Space Force just announced an official naming scheme: ‣ orbital warfare → Norse gods ‣ cyber → mythological creatures ‣ EM → serpents ‣ navigation → sharks ‣ missile warning → sentinels ‣ space domain awareness → ghosts ‣ SATCOM → constellations

In light of the deteriorating security situation, the Swiss government is realigning Switzerland's security policy. It has launched a consultation procedure and instructed the relevant departments to start taking measures. news.admin.ch/en/newnsb/BLkW… @vbs_ddps

LAC's Cyber Emergency Center describes a PlugX campaign by a China-based attack group targeting Japanese transport firms & their subsidiaries. The report analyses new PlugX variants MetaRAT and Talisman PlugX, and expands on findings first shared at VB2025 lac.co.jp/lacwatch/report/20…

Here's our new blogpost with a technical deepdive into exploitation we're observing in the wild of CVE-2025-55182 (aka react2shell): wiz.io/blog/nextjs-cve-2025-…

My gift for Thanksgiving 💜 I wrote for you the blog post I always wanted to read! Happy holiday!🦃 PLEASE READ IT!!! wiz.io/blog/recent-oauth-att…

🚨 A new investigation jointly published by @insidestory_gr @haaretzcom & WAV Research Collective with the technical assistance of @Amnesty has exposed the internal operations of Intellexa, a company notorious for selling Predator spyware. amnesty.org/en/latest/news/2…

Update on CVE-2025-66478 (React2Shell): An npm package has been released to scan and update affected Next.js apps. Use `npx fix-react2shell-next` to update to patched versions. All users should update as soon as possible. More details our blog: nextjs.org/cve-2025-66478

We’ve been digging through the #React RCE mess for two days now, trying to get at least some visibility into what’s going on out there. None of this is easy to detect, and most signals vanish in memory before you can even look at them. My teammate @_swachchhanda_ put together a pair of #Sigma rules that cover the one thing that reliably shows up when someone actually executes code on a Node.js server -> child processes. One rule for Linux, one for Windows. It’s not a silver bullet, just one of the few angles that makes sense right now. We pushed all our #YARA and #Sigma signatures for the React RCE cases as well, and contributed the Sigma rules upstream: github.com/SigmaHQ/sigma/pul… This whole situation shows how much attack surface lives in places many of us didn’t think about before. I expect we’ll see more of this class of issues now that people realize what’s possible.

Malware Sideloading via MFC Satellite DLLs: r136a1.dev/2025/12/03/malwar… This blog post describes a DLL sideloading technique that is used by Turla, BRONZE BUTLER and likely also other threat actors. This technique affects thousands of MFC applications.

“Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda.” Attack of the state sponsored interns #opsecfail aws.amazon.com/blogs/securit…

That's a helpful blog post about the React / Next.js vulnerabilities slcyber.io/research-center/h… Contains a react-scanner github.com/assetnote/react2s… by @SLCyberSec

🎁 GenAI x Sec Advent 1 - Visual Threat Intelligence If you follow my work you know I am a big fan of visualization to explain complex or technical content. I used to spend days building the perfect infographic, but now I can generate one in a single shot thanks to LLM advancements. To show this I tested the Personal AI Infrastructure from @DanielMiessler. This a set of skills you can use with Claude Code and some skills are dedicated to visualization. If you are not familiar with Claude Skills, it is simply a way to give Claude task specific playbooks. In the examples below I took several threat reports and produced multiple visualization. With one wink you can upgrade your weekly threat briefing in the style you want.

WTF, wow, @washi_dev and @elektrokilldev are cooking 💙💙💙🙏🙌 Lot of improvements in #dnSpyEx #dnSpy. The newly added feature showing searchable string references in module is insane good and cool 👍💪 Its soooo cooool 😍 #dotnet #reversing github.com/dnSpyEx/dnSpy

pagedout.institute/ ← Call for articles & art for issue #8 of this technical IT zine is open! As usual, we accept 1-page articles about everything interesting in IT and related fields (be it programming, cybersec, AI, demoscene, retro, electronics, etc).

