Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images
https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images
LOLDrivers
http://LOLdrivers.io
Microsoft asks users to ignore certificate enrollment errors
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-users-to-ignore-certificate-enrollment-errors/
GitHub - 123ojp/GREtunnel-scanner: This is a GRE PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion
https://github.com/123ojp/GREtunnel-scanner
Spike in Fortinet VPN brute-force attacks raises zero-day concerns
https://www.bleepingcomputer.com/news/security/spike-in-fortinet-vpn-brute-force-attacks-raises-zero-day-concerns/
Microsoft removes PowerShell 2.0 from Windows 11, Windows Server
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-powershell-20-from-windows-11-windows-server/
New downgrade attack can bypass FIDO auth in Microsoft Entra ID
https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id/
Conferences/BlackHat_USA_2025_Slides at main · onhexgroup/Conferences · GitHub
https://github.com/onhexgroup/Conferences/tree/main/BlackHat_USA_2025_Slides
Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws
https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html
China Questions Security of AI Chips From NVIDIA, AMD
https://www.darkreading.com/cyber-risk/china-questions-security-ai-chips-nvidia-amd
CVE-2017-11882 Will Never Die - SANS Internet Storm Center
https://isc.sans.edu/diary/32196
Hackers leak Allianz Life data stolen in Salesforce attacks
https://www.bleepingcomputer.com/news/security/hackers-leak-allianz-life-data-stolen-in-salesforce-attacks/
Novel SSRF Technique Involving HTTP Redirect Loops › Searchlight Cyber
https://slcyber.io/assetnote-security-research-center/novel-ssrf-technique-involving-http-redirect-loops/
Researchers cracked the encryption used by DarkBit ransomware
https://securityaffairs.com/181064/malware/researchers-cracked-the-encryption-used-by-darkbit-ransomware.html
GitHub - pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis: CVE-2025-53652: Jenkins Git Parameter Analysis
https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
Curly COMrades: A New Threat Actor Targeting Geopolitical Hotbeds
https://businessinsights.bitdefender.com/curly-comrades-new-threat-actor-targeting-geopolitical-hotbeds
CVE-2025-50154:Zero Click, One NTLM: Patch Bypass
https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/
“Evil VM”: From Guest Compromise To Entra Admin In 9… | BeyondTrust
https://www.beyondtrust.com/blog/entry/evil-vm
Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code
https://thehackernews.com/2025/08/fortinet-warns-about-fortisiem.html
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises | Trend Micro (US)
https://www.trendmicro.com/en_us/research/25/h/new-ransomware-charon.html
AIxCC Competition Archive | AIxCC Competition Archive
https://archive.aicyberchallenge.com/
From Support Ticket to Zero Day | Horizon3.ai
https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
GitHub - 0xJs/BYOVD_read_write_primitive: Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
https://github.com/0xJs/BYOVD_read_write_primitive
CVE-2025-53769 - Security Update Guide - Microsoft - Windows Security App Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53769