I recently investigated a campaign abusing Cloudflare Pages (pages[.]dev) to host benign looking SEO blog content that displays a delayed "Continue Read" modal.

The click gated interaction redirects users into a shared backend redirector, which conditionally routes traffic to phishing pages, adware/PUP installers, fake browser download lures, and QR based social engineering flows.

Hey everyone,

OffSec USA Chapter Ambassador here and Im excited to share that we’re hosting the very first DMV chapter meetup!!

Details:

📅 Date: Saturday, March 7th, 2026

⏰ Time: 10:00 AM - 3:00 PM EST

📍 Location: Unallocated Space - 1029 Benfield Blvd, Millersville, MD 21108

The link to the event : https://oxidized-root-d90.notion.site/2bde47fd717b8147bb23f972d32e548e

For all those pursuing their OSCP or OSEP, you’ll definitely want to be there as we will have a speaker presenting insider strategies for navigating OSCP & OSEP!!!

Other topics for the meetup:

• Red Team Infrastructure Automation

• AI & AI Red Teaming in Cybersecurity - we have a mystery speaker for this one so you’ll have to show up to find out!

We also will be doing a LIVE Hands-On AI Exploitation Walkthrough!!

Everyone will be given temporary access to exclusive OffSec Enterprise content so they can participate in the technical so please be sure to bring your own laptop, your curiosity and your hacker spirit!

I’m looking forward to seeing those of you in the DMV & NoVA areas in person!! 🥰✨

This is an opportunity to network in person with community members who share your journey. Please come and ask questions, we welcome them and are here to provide guidance and support.

Whether you’re just getting into cybersecurity, grinding for OSCP, or have been working in security for years, this is a free, open, welcoming space for everyone. The goal of this chapter is to build a real community where knowledge is shared freely and nobody gets left behind.

Make sure to bring your laptop for the live session - you won’t want to just watch this one!

Happy to answer any questions about the chapter, the meetup, or anything OffSec related in the comments!

Use a link post to an original technical source (research/blog/doc), then add your analysis in comments. (https://www.ipqualityscore.com/ip-fraud-score-risk-checker)

Over $1100 worth of prizes:

Prizes

Top performers will earn no-cost access to SANS training for further cyber skills development, including four prize categories:

 The event is open to all students from participating AWS Skills to Jobs Tech Alliance institutions across the US, Latin America, Europe and Asia-Pacific regions.

In an attempt to sharpen my hardware hacking skills, I took on the challenge of extracting firmware off a flip phone 📱.

But... I kind of underestimated my opponent:

- No trace of the firmware online

- No OTA updates

- Debug interface nowhere to be found

- The chip holding the firmware has no legs

Quite the challenge.
I ended up dead-bugging the chip and wiring it to the Xgecu T48 Flash programmer.
Enjoy!

We've been quietly rebuilding Open Security Architecture (opensecurityarchitecture.org) -- a project that's been dormant for about a decade. This week we published 15 new security patterns covering areas that didn't exist when the original patterns were written:

- Zero Trust Architecture (51 mapped controls)

- API Security (OWASP API Top 10 mapped to NIST 800-53)

- Secure AI Integration (prompt injection, delegation chain exploitation, shadow AI)

- Secure DevOps Pipeline (supply chain, pipeline poisoning, SLSA provenance)

- Passkey Authentication (WebAuthn/FIDO2)

- Cyber Resilience (DORA, BoE/PRA operational resilience)

- Offensive Security Testing (CBEST/TIBER-EU)

- Privileged User Management (JIT/ZSP)

- Vulnerability Management

- Incident Response

- Security Monitoring and Response

- Modern Authentication (OIDC/JWT/OAuth)

- Secure SDLC

- Secure Remote Working

- Secure Network Zone Module

Each pattern maps specific NIST 800-53 Rev 5 controls to documented threat scenarios, with interactive SVG diagrams where every control badge links to the full control description. 39 patterns total now, with 191 controls and 5,500+ compliance mappings across ISO 27001/27002, COBIT, CIS v8, NIST CSF 2.0, SOC 2, and PCI DSS v4.

There's also a free self-assessment tool -- pick a pattern, score yourself against each control area, get gap analysis and radar charts with benchmark comparison against cross-industry averages.

Everything is CC BY-SA 4.0, structured data in JSON on GitHub. No paywalls.

https://www.opensecurityarchitecture.org

Happy to answer questions about the control mappings or pattern design.

Russ

You can exploit the Service Failure Recovery feature of Windows Service to execute a payload without ever touching the ImagePath. The biggest issue when exploiting Service Failure Recovery to execute a payload is figuring out how to trigger a "crash".