dtlspipes: Generic DTLS wrapper for UDP sessions https://github.com/Snawoot/dtlspipe

Busybox cpio directory traversal vulnerability (CVE-2023-39810) https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/

FISC Rules That [REDACTED] Is Not Subject to FISA 702 for One of Its Services https://www.emptywheel.net/2023/08/27/fisc-rules-that-redacted-is-not-subject-to-fisa-702-for-one-of-its-services/

How Hackers Exploit Vulnerable Drivers https://youtu.be/ELVdDwvELKY?feature=shared

Retool blames breach on Google Authenticator MFA cloud sync feature https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/

FavFreak: Making Favicon.ico based Recon Great again ! https://github.com/devanshbatham/FavFreak

Debugging Windows Isolated User Mode (IUM) Processes https://blog.quarkslab.com/debugging-windows-isolated-user-mode-ium-processes.html

New stealthy and modular Deadglyph malware used in govt attacks https://www.bleepingcomputer.com/news/security/new-stealthy-and-modular-deadglyph-malware-used-in-govt-attacks/

BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Exploiting Zenbleed from Chrome https://vu.ls/blog/exploiting-zenbleed-from-chrome/

AWS WAF Bypass: invalid JSON object and unicode escape sequences https://blog.sicuranext.com/aws-waf-bypass/

Living off the Foreign Land Cmdlets and Binaries https://lofl-project.github.io/

0-days exploited by commercial surveillance vendor in Egypt https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/

OSINT Tool (github accounts tracker) https://github.com/N0rz3/GitSint

Vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system https://ssd-disclosure.com/ssd-advisory-file-history-service-fhsvc-dll-elevation-of-privilege/

Hackers can force iOS and macOS browsers to divulge passwords and much more https://arstechnica.com/security/2023/10/hackers-can-force-ios-and-macos-browsers-to-divulge-passwords-and-a-whole-lot-more/

All-in-one OSINT tool for analysing any website https://github.com/Lissy93/web-check

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/

A Big Look at Security in OpenAPI https://blog.liblab.com/a-big-look-at-security-in-openapi/

MGM Resorts shuts down IT systems after cyberattack https://www.bleepingcomputer.com/news/security/mgm-resorts-shuts-down-it-systems-after-cyberattack/