اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
İbrahim BALOĞLU - Siber Güvenlik Paylaşımları
رفتن به کانال در Telegram
Mevcut grup, Siber Güvenlik alanında paylaşımlar yapmak için oluşturulmuştur.
نمایش بیشتر1 070
مشترکین
اطلاعاتی وجود ندارد24 ساعت
+37 روز
+2230 روز
آرشیو پست ها
CVE-2026-2472
*
Unauthenticated and Stored Cross-Site Scripting (XSS) in google-cloud-aiplatform _genai/_evals_visualization (Vertex AI Python SDK) affecting Jupyter/Colab.
*
Technical PoC
CVE-2026-21852
*
Claude Code Vulnerability
All IN onE
#exploit
#NetSec
#WLAN_Security
"AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks", 2026.
// The study reveals that Wi-Fi client isolation is vulnerable to sophisticated attacks due to implementation flaws, rendering current protections inadequate for ensuring network security
#exploit
#AppSec
1⃣ CVE-2026-25755:
PDF Object Injection in jsPDF (addJS Method)
// Upgrade jsPDF to version >= 4.1.0
2⃣ CVE-2026-26064:
Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution
]-> CVE-2026-26065
3⃣ CVE-2026-20841:
Arbitrary Code Execution in the Windows Notepad
// The flaw allows attackers to craft malicious Markdown links that, when clicked, execute arbitrary commands via ShellExecuteExW()
#OpSec
#Red_Team_Tactics
1⃣ Initial Access. The Art of Getting In
// Payload Development (DLL Sideloading, Shellcode Loaders, Syscalls), HTML Smuggling, Phishing (QR Code Quishing, Teams Phishing), AitM/MFA Bypass (Evilginx, Device Code Phishing), Psw Spraying, Exploiting Public-Facing Apps, Vishing, Physical Access (Rubber Ducky, Bash Bunny), Supply Chain attacks with real-world APT case studies
2⃣ Red Team Infrastructure. The Full Picture: From Domain to Beacon
// C2 Frameworks, Redirectors, CDN Relays (Azure, AWS, GCP), Serverless Lambda, Cloudflare Tunnels, Phishing Infrastructure, Mail Servers, Malleable Profiles, and full OPSEC hardening
3⃣ Persistence: The Art of Staying In
// 50+ techniques across Windows, Scheduled Tasks, WMI, Services, DLL/COM/AppDomainManager, UEFI Bootkits, Active Directory, Linux, macOS, and Cloud (Azure/AWS/GCP, Kubernetes)
#Malware_analysis
1⃣ Infostealer Infection Targeting OpenClaw Configurations
https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations
2⃣ Leveraging LLMs to Generate Phishing JavaScript in Real Time
https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms
3⃣ GrayCharlie threat actor
https://www.recordedfuture.com/research/graycharlie-hijacks-law-firm-sites-suspected-supply-chain-attack
#exploit
1⃣ CVE-2026-25903:
Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates
2⃣ CVE-2025-13176:
LPE in ESET Inspect EDR
3⃣ From BRICKSTORM to GRIMBOLT:
UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines 0-Day
4⃣ CVE-2026-0770:
Langflow Remote Code Execution
5⃣ JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat
6⃣ CVE-2026-2329:
Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones
// Disclaimer
#Infographics
#Blue_Team_Techniques
"CIS Controls v.8.1:
The Foundation for Modern Cyber Defense", Feb. 2026.
// The CIS Critical Security Controls (CIS Controls) is the foundation organizations need to defend against today’s most common and impactful cyber threats
#info
#Analytics
SIEM and AI SOC Ratings Framework:
Product Heatmap + Moderated Submissions
]-> SIEM Maturity Framework
]-> SIEM and AI SOC Vendor Gaps
#Tech_book
#Offensive_security
"Linux Basics for Hackers 2nd Edition:
Getting Started with Networking, Scripting, and Security in Kali", 2025.
#Cloud_Security
#Cyber_Education
"Secure Service Configuration in AWS, Azure, and GCP", Book + Wall-Poster, 2025.
// Based on content from SEC510: Cloud Security Engineering and Controls
Siber Olaylara Müdahale (Windows Forensics) Udemy eğitimi şimdi
750₺ yerine 550₺ 💥
Gerçek senaryolar, uygulamalı içerik, profesyonel forensics yaklaşımıyla yetkinliğinizi arttırabilirsiniz.
https://www.udemy.com/course/siber-olaylara-mudahale-egitimi-windows-forensics/?couponCode=1FBB1E70178F1A8211F9
#Malware_analysis
1⃣ Malicious use of virtual machine infrastructure
https://www.sophos.com/en-us/blog/malicious-use-of-virtual-machine-infrastructure
2⃣ Black Basta: Defense Evasion Capability Embedded in Ransomware Payload
https://www.security.com/threat-intelligence/black-basta-ransomware-byovd
3⃣ Technical Analysis of Marco Stealer
https://www.zscaler.com/blogs/security-research/technical-analysis-marco-stealer
4⃣ Another piece of XWorm: Interesting way to drop the trojan in another malicious script
https://isc.sans.edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682
#WebApp_Security
#Offensive_security
Top 10 New Web Hacking Techniques of 2025
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025
// The top web hacking techniques of 2025 include parser differentials, HTTP/2 CONNECT exploits, cross-origin leaks, cache poisoning, and novel SSRF methods
#hardening
#Whitepaper
#Cloud_Security
"Container Security: Docker & Kubernetes Hardening. Complete Enterprise Security Guide", Dec. 2025.
// This guide takes a practical, end-to-end approach to securing containerized environments, covering Docker, Kubernetes, networking, and the supply chain with an operational mindset. Each chapter examines specific security domains in depth, providing practical guidance, real-world examples, and production-ready configurations for securing containerized environments
1-Click RCE To Steal Your
OpenClaw/Moltbot/ClawdBot Data and Keys
*
WriteUPBurp Suite AI agent
*
Overview and Documentation
*
downlo@D
#burp
