@xc0py.bsky.social
Catching Credential Guard Off Guard - specterops.io/blog/2025/10...
Catching Credential Guard Off Guard - SpecterOps
Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.
specterops.io
October 23, 2025 at 11:16 PM
Catching Credential Guard Off Guard - specterops.io/blog/2025/10...
Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits www.trendmicro.com/en_us/resear...
Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts obse...
www.trendmicro.com
October 17, 2025 at 12:30 PM
Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits www.trendmicro.com/en_us/resear...
K000154696: F5 Security Incident my.f5.com/manage/s/art...
myF5
my.f5.com
October 15, 2025 at 7:20 PM
K000154696: F5 Security Incident my.f5.com/manage/s/art...
Reposted
GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👇 #PaloAltoNetworks #PaloAlto #GreyNoise #ThreatIntel #PANOS
Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...
www.greynoise.io
October 3, 2025 at 9:01 PM
GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👇 #PaloAltoNetworks #PaloAlto #GreyNoise #ThreatIntel #PANOS
Cisco Event Response: Continued Attacks Against Cisco Firewalls sec.cloudapps.cisco.com/security/cen...
Cisco Event Response: Continued Attacks Against Cisco Firewalls
sec.cloudapps.cisco.com
October 1, 2025 at 2:07 AM
Cisco Event Response: Continued Attacks Against Cisco Firewalls sec.cloudapps.cisco.com/security/cen...
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability sec.cloudapps.cisco.com/security/cen...
Cisco Security Advisory: Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following:
An authenticated, remote attacker with low privil...
sec.cloudapps.cisco.com
September 25, 2025 at 12:52 PM
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability sec.cloudapps.cisco.com/security/cen...
EDR-Freeze github.com/TwoSevenOneT...
GitHub - TwoSevenOneT/EDR-Freeze: EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state. - TwoSevenOneT/EDR-Freeze
github.com
September 23, 2025 at 1:58 PM
EDR-Freeze github.com/TwoSevenOneT...
Reposted
🚨 Multiple CrowdStrike packages trojanized in an ongoing npm supply chain attack: This is the same campaign that hit Tinycolor yesterday with identical malware.
Full list of compromised packages + mitigations →
socket.dev/blog/ongoing... #NodeJS #JavaScript
Full list of compromised packages + mitigations →
socket.dev/blog/ongoing... #NodeJS #JavaScript
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages...
Socket.dev found compromised various CrowdStrike npm packages, continuing the "Shai-Halud" supply-chain attack that previously hit `tinycolor`.
socket.dev
September 16, 2025 at 11:00 AM
🚨 Multiple CrowdStrike packages trojanized in an ongoing npm supply chain attack: This is the same campaign that hit Tinycolor yesterday with identical malware.
Full list of compromised packages + mitigations →
socket.dev/blog/ongoing... #NodeJS #JavaScript
Full list of compromised packages + mitigations →
socket.dev/blog/ongoing... #NodeJS #JavaScript
Reposted
GreyNoise observed two scanning surges against Cisco ASA devices in late August, both representing significant elevations above baseline. This activity led to the discovery of a botnet cluster solely scanning for Cisco ASA on August 26.
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel
25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming
GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a signif...
www.greynoise.io
September 4, 2025 at 2:07 PM
GreyNoise observed two scanning surges against Cisco ASA devices in late August, both representing significant elevations above baseline. This activity led to the discovery of a botnet cluster solely scanning for Cisco ASA on August 26.
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System www.cisa.gov/news-events/...
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System | CISA
The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese state-sponsored and other malicious cyber...
www.cisa.gov
August 29, 2025 at 1:19 PM
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System www.cisa.gov/news-events/...
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability sec.cloudapps.cisco.com/security/cen...
Cisco Security Advisory: Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that...
sec.cloudapps.cisco.com
August 18, 2025 at 1:24 AM
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability sec.cloudapps.cisco.com/security/cen...
Lenovo Webcam Firmware Update Vulnerability CVE-2025-4371 support.lenovo.com/us/en/produc...
support.lenovo.com
August 14, 2025 at 12:53 AM
Lenovo Webcam Firmware Update Vulnerability CVE-2025-4371 support.lenovo.com/us/en/produc...
BitUnlocker – Multiple 0-days to Bypass BitLocker and Extract All Protected Data cybersecuritynews.com/bitunlocker-...
