Application Security Feed
@appsecfeed.bsky.social
⚠️ Bot Account ⚠️
Follow for my hand-curated application security feed. Contains multiple newsletters, blogs, HackerNews feeds, and more.
💬 Run by @alp1n3.dev. Reach out with any suggestions for improvement!
Follow for my hand-curated application security feed. Contains multiple newsletters, blogs, HackerNews feeds, and more.
💬 Run by @alp1n3.dev. Reach out with any suggestions for improvement!
Reposted by Application Security Feed
I may have broken @appsecfeed.bsky.social…
That’s what I get for making a small change without testing 😂.
Should be back up a day or two.
That’s what I get for making a small change without testing 😂.
Should be back up a day or two.
October 21, 2025 at 11:41 AM
I may have broken @appsecfeed.bsky.social…
That’s what I get for making a small change without testing 😂.
Should be back up a day or two.
That’s what I get for making a small change without testing 😂.
Should be back up a day or two.
🗞️ Better-auth account takeover (CVE-2025-61928) found via ZeroPath
🔗 https://zeropath.com/blog/breaking-authentication-unauthenticated-api-key-creation-in-better-auth-cve-2025-61928
🔗 https://zeropath.com/blog/breaking-authentication-unauthenticated-api-key-creation-in-better-auth-cve-2025-61928
October 20, 2025 at 11:31 AM
🗞️ Better-auth account takeover (CVE-2025-61928) found via ZeroPath
🔗 https://zeropath.com/blog/breaking-authentication-unauthenticated-api-key-creation-in-better-auth-cve-2025-61928
🔗 https://zeropath.com/blog/breaking-authentication-unauthenticated-api-key-creation-in-better-auth-cve-2025-61928
🗞️ Cloudflare Image Proxy as a CSPT Gadget: A Cross-Origin CSPT Exploit
🔗 https://blog.voorivex.team/cloudflare-image-proxy-as-a-cspt-gadget-a-cross-origin-cspt-exploit
🔗 https://blog.voorivex.team/cloudflare-image-proxy-as-a-cspt-gadget-a-cross-origin-cspt-exploit
October 20, 2025 at 11:30 AM
🗞️ Cloudflare Image Proxy as a CSPT Gadget: A Cross-Origin CSPT Exploit
🔗 https://blog.voorivex.team/cloudflare-image-proxy-as-a-cspt-gadget-a-cross-origin-cspt-exploit
🔗 https://blog.voorivex.team/cloudflare-image-proxy-as-a-cspt-gadget-a-cross-origin-cspt-exploit
🗞️ Organizations Warned of Exploited Adobe AEM Forms Vulnerability
🔗 https://www.securityweek.com/organizations-warned-of-exploited-adobe-aem-forms-vulnerability/
🔗 https://www.securityweek.com/organizations-warned-of-exploited-adobe-aem-forms-vulnerability/
October 18, 2025 at 11:30 AM
🗞️ Organizations Warned of Exploited Adobe AEM Forms Vulnerability
🔗 https://www.securityweek.com/organizations-warned-of-exploited-adobe-aem-forms-vulnerability/
🔗 https://www.securityweek.com/organizations-warned-of-exploited-adobe-aem-forms-vulnerability/
🗞️ ZeroDisco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
🔗 https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
🔗 https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
October 17, 2025 at 11:32 AM
🗞️ ZeroDisco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
🔗 https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
🔗 https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
🗞️ New automated cybersecurity solution for vulnerability detection and remediation
🔗 https://aisle.com/
🔗 https://aisle.com/
October 17, 2025 at 11:31 AM
🗞️ New automated cybersecurity solution for vulnerability detection and remediation
🔗 https://aisle.com/
🔗 https://aisle.com/
🗞️ Vulnerability scores, huh, what are they good for? Almost nothing
🔗 https://www.theregister.com/2025/10/16/cve_cvss_scores_not_useful/
🔗 https://www.theregister.com/2025/10/16/cve_cvss_scores_not_useful/
October 17, 2025 at 11:30 AM
🗞️ Vulnerability scores, huh, what are they good for? Almost nothing
🔗 https://www.theregister.com/2025/10/16/cve_cvss_scores_not_useful/
