[ Attack ]  The 2015 Global Threat Report is live! Download it to discover the latest trends and intelligence to stop breaches: http://ow.ly/XTrLW

[ Attack ]  Nuclear EK Leveraged In Large WordPress Compromise Campaign http://blog.malwarebytes.org/exploits-2/2016/02/nuclear-ek-leveraged-in-large-wordpress-compromise-campaign/

[ Browser ]  MS Edge priorities in 2016: https://blogs.windows.com/msedgedev/2016/02/03/2016-platform-priorities/ Extensions (of course), HUGE #a11y improvements, and a whole host of new standards

[ Browser ]  Comodo's #Chromodo browser disables the same-origin policy - http://ow.ly/XUg3G

[ Debug ]  #DeepSec Video: Building a Better #Honeypot Network:… http://wp.me/p6PE4U-D2 #Defence #InfoSec #Intelligence

[ Defend ]  Ironclad: end-to-end sec w automated verification [priv/intgr; annotation & Floyd-Hoare; Z3] http://research.microsoft.com/pubs/230123/final-osdi-2014.pdf https://t.co/zJdlvMxHrT

[ Defend ]  Simple, reasonable advice in this one: http://schd.ws/hosted_files/appseccalifornia2016/61/AppSec-PreventingSecurityBugsThroughSoftwareDesign-ChristophKern.pdf https://t.co/HyscRfTOMh

[ Defend ]  Here are the slides http://bit.ly/1mbklBd for anyone interested in Domain Driven Security that missed @ danbjson and my talk at #DDDEU

[ Defend ]  KeePassLogger - KeePass Two-Channel Auto-Type Obfuscation (TCATO) Bypass http://www.sinfocol.org/2016/02/keepasslogger-keepass-two-channel-auto-type-obfuscation-bypass/ Source code https://github.com/sinfocol/KeePassLogger

[ Exploit ]  how2heap : A repository for learning various heap exploitation techniques : https://github.com/shellphish/how2heap

[ Forensics ]  OS X Yosemite vs El Capitan: Forensic Artifacts Differences #DFIR http://buff.ly/1PxYb8e

[ Fuzzing ]  kitty : Fuzzing Framework written in python : https://github.com/cisco-sas/kitty

[ Industry News ]  This report lists >$10M VC investments in security from 2014-2015: http://momentum.partners/docs/Cybersecurity_Market_Review_Q4_2015.pdf I only recognize 3 that I know are useful.

[ iOS ]  Explaining the race condition recently patched on iOS 9.2 / 9.2.1 kernel exploit https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.pangu.io%2Frace_condition_bug_92%2F&edit-text= (Google translated)

[ IoTDevice ]  Fisher-Price Smart Toy® & hereO GPS Platform Vulnerabilities https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform

[ Mac OS X ]  Attacks targeting one #Apple OS could affect the other. Learn about the threat landscape: http://symc.ly/1SDSc2x https://t.co/KM0szb1N1b

[ MalwareAnalysis ]  Debungking a tiny ELF remote backdoor (shellcode shellshock part 2) : http://blog.malwaremustdie.org/2016/02/mmd-0051-2016-debungking-tiny-elf.html

[ MalwareAnalysis ]  Macro Redux: the Premium Package http://labs.bromium.com/2016/02/03/macro-redux-the-premium-package/

[ Network ]  You should take a look at mitmproxy, a tool that allows interactive examination and modification of HTTP traffic https://mitmproxy.org/

[ Others ]  #Unit42 looks at #Emissary Trojan Changelog: Did Operation Lotus Blossom cause it to evolve? http://bit.ly/1R2OaAO

[ Popular Software ]  Quick update made to the #Socat backdoor story: https://threatpost.com/socat-warns-weak-prime-number-could-mean-its-backdoored/116104/ via @ threatpost

[ SecurityProduct ]  A remote filesystem access vulnerability in the default Avast install. https://code.google.com/p/google-security-research/issues/detail?id=679

[ ThirdParty ]  Summing this up for you: Non-Chromium WebKit security for Linux is a tire fire. https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

[ ThirdParty ]  openssl_seal() is prone to use uninitialized memory that can be turned into a code execution http://akat1.pl/?id=1

[ Tools ]  XXEinjector : Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods : https://github.com/enjoiz/XXEinjector

[ Tools ]  New version of the #DSInternals PowerShell Module, now with Windows Server 2003 support. https://github.com/MichaelGrafnetter/DSInternals/releases https://t.co/FPXJvrzEJi

[ Tools ]  Codetainer-A Docker Container In Your Browser http://www.kitploit.com/2015/11/codetainer-docker-container-in-your.html Allows you to create code 'sandboxes' you can embed in your web apps

[ Web Security ]  The Magic of Connecting The Dots : https://respectxss.blogspot.de/2016/01/the-magic-of-connecting-dots.html cc: @ soaj1664ashar

[ Web Security ]  The latest @ WordPress update fixes both a SSRF and Open Redirect vuln -http://ow.ly/XU2Ne https://t.co/m0FQjBQItP

[ Windows ]  Bypass Windows AppLocker http://en.wooyun.io/2016/01/28/Bypass-Windows-AppLocker.html

[ Windows ]  .@ rckashyap @ vadimkotov I've discussed the RTF-dropping-exe (in fact, any file) trick & the risks back to July 2014 https://blogs.mcafee.com/mcafee-labs/dropping-files-temp-folder-raises-security-concerns.