Post

Infosec Reading List - June 2025

Posted
Preview Image
By Dominik Birk
1 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

InfoSec

  • Apple Gave Governments Data on Thousands of Push Notifications - Apple provided governments around the world with data related to thousands of push notifications sent to its devices, - probably a good idea to turn off push notifications for highly critical apps - [link]
  • Cory Doctorow on how we lost the internet - [link]
  • Noam Chomsky Speaks on What ChatGPT Is Really Good For - [link]
  • Graphite Caught - First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted - we conclude that this account was used to deploy Paragon’s Graphite spyware using a sophisticated iMessage zero-click attack. We believe that this infection would not have been visible to the target. - iMessage again - [link]
  • When Backups Open Backdoors: Accessing Sensitive Cloud Data via “Synology Active Backup for Microsoft 365” - At the risk of sounding preachy: the real lesson is that the convenience of cloud does not absolve anyone of doing their security diligence. In today’s shifting threat landscape, organizations invite attacks simply through the complexity of everything. - [link]
  • HOW MUCH EU IS IN DNS4EU? - [link]
  • Scotland’s epic 210-mile bikepacking adventure - added to [todo] list - [link]
  • [Guest Diary] Anatomy of a Linux SSH Honeypot Attack: Detailed Analysis of Captured Malware - [link]
  • Playing with Model Context Protocol and local Large Language Models for privacy engineering - [link]
  • Wireless Pivots: How Trusted Networks Become Invisible Threat Vectors - [link]
  • GitHub MCP Exploited: Accessing private repositories via MCP - As shown here, as soon as the agent encounters the malicious GitHub issue, it can be coerced into pulling private repository data into context, and leaking it in an autonomously-created PR in the public repository, freely accessible to the attacker or anyone else. - [link]
infosec readinglist
This post is licensed under CC BY 4.0 by the author.