SystemBC malware turns infected VPS systems into proxy highway
https://www.bleepingcomputer.com/news/security/systembc-malware-turns-infected-vps-systems-into-proxy-highway/
WatchGuard warns of critical vulnerability in Firebox firewalls
https://www.bleepingcomputer.com/news/security/watchguard-warns-of-critical-vulnerability-in-firebox-firewalls/
Cloudflare DDoSed itself with React useEffect hook blunder • The Register
https://www.theregister.com/2025/09/18/cloudflare_ddosed_itself/
Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure - GitLab Security Tech Notes
https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/north-korean-malware-sept-2025/
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
Merge branch '6.4.x' into 6.5.x · spring-projects/spring-security@d0f93fa · GitHub
http://github.com/spring-projects/spring-security/commit/d0f93fa6d8338149943ae640c53db07de827867f
CopyCop Deepens Its Playbook with New Websites and Targets
https://www.recordedfuture.com/research/copycop-deepens-its-playbook-with-new-websites-and-targets
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html
CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types
https://spring.io/security/cve-2025-41248
Two teenage suspected Scattered Spider members charged in UK over TfL hack | The Record from Recorded Future News
https://therecord.media/scattered-spider-teenage-suspects-arrested-britain-nca
GitHub - dis0rder0x00/obex: Obex – Blocking unwanted DLLs in user mode
https://github.com/dis0rder0x00/obex
More Fun With WMI - SpecterOps
https://specterops.io/blog/2025/09/18/more-fun-with-wmi/
PyPI invalidates tokens stolen in GhostAction supply chain attack
https://www.bleepingcomputer.com/news/security/pypi-invalidates-tokens-stolen-in-ghostaction-supply-chain-attack/
External attack surface management (EASM) - NCSC.GOV.UK
https://www.ncsc.gov.uk/guidance/external-attack-surface-management-buyers-guide
Chrome Releases: Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html
XSS-Leak: Leaking Cross-Origin Redirects | Salvatore Abello's Blog
https://blog.babelo.xyz/posts/cross-site-subdomain-leak
aretekzs | Fuzzing WebSockets for Server-Side Vulnerabilities
https://aretekzs.com/posts/fuzzing-ws/
GitHub - trinib/ZORG-Jailbreak-Prompt-Text: Bypass restricted and censored content on AI chat prompts 😈
https://github.com/trinib/ZORG-Jailbreak-Prompt-Text
CVE-2025-21043: When DNG Opcodes Become Attack Vectors | Matt Suiche
https://www.msuiche.com/posts/cve-2025-21043-when-dng-opcodes-become-attack-vectors/
https://orange-cyberdefense.github.io/ocd-mindmaps/img/mindmap_ad_dark_classic_2025.03.excalidraw.svg
https://orange-cyberdefense.github.io/ocd-mindmaps/img/mindmap_ad_dark_classic_2025.03.excalidraw.svg
Have I Been Pwned: FreeOnes Data Breach
https://haveibeenpwned.com/Breach/FreeOnes
Notepad gets free AI features on Copilot+ PCs with Windows 11
https://www.bleepingcomputer.com/news/microsoft/notepad-gets-free-ai-features-on-copilot-plus-pcs-with-windows-11/
GOLD SALEM’s Warlock operation joins busy ransomware landscape – Sophos News
https://news.sophos.com/en-us/2025/09/17/gold-salems-warlock-operation-joins-busy-ransomware-landscape/
UK arrests 'Scattered Spider' teens linked to Transport for London hack
https://www.bleepingcomputer.com/news/security/uk-arrests-scattered-spider-teens-linked-to-transport-for-london-hack/
CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions - Silent Push
https://www.silentpush.com/blog/countloader/
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/
[compiler] Don't assume that upper 32-bit of Int32MulOvfCheck are 0 (6954290) · Gerrit Code Review
https://chromium-review.googlesource.com/c/v8/v8/+/6954290![[compiler] Don't assume that upper 32-bit of Int32MulOvfCheck are 0 (6954290) · Gerrit Code Review](/image/screenshot/5875d7fd30cd3af6f4f0eb96a3496f0b.webp)
ShinyHunters Calling: Financially Motivated Data Extortion Group Targeting Enterprise Cloud Applications
https://blog.eclecticiq.com/shinyhunters-calling-financially-motivated-data-extortion-group-targeting-enterprise-cloud-applications
SonicWall warns customers to reset credentials after breach
https://www.bleepingcomputer.com/news/security/sonicwall-warns-customers-to-reset-credentials-after-MySonicWall-breach/
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
https://thehackernews.com/2025/09/countloader-broadens-russian-ransomware.html
Decade-Old Pixie Dust Wi-Fi Hack Still Impacts Many Devices - SecurityWeek
https://www.securityweek.com/decade-old-pixie-dust-wi-fi-hack-still-impacts-many-devices/