🛡️ Cisco Skill Scanner – Detect Prompt Injection, Data Exfiltration & Malicious AI Behaviors
Cisco Skill Scanner is an open-source security scanner designed to analyze AI Agent Skills before deployment. It detects prompt injection, data exfiltration attempts, malicious code patterns, unsafe behaviors, and other AI-specific security risks using multiple detection engines, including static analysis, behavioral dataflow analysis, YARA rules, LLM-based semantic analysis, and cloud-assisted scanning. Built for modern AI development workflows, it integrates with GitHub Actions, pre-commit hooks, CI/CD pipelines, and supports OpenAI Codex Skills, Cursor Agent Skills, and other compatible AI agent formats. While it provides comprehensive automated analysis, Cisco clearly states that human security review remains essential for high-risk deployments.
🔗 https://t.co/cQXIXBEyN0
#AISecurity #CyberSecurity #LLMSecurity #AgentSecurity #DevSecOps
Sale of a 1-day exploit for Splunk Enterprise with Pre-Auth RCE
For informational purposes only.
Affected versions: Splunk Enterprise 10.2 below 10.2.4 and version 10 below 10.0.7
Type of vulnerability: Pre-Auth RCE
Price: $5 million
The seller claims to be selling a 1-day exploit for Splunk Enterprise CVE-2026-20253 -> (https://t.co/aWcU0vYpXt). The vulnerability allows an unauthenticated user to create arbitrary files through the PostgreSQL sidecar service endpoint without needing to have credentials.
PT ID: PT-2026-48493
According to the author, the problem affects Splunk Enterprise 10.2 up to version 10.2.4, as well as version 10 up to version 10.0.7. The vulnerability is declared as critical, with a CVSS v3.1 rating of 9.8.
A public research PoC/detector from watchTowr Labs has already been published -> (https://t.co/EfYuH2U6ma) for the vulnerability.
Splunk Enterprise -> (https://t.co/QDioS1J5Fk) is a corporate platform for collecting, indexing, and analyzing machine data, used in logging, monitoring, observability, and SIEM scenarios. Splunk is one of the largest players in this segment: according to IDC -> (https://t.co/WwitZ9LgNR), Splunk has been ranked first among SIEM suppliers for five consecutive years, Gartner in 2025 -> (https://t.co/VN46yo21NL) included Splunk in the Magic Quadrant for SIEM for the eleventh time, and 6sense estimates -> (https://t.co/7MInPxPAyX) Splunk's share in the SIEM category at approximately 45.9% and in the log management category at approximately 8.4%. The scale of implementation is also significant: before the deal with Cisco, the company reported -> (https://t.co/RYCwXatlqO) an ARR of $4.2 billion, and Reuters, citing -> (https://t.co/uVWbBohGIR) Morningstar, noted that more than 90% of Fortune 100 companies use Splunk solutions; in March 2024, Cisco completed the purchase -> (https://t.co/9mEUfEILZy) of Splunk for $28 billion.
#dbugs_darkweb
Stop paying for trading tools. Use these instead.
Build a professional trading stack with these free GitHub repos.
Bookmark this.
• Jesse → Backtest & run live trading strategies
https://t.co/eSlDAweZne
• OpenBB → Bloomberg Terminal alternative
https://t.co/OlBT4eOW2p
• Hummingbot → Automated market making & crypto trading
https://t.co/iyGhLBjstm
• FinGPT → AI-powered financial research
https://t.co/MD5c6Nmeig
• Freqtrade → Open source crypto trading bots
https://t.co/OwNC6rLHfJ
• FinRL → Build AI trading systems from scratch
https://t.co/4kfUaDTONa
Open source is quietly replacing expensive trading software.
Follow @aibullss for more AI, trading, and GitHub tools.
