Both Chrome and Firefox will disable XSLT in 2026 🪦 I fully agree with them: nobody uses this technology anymore in a browser, and it's full of bugs (as my previous research demonstrates) bugzilla.mozilla.org/show_bug.cgi... developer.chrome.com/docs/web-pla...

The release candidate of the OWASP Top 10 2025 has been released owasp.org/Top10/2025/0... The definitive release should be out on November 20th

Bizarrement, personne ne brandit l’article 40 du CPP pour les vidéos de Sainte-Soline publiées par Libération… 🥴 www.dailymotion.com/video/k1Tvpm...

AppSec Ezine - 611th edition #AppSec #Security pathonproject.com/zb/?7a6539c0...

The release candidate of the OWASP Top 10 2025 has been released owasp.org/Top10/2025/0... The definitive release should be out on November 20th

If you still haven't: set up a JS file monitor to send you notifications via Telegram or Slack every time your target app JavaScript gets updated, a great way to stay on top of updates 👾 https://github.com/robre/jsmon There's also a fork with Discord support:

"who radicalized you" Nothing radicalized me, I was born with basic empathy. The world decided that was radical.

If you want to see beautiful pictures (and that’s an euphemism) in your feed, simply follow @armandsarlangue.bsky.social

If this is NOT corruption, then I wonder what corruption looks like 🤔

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia: techcrunch.com/2025/11/03/h... #exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity

Ackman’s take is ridiculous 🤡

In France, we had a somewhat related story last year. In the end, Florent Curtet was sentenced for criminal conspiracy and complicity in attempted extortion www.lemonde.fr/pixels/artic...

This is a cool attack, create a machine running in Hyper-V on a victim's machine and do all your attacking through that while it runs in the background. www.theregister.com/2025/11/04/r...

Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer: starlabs.sg/blog/2025/11... #cybersecurity #exploitation #printer #exploit #vulnerability

AppSec Ezine - 610th edition 🎃 #AppSec #Security pathonproject.com/zb/?fac2c832...

Y'all fantastic news! Save the date, @blackhoodie.bsky.social will be at @districtcon.bsky.social this year 😱 the fantastic crew has offered to host us for a day of Malware Reverse Engineering! @synapticrewrite.bsky.social and myself will be hosting a training for women by women on January 23rd!!

I've put together a website which indexes all the recordings my rigs have made thus-far as well as those currently planned: administraitor.video (minimalist - I'm a mid-/backend dev! 😋)

That looks to me like some wild unauthorized hacking… samcurry.net/hacking-club... Shubs and Sam are well known, but in my opinion, this kind of publication only encourages others to go out of scope and hit random websites My advice: don’t do it, even if it’s an easy way to get some fame

Reversing a smart vacuum and making it work without access to the Internet 🤖 codetiger.github.io/blog/the-day...

Google Cloud Platform was vulnerable to a HTTP desync attack leading to "responses being misrouted between recipients for certain third-party models". Aka your LLM response goes to someone else. The Expect header strikes again! Context: http1mustdie.com cloud.google.com/support/bull...

AppSec Ezine - 609th edition #AppSec #Security pathonproject.com/zb/?52039799...

Asset Notes just published a long writeup on SessionReaper aka CVE-2025-54236, a vulnerability affecting Magento and identified by Blaklis (a French bug hunter who found many bugs affecting this technology) slcyber.io/assetnote-se...

AppSec Ezine - 608th edition #AppSec #Security pathonproject.com/zb/?1347bc2c...

Ugly end to Kryptos saga. Two people found the solution to the last encrypted portion of famed Kryptos sculpture at CIA headquarters. They found it in Smithsonian archive. They contacted artist who made sculpture, who is preparing to auction off solution; he threatened to sue them if they reveal it

Next IRL-Time - Save The Date ! 🤯 - Quoi : Pré-Event GreHack : Root-Me x OffenSkill 💣️ - Pourquoi : Plus de potes, Plus de binouzes, Plus de rumps WTF 😏 - Quand : Jeudi 27 Novembre à 19h 📅 - Où : Tonneau de Diogène à Grenoble 🗺️ 1/2

🚨 Save the Date for #offensivecon26 Mark your calendars, spread the word, and stay tuned for when registrations open! 📍 Hilton Berlin 🧠 Trainings: 11–14 May 2026 🎤 Conference: 15–16 May 2026 Visit 🔗offensivecon.org for more details.

