Python3 implementation of ADRecon with support for NTLM and Kerberos authentication https://github.com/l4rm4nd/PyADRecon

Notepad RCE? https://cvefeed.io/vuln/detail/CVE-2026-20841

Obsidian CLI
https://help.obsidian.md/cli

Building a Virtual Security Home Lab: Part 8 - Malware Analysis Lab Setup https://infosecwriteups.com/building-a-virtual-security-home-lab-part-8-malware-analysis-lab-setup-acf84c665770

Open-source web & API security training platform with curated, modular labs and progress tracking https://github.com/LeighlinRamsay/WebVerse

Multiple vulnerabilities in Native Instruments Native Access (MacOS) https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-native-instruments-native-access-macos/

HTML parser for PEAS output with additional features https://github.com/YuvalMil/ParsingPeas

A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows https://github.com/trailofbits/skills

Keys to JWT Assessments - From a Cheat Sheet to a Deep Dive https://trustedsec.com/blog/keys-to-jwt-assessments-from-a-cheat-sheet-to-a-deep-dive

Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls - Gareth Heyes https://youtu.be/kVPetdjHF_M?si=Yv3WFld1EXFFyVVb

Beyond ACLs: Mapping Windows Privilege Escalation Paths with BloodHound https://www.synacktiv.com/en/publications/beyond-acls-mapping-windows-privilege-escalation-paths-with-bloodhound

Known IOCs here, with more likely to come: https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/

Hacking Moltbook: The AI Social Network Any Human Can Control https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys

@thornbill Hi! I've just saw that Jellyfin is available on Tizen Store. The version is 1.1.0, updated on 22/12/2025. This should be the official one right?

A small rant:

The State of Art in Red Team is whatever you want to believe

https://x-c3ll.github.io/posts/Rant-Red-Team/

I've just noticed that @jellyfin is finally available on Tizen, no more sideloading! Although there is nothing about it on the official blog yet https://jellyfin.org/posts/state-of-the-fin-2026-01-06

RelayKing is a comprehensive relay detection and enumeration tool designed to identify relay attack opportunities in Active Directory environments https://github.com/depthsecurity/RelayKing-Depth

Weaponizing VirusTotal as a Command and Control (C2) Middleware https://shinkensec.com/2026/01/28/weaponizing-virustotal-as-a-command-and-control-c2-middleware/

@GossiTheDog it showed up uninvited on my TV yesterday.

Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar

https://blog.cloudflare.com/serverless-matrix-homeserver-workers/