Built on 30M+ download open source tools (Syft & Grype) 
Community-proven, enterprise-hardened 
#cybersecurity
191 posts92 participants1 post today
These mathematical incantations are not nearly as formidable as many #cybersecurity warriors fear. Learn the basics of elliptic-curve cryptography. https://cromwell-intl.com/cybersecurity/elliptic-curve-cryptography/points-on-a-curve.html?s=mc
Bob's Pages of Travel, Linux, Cybersecurity, and MorePoints On An Elliptic CurveHow to calculate a set of points on an elliptic curve, and apply ECC to ECDHE. A tutorial that you can follow.
#SessionPro Beta: Development Update
https://getsession.org/blog/pro-beta-development-update-august
Session · Session Pro Beta: Development Update - Session Private MessengerThe latest progress towards Session Pro Beta's five core features: higher character, unlimited pins, larger groups, animated display pictures, and Pro badges.
Wizardry lets you speak with those far away. Other wizardry eavesdrops on these discussions. #cybersecurity https://cromwell-intl.com/cybersecurity/comsec.html?s=mc
Bob's Pages of Travel, Linux, Cybersecurity, and MoreCOMSEC — Attacking Mobile and Satellite CommunicationsSatellite links and mobile / cellular telephony can be attacked. Terrestrial telephony systems include cryptography, but it's generally weak.
Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
A routine monitoring by researchers uncovered an exploitation attempt on a honeypot server running TeamCity, a CI/CD tool. The attack exploited an exposed Java Debug Wire Protocol (JDWP) interface, leading to remote code execution, deployment of cryptomining payload, and establishment of multiple persistence mechanisms. The attack was notable for its rapid exploitation, use of a customized XMRig payload, and stealthy crypto-mining techniques. JDWP, designed for debugging Java applications, becomes a high-risk entry point when exposed to the Internet without proper authentication. The attackers used a structured sequence to achieve remote code execution, likely using a variant of jdwp-shellifier. They deployed a dropper script that installed an XMRig miner and set up various persistence mechanisms including boot scripts, systemd services, cron jobs, and shell configuration files.
Pulse ID: 68962f0f91f8829022afff4a
Pulse Link: https://otx.alienvault.com/pulse/68962f0f91f8829022afff4a
Pulse Author: AlienVault
Created: 2025-08-08 17:08:31
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Leak Reveals the Workaday Lives of North Korean IT Scammers
https://www.wired.com/story/leaked-data-reveals-the-workaday-lives-of-north-korean-it-scammers/
WIRED · Leak Reveals the Workaday Lives of North Korean IT Scammers
National Cybersecurity Agency - Implements the National Cybersecurity Policy Action Plan 2023-2028.
www.security-chu.comChile:Agencia Nacional de Ciberseguridad-Implementa el Plan de Acción de la Política Nacional de Ciberseguridad 2023-2028Ciberseguridad-Noticias- Latinoamérica: Publicado el 6 de agosto, el plan de Acción de la política nacional de ciberseguridad 2023-2028
Any #infosec folks wanna help me with some decent data to backup the following point? I am trying to make the point to some executives that a #password policy requiring minimum 8 characters with 1 symbol, mixed case, and 1 number is just not reasonable in 2025. (I'm commenting on another company's policy, not my own!)
What is a good example of a policy (e.g., NIST 800-63 or whatever) that said 49 bits was no good?
I currently say: 49 bits of entropy was unacceptably low in 2005. It is unthinkably low in 2025. What can I point to that might resonate better than "bits of entropy?"
Using the classic method with Shannon's estimate, I figure it's on the order of 49 bits of entropy but that's only if it's purely random from the full character set, and we konw that's not true.
I'm not looking for rhetorical suggestions. I'm good at rhetoric. I'm looking for references I can point to (like "XYZ published in 2011 that the minimum acceptable password was 56 bits of entropy")
feel free to boost for fun
#security #cybersecurity
A coordinated cyberattack. 
Fake #WhatsApp developer libraries hide destructive data-wiping code
Some wizards conjure numbers from patterns of speech. But does this help in #cybersecurity battles? https://cromwell-intl.com/cybersecurity/attack-study/textual-analysis-for-pattern-detection.html?s=mc
Bob's Pages of Travel, Linux, Cybersecurity, and MoreTextual Analysis for Attack Recognition: Application to Real DataApplying textual analysis to detect patterns in real logs collected from several servers — how well does this work on real data?
15,000 #Jenkins servers are exposed to a critical RCE flaw (CVE-2025-53652) in the Git Parameter plugin. Researchers warn attackers could fully compromise vulnerable systems.
https://hackread.com/jenkins-servers-risk-rce-vulnerability-cve-2025-53652/
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · 15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
We’ve just dropped the first draft agenda for @hack_lu ! The conference is taking place over 4 days (from Tuesday 21st October 2025 until the 24th October 2025)
This year’s edition is going to be wild, expect mind-blowing talks, hands-on workshops, extra CTF challenges during the conference, and plenty of fun activities.
Check it out and start planning your adventure!
hack.lu 2025AgendaAgenda - Hack.lu and CTI summit 2025
FLASH GIVE We're giving away this set of #defcon patches to the first two people that request a #Graylog demo at our Blue Team Village table! 
#defcon33 #hackersummercamp #SIEM #cybersecurity
AI is transforming tech workflows—67% of orgs say so.
The smartest aren’t replacing talent. They’re retraining it.
Upskilling = 38% faster than hiring Boosts retention & innovation
Download the 2025 Tech Talent Report:
https://training.linuxfoundation.org/2025-state-of-tech-talent-report/
Microsoft only cares about money and it doesn't bother to hide it any more.
"One: [Microsoft products] are everywhere within our digital ecosystem. And two: they are so vulnerable that the Chinese familiarity of them makes it a door already open. So that's what gives me the political aneurysm here."
The Register: Ex-White House cyber, counter-terrorism guru: Microsoft considers security an annoyance, not a necessity https://www.theregister.com/2025/08/08/exwhite_house_cyber_and_counterterrorism/ @theregister #Microsoft #cybersecurity #Infosec
The Register · Ex-White House cyber, counter-terrorism guru: Microsoft considers security an annoyance, not a necessity
#Microsoft's $30 #Windows10 Security Updates Cover 10 Devices
it.slashdot.orgMicrosoft's $30 Windows 10 Security Updates Cover 10 Devices - SlashdotMicrosoft's $30 Extended Security Updates license for Windows 10 will cover up to 10 devices under a single Microsoft Account, the company confirmed in updated support documentation. The ESU program, which provides security updates through October 13, 2026, requires a Microsoft Account for all three...
#Encryption Made for #Police and #Military Radios May Be Easily Cracked
WIRED · Encryption Made for Police and Military Radios May Be Easily Cracked
This dumb password rule is from Trenord.
- Password must consist of 8-16 characters
- Must contain 3 out of 4 of the following: lowercase characters, uppercase character, digits (0-9), and one or more of the following symbols: @#$%^&*-_+=[]{}|\:',?/`~“();.
dumbpasswordrules.comTrenord - Dumb Password Rules- Password must consist of 8-16 characters
- Must contain 3 out of 4 of the following: lowercase characters, uppercase character, digits (0-9), and one or more of the following symbols: @#$%^&*-_+=[]{}|\:',?/`~“();.