CISA: Nation-state hacker has compromised F5’s systems and stolen a portion of its BIG-IP source code and vulnerability info, giving them ability to study the code for zero-day vulnerabilities. "This cyber threat actor presents an imminent threat to federal networks using F5 devices and software"

Researchers pointed a satellite dish at the sky for 3 years and monitored what unencrypted data it picked up. The results were shocking: They obtained thousands of T-Mobile users' phone calls and texts, military and law enforcement secrets, much more: www.wired.com/story/satell... 🧵👇

Gecko Security stole some vulnerabilities published, among others, by Fuzzing Labs 😱 They also asked for CVE IDs 🤡 Check if your research is impacted too! www.notion.so/fuzzinglabs/...

Apple announces new payouts for certain types of bugs - company will pay up to $2 million for anyone disclosing a chain of bugs that could be abused for spyware like Pegasus, as well as bonus awards for exploits that can bypass Lockdown Mode or are found while Apple software is still in beta testing

In case you're looking for something nice to read this weekend Paged Out #7 has been released pagedout.institute

What a shame for Deloitte!! apnews.com/article/aust...

Kidnapped in international waters, extraordinary rendition to a genocidal state, and then imprisoned indefinitely. You'd think this would trigger the immediate expulsion of the Israeli Ambassador for these inexcusable actions against an Australian citizen.

AppSec Ezine - 607th edition #AppSec #Security pathonproject.com/zb/?53e6a08f...

AppSec Ezine - 606th edition #AppSec #Security 🤖 pathonproject.com/zb/?eaf34249...

The ticketing for @grehack.bsky.social opened one hour ago, and my Burp Suite Pro workshop is already full booked 😎

The ticketing for @grehack.bsky.social opened one hour ago, and my Burp Suite Pro workshop is already full booked 😎

You would think the obvious solution to "the volunteer-powered project we all train our AI models on for free isn't adequately twisting reality to our political views" would be "... and so we stopped training on it" and not "... and so we will force the volunteers to bend to our will"

Seriously enjoyed my first time at the Romhack conference! 🤩 🇮🇹 Next year, there’s the Romhack camp, and I’m looking forward giving it a try ⛺️ romhack.io/romhack-camp...

Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to merlos1977@x and the CybersaiyanIT@x team for making the speaking experience excellent too. 🙃

“When you’re using a cloud proxy, you’re importing everyone else’s technical debt into your website” — @albinowax

GUIFuzz++ is the first general-purpose fuzzer for desktop GUI software! Fuzzing by translating AFL++ random input into user interaction with GUIs, leading to the discovery of 23 new bugs! Paper: futures.cs.utah.edu/papers/25ASE.pdf Source: github.com/FuturesLab/GUIFuzzPlusPlus Go test some GUIs!

Since moving to Ghost, all of my past newsletters are now readable at this.weekinsecurity.com. That's 7+ years of cyber history documented weekly since mid-2018. That's also 7+ years of reader-submitted cyber cats (and friends)! 🐈‍⬛ Please consider subscribing for extra articles, analysis, and more.

AppSec Ezine - 605th edition #AppSec #Security 💎 pathonproject.com/zb/?1e18fef9...

I will be at RomHack the whole week. If you're around, please say hi!

AppSec Ezine - 604th edition #AppSec #Security pathonproject.com/zb/?50916f33...

Per Reuters, Pentagon has informed European diplomats that the United States will partially halt military assistance to the Baltic nations and NATO member states bordering Russia. The department stated that the decision is linked to the United States’ new priority — “homeland defense.”

I learned about it reading Orange’s write up in Phrack72: phrack.org/issues/72... And the blog post it references here by Orange and Splitline: devco.re/blog/2025/0... Both of these are excellent write ups and great reads if you’re into vulnerability research, CTFs, or hacker history. 3/3