🔗 https://www.theregister.com/2025/10/16/cve_cvss_scores_not_useful/
🗞️ yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242)
🔗 https://labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds-write-cve-2025-9242/
🔗 https://labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds-write-cve-2025-9242/
October 16, 2025 at 11:33 AM
🗞️ yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242)
🔗 https://labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds-write-cve-2025-9242/
🔗 https://labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds-write-cve-2025-9242/
🗞️ How App Integration Transactions Increase the Attack Surface of LLMs
🔗 https://www.netspi.com/blog/executive-blog/adversarial-machine-learning/how-app-integration-transactions-increase-the-attack-surface-of-llms/
🔗 https://www.netspi.com/blog/executive-blog/adversarial-machine-learning/how-app-integration-transactions-increase-the-attack-surface-of-llms/
October 16, 2025 at 11:32 AM
🗞️ How App Integration Transactions Increase the Attack Surface of LLMs
🔗 https://www.netspi.com/blog/executive-blog/adversarial-machine-learning/how-app-integration-transactions-increase-the-attack-surface-of-llms/
🔗 https://www.netspi.com/blog/executive-blog/adversarial-machine-learning/how-app-integration-transactions-increase-the-attack-surface-of-llms/
🗞️ Client-Side Path Traversal: Exploiting CSRF in Header-Based Auth Scenarios
🔗 https://blog.kulkan.com/client-side-path-traversal-exploiting-csrf-in-header-based-auth-scenarios-31c26a1baece
🔗 https://blog.kulkan.com/client-side-path-traversal-exploiting-csrf-in-header-based-auth-scenarios-31c26a1baece
October 16, 2025 at 11:31 AM
🗞️ Client-Side Path Traversal: Exploiting CSRF in Header-Based Auth Scenarios
🔗 https://blog.kulkan.com/client-side-path-traversal-exploiting-csrf-in-header-based-auth-scenarios-31c26a1baece
🔗 https://blog.kulkan.com/client-side-path-traversal-exploiting-csrf-in-header-based-auth-scenarios-31c26a1baece
🗞️ F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data
🔗 https://www.securityweek.com/f5-blames-nation-state-hackers-for-theft-of-source-code-and-vulnerability-data/
🔗 https://www.securityweek.com/f5-blames-nation-state-hackers-for-theft-of-source-code-and-vulnerability-data/
October 16, 2025 at 11:30 AM
🗞️ F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data
🔗 https://www.securityweek.com/f5-blames-nation-state-hackers-for-theft-of-source-code-and-vulnerability-data/
🔗 https://www.securityweek.com/f5-blames-nation-state-hackers-for-theft-of-source-code-and-vulnerability-data/
🗞️ .NET Security Feature Bypass Vulnerability
🔗 https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
🔗 https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
October 15, 2025 at 11:35 AM
🗞️ .NET Security Feature Bypass Vulnerability
🔗 https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
🔗 https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
🗞️ CVE-2025-55315: Asp.net Security Feature Bypass Vulnerability [9.9 Critical]
🔗 https://nvd.nist.gov/vuln/detail/CVE-2025-55315
🔗 https://nvd.nist.gov/vuln/detail/CVE-2025-55315
October 15, 2025 at 11:34 AM
🗞️ CVE-2025-55315: Asp.net Security Feature Bypass Vulnerability [9.9 Critical]
🔗 https://nvd.nist.gov/vuln/detail/CVE-2025-55315
🔗 https://nvd.nist.gov/vuln/detail/CVE-2025-55315
🗞️ A modern approach to preventing CSRF in Go
🔗 https://www.alexedwards.net/blog/preventing-csrf-in-go
🔗 https://www.alexedwards.net/blog/preventing-csrf-in-go
October 15, 2025 at 11:32 AM
🗞️ A modern approach to preventing CSRF in Go
🔗 https://www.alexedwards.net/blog/preventing-csrf-in-go
🔗 https://www.alexedwards.net/blog/preventing-csrf-in-go
🗞️ Security firms dispute credit for overlapping CVE reports
