IOCs in blog post: 📡 91.92.120.101:62520 📡 91.92.120.101:65535 💾 711d9cbf1b1c77de45c4f1b1a82347e6 💾 6ff95e302e8374e4e1023fbec625f44b 💾 e6d7bbc53b718217b2de1b43a9193786 💾 a9bc0fad0b1a1d6931321bb5286bf6b7 💾 09bb5446ad9055b9a1cb449db99a7302 💾 38d29f5ac47583f39a2ff5dc1c366f7d

The documentary that the BBC refused to air showing the targeting, detainment and torture of medics in Gaza by Israeli authorities was broadcast by Channel 4 last night. Amnesty International researcher, Budour Hassan, explains the use of secret sites by the Israeli authorities.

Elastic Security Labs has observed multiple campaigns that appear to be leveraging commercial AV/EDR evasion framework SHELLTER to load malware. SHELLTER is a commercial evasion framework that helps red teams bypass AV and EDR tools. elastic.co/security-labs/…

built a tiny fingerprint-aware reverse proxy (on top of fingerproxy)—logs JA3, JA4, and JA4H fingerprints, and lets you ⛔️ block or ↪️ route traffic based on them. great for honeypots or bot filtering, better for fun! can release if it’s useful to anyone.

OVER x SLIDES & VIDEOS 📣 #pts25 is now over, thanks so much to all 🙏 🚨 As always, due to the 🔥 work of the team, you can browse/follow *all* talks: 📖 Slides: archives.pass-the-salt.org/Pass%20the%20S… 🎦 Videos : passthesalt.ubicast.tv/channels/#2025 Thanks again & we wish you a fantastic summer ❤️ 😎

Attackers are exploiting misconfigured Docker #APIs to gain access to containerized environments, then using Tor to mask their activities while deploying crypto miners. Discover how this method works and its implications for security operations:⬇️ research.trendmicro.com/4e6DhwM

McDonald's uses an AI bot called "Olivia" for hiring. A pair of hackers found they could access every conversation job applicants had with it—including all the personal info they shared—by exploiting security flaws as basic as using the password "123456". wired.com/story/mcdonald…

"The powerful punishing those who speak for the powerless, it is not a sign of strength, but of guilt". Let's stand tall, together.

Vidar, Lumma Stealer, and Rhadamanthys were among the most prominent infostealer families detected in #OperationSecure. Trend Micro’s analysis details their role in recent campaigns and how C&C takedowns disrupt them. Get the full story here: ⬇️ research.trendmicro.com/4njlvuE

Our research on open tunneling servers got nominated for the Most Innovative Research award :) The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security Brief summary and code: github.com/vanhoefm/tunne… Paper: papers.mathyvanhoef.com/usenix2025-tun…

Alert: SharePoint CVE-2025-53770 incidents! In collaboration with Eye Security & watchTowr we are notifying compromised parties. Read: research.eye.security/sharepoint-und… ~9300 Sharepoint IPs seen exposed daily (just population, no vulnerability assessment): dashboard.shadowserver.org/statistics/iot…

Did you hear about our latest release? Suricata 8.0.0 is out now! Hear from longtime supporter and Suricata Evangelist, Peter Manev on what he is most excited about with this release. Check it out! youtube.com/watch?v=POt7C0…

dropping this tonight (been meaning to for days but kept fixing and adding stuff hah). forcing myself to stop tweaking.. shipping in a few hours. y’all can break it and file the issues 🪲

Thanks to a scan conducted by LeakIX, we have shared SharePoint IPs confirmed vulnerable to CVE-2025-53770, CVE-2025-53771. 424 SharePoint IPs found on 2025-07-23. One-off data in our Vulnerable HTTP report - shadowserver.org/what-we-do/net… Tree map: dashboard.shadowserver.org/statistics/com…

Playing with the Medusa stealth rootkit which is LD_PRELOAD style of hiding on Linux. If you think this kind of rootkit is on a box, you can easily poke around and de-cloak it by using a statically built version of busybox like shown here.

Nextron Systems researchers identified Plague, a stealthy Linux backdoor built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access. nextron-systems.com/2025/08/01/pla…

When you're doing deployments, you'll need to be able to control who has access to your infrastructure. And Identity and Access Management (IAM) tools can help you manage this. Here, David explains how the open source option Keycloak works along with its features, pros & cons,

Today we released a new stable version of DRAKVUF Sandbox v0.19.0 🎉– a project that leverages the DRAKVUF system for agentless malware analysis. Detailed release notes can be found on our Github: github.com/CERT-Polska/dr…

New Blog Post: CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks ^TN blogs.jpcert.or.jp/en/2025/08/cro…

A North Korean Linux stealth rootkit was revealed in the latest issue of Phrack Zine. We analyzed it and discuss detection techniques to help security teams see if they are affected. Read more below for tips on how to find this and related threats: sandflysecurity.com/blog/leaked-no…