#SecurityResearch
LightNews LightNews
valh4x.redasgard.com
1️⃣ The Problem
Most validators just block ../, missing dozens of bypasses:
• %2e%2e%2f, %252e%252e%252f
• UTF-8 overlong bytes
• Unicode homoglyphs (․․/)
• NTFS alternate data streams

#AttackVectors #Unicode #Windows #SecurityResearch
October 25, 2025 at 9:54 PM
guardsquare.com
No permissions. No root. Just pixels.

Pixnapping-style attacks (CVE-2025-48561) can leak what’s displayed by other Android apps. We recreated the attack + tested mitigations devs can apply now —> hubs.la/Q03PtW6s0

#AndroidDevelopers #SecurityResearch #AppSecurity
Mitigate Risks of Pixnapping-Style Attacks | Guardsquare
Learn how Android developers can detect and prevent Pixnapping-style attacks. Discover key strategies to protect user data from screen capture threats.
hubs.la
October 21, 2025 at 2:34 PM
canyesilyurt.com
Just read CodeQL’s “zero to hero” on debugging queries. When results don’t add up, AST viewer, partial path graphs, and custom taint steps are key. The Gradio deserialization case shows how deep you may need to go! 🕵️‍♀️ #CodeQL #SecurityResearch
September 29, 2025 at 3:17 PM
tensorhorizoneu.bsky.social
📢 New Joint Report !

Together with FLEXI-cross, ODYSSEUS & TENACITy, TENSOR explores challenges, lessons & future opportunities in EU #SecurityResearch.

👉 “Strengthening Security Through EU-funded Research & Innovation: Advancing Border and Forensic Capabilities” tensor-horizon.eu/white-papers/
White Papers - Reliable biomeTric tEchNologies to asSist Police authorities in cOmbating terrorism and oRganized crime
Strengthening Security Through EU-funded Research & Innovation: Advancing Border and Forensic Capabilities Joint Report, August 2025 Abstract This document presents key insights from four EU-funded pr...
tensor-horizon.eu
September 22, 2025 at 12:25 PM
checkmarxzero.bsky.social
Newer defenses like hCaptcha & GeeTest introduced logic puzzles & masking. Still, researchers showed >90% bypass rates. The AI arms race continues.
#BotDefense #AI #SecurityResearch 🧵 3/6
September 2, 2025 at 2:42 PM
centrepeace.bsky.social
On May 28, CENTREPEACE held its Interim Project Meeting in Helsinki 🧩
Consortium members reviewed year one, planned ahead, and shared ideas on building stronger European research partnerships.

🔗 muni.cz/go/8c0ed5

#CENTREPEACE #SecurityResearch #EUProjects
August 5, 2025 at 8:13 AM
felsec.bsky.social
Check out my blog post digging into NoSQL attacks with Couchbase’s N1QL query language.
Learn how to spot and exploit N1QL injection vulnerabilities.

felsec.com/posts/n1qlin...

#infosec #bugbounty #websec #n1ql #couchbase #securityresearch
N1QL Injection - Part 1
A brief introduction into N1QL and N1QL injection.
felsec.com
July 4, 2025 at 6:11 PM
tensorhorizoneu.bsky.social
Excited to have participated at SRE 2025! 🚀
TENSOR has joined the FCT & BM synergy once again — reunited with our amazing peers: ODYSSEUS & FLEX-CROSS.
Collaboration is key in shaping the future of European security.
Let’s keep innovating together. 🔍
#SRE2025 #SecurityResearch #TENSOR #EUprojects
July 3, 2025 at 9:08 AM
scenor.at
Join the SCENOR Science Hive for updates on research into political extremism, radicalisation and security. Members get early access to blog posts, newsletters and events.

Sign up here: buff.ly/391R9bz

#PoliticalExtremism #SecurityResearch #Radicalisation #CounterTerrorism #SecurityEU #extremist
July 1, 2025 at 7:59 AM
ctsmithiii.bsky.social
www.insightsfromanalytics.com/post/black-h... #BlackHat2025 #CyberSecurity #InfoSec #AISecurty #HardwareSecurity #CyberPolicy #BlackHatUSA #LasVegas #CyberThreats #SecurityResearch #CyberConference #TechSecurity
Black Hat USA 2025: Navigating Cybersecurity's Critical Crossroads
Black Hat USA 2025 addresses AI security, hardware vulnerabilities, and policy changes at the cybersecurity industry's most critical annual gathering in Las Vegas.As we approach the 28th anniversary o...
www.insightsfromanalytics.com
June 26, 2025 at 1:30 AM
vigilantproject.bsky.social
📝 A paper on the C5 Interaction Model was also published in a peer-reviewed journal last week.
📎 Read here: bit.ly/3TJJfdz

#Disinformation #EPIC2025 #SecurityResearch #C5Model #ResearchToPractice
June 24, 2025 at 12:37 PM
metagroup.bsky.social
META Group CEO, Alessia Melasecche Germini, opens #SRE2025 in Warsaw! Kicking off two days of vital talks on EU innovation, resilience & strategic autonomy in civil security.
#SecurityResearch #EUInnovation
June 24, 2025 at 8:42 AM
alexandreborges.bsky.social
Emulating an iPhone in QEMU:

Part 01: eshard.com/posts/emulat...
Part 02: eshard.com/posts/emulat...

