz @Lakera #LargeLanguageModel #LLM #PromptInjection
netzpalaver.de/2025/...
Reposted by Security101
winbuzzer.com/2025/12/22/m...
Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA
#Phishing #CyberSecurity #Microsoft365 #MFA #CyberCrime #InfoSec #Hacking #CloudSecurity #OAuth #IdentitySecurity #Microsoft
Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA
#Phishing #CyberSecurity #Microsoft365 #MFA #CyberCrime #InfoSec #Hacking #CloudSecurity #OAuth #IdentitySecurity #Microsoft
Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA - WinBuzzer
Cybercriminals have launched a widespread phishing campaign exploiting Microsoft's OAuth device code flow to bypass MFA and hijack accounts without passwords.
winbuzzer.com
December 22, 2025 at 2:23 PM
winbuzzer.com/2025/12/22/m...
Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA
#Phishing #CyberSecurity #Microsoft365 #MFA #CyberCrime #InfoSec #Hacking #CloudSecurity #OAuth #IdentitySecurity #Microsoft
Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA
#Phishing #CyberSecurity #Microsoft365 #MFA #CyberCrime #InfoSec #Hacking #CloudSecurity #OAuth #IdentitySecurity #Microsoft
Reposted by Security101
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➤ https://ku.bz/qg3j1t67t
➤ https://ku.bz/qg3j1t67t
December 20, 2025 at 6:06 PM
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➤ https://ku.bz/qg3j1t67t
➤ https://ku.bz/qg3j1t67t
Reposted by Security101
Reposted by Security101
This is the best write-up on threat actor tradecraft I've seen from AWS. aws.amazon.com/blogs/securi...
Cryptomining campaign targeting Amazon EC2 and Amazon ECS | Amazon Web Services
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity ...
aws.amazon.com
December 16, 2025 at 11:48 PM
This is the best write-up on threat actor tradecraft I've seen from AWS. aws.amazon.com/blogs/securi...
Reposted by Security101
Security Leadership Master Class 6 : When Disaster Strikes
- Capabilities beat just plans
- Engineering resilience
- Building crisis management muscle memory
- Learning from events
- Shrines of failure
- and more…..
www.philvenables.com/post/securit...
- Capabilities beat just plans
- Engineering resilience
- Building crisis management muscle memory
- Learning from events
- Shrines of failure
- and more…..
www.philvenables.com/post/securit...
December 13, 2025 at 4:25 PM
Security Leadership Master Class 6 : When Disaster Strikes
- Capabilities beat just plans
- Engineering resilience
- Building crisis management muscle memory
- Learning from events
- Shrines of failure
- and more…..
www.philvenables.com/post/securit...
- Capabilities beat just plans
- Engineering resilience
- Building crisis management muscle memory
- Learning from events
- Shrines of failure
- and more…..
www.philvenables.com/post/securit...
Reposted by Security101
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews
➤ https://ku.bz/blQ6ybFXN
➤ https://ku.bz/blQ6ybFXN
December 13, 2025 at 6:06 PM
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews
➤ https://ku.bz/blQ6ybFXN
➤ https://ku.bz/blQ6ybFXN
Reposted by Security101
Reposted by Security101
December 14, 2025 at 1:06 AM
Reposted by Security101
December 14, 2025 at 1:22 AM
Reposted by Security101
Top 25 Most Dangerous Software Weaknesses 2025
cwe.mitre.org/news/archive... #cybersecurity #CWE #appsec
cwe.mitre.org/news/archive... #cybersecurity #CWE #appsec
CWE - News & Events - 2025
Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.
cwe.mitre.org
December 13, 2025 at 11:40 AM
Top 25 Most Dangerous Software Weaknesses 2025
cwe.mitre.org/news/archive... #cybersecurity #CWE #appsec
cwe.mitre.org/news/archive... #cybersecurity #CWE #appsec
Reposted by Security101
"We evaluate ten #cybersecurity professionals alongside six existing #AI agents and ARTEMIS, our new agent scaffold, on a large university network consisting of ∼8,000 hosts across 12 subnets."