🔗 https://www.bleepingcomputer.com/news/security/security-firms-dispute-credit-for-overlapping-cve-reports/
🔗 https://www.bleepingcomputer.com/news/security/security-firms-dispute-credit-for-overlapping-cve-reports/
October 15, 2025 at 11:31 AM
🗞️ Security firms dispute credit for overlapping CVE reports
🔗 https://www.bleepingcomputer.com/news/security/security-firms-dispute-credit-for-overlapping-cve-reports/
🔗 https://www.bleepingcomputer.com/news/security/security-firms-dispute-credit-for-overlapping-cve-reports/
🗞️ Silencing a Kitchencook teatime kettle
🔗 https://dustri.org/b/silencing-a-kitchencook-teatime-kettle.html
🔗 https://dustri.org/b/silencing-a-kitchencook-teatime-kettle.html
October 14, 2025 at 11:31 AM
🗞️ Silencing a Kitchencook teatime kettle
🔗 https://dustri.org/b/silencing-a-kitchencook-teatime-kettle.html
🔗 https://dustri.org/b/silencing-a-kitchencook-teatime-kettle.html
🗞️ Gecko Security (YC Company) Allegedly Steals CVE Reporting Credit
🔗 https://twitter.com/fuzzinglabs/status/1977720899114606745
🔗 https://twitter.com/fuzzinglabs/status/1977720899114606745
October 14, 2025 at 11:30 AM
🗞️ Gecko Security (YC Company) Allegedly Steals CVE Reporting Credit
🔗 https://twitter.com/fuzzinglabs/status/1977720899114606745
🔗 https://twitter.com/fuzzinglabs/status/1977720899114606745
🗞️ Apple Introduces $2M Bug Bounty for Spyware-Level Exploits
🔗 https://www.macrumors.com/2025/10/10/apple-bug-bounty-program-overhauled/
🔗 https://www.macrumors.com/2025/10/10/apple-bug-bounty-program-overhauled/
October 13, 2025 at 11:32 AM
🗞️ Apple Introduces $2M Bug Bounty for Spyware-Level Exploits
🔗 https://www.macrumors.com/2025/10/10/apple-bug-bounty-program-overhauled/
🔗 https://www.macrumors.com/2025/10/10/apple-bug-bounty-program-overhauled/
🗞️ Research Worth Reading Week 41/2025
🔗 https://pentesterlab.com/blog/research-worth-reading-week41-2025
🔗 https://pentesterlab.com/blog/research-worth-reading-week41-2025
October 13, 2025 at 11:31 AM
🗞️ Research Worth Reading Week 41/2025
🔗 https://pentesterlab.com/blog/research-worth-reading-week41-2025
🔗 https://pentesterlab.com/blog/research-worth-reading-week41-2025
🗞️ GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
🔗 https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/
🔗 https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/
October 13, 2025 at 11:30 AM
🗞️ GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
🔗 https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/
🔗 https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/
🗞️ Oracle Security Alert CVE-2025-61884 for E-Business Suite
🔗 https://news.ycombinator.com/item?id=45554830
🔗 https://news.ycombinator.com/item?id=45554830
October 12, 2025 at 11:33 AM
🗞️ Oracle Security Alert CVE-2025-61884 for E-Business Suite
🔗 https://news.ycombinator.com/item?id=45554830
🔗 https://news.ycombinator.com/item?id=45554830
October 12, 2025 at 11:32 AM
October 12, 2025 at 11:31 AM
🗞️ CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
🔗 https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
🔗 https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
October 12, 2025 at 11:30 AM
🗞️ CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
🔗 https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
🔗 https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
🗞️ CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
🔗 https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
🔗 https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
October 11, 2025 at 11:34 AM
🗞️ CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
🔗 https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
🔗 https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code