[ Android ]  For a given Android vulnerability (i.e. #Stagefright), @ opensignal's fragmentation data is helpful to gauge risk: http://opensignal.com/reports/2015/08/android-fragmentation/.

[ Android ]  LG officially opens the European LG G5 H850 bootloader http://forum.xda-developers.com/lg-g5/development/official-european-lg-g5-h850-bootloader-t3363040

[ Attack ]  Fake Social Button Plugin Redirects to Angler EK | Malwarebytes Labs http://ow.ly/4mWn7Q

[ Browser ]  Malware - Analysing and Repurposing Spartan's CVE-2015-7645 http://vulnerablespace.blogspot.co.uk/2016/04/malware-analysing-and-repurposing.html

[ Detect ]  The problem with conflating #APT indicators of compromise with observables - new @ threatpost Op-Ed: https://threatpost.com/misunderstanding-indicators-of-compromise/117560/ via

[ Exploit ]  New post from @ ukstufus on creating safer implants with environmentally keyed shellcode https://labs.mwrinfosecurity.com/blog/safer-shellcode-implants/ https://t.co/q5Vv8naAdE

[ Firmware ]  Intel Releases the Arduino 101 Source Code : https://blog.arduino.cc/2016/04/21/intel-releases-the-arduino-101-firmware-source-code/ ; Download : https://downloadcenter.intel.com/download/25832

[ Hardware ]  JTAGulator ($200) vs. JTAGenum ($3)... Hardware Hacking Tools for Identifying JTAG Pins in #IoT Devices https://www.praetorian.com/blog/jtagulator-vs-jtagenum-tools-for-identifying-jtag-pins-in-iot-devices

[ Hardware ]  #rowhammer 3.0 w/o CLFLUSH via popular libraries like glibc http://arstechnica.com/security/2016/04/dram-bitflipping-exploits-that-hijack-computers-just-got-easier/ [see paper https://twitter.com/daniel_bilar/status/720897816453849088 ]

[ Industry News ]  #SpyEye creators sentenced to 24 years in prison: http://bit.ly/1r8OZi2 #infosec #malware https://t.co/DmzW0F76mD

[ Linux ]  NGS : Next generation UNIX shell : https://github.com/ilyash/ngs/

[ Malware ]  Panda Banker: New Banking Trojan Hits the Market | Proofpoint http://ow.ly/4mWoGl

[ MalwareAnalysis ]  New Blog Post out: Nymaim - evading Sandboxes with API hammering: http://joe4security.blogspot.ch/2016/04/nymaim-evading-sandboxes-with-api.html #DFIR #ANTISANDBOX https://t.co/TDttZE6Yai

[ MalwareAnalysis ]  r2-ropstats - A set of tools based on radare2 for analysis of ROP gadgets and payloads.. https://github.com/shaded-enmity/r2-ropstats

[ MalwareAnalysis ]  Obfuscation code localization based on CFG generation of malware http://www.jaist.ac.jp/~mizuhito/papers/conference/FPS15.pdf

[ OpenSourceProject ]  CVE-2016-3074: libgd: signedness vulnerability http://goo.gl/fb/rGtkwc #FullDisclosure

[ Others ]  "Red Hat Product Security Risk Report: 2015” https://access.redhat.com/blogs/766093/posts/2262281 Good take: branded issues / issues that matter. https://t.co/NLhuiEJszw

[ Others ]  I just came across this 7 yo work, a backdoored pci Ethernet card, I presented at LaCon'09 #hardware #hacking http://www.slideshare.net/wintercorelabs/meth-man-in-the-middle-ethernet

[ Others ]  Follow The Money: Dissecting the Operations of the Cyber Crime Group FIN6 « Threat Research Blog | FireEye Inc http://ow.ly/4mWo2V

[ Pentest ]  千呼萬喚始出來XD How I Hacked Facebook, and Found Someone's Backdoor Script 再找個 Google 的 RCE 就可以把各大公司的 RCE 系列給蒐集全了XD http://blog.orange.tw/2016/04/bug-bounty-how-i-hacked-facebook-and-found-someones-backdoor-script.html

[ Pentest ]  Check out "Teaching an old RAT new tricks" http://bit.ly/1QqbJOI. Researchers analyzed a new memory-only deployment method, very stealthy

[ Popular Software ]  Lansweeper 5 SQL injection and weak credential storage lead to domain-admin password recovery! http://blog.gosecure.ca/2016/04/21/your-credentials-at-risk-with-lansweeper-5/

[ ReverseEngineering ]  Reversing the Pepakura File Format https://github.com/daeken/PepakuraReverse

[ ReverseEngineering ]  Slides: "Python Arsenal for Reverse Engineering" http://dsec.ru/upload/medialibrary/7d5/7d5e8a49b25b285b37800480a41583f8.pdf

[ ReverseEngineering ]  Pyflirt is a nice tool using Capstone & FLIRT signatures to detect lib functions in OllyDbg: https://github.com/mokhdzanifaeq/pyflirt https://t.co/tWUOBZl15I

[ Tools ]  w0w Roper, a new exciting exploitation tool for ROP gadgets using genetic programming & Unicorn emulator inside! https://github.com/oblivia-simplex/roper

[ Web Security ]  Adobe Patches DOM-XSS Flaw in Analytics AppMeasurement for Flash Library: https://threatpost.com/adobe-patches-dom-xss-flaw-in-analytics-appmeasurement-for-flash-library/117591/ via @ threatpost

[ Web Security ]  #NoScript, script context. <script>alert//.%0D(1)</script> #fixed #bypass #XSS //cc @ma1

[ Web Security ]  Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile… http://goo.gl/fb/K5ShOI #FullDisclosure

[ Windows ]  #PowerShell exploit for MS16-032 Win7-Win10 & 2k8-2k12 (x32/x64) (CC @ tiraniddo ty!) - https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-MS16-032.ps1 https://t.co/IpZnQCZU8O

[ Windows ]  [Blog Post] Bypass Application Whitelisting Script Protections - Regsvr32.exe & COM Scriptlets (.sct files) http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html :-)