Archive

General * Software engineering practices at Microsoft are clearly improving. This time, the M365 desktop app failing due to updated authentication components. There was also another M365 bug, an Intune bug, a bug with Win10 ESU...and that's just in the last week. * https://www.bleepingcomputer.com/news/microsoft/

General * Android performance flagging might help with malware identification. Try to do too much in the background, and apps will get a battery-usage warning banner in the Play store. * https://www.bleepingcomputer.com/news/security/google-to-flag-android-apps-with-excessive-battery-use-on-the-play-store/ * After earlier announcing that all apps must come from developer accounts with verified identities

General * Operation Endgame, Season 3 - confirmed that the Rhadamanthys takedown was part of the operation. "The actions targeted one of the biggest infostealers Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime." * https://www.operation-endgame.com/

General * AWS touts their MadPot honeypot - saw signs of earlier Citrix attacks before the patches were released. * https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/ * https://www.bleepingcomputer.com/news/security/hackers-exploited-citrix-cisco-ise-flaws-in-zero-day-attacks/ * https://www.cybersecuritydive.com/news/threat-actor-zero-day-flaws-cisco-ise-citrix/805281/ * https://therecord.media/advanced-hacker-exploiting-cisco-citrix-z

General * Yet another Managed File Transfer system getting pwned. Nice chain of mis-understood security in the host header, chained with an interesting use of anti-virus path configuration, to gain RCE as SYSTEM. * https://www.bleepingcomputer.com/news/security/hackers-abuse-triofox-antivirus-feature-to-deploy-remote-access-tools/ * (Same product, different defect) https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw * Rhadamantys

General * Increased investment in undersea cables, and a nod to the level of attacks on said cables * (CNBC) https://archive.li/79NGE * An Initial Access Broker pleads guilty in US court to "hacking half a dozen American companies (including Cisco)". Could face up to "53 years in

General * Microsoft is rolling out more features to deal with future CrowdStrike-like boot issues. * https://www.bleepingcomputer.com/news/microsoft/microsoft-testing-faster-quick-machine-recovery-in-windows-11/ * [AU] Is it just network connectivity "Australia Connect" or an AI Datacentre - Google building infrastructure on Christmas Island * https://arstechnica.com/ai/2025/11/google-plans-secret-ai-military-outpost-on-tiny-island-overrun-by-crabs/ * https:

General * Brian Krebs looks at the DNS activity of the Aisuru botnet, it's C2 dominating Cloudflare's top-sites (by DNS request) metrics. * https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top-domains-list/ * Cisco Call-Centre-in-a-Box (Cisco Unified Contact Center Express (Unified CCX)) Unauthenticated Remote Code Execution (RCE) (CVSS9.8) It's

General * Actively exploited WordPress email plugin 'Post SMTP', can be used to read WordPress password-reset emails, enabling account takeover. * https://www.wordfence.com/blog/2025/11/400000-wordpress-sites-affected-by-account-takeover-vulnerability-in-post-smtp-wordpress-plugin/ * https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-post-smtp-to-hijack-admin-accounts/ * Google's Threat Intelligence Group (GTIG) on attacker use of AI tools. Yes

General * SpecterOps seem to have really accelerated since adding OpenGraph support to BloodHound (Both CE & Enterprise). Now you can collect and import file-share permissions into BloodHound. * https://specterops.io/blog/2025/10/30/sharehound-an-opengraph-collector-for-network-shares/ * https://github.com/p0dalirius/sharehound * Library of OpenGraph integrations: https://bloodhound.specterops.io/opengraph/library