ICYMI: Autumn Dragon: China-nexus APT Group Targets South East Asia. In this report, we describe a sustained espionage campaign against the government, media, and news sectors in several countries surrounding the South China Sea: cyberarmor.tech/blog/autumn-… #APT

The SHA1-Hulud npm mess keeps growing, so we added additional detections for it today - new YARA rules by my colleague @marius_benthin in our public signature-base - cover bun_environment.js / setup_bun.js and the malicious preinstall script variants from the Wiz / Aikido write-ups - already live in THOR Lite and THOR Cloud Lite Rules: github.com/Neo23x0/signature… THOR Lite: nextron-systems.com/thor-lit… THOR Cloud Lite: thorcloud-lite.nextron-syste… #SHA1Hulud #NPM #NPMWorm

GitLab’s Vulnerability Research team uncovered a widespread npm supply chain attack involving a destructive malware variant with a built-in “dead man’s switch.” The malware spreads through compromised npm packages, steals credentials, and contains a data-wiping payload if its channels are disrupted. We’re sharing early details to help developers and security teams assess exposure and stay protected. 👉 Read the full analysis: about.gitlab.com/blog/gitlab…

Paste these queries into the GitHub search bar to check if you’re affected: org:ORGNAME AND ("accordproject/concerto-analysis" OR "accordproject/concerto-metamodel" OR "accordproject/concerto-types" OR "accordproject/markdown-it-cicero" OR "asyncapi/studio") org:ORGNAME AND ("ensdomains/address-encoder" OR "ensdomains/content-hash" OR "ensdomains/dnsprovejs" OR "ensdomains/ens-validation" OR "ensdomains/ensjs" OR "ensdomains/eth-ens-namehash") org:ORGNAME AND ("posthog/agent" OR "posthog/ai" OR "posthog/cli" OR "posthog/clickhouse" OR "posthog/core" OR "posthog/hedgehog-mode" OR "posthog/icons" OR "posthog/lemon-ui") org:ORGNAME AND ("posthog/nextjs-config" OR "posthog/nuxt" OR "posthog/piscina" OR "posthog/plugin-contrib" OR "posthog/react-rrweb-player" OR "posthog/rrdom" OR "posthog/rrweb") org:ORGNAME AND ("posthog/rrweb-player" OR "posthog/rrweb-record" OR "posthog/rrweb-replay" OR "posthog/rrweb-snapshot" OR "posthog/rrweb-utils" OR "posthog/siphash" OR "posthog/wizard") org:ORGNAME AND ("postman/aether-icons" OR "postman/csv-parse" OR "postman/node-keytar" OR "postman/tunnel-agent" OR "voiceflow/common") org:ORGNAME AND ("zapier/ai-actions" OR "zapier/babel-preset-zapier" OR "zapier/browserslist-config-zapier" OR "zapier/secret-scrubber") org:ORGNAME AND ("blob-to-base64" OR "cpu-instructions" OR "crypto-addr-codec" OR "enforce-branch-name" OR "ethereum-ens" OR "formik-error-focus") org:ORGNAME AND ("fuzzy-finder" OR "gatsby-plugin-cname" OR "get-them-args" OR "kill-port" OR "posthog-docusaurus" OR "posthog-js" OR "posthog-node") org:ORGNAME AND ("posthog-react-native" OR "posthog-react-native-session-replay" OR "react-hook-form-persist" OR "react-native-email") org:ORGNAME AND ("react-native-google-maps-directions" OR "react-native-phone-call" OR "react-native-websocket" OR "shell-exec" OR "sort-by-distance") org:ORGNAME AND ("template-lib" OR "tenacious-fetch" OR "url-encode-decode" OR "zapier-platform-cli" OR "zapier-platform-core" OR "zapier-platform-schema")

Salesforce has updated the Gainsight security advisory with indicators of compromise help.salesforce.com/s/articl…