Mastodawn

Google’s December Android update addresses 107 security flaws, including two Framework vulnerabilities already exploited in targeted scenarios. The release also patches a critical DoS issue and multiple vendor-specific components across major chipsets.

How should mobile ecosystems improve patch adoption across fragmented devices?
Follow us for more neutral, technical cybersecurity updates.

Source: https://thehackernews.com/2025/12/google-patches-107-android-flaws.html

#infosec #androidsecurity #zeroday #vulnresearch #mobilesecurity #threatintel #googlepatch #securitybulletin #technadu

Offensive Sequence Sep 14, 2025

🐶 CVE-2025-10396: MEDIUM severity SQL injection in SourceCodester Pet Grooming Mgmt 1.0 (/admin/edit_role.php, ID param). Remote, unauthenticated exploit risk—no patch yet. Apply WAF, limit access, monitor logs. Details: https://radar.offseq.com/threat/cve-2025-10396-sql-injection-in-sourcecodester-pet-0c841b0a #OffSeq #SQLi #VulnResearch

Offensive Sequence Aug 31, 2025

🚨 CVE-2025-47696: HIGH severity RFI in Solwin Blog Designer PRO (≤3.4.7) allows unauthenticated remote code execution via improper PHP include control. Disable plugin & monitor for patches! https://radar.offseq.com/threat/cve-2025-47696-cwe-98-improper-control-of-filename-3c491ef1 #OffSeq #WordPress #VulnResearch

domenuk Jul 19, 2025

Quote of the day: "Nicely done. It doesn’t undo all the (often rightly deserved) bad press that AI agents have received lately, but good news is good news."

https://www.vice.com/en/article/google-big-sleep-first-ai-to-ever-prevent-cyberattack/

#BigSleep #VulnResearch

Google’s ‘Big Sleep’ Just Became the First-Ever AI to Prevent a Cyberattack

Google's Big Sleep is just a year old, and for the first time it as able to detect and help close a vulnerability at risk of being exploited.

VICE

🌿 (buffy)² 🌿

Jun 23, 2025

Apparently I missed my original calling as a sociologist, so I’m making up for lost time by asking you about your thoughts on infosec! Do you feel you do meaningful work? How much is ritual compliance to appease the audit gods? Tell me your bullshit job stories.

https://cryptpad.fr/form/#/2/form/view/0LcyFXPJZeAxygGbkXq7T98f+mx2i6gJeaGpYZIy-AA/

Please reboost ❤️

#infosec #cyberSecurity #vulnResearch

Encrypted Form

CryptPad: end-to-end encrypted collaboration suite

Alison Breacher Nov 8, 2024

Vulnerability hunting: it’s like hide-and-seek, but the bugs didn’t realize they were playing.

#VulnResearch #Infosec

Alison Breacher Nov 4, 2024

#introduction

👋 Hi, I’m Alison Breacher (she/her), a cybersecurity researcher focused on finding vulnerabilities and helping make everyday systems more secure. I enjoy digging into the details to turn security gaps into solutions. When I’m not reverse engineering or testing systems, I’m usually learning new tools or collaborating on projects with the infosec community.

Always up for a good challenge and excited to see where this journey takes me next. #Cybersecurity #BugHunter #VulnResearch

Joseph Zeng Jun 22, 2024

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

https://googleprojectzero.blogspot.com/2024/06/project-naptime.html

#llm #cybersecurity #vulnresearch

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...

BD Feb 6, 2024

Great research, identifying nine vulns affecting the IPv6 stack in a UEFI implementation - exploitable during network boot (aka Pixie boot)
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

#ipv6 #vulnresearch

PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.

This blog post provides details about nine vulnerabilities affecting the IPv6 network protocol stack of EDK II, TianoCore's open source reference implementation of UEFI.

Quarkslab's blog

Andreas Klopsch Jan 26, 2024

In July 2023, we reacted to an attempt to load a driver named pskmad_64.sys. This led to the discovery of three CVEs in the widely used security driver used by many Panda Security products:

https://news.sophos.com/en-us/2024/01/25/multiple-vulnerabilities-discovered-in-widely-used-security-driver/

List of CVEs also on my personal website: https://malwareandstuff.com/vulnerability-research/

#malware #cve #vulnresearch #infosec #cybersecurity

Multiple vulnerabilities discovered in widely used security driver

A false-alarm incident involving Panda Security software leads to three very real CVEs

Sophos News