Project Zero: Pointer leaks through pointer-keyed data structures
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory | Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
Microsoft Edge to block malicious sideloaded extensions
https://www.bleepingcomputer.com/news/security/microsoft-edge-to-block-malicious-sideloaded-extensions/
New LockBit 5.0 Ransomware Variant Attacking Windows, Linux, and ESXi Systems
https://cybersecuritynews.com/new-lockbit-5-0-ransomware-variant/
Secure Microsoft Entra ID: Real-World Strategies
https://blog.nviso.eu/2025/09/25/securing-microsoft-entra-id-lessons-from-the-field-part-1/
FLARE-On 12
http://flare-on12.ctfd.io
Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP - SpecterOps
https://specterops.io/blog/2025/08/22/operating-outside-the-box-ntlm-relaying-low-privilege-http-auth-to-ldap/
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
https://thehackernews.com/2025/09/fortra-goanywhere-cvss-10-flaw.html
Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware
https://thehackernews.com/2025/09/cisco-asa-firewall-zero-day-exploits.html
DOM XSS: Bypassing Server-side Cookie Overwrite, Chrome innerHTML Quirk, and JSON Injection – El Mehdi Mrhassel
https://elmehdi.me/2025/09/26/dom-xss-bypassing-server-side-cookie-overwrite-chrome-innerhtml-quirk-and-json-injection/