arxiv.org/abs/2512.09882 #appsec
arxiv.org/abs/2512.09882 #appsec
Comparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing
We present the first comprehensive evaluation of AI agents against human cybersecurity professionals in a live enterprise environment. We evaluate ten cybersecurity professionals alongside six…
arxiv.org
December 13, 2025 at 11:49 AM
"We evaluate ten #cybersecurity professionals alongside six existing #AI agents and ARTEMIS, our new agent scaffold, on a large university network consisting of ∼8,000 hosts across 12 subnets."
arxiv.org/abs/2512.09882 #appsec
arxiv.org/abs/2512.09882 #appsec
Reposted by Security101
Alert: Sophisticated phishing campaign bypasses MFA, targeting Microsoft 365 and Okta users. Stay vigilant and enhance your security measures. #CyberSecurity #PhishingAlert #MFABypass Link: thedailytechfeed.com/sophisticate...
December 13, 2025 at 5:18 PM
Alert: Sophisticated phishing campaign bypasses MFA, targeting Microsoft 365 and Okta users. Stay vigilant and enhance your security measures. #CyberSecurity #PhishingAlert #MFABypass Link: thedailytechfeed.com/sophisticate...
Reposted by Security101
How I Stay Relevant in a World Moving Faster Than Ever https://cstu.io/6b4b70 #cybersecurity #oneplus #automation
How I Stay Relevant in a World Moving Faster Than Ever
The pace of change today isn’t just fast. It’s relentless. New tools every week. New narratives...
cstu.io
December 14, 2025 at 3:16 AM
How I Stay Relevant in a World Moving Faster Than Ever https://cstu.io/6b4b70 #cybersecurity #oneplus #automation
Reposted by Security101
BISO Glossary Who This Article Is For For leaders and practitioners working at the intersection of cybersecurity and business: BISOs, CISOs, product owners, business-unit leaders (BUs), CFOs, and a...
#resources #career #leadership #cybersecurity
Origin | Interest | Match
#resources #career #leadership #cybersecurity
Origin | Interest | Match
BISO Glossary
Who This Article Is For For leaders and practitioners working at the intersection of...
zeroday.forem.com
December 14, 2025 at 3:56 AM
BISO Glossary Who This Article Is For For leaders and practitioners working at the intersection of cybersecurity and business: BISOs, CISOs, product owners, business-unit leaders (BUs), CFOs, and a...
#resources #career #leadership #cybersecurity
Origin | Interest | Match
#resources #career #leadership #cybersecurity
Origin | Interest | Match
Reposted by Security101
Supply Chain Attacks Targeting GitHub Actions Increased in 2025 #cybersecurity #hacking #news #infosec #security #technology #privacy
Supply Chain Attacks Targeting GitHub Actions Increased in 2025
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software.
www.darkreading.com
December 13, 2025 at 11:38 AM
Supply Chain Attacks Targeting GitHub Actions Increased in 2025 #cybersecurity #hacking #news #infosec #security #technology #privacy
Reposted by Security101
Full Article: www.technadu.com/ai-to-the-re...
The question isn’t whether AI will dominate cybersecurity - it’s who adapts faster. #CyberSecurity #AIThreats #PromptInjection #React2Shell #Infosec
The question isn’t whether AI will dominate cybersecurity - it’s who adapts faster. #CyberSecurity #AIThreats #PromptInjection #React2Shell #Infosec
AI to the Rescue as Attackers Exploit Software Bugs, Human Vulnerabilities, and Artificial Intelligence
This week’s cybersecurity roundup covers AI-powered threats, software flaws, human exploitation, and how defenders are preparing for 2026.
www.technadu.com
December 13, 2025 at 12:14 PM
Full Article: www.technadu.com/ai-to-the-re...
The question isn’t whether AI will dominate cybersecurity - it’s who adapts faster. #CyberSecurity #AIThreats #PromptInjection #React2Shell #Infosec
The question isn’t whether AI will dominate cybersecurity - it’s who adapts faster. #CyberSecurity #AIThreats #PromptInjection #React2Shell #Infosec