BitUnlocker - Multiple 0-days to Bypass BitLocker and Extract All Protected Data
Researchers have disclosed a series of critical zero-day vulnerabilities that completely bypass Windows BitLocker encryption, allowing attackers with physical access to extract all protected data from...
cybersecuritynews.com
August 9, 2025 at 2:41 PM
BitUnlocker – Multiple 0-days to Bypass BitLocker and Extract All Protected Data cybersecuritynews.com/bitunlocker-...
New Lenovo UEFI firmware updates fix Secure Boot bypass flaws www.bleepingcomputer.com/news/securit...
New Lenovo UEFI firmware updates fix Secure Boot bypass flaws
Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmwa...
www.bleepingcomputer.com
August 2, 2025 at 12:55 PM
New Lenovo UEFI firmware updates fix Secure Boot bypass flaws www.bleepingcomputer.com/news/securit...
Attackers abusing Proofpoint & Intermedia link wrapping to deliver phishing payloads www.cloudflare.com/threat-intel...
Attackers abusing Proofpoint & Intermedia link wrapping to deliver phishing payloads
Attackers are exploiting Proofpoint and Intermedia link wrapping to mask phishing payloads.
www.cloudflare.com
August 1, 2025 at 2:59 PM
Attackers abusing Proofpoint & Intermedia link wrapping to deliver phishing payloads www.cloudflare.com/threat-intel...
APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 support.apple.com/en-us/124147
About the security content of iOS 18.6 and iPadOS 18.6 - Apple Support
This document describes the security content of iOS 18.6 and iPadOS 18.6.
support.apple.com
July 29, 2025 at 11:57 PM
APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 support.apple.com/en-us/124147
Reposted
Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)
📖 Read more: www.helpnetsecurity.com/2025/07/24/s...
#cybersecurity #cybersecuritynews #vulnerability
📖 Read more: www.helpnetsecurity.com/2025/07/24/s...
#cybersecurity #cybersecuritynews #vulnerability
Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599) - Help Net Security
Sonicwall is asking customers SMA 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible.
www.helpnetsecurity.com
July 24, 2025 at 10:18 AM
Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)
📖 Read more: www.helpnetsecurity.com/2025/07/24/s...
#cybersecurity #cybersecuritynews #vulnerability
📖 Read more: www.helpnetsecurity.com/2025/07/24/s...
#cybersecurity #cybersecuritynews #vulnerability
Reposted
There's a new Microsoft SharePoint zero-day getting exploited right now: CVE-2025-53770
msrc.microsoft.com/blog/2025/07...
msrc.microsoft.com/blog/2025/07...
July 20, 2025 at 3:19 PM
There's a new Microsoft SharePoint zero-day getting exploited right now: CVE-2025-53770
msrc.microsoft.com/blog/2025/07...
msrc.microsoft.com/blog/2025/07...
Reposted
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown ⬇️
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public
GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.
www.greynoise.io
July 16, 2025 at 8:45 PM
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown ⬇️
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
Microsoft Patch Tuesday, July 2025 Edition krebsonsecurity.com/2025/07/micr...
Microsoft Patch Tuesday, July 2025 Edition
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be activ...
krebsonsecurity.com
July 9, 2025 at 10:39 AM
Microsoft Patch Tuesday, July 2025 Edition krebsonsecurity.com/2025/07/micr...
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/security/cen...
Cisco Security Advisory: Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying ...
sec.cloudapps.cisco.com
June 27, 2025 at 12:21 PM
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/security/cen...
Reposted
🚨 Contagious Interview returns:
North Korean threat actors just dropped 35 new malicious npm packages that use a HexEval loader to deploy BeaverTail malware.
These attacks target devs via fake job offers and coding tests laced with malware.
Full analysis: socket.dev/blog/north-k... #NodeJS
Full analysis: socket.dev/blog/north-k... #NodeJS
Another Wave: North Korean Contagious Interview Campaign Dro...
North Korean threat actors linked to the Contagious Interview campaign return with 35 new malicious npm packages using a stealthy multi-stage malware ...
socket.dev
June 25, 2025 at 2:45 AM
🚨 Contagious Interview returns:
North Korean threat actors just dropped 35 new malicious npm packages that use a HexEval loader to deploy BeaverTail malware.
These attacks target devs via fake job offers and coding tests laced with malware.
Full analysis: socket.dev/blog/north-k... #NodeJS
Full analysis: socket.dev/blog/north-k... #NodeJS
Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2 www.veeam.com/kb4743
KB4743: Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2
Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2
www.veeam.com
June 19, 2025 at 10:57 AM
Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2 www.veeam.com/kb4743
Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability www.akamai.com/blog/securit...
www.akamai.com
June 10, 2025 at 10:59 PM
Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability www.akamai.com/blog/securit...