Lightnews — Scholar-powered news

Alexandre Borges @alexandreborges.bsky.social · 13h

Mojo GPU Puzzles:

puzzles.modular.com/introduction...

#crypto #gpu #python #infosec #informationsecurity #programming

Alexandre Borges @alexandreborges.bsky.social · 4d

LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices:

unit42.paloaltonetworks.com/landfall-is-...

#exploitation #spyware #rce #infosec #cybersecurity #mobilesecurity #samsung #android #rce #vulnerability

1

Alexandre Borges @alexandreborges.bsky.social · 4d

Evading Elastic EDR's call stack signatures with call gadgets:

offsec.almond.consulting/evading-elas...

#edr #hacking #evasion #cybersecurity #informationsecurity #windows #programming #elastic

Alexandre Borges @alexandreborges.bsky.social · 5d

Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer:

starlabs.sg/blog/2025/11...

#cybersecurity #exploitation #printer #exploit #vulnerability

1 4

Alexandre Borges @alexandreborges.bsky.social · 7d

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia:

techcrunch.com/2025/11/03/h...

#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch

Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and in...

techcrunch.com

3 3

Alexandre Borges @alexandreborges.bsky.social · 7d

Operation South Star: 0-day Espionage Campaign Targeting Domestic Mobile Phones:

ti.qianxin.com/blog/article...

#exploitation #exploit #threathunting #infosec #vulnerability #mobile #0day #dfir

1

Alexandre Borges @alexandreborges.bsky.social · 11d

The cryptography behind electronic passports:

blog.trailofbits.com/2025/10/31/t...

#crypto #informationsecurity #cybersecurity #cryptography

1 1

Alexandre Borges @alexandreborges.bsky.social · 18d

WSUS Deserialization Exploit in the Wild (CVE‑2025‑59287):

research.eye.security/wsus-deseria...

#windows #cve #exploit #cybersecurity #vulnerability #exploitation

WSUS Deserialization Exploit in the Wild (CVE‑2025‑59287)

Today, our morning coffee was rudely interrupted by a critical alert from a customer’s Windows Server Update Services…

research.eye.security

2

Alexandre Borges @alexandreborges.bsky.social · 18d

Why nested deserialization is STILL harmful – Magento RCE (CVE-2025-54236):

slcyber.io/assetnote-se...

#infosec #cybersecurity #deserialization #rce #exploit #exploitation #cve

2

Alexandre Borges @alexandreborges.bsky.social · 18d

Key IOCs for Pegasus and Predator Spyware Cleaned With iOS 26 Update:

iverify.io/blog/key-ioc...

#cybersecurity #infosec #pegasus #ios #spyware #dfir #digitalforensics #threathunting

Key IOCs for Pegasus and Predator Spyware Cleaned With iOS 26 Update

iOS 26 changes how shutdown logs are handled, erasing key evidence of Pegasus and Predator spyware, creating new challenges for forensic investigators

iverify.io

1 5

Alexandre Borges @alexandreborges.bsky.social · 20d

Implementing a Persistent Key-Value Store in a Tamper-Resistant Device for SGX Enclave Applications:

dl.acm.org/doi/abs/10.1...

#sgx #cybersecurity #dataprotection #enclave #informationsecurity

1

Alexandre Borges @alexandreborges.bsky.social · Oct 10

Complete WebSocket Traffic Control with advanced proxy, simulation, and blocking capabilities:

github.com/law-chain-ho...

#websocket #proxy #cyberattack #webapp #infosec #cybersecurity

GitHub - law-chain-hot/websocket-devtools: Complete WebSocket Traffic Control with advanced proxy, simulation, and blocking capabilities｜专业的WebSocket调试工具，提供监控、消息模拟和流量拦截等功能

Complete WebSocket Traffic Control with advanced proxy, simulation, and blocking capabilities｜专业的WebSocket调试工具，提供监控、消息模拟和流量拦截等功能 - law-chain-hot/websocket-devtools

github.com

2

Alexandre Borges @alexandreborges.bsky.social · Sep 23

Memory Allocation in Go:

nghiant3223.github.io/2025/06/03/m...

