Stealing Microsoft Teams access tokens in 2025
https://blog.randorisec.fr/ms-teams-access-tokens/
Critical WSUS flaw in Windows Server now exploited in attacks
https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/
Mozilla: New Firefox extensions must disclose data collection practices
https://www.bleepingcomputer.com/news/software/mozilla-new-firefox-extensions-must-disclose-data-collection-practices/
GitHub - 0xMarcio/cve: Latest CVEs with their Proof of Concept exploits.
https://github.com/0xMarcio/cve
Windows Server emergency patches fix WSUS bug with PoC exploit
https://www.bleepingcomputer.com/news/security/microsoft-releases-windows-server-emergency-updates-for-critical-wsus-rce-flaw/
Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland
https://www.bleepingcomputer.com/news/security/hackers-earn-1-024-750-for-73-zero-days-at-pwn2own-ireland/
CVE-2025-59287 WSUS Remote Code Execution | HawkTrace
https://hawktrace.com/blog/CVE-2025-59287
The 'Invisibility Cloak' - Slash-Proc Magic | dfir.ch
https://dfir.ch/posts/slash-proc/
Home - Cracking NetNTLMv1 online
http://ntlmv1.com
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) - Help Net Security
https://www.helpnetsecurity.com/2025/10/24/wsus-vulnerability-cve-2025-59287-exploited/
Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack
https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html
Hiding Linux Processes with Bind Mounts – Righteous IT
https://righteousit.com/2024/07/24/hiding-linux-processes-with-bind-mounts/
Forensic Test Images & CTFs
https://www.dfir.training/downloads/test-images?category%5B0%5D=11&category_children=1
TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog
https://edera.dev/stories/tarmageddon
Hackers Can Access Microsoft Teams Chat and Emails by Retrieving Access Tokens
https://cybersecuritynews.com/microsoft-teams-access-tokens/
Fake LastPass death claims used to breach password vaults
https://www.bleepingcomputer.com/news/security/fake-lastpass-death-claims-used-to-breach-password-vaults/
Hackers launch mass attacks exploiting outdated WordPress plugins
https://www.bleepingcomputer.com/news/security/hackers-launch-mass-attacks-exploiting-outdated-wordpress-plugins/
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html