#ios #iphone #emulation #cybersecurity #securityresearch #reverseengineering #infosec #informationsecurity
June 6, 2025 at 2:00 PM
techfieldday.com
Thank you @fsmontenegro.bsky.social‬ of #TheFuturumGroup for presenting #FuturumIntelligence at Security Field Day! Videos will be posted soon. @TechFieldDay.com #XFD13

🟨 Event Page ➡️ buff.ly/mZ8AOex
🔷 Watch on LinkedIn ➡️ buff.ly/Rzck712

#Cybersecurity #SecurityResearch #Security
May 28, 2025 at 6:40 PM
techfieldday.com
Learn more about #FuturumIntelligence from ‪@fsmontenegro.bsky.social at #TheFuturumGroup at Security Field Day! @TechFieldDay #XFD13

🟨 Event Page ➡️ buff.ly/mZ8AOex
🔷 Watch on LinkedIn ➡️ buff.ly/Rzck712

#Cybersecurity #SecurityResearch #Security
May 28, 2025 at 6:17 PM
techfieldday.com
Tune in now to learn more about #FuturumIntelligence from @fsmontenegro.bsky.social‬ at #TheFuturumGroup at Security Field Day! @TechFieldDay.com #XFD13

🟨 Event Page ➡️ buff.ly/mZ8AOex
🔷 Watch on LinkedIn ➡️ buff.ly/Rzck712

#Cybersecurity #SecurityResearch #Security
May 28, 2025 at 5:57 PM
techfieldday.com
In 30 minutes, tune in to learn more about #FuturumIntelligence from @fsmontenegro.bsky.social ‬at #TheFuturumGroup at Security Field Day! @techfieldday.com #XFD13

🟨 Event Page ➡️ buff.ly/mZ8AOex
🔷 Watch on LinkedIn ➡️ buff.ly/Rzck712

#Cybersecurity #SecurityResearch #Security
May 28, 2025 at 5:43 PM
euresearch.ch
📢 We're hiring! Euresearch is looking for an #Advisor (80%) for #Digital Technologies & #Security in the #HorizonEurope programme (Clusters 3 & 4).
📍 Based in Bern
🔗 Apply here: https://t1p.de/nj9bc

#HorizonEU #JobAlert #DigitalTech #SecurityResearch
May 19, 2025 at 9:55 AM
mats-m.bsky.social
this morning's #SecurityResearch hour has brought me to the beta version of the EU #vulndb #CVE vulnerability database. Let's see what's cooking and how the NIS2 directive affects me teams.

euvd.enisa.europa.eu
EUVD
European Vulnerability Database
euvd.enisa.europa.eu
May 15, 2025 at 7:08 AM
tailscale.com
This Sunday at @BSidesSF, Tailscale’s @patrickod.com will share how he found a long-standing CSRF bug in the gorilla/csrf Go lib.

Don’t miss it 🔍
🎤 pretalx.com/bsidessf2025...
📅 bsidessf2025.sched.com/event/1x8UA
📺 bsidessf.org/streams

#BSidesSF #AppSec #golang #Tailscale #SecurityResearch
April 25, 2025 at 3:01 PM
winbuzzer.com
New Tool Exposes How Ads in Apps Use Network Data Tracking to Trace Your Location

#MobilePrivacy #AppSec #DataPrivacy #AdTech #Privacy #Cybersecurity #InfoSec #LocationTracking #DataBroker #Surveillance #Android #iOS #PrivacyTools #SecurityResearch

winbuzzer.com/2025/04/20/n...
New Tool Exposes How Ads in Apps Use Network Data Tracking to Trace Your Location - WinBuzzer
A new open-source toolkit allows users to analyze mobile app network traffic for potential data leaks to ad networks.
winbuzzer.com
April 20, 2025 at 6:50 AM
tweekfawkes.bsky.social
AI tools cause "Slopsquatting" via hallucinated packages, but some (GPT-4 Turbo) are good (75%+) at detecting their *own* errors! Built-in safety potential? #AI #SecurityResearch

socket.dev/blog/slopsqu...
April 14, 2025 at 6:48 PM
transcendheu.bsky.social
🔹 Citizen engagement in security research isn’t optional—it’s essential.

At TRANSCEND, we’re making sure security innovation is shaped with society, not just for it.

Read more 👉 transcend-project.eu/citizen-enga...

#SecurityResearch #Innovation #CitizenEngagement #TRANSCEND
Citizen Engagement in Security Research & Innovation: A Necessity, Not an Option - TRANSCEND
Scientific and technological advancements shape our world, but too often, the people most affected by these developments are left out of the conversation. Citizen engagement in research and innovation...
transcend-project.eu
April 3, 2025 at 1:42 PM
redballoonsecurity.bsky.social
Catch the replay of our #EMB3D webinar with MITRE.

We discuss how embedded mitigations—not just isolation—can reduce long-term threats to connected devices.

🎥 Featuring Wyatt Ford (Red Balloon) & Adam Hahn (MITRE)

Watch now → www.youtube.com/watch?v=umld...

#CyberSecurity #SecurityResearch #Tech
Designing Secure Devices, An EMB3D Webinar
YouTube video by MITRE EMB3D
www.youtube.com
March 25, 2025 at 1:39 AM
cirriustech.co.uk
This is kinda cool - my #Azure #SilentReaper vulnerability (that #Microsoft say is by design, not a vulnerability) is now listed in the #CloudVulnDB 🤩 #SecurityResearch —#CloudSecurity #LogicApps #CredentialTheft #Undetectable #SharingIsSecuring #WeAllWinTogether

www.cloudvulndb.org/azure-logic-...
Silent Reaper (Azure LogicApp Secrets Control Plane Exfiltration) | cloudvulndb.org
Cloud vulnerabilities database - an open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
www.cloudvulndb.org
March 23, 2025 at 12:40 PM