The Oracle zero-day... kek

labs.watchtowr.com/well-well-we...

Our researchers have noticed today that NASA FIRMS, one of the main free and available open source sites for monitoring fires around the world has a new notice on it stating that NASA is no longer updating the site due to a lack in federal funding. firms.modaps.eosdis.nasa.gov/map/

PR: October is cybersecurity awareness month! Let's start...

Me: No, nope, don't care, la la la can't hear you *𝘧𝘪𝘯𝘨𝘦𝘳𝘴 𝘪𝘯 𝘮𝘺 𝘦𝘢𝘳𝘴*

There's probably more, last year he did a workshop for Red team village about satellite hacking. Kind of fits the MO, pick an obscure topic and pretend you're an expert. He also has the highest number of GIAC certs obtained in shortest time I've seen. github.com/poppopjmp/RT...

Yeah, VXUG posted about it some time ago, but it was Defcon. Both talks from the same guy. Both AI slop, same goes for his forked projects on GitHub.

I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.

Cisco patched 3 zero-days today...

CVE-2025-20352: sec.cloudapps.cisco.com/security/cen...

And these two used together:
-CVE-2025-20333: sec.cloudapps.cisco.com/security/cen...
-CVE-2025-20362: sec.cloudapps.cisco.com/security/cen...

Why TF are @npr.org @pbsnews.org and @wgcunews.bsky.social letting an AI cybersecurity *write an article* about a breach and make shit up?

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese...
1/3

Three major EDR vendors have pulled out of evaluations for the MITRE ATT&CK framework

Microsoft: techcommunity.microsoft.com/blog/microso...
SentinelOne: www.sentinelone.com/blog/sentine...
Palo Alto Networks: www.paloaltonetworks.com/blog/securit...

🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬

The Windows table just got an update with 3 new sub-categories:

➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s

Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.

Ah yes, Raťafák Plachta, brings back memories. I mean horrors. The department that was responsible for kids shows in Slovak Television has a lot to answer for.

HybridPetya installs a malicious EFI application to the EFI System Partition, which then encrypts the Master File Table file, an essential metadata file with information about all files on the NTFS-formatted partition. 2/8

Funnily Google reminded me that I was at the JLR plant in Nitra today 6 years ago. They were just revealing a new model.

This one EDR killer crashes the whole host when EDR is present. Task failed successfully I guess?

Looks like everybody finally figured out the same thing I posted about almost two weeks ago.

-NoisyBear APT turns out to be a phishing test
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack

Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/

Looks like my RuneScape account still exists after *checks notes* 12 years.

The workshop he had on satellite hacking in Red Team Village last year also fits the pattern of choosing an obscure topic few people have a good understanding of. Too bad the Github repo on that one is empty github.com/poppopjmp/RT...

Oof, the sycophancy problem in LLM's + triggering on any irrelevant details you feed them, recently led a P2 problem call down the wrong pathing for hours.

The chatbot is never going to TELL you to step back and ask if this entire inquiry is irrelevant to larger goal.

This is your moat. It's mine.

It turns out if you social engineer someone to install a malicious browser extension, your browser can do Bad Things. The Passkey & FIDO specs explicitly say browser/endpoint compromise is not in their threat model.

Ruin the industry?

As Jeremy Clarkson once said: "Oh no... anyway."

If LLMs cannot be monetized without massive sweeping intellectual property theft, then maybe they shouldn't be monetized at all. And maybe the CEOs pushing it on us aren't half the tech visionaries they think they are.