ChillyHell: A Deep Dive into a Modular macOS Backdoor
https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/
https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/
Jamf
Learn about ChillyHell, a modular Mac backdoor
Discover its origin, how it compromises macOS and more importantly, how the JTL detected this malicious threat to keep Jamf customers safe.
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/
https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/
Welivesecurity
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
ESET Research has discovered HybridPetya, a copycat of the infamous Petya/NotPetya malware that adds the capability of compromising UEFI-based systems and weaponizing CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems.
iso-27001-using-siem.pdf
610.3 KB
ISO 27001:2022 - Security controls with SIEM
Deserialization Vulnerability in GoAnywhere MFT's License Servlet
https://www.fortra.com/security/advisories/product-security/fi-2025-012
https://www.fortra.com/security/advisories/product-security/fi-2025-012
The God Mode Vulnerability That Should Kill “Trust Microsoft” Forever
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
Tide Foundation
The God Mode Vulnerability That Should Kill "Trust Microsoft"
How One Token Could Have Compromised Every Microsoft Entra ID Tenant on Earth, And Why It’s Time for Authorityless SecurityRecently, security researcher Dirk-Ja
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
Microsoft News
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications.
Botnet Loader-as-a-Service Infrastructure Distributing RondoDoX and Mirai Payloads
https://www.cloudsek.com/blog/botnet-loader-as-a-service-infrastructure-distributing-rondodox-and-mirai-payloads
https://www.cloudsek.com/blog/botnet-loader-as-a-service-infrastructure-distributing-rondodox-and-mirai-payloads
Cloudsek
Botnet Loader-as-a-Service Infrastructure Distributing RondoDoX and Mirai Payloads | CloudSEK
CloudSEK uncovered a large-scale Loader-as-a-Service botnet distributing RondoDoX, Mirai, and Morte payloads through SOHO routers, IoT devices, and enterprise apps. Exploiting weak credentials, unsanitized inputs, and old CVEs, the campaign surged 230% in…
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
Legitsecurity
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
October 13 Phishing Campaign Leveraging LastPass Branding
https://blog.lastpass.com/posts/october-13-2025-phishing-campaign
https://blog.lastpass.com/posts/october-13-2025-phishing-campaign
CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing
https://securitylabs.datadoghq.com/articles/cophish-using-microsoft-copilot-studio-as-a-wrapper/
https://securitylabs.datadoghq.com/articles/cophish-using-microsoft-copilot-studio-as-a-wrapper/
Datadoghq
CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing
Copilot Studio links look benign, but they can host content to redirect users to arbitrary URLs. In this post, we document a method by which a Copilot Studio agent's login settings can redirect a user to any URL, including an OAuth consent attack.