/r/netsec's Q3 2025 Information Security Hiring Thread

https://www.reddit.com/r/netsec/comments/1lq51ry/rnetsecs_q3_2025_information_security_hiring/

Inside DDoSia: NoName057(16)’s Pro-Russian DDoS Campaign Infrastructure

https://www.recordedfuture.com/research/anatomy-of-ddosia

Fake Mac fixes trick users into installing new Shamos infostealer

https://www.bleepingcomputer.com/news/security/fake-mac-fixes-trick-users-into-installing-new-shamos-infostealer/

Microsoft asks customers for feedback on reported SSD failures

https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-customers-for-feedback-on-ssd-failure-issues/

DaVita says ransomware gang stole data of nearly 2.7 million people

https://www.bleepingcomputer.com/news/security/davita-ransomware-attack-exposed-data-of-nearly-27-million-people/

AI Agents Need Data Integrity

https://www.schneier.com/blog/archives/2025/08/ai-agents-need-data-integrity.html

Italian hotels breached for tens of thousands of scanned IDs

https://www.malwarebytes.com/blog/news/2025/08/italian-hotels-breached-for-tens-of-thousands-of-scanned-ids

Massive anti-cybercrime operation leads to over 1,200 arrests in Africa

https://www.bleepingcomputer.com/news/security/massive-anti-cybercrime-operation-leads-to-over-1-200-arrests-in-africa/

ToolShell Exploit: Critical SharePoint Zero-Day Threatens Global Enterprises

https://www.recordedfuture.com/blog/toolshell-exploit-chain-thousands-sharepoint-servers-risk

Scattered Spider hacker gets sentenced to 10 years in prison

https://www.bleepingcomputer.com/news/security/scattered-spider-hacker-gets-sentenced-to-10-years-in-prison/

CVE-2024-36401 Exploited in Stealthy Bandwidth-Monetization Campaign

https://securityonline.info/cve-2024-36401-exploited-in-stealthy-bandwidth-monetization-campaign/

Smashing Security podcast #431: How to mine millions without paying the bill

https://grahamcluley.com/smashing-security-podcast-431/

Enhanced Recorded Future Integrations Now Available for Google Security Operations

https://www.recordedfuture.com/blog/introducing-extensive-updates-recorded-future-google-security-operations

Why Patch Management Isn’t Enough: SharePoint, Webshells & the Modern Threat Landscape

https://www.recordedfuture.com/blog/patch-management-glazing-wont-save-you

Colt confirms customer data stolen as Warlock ransomware auctions files

https://www.bleepingcomputer.com/news/security/colt-confirms-customer-data-stolen-as-warlock-ransomware-auctions-files/

Behind the Curtain: How Lumma Affiliates Operate

https://www.recordedfuture.com/research/behind-the-curtain-how-lumma-affiliates-operate

Guess Who Would Be Stupid Enough To Rob The Same Vault Twice? Pre-Auth RCE Chains in Commvault - watchTowr Labs

https://www.reddit.com/r/netsec/comments/1mvb5bd/guess_who_would_be_stupid_enough_to_rob_the_same/

CVE-2025-55746: Critical Directus Flaw Exposes Servers to Unauthenticated File Upload and RCE

https://securityonline.info/cve-2025-55746-critical-directus-flaw-exposes-servers-to-unauthenticated-file-upload-and-rce/

Dev gets 4 years for creating kill switch on ex-employer's systems

https://www.bleepingcomputer.com/news/security/dev-gets-4-years-for-creating-kill-switch-on-ex-employers-systems/

Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture

https://www.schneier.com/blog/archives/2025/08/jim-sanborn-is-auctioning-off-the-solution-to-part-four-of-the-kryptos-sculpture.html

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

https://krebsonsecurity.com/2025/08/sim-swapper-scattered-spider-hacker-gets-10-years/

Windows Update Is Reportedly Breaking SSDs, And Microsoft Is Finally Responding https://securityonline.info/windows-update-is-reportedly-breaking-ssds-and-microsoft-is-finally-responding/

AI website builder Lovable increasingly abused for malicious activity https://www.bleepingcomputer.com/news/security/ai-website-builder-lovable-increasingly-abused-for-malicious-activity/

Ghost-Tapping and the Chinese Cybercriminal Retail Fraud Ecosystem https://www.recordedfuture.com/research/ghost-tapping-chinese-criminal-ecosystem

Ukraine claims to have hacked secrets from Russia’s newest nuclear submarine https://www.bitdefender.com/en-us/blog/hotforsecurity/ukraine-claims-to-have-hacked-secrets-from-russias-newest-nuclear-submarine

Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling https://www.reddit.com/r/netsec/comments/1mukfs9/beware_the_false_falsepositive_how_to_distinguish/

TeaOnHer copies everything from Tea – including the data breaches https://www.bitdefender.com/en-us/blog/hotforsecurity/teaonher-copies-everything-from-tea-including-the-data-breaches

Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong https://grahamcluley.com/smashing-security-podcast-427/

PipeMagic Returns: Kaspersky Uncovers Evolving Backdoor Linked to CVE-2025-29824 Exploits https://securityonline.info/pipemagic-returns-kaspersky-uncovers-evolving-backdoor-linked-to-cve-2025-29824-exploits/

OpenAI releases warmer GPT-5 personality, but only for non thinking model https://www.bleepingcomputer.com/news/artificial-intelligence/openai-releases-warmer-gpt-5-personality-but-only-for-non-thinking-model/

Beyond Plus: OpenAI Rolls Out “ChatGPT Go” with an Aggressive New Pricing Strategy for India https://securityonline.info/beyond-plus-openai-rolls-out-chatgpt-go-with-an-aggressive-new-pricing-strategy-for-india/

How Exposed TeslaMate Instances Leak Sensitive Tesla Data https://www.reddit.com/r/netsec/comments/1msrpi6/how_exposed_teslamate_instances_leak_sensitive/