Join my Discord for exclusive resources, tools, and daily discussions:
https://t.co/iFbUwUgWX9
Dostlar Qwen3.6-35B modelini Siber Güvenlik özelinde finetune ederek oluşturduğum yeni Titus-35B-A3B parametreli MoE mimarili modelim Fudan Üniversitesi ve University of Chinese Academy of Science’ın geliştirdiği en kapsamlı Siber Güvenlik Ai Benchmark’larından CS-Eval'de Private ve Public modeller arasında Global'de 9. ve Açık Kaynaklı modeller arasında 1. en iyi LLM oldu 🎉🔥 Acta non Verba! 🔥🦾⚔️
☣️ Malware Doesn't Just Infect… It Leaves Clues.
Every piece of malware tells a story — if you know where to look. 👀
In this guide, I’m sharing 10 powerful malware analysis tools used by security researchers to understand malware behavior, extract IOCs, analyze suspicious files, and improve threat detection. ⚡
🦠 Analyze malware behavior
🔍 Discover hidden indicators
🛡️ Strengthen threat detection
🚨 Stay one step ahead of attackers
The best defenders don't just remove malware… they understand it. 🔥
⚠️ Educational & defensive security research only.
💬 Comment “MALWARE” for the full list.
#CyberSecurity #Malware #ThreatHunting #DigitalForensics #InfoSec
🌐💀 These Web Security Tools Could Change How You See Websites…
Most people browse websites.
Security researchers? They look under the hood. 👀
In this guide, I’m sharing 15 powerful web security & pentesting tools used to better understand websites, vulnerabilities, hidden paths, technologies, and security awareness. ⚡
🧠 One hidden endpoint or forgotten misconfiguration can reveal more than most people expect.
🚨 If you care about web security, you’ll want to save this one.
💬 Comment “WEB” for the full list.
#WebSecurity #CyberSecurity #InfoSec #Pentesting #BugBounty
🤓 Attackers are experimenting with different adversarial prompts to bypass your AI analysis pipeline! 👇
Deception Prompt: They trigger safety guardrails with content such as instructions for constructing biological weapon, which makes your AI pipeline to refuse analysis or fail before reaching the actual payload.
Fake System Prompt Override: They test whether malicious instructions embedded in comments or source code will influence your AI analysis and alter the behavior.
Context Flooding: AI systems have limited context windows. Attackers are experimenting with massive amounts of repetitive text to flood your AI, to prevent analysis from reaching the real payload but also to increase processing costs and trigger rate limits.
Prompt Encoding: ROT encoding, Base64, foreign languages and other transformations are used to evade detection, to confuse analysis pipelines, and to bypass filtering mechanisms.
📱💀 Your Phone Can Become a Cybersecurity Lab…
Most people use Termux for basic commands… but few realize how powerful it can become. 👀
In this guide, I’m sharing 15 useful Termux tools that can help cybersecurity enthusiasts better understand networking, web security, automation, recon, and mobile learning workflows — all from a phone. ⚡
🧠 Your smartphone might be more powerful than you think.
⚠️ Educational & authorized lab environments only.
💬 Comment “TERMUX” for the full list.
#Termux #CyberSecurity #Android #Linux #InfoSec
228 ransomware leaks. 200 hacktivist attacks. 120 factory networks listed for sale.
That's Europe's manufacturing sector in 2025, and the numbers are still climbing.
The breakdown:
• Germany, UK, and Italy absorbed 57% of all ransomware hits
• Qilin (18%) and Akira (12%) lead the ransomware pack
• 120 IAB listings meant factory access was already sold before most victims knew
Europe's factory floors are under pressure from ransomware gangs, hacktivists, and access brokers operating at scale.
🚨 BrEaKiNg: Splunk, a security product, has zero authentication in its built-in database service and accepts any credentials, according to the security researchers who just dropped a full pre-auth RCE chain for Splunk Enterprise (CVE-2026-20253, CVSS 9.8).
Splunk Enterprise on AWS is vulnerable out of the box.