Post

Infosec Reading List - September 2025

Posted
Preview Image
By Dominik Birk
4 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

InfoSec

  • Claude Code: Data Exfiltration with DNS (CVE-2025-55284) - [link]
  • New zero-day startup offers $20 million for tools that can hack any smartphone - More recently, the prices of zero-days have skyrocketed, in part because there is higher demand and also because it’s getting more difficult to hack modern devices and software, thanks to big tech companies improving their security. - [link]
  • Game Theory at Work: When to Talk and When to Shut Up - [link]
  • Inside the Microsoft Teams Attack Matrix: Unpacking the The Frontier in Collaboration Threats - Teams is an interesting, relatively new, but highly legitimate attack surface - [link]
  • Push notifications are a privacy nightmare - [link]
  • LLMs are not like you and me—and never will be - [link]
  • Lookout Discovers Massistant Chinese Mobile Forensic Tooling - [link]
  • Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances - a threat actor utilized compromised OAuth credentials to exfiltrate data from affected customers’ Salesforce environments. - [link]
  • WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware - [link]
  • Employees targeted via vishing leading to payroll redirection - Helpdesk has the power to reset passwords, change MFA, change user information - we should not forget that - it’s probably one of the most powerful entities in corporations when it comes to infosec - [link]
  • Introducing Signal Secure Backups - Only you can decrypt your backup archive, which will allow you to restore your message database (excluding view-once messages and messages scheduled to disappear within the next 24 hours). Because your secure backup archive is refreshed daily, anything you deleted in the past 24 hours, or any messages set to disappear are removed from the latest daily secure backup archive, as you intended. - I‘m not sure whether I like this: my understanding of this text is that messages that are about to disappear e.g. in 4 weeks will still be included in the daily backup. Excluding view-once messages and messages scheduled to disappear within the next 24 hours. Does this mean that disappearing messages could potentially remain in backups forever? In the last sentence it says that disappearing messages are NOT included - but I guess this refers to the daily backup and only excludes 24hour + view-once messages. - [link]
  • 18 Popular Code Packages Hacked, Rigged to Steal Crypto - Beaumont said the incident is a reminder that much of the planet still depends on code that is ultimately maintained by an exceedingly small number of people who are mostly overburdened and under-resourced. - exactly this - let‘s imagine this kind of attack done by people that know how to abuse these powers in an efficient and effective way - I think we will continue to see those since the problem is not the poor guy who clicked on the phishing mail but the power that one person has across millions of downloads and apps. Last but not least: the developer‘s reaction is hero-like - this enables fast reaction and resolution of the problem. - [link]
  • Ex-WhatsApp cybersecurity executive says Meta endangered billions of users in new suit - [link]
  • The One-Month Knowledge Sprint: How to Read Books, Take Action, and Change Your Life - Reading without action is impotent. Action without reading is ignorant. You need both. - [link]
  • Kerberoasting - But Microsoft doesn’t seem to do anything proactive, like absolutely banning obsolete legacy stuff, or being completely obnoxious and forcing admins to upgrade their weird and bad legacy configurations. - key reason for this behaviour is probably due to compliance with legacy environments and the associated fear of loosing market shares - [link]
  • Thoughts on (Amazonian) Leadership - I see a lot of overlaps to the Service Mindset article here. - [link]
  • Security Advisory: Airoha-based Bluetooth Headphones and Earbuds - To be clear: Any vulnerable device can be compromised if the attacker is in Bluetooth range. That is the only precondition. - It is also exposed as RFCOMM channel via Bluetooth BD/EDR (also known as Bluetooth Classic). Missing authentication for Bluetooth Classic allows an attacker to use this protocol without pairing with the device. - so close range + technical expertise is required to exploit this vuln - [link]
  • Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - [link]
  • Apple Face ID: Security Implications and Potential Vulnerabilities - Apple’s incremental hardening of the system, both in hardware and in liveness-detection software, has meant that while academic demonstrations highlight theoretical avenues of attack, there are no recent, reproducible reports of successful circumvention in the wild. - good article where we are officially with face ID - [link]
  • I Was a Weird Kid- Jailhouse Confessions of a Teen Hacker - He would pay anywhere from $60 to $1,000 for a login, depending on the level of security at the telecommunications company. If a caller got the employee to install a remote-access tool, he’d pay as much as $4,000. When Covid-19 shut down schools across the country, Noah was delighted at the additional free time this meant for his workforce. - [link]
  • Exploring EXIF - on the power of EXIF data in photos - [link]
infosec readinglist
This post is licensed under CC BY 4.0 by the author.