#cybersecurity #informationsecurity #internals #golang #memory

1 1 4

Alexandre Borges @alexandreborges.bsky.social · Sep 22

Fantastic Rootkits: And Where to Find Them:

+ part_1: www.cyberark.com/resources/al...

+ part_2: www.cyberark.com/resources/al...

+ part_3: www.cyberark.com/resources/th...

#rootkit #windows #cybersecurity #malware #arm #informationsecurity

Alexandre Borges @alexandreborges.bsky.social · Sep 13

Race Against Time in the Kernel’s Clockwork:

streypaws.github.io/posts/Race-A...

#kernel #vulnerability #linux #cybersecurity #exploitation #informationsecurity #android

1

Alexandre Borges @alexandreborges.bsky.social · Sep 8

Anatomy of a Billion-Download NPM Supply-Chain Attack:

jdstaerk.substack.com/p/we-just-fo...

github.com/Qix-/node-er...

#supplychainattack #npm #cybersecurity #malware #informationsecurity

Alexandre Borges @alexandreborges.bsky.social · Sep 8

Secondary Context Path Traversal in Omnissa Workspace ONE UEM:

slcyber.io/assetnote-se...

#cybersecurity #vulnerability #hacking #securecode #exploitation

1

Alexandre Borges @alexandreborges.bsky.social · Sep 7

A Novel Technique for SQL Injection in PDO’s Prepared Statements:

slcyber.io/assetnote-se...

#cybersecurity #hacking #websecurity #webapp #pentest #sql

1

Alexandre Borges @alexandreborges.bsky.social · Aug 14

What is a CUDA Device Architecture?

modal.com/gpu-glossary...

#gpu #hardware #documentation #informationsecurity #cuda

Alexandre Borges @alexandreborges.bsky.social · Aug 11

So far, I have already written 15 articles (1045 pages), which have been published on my blog:

blog: exploitreversing.com

Series:

[+] ERS: Exploiting Reversing Series
[+] MAS: Malware Analysis Series

Enjoy reading and have a great day.

#windows #iOS #macOS #chrome #kernel #vulnerability

3 4

Alexandre Borges @alexandreborges.bsky.social · Jul 27

Malwoverview version 6.2 has been released:

github.com/alexandrebor...

Read the project page to learn how to adapt the configuration file to the changes.

Note: Updating Malwoverview using pip is not enough.

#threathunting #dfir #malware #incidentresponse

1

Alexandre Borges @alexandreborges.bsky.social · Jul 12

[CVE-2025-38001] Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k: A RBTree Family Drama (Part One: LTS & COS):

syst3mfailure.io/rbtree-famil...

#cybersecurity #informationsecurity #exploitation #google #kernel #linux #cybersecurity #zeroday

1

Alexandre Borges @alexandreborges.bsky.social · Jul 11

Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke):

slcyber.io/assetnote-se...

#dotnet #infosec #informationsecurity #cybersecurity #exploitation #exploit

Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke) › Searchlight Cyber

A pre-authentication vulnerability exists within DotNetNuke versions 6.0 to 10.0.1, assigned CVE-2025-52488, that allows attackers to steal NTLM hashes.

slcyber.io

1

Alexandre Borges @alexandreborges.bsky.social · Jun 30

Pwning Solana for Fun and Profit - Exploiting a Subtle Rust Bug for Validator RCE and Money-Printing:

anatomi.st/blog/2025_06...

#cybersecurity #exploiting #exploitation #infosec #informationsecurity #rce #web3 #rust

1 3

Alexandre Borges @alexandreborges.bsky.social · Jun 23

Phantom Persistence:

blog.phantomsec.tools/phantom-pers...

#cybersecurity #hacking #malware #informationsecurity #redteam #blueteam #programming