Deserialization Vulnerability in GoAnywhere MFT's License Servlet
https://www.fortra.com/security/advisories/product-security/fi-2025-012
https://www.fortra.com/security/advisories/product-security/fi-2025-012
The God Mode Vulnerability That Should Kill “Trust Microsoft” Forever
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
Microsoft News
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications.
Botnet Loader-as-a-Service Infrastructure Distributing RondoDoX and Mirai Payloads
https://www.cloudsek.com/blog/botnet-loader-as-a-service-infrastructure-distributing-rondodox-and-mirai-payloads
https://www.cloudsek.com/blog/botnet-loader-as-a-service-infrastructure-distributing-rondodox-and-mirai-payloads
Cloudsek
Botnet Loader-as-a-Service Infrastructure Distributing RondoDoX and Mirai Payloads | CloudSEK
CloudSEK uncovered a large-scale Loader-as-a-Service botnet distributing RondoDoX, Mirai, and Morte payloads through SOHO routers, IoT devices, and enterprise apps. Exploiting weak credentials, unsanitized inputs, and old CVEs, the campaign surged 230% in…
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
Legitsecurity
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
October 13 Phishing Campaign Leveraging LastPass Branding
https://blog.lastpass.com/posts/october-13-2025-phishing-campaign
https://blog.lastpass.com/posts/october-13-2025-phishing-campaign
CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing
https://securitylabs.datadoghq.com/articles/cophish-using-microsoft-copilot-studio-as-a-wrapper/
https://securitylabs.datadoghq.com/articles/cophish-using-microsoft-copilot-studio-as-a-wrapper/
Datadoghq
CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing
Copilot Studio links look benign, but they can host content to redirect users to arbitrary URLs. In this post, we document a method by which a Copilot Studio agent's login settings can redirect a user to any URL, including an OAuth consent attack.
Vault Viper: High Stakes, Hidden Threats
https://blogs.infoblox.com/threat-intelligence/vault-viper-high-stakes-hidden-threats/
https://blogs.infoblox.com/threat-intelligence/vault-viper-high-stakes-hidden-threats/
Infoblox Blog
Vault Viper: DNS, Malware, and iGaming Infrastructure
Vault Viper is a threat actor leveraging DNS infrastructure and a custom browser for illegal gambling, and organized crime across Southeast Asia.
CVE-2025-10680
The OpenVPN 2.7_alpha1 through 2.7_beta1 releases are susceptible to noscript injection attacks when connecting to untrusted VPN services
https://community.openvpn.net/Security%20Announcements/CVE-2025-10680
The OpenVPN 2.7_alpha1 through 2.7_beta1 releases are susceptible to noscript injection attacks when connecting to untrusted VPN services
https://community.openvpn.net/Security%20Announcements/CVE-2025-10680
PhantomRaven: NPM Malware Hidden in Invisible Dependencies
https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies
https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies
www.koi.ai
PhantomRaven: NPM Malware Hidden in Invisible Dependencies | Koi Blog
Oldest , but actually. Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques.
https://pwning.tech/nftables/
https://pwning.tech/nftables/
Pwning Tech
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets…
High-Level Attack Idea - AI Kill Chain + Demo
https://embracethered.com/blog/posts/2025/claude-abusing-network-access-and-anthropic-api-for-data-exfiltration/
Please open Telegram to view this post
VIEW IN TELEGRAM
Embrace The Red
Claude Pirate: Abusing Anthropic's File API For Data Exfiltration
Claude's Code Interpreter recently got network access, and the default allow-list enables an interesting novel exploit chain that allows an adversary to exfiltrate large amounts of data by uploading files via the Anthropic API to their own account.