JumpCloud discloses breach by state-backed APT hacking group https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-backed-apt-hacking-group/

Thousands of images on Docker Hub leak auth secrets, private keys https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/

Lazarus hackers linked to $60 million Alphapo cryptocurrency heist https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/

Bropper - An Automatic Blind ROP Exploitation Tool https://www.kitploit.com/2023/07/bropper-automatic-blind-rop.html

Certsync - Dump NTDS With Golden Certificates And UnPAC The Hash https://www.kitploit.com/2023/06/certsync-dump-ntds-with-golden.html

Roblox Data Breach: PII of Thousands of Developers Stolen https://www.hackread.com/roblox-data-breach-developers-pii-data-stolen/

PoC released for Windows Common Log File System 0-Day (CVE-2023-28252) https://securityonline.info/poc-released-for-windows-common-log-file-system-0-day-cve-2023-28252/

NetAtlas C2 Server Search: detect Command and Control (C2) servers https://securityonline.info/netatlas-c2-server-search-detect-command-and-control-c2-servers/

Google's Play Store policy update includes a lot changes and new policies for the cryptocurrency ecosystem. https://support.google.com/googleplay/android-developer/answer/13607354

Various Cobalt Strike BOFs https://github.com/rvrsh3ll/BOF_Collection

CLIP2Protect: Protecting Facial Privacy using Text-Guided Makeup via Adversarial Latent Search https://github.com/fahadshamshad/Clip2Protect

BlackLotus UEFI Windows Bootkit https://github.com/ldpreload/BlackLotus

NetScaler RCE Abused To Pilfer Critical Infra Active Directory Data https://www.scmagazine.com/news/critical-infrastructure/netscaler-rce-bug-critical-infrastructure-active-directory-data

MOVEit Hackers Find Simpler Business Model Than Ransomware https://www.scmagazine.com/analysis/third-party-risk/moveit-hackers-may-have-found-simpler-business-model-beyond-ransomware

MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path (MTSchedulerService) Vulnerability https://en.0day.today/exploit/description/38860

Worldcoin isn’t as bad as it sounds: It’s worse https://blockworks.co/news/worldcoin-privacy-concerns

Massachusetts Sued For Working With Google To Secretly Put Spyware On Residents’ Phones https://thefederalist.com/2023/07/10/massachusetts-sued-for-working-with-google-to-secretly-put-spyware-on-residents-phones/

CVE-2023-38647: Critical Deserialization Vulnerability in Apache Helix Workflow and REST https://seclists.org/oss-sec/2023/q3/73

Beyond the Marketing: Assessing Anti-Bot Platforms through a Hacker's Lens https://blog.umasi.dev/antibots-1

Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks https://www.kitploit.com/2023/07/badsecrets-library-for-detecting-known.html?m=1