Lobster Roll

All LHN/.

Security / Privacy (2025-09)

RSS

Showing stories from 2025-09. View all

Shellshock (2014, 2025) (dwheeler.com)
L 8 pts 3 comments by jmiven Sep 30, 2025 historicalsecurity Security / PrivacyCulture / Philosophy / History / Reading thread
Claude in Cyber Competitions (red.anthropic.com)
L 2 pts 0 comments by bryce Sep 30, 2025 securityvibecoding AI / Machine LearningSecurity / Privacy thread
Supply chain security for the 0.001% (and why it won’t catch on) (blog.viraptor.info)
L 6 pts 0 comments by viraptor Sep 28, 2025 macsecurity Security / PrivacyApple / macOS / iOS thread
Testing "exotic" p2p VPN (blog.nommy.moe)
L 18 pts 10 comments by cheese Sep 28, 2025 distributednetworkingprivacy Data / Databases / InfrastructureSecurity / Privacy thread
Is IP fragmentation still considered vulnerable? (blog.apnic.net)
L 12 pts 0 comments by viraptor Sep 28, 2025 networking Data / Databases / InfrastructureSecurity / Privacy thread
Offline translator for Android (github.com)
L 40 pts 16 comments by deivid Sep 28, 2025 androidprivacy Security / Privacy thread
seL4 2025 Playlist (youtube.com)
L 13 pts 0 comments by indolering Sep 28, 2025 formalmethodsosdevsecurityvideo Systems / Low-Level / OSProgramming Languages / CS TheorySecurity / Privacy thread
go-landlock: A Go library for the Linux Landlock sandboxing feature (github.com)
L 12 pts 3 comments by mccd Sep 27, 2025 golinuxsecurity Systems / Low-Level / OSProgramming (General)Security / PrivacyCulture / Philosophy / History / Reading thread
First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails (koi.security)
L 16 pts 5 comments by hoistbypetard Sep 27, 2025 securityvibecoding AI / Machine LearningSecurity / Privacy thread
Cross-Agent Privilege Escalation: When Agents Free Each Other · (embracethered.com)
L 2 pts 2 comments by simonw Sep 25, 2025 securityvibecoding AI / Machine LearningSecurity / Privacy thread
crates.io: Malicious crates faster_log and async_println (blog.rust-lang.org)
L 38 pts 6 comments by matklad Sep 24, 2025 rustsecurity Systems / Low-Level / OSSecurity / Privacy thread
Race Against Time in the Kernel’s Clockwork (streypaws.github.io)
L 1 pts 0 comments by fro Sep 23, 2025 androidlinuxsecurity Systems / Low-Level / OSSecurity / Privacy thread
How MCP Authentication Flaws Enable RCE in Claude Code, Gemini CLI, and More (verialabs.com)
L 2 pts 2 comments by hoistbypetard Sep 23, 2025 securityvibecoding AI / Machine LearningProgramming (General)Security / Privacy thread
Fifty Years of Open Source Software Supply-Chain Security (cacm.acm.org)
L 26 pts 10 comments by rsc Sep 23, 2025 programmingsecurity Programming (General)Security / Privacy thread
Our plan for a more secure npm supply chain (github.blog)
L 17 pts 9 comments by chenghiz Sep 23, 2025 javascriptsecurity Web DevelopmentSecurity / Privacy thread
Phishing attacks with new domains likely to continue (blog.pypi.org)
L 5 pts 0 comments by ngoldbaum Sep 23, 2025 pythonsecurity Programming (General)Security / Privacy thread
Using DNS for responding to ACME challenges (hsm.tunnel53.net)
L 18 pts 10 comments by giffengrabber Sep 23, 2025 networkingsecurity Data / Databases / InfrastructureSecurity / Privacy thread
Crypto Miner in hotio/qbittorrent (apogliaghi.com)
L 49 pts 18 comments by tatoalo Sep 23, 2025 security Security / Privacy thread
Exploring GrapheneOS secure allocator: Hardened Malloc (synacktiv.com)
L 12 pts 0 comments by fro Sep 23, 2025 androidsecurity Security / Privacy thread
Linux Kernel Runtime Guard (LKRG) 1.0 (openwall.com)
L 6 pts 1 comments by fro Sep 22, 2025 linuxsecurityslides Systems / Low-Level / OSSecurity / Privacy thread
Kernel Security in the Wild: Side-Channel-Assisted Exploit Techniques, Kernel-Level Defenses, and Real-World Analysis (tugraz.elsevierpure.com)
L 2 pts 0 comments by fro Sep 21, 2025 linuxpdfsecurity Systems / Low-Level / OSSecurity / Privacy thread
My Hacking Simulator runs on a Cyberdeck (tiniuc.com)
L 21 pts 8 comments by tiniuclx Sep 21, 2025 gameshardware Security / PrivacyGaming / Retro ComputingMaker / DIY / Hardware thread
Beyond Sandbox Domains: Rendering Untrusted Web Content with SafeContentFrame (bughunters.google.com)
L 5 pts 1 comments by freddyb Sep 21, 2025 securityweb Web DevelopmentSecurity / Privacy thread
Less is safer: how Obsidian reduces the risk of supply chain attacks (obsidian.md)
L 42 pts 31 comments by freddyb Sep 21, 2025 security Security / Privacy thread
Hacking with AI SASTs: An overview of ‘AI Security Engineers’ / ‘LLM Security Scanners’ for Penetration Testers and Security Teams (joshua.hu)
L 14 pts 2 comments by Sietsebb Sep 21, 2025 practicessecurityvibecoding AI / Machine LearningSecurity / PrivacyProductivity / Career / Business thread
Shai-Hulud, The Most Dangerous NPM Breach In History Affecting CrowdStrike and Hundreds of Popular Packages (koi.security)
L 7 pts 2 comments by laktak Sep 21, 2025 nodejssecurity Web DevelopmentSecurity / PrivacyCulture / Philosophy / History / Reading thread
Protect your keys with the Secure Enclave (octet-stream.net)
L 15 pts 1 comments by thombles Sep 20, 2025 iossecuritytranscript Security / PrivacyApple / macOS / iOS thread
Project Rain:L1TF (bughunters.google.com)
L 3 pts 0 comments by fro Sep 19, 2025 hardwarelinuxsecurity Systems / Low-Level / OSSecurity / PrivacyMaker / DIY / Hardware thread
Want to piss off your IT department? Are your links not malicious looking enough? (phishyurl.com)
L 29 pts 5 comments by JordiGH Sep 18, 2025 satiresecurity Security / Privacy thread
From suspicion to published curl CVE (daniel.haxx.se)
L 10 pts 3 comments by eBPF Sep 18, 2025 devopssecurity Data / Databases / InfrastructureSecurity / Privacy thread