Apple's Real World CTF : you get the flag, you get the bountyhttps://t.co/gY6mayzpLy pic.twitter.com/i299t0U6P6

— matteyeux (@matteyeux) October 10, 2025

reading @watchtowrcyber 's latest post re: oracle reminded me of some bug bounty work i did a few years ago. these are **probably** not still 0days, but if you're running this you should burn it all down anyway :) https://t.co/pbyZYP48hn

— hypr (@hyprdude) October 8, 2025

The Episode 3 update finally makes it actually interesting and worth digging in manually. I'll update the report gist once my minions finish crunching it and I get to review things myself. But the TL;DR is release of two of their (previously known) C2s and their relevant… https://t.co/o7b01RsGpK

— Hamid Kashfi (@hkashfi) October 10, 2025

“Established footholds in excess of 300 web sites and corporate networks to conduct ransomware attacks and weaponize the ensuing media exposure.” pic.twitter.com/qYvJrNl8zZ

— Hamid Kashfi (@hkashfi) October 10, 2025

preliminary (automated) analysis update for Episode-3 added to the gist:https://t.co/EwzAPn4iJl

— Hamid Kashfi (@hkashfi) October 10, 2025

FLARE-VM just got a serious upgrade — new GUI, automated builds, and 288+ tools (with better IDA + Go support).

The latest update brings:
🧰 Revamped installer
⚙️ New Python script for full VM automation
📚 (cont) https://t.co/XNghOyQj7p pic.twitter.com/NhjyGI8Mc7

— Google Cloud Security (@GoogleCloudSec) October 9, 2025

Interesting...

"The results were striking: over 65% of data breaches could have been prevented with just three security invariants."

1. Hardware second factors
2. Egress control
3. Positive execution controlhttps://t.co/6OkwfCmtME

— Dino A. Dai Zovi (@dinodaizovi) October 10, 2025

New blog post by @p0w1_ : We looked into Microsoft Defender for Endpoint's cloud communication and found multiple vulnerabilities.
Want to intercept isolation requests as an unauthenticated attacker? Or upload hidden malware to IR?
MSRC: low severity 🤷https://t.co/SZ5yeZXfJB

— InfoGuard Labs (@InfoGuard_Labs) October 10, 2025

David Slater, a former civilian @usairforce employee, was sentenced to nearly 6 years in prison after admitting to passing - via a dating app - classified info on the Ukraine war to a woman he thought was Ukrainian. Per the original 2024 FBI affidavit, their chats are amusing. pic.twitter.com/aY07Y2BAn1

— Mike Eckel (@Mike_Eckel) October 10, 2025

> escape Syria by trekking across Europe.
> lose everything except the clothes on your back, maybe a laptop, your phone.
> eventually acculturate, build up enough to buy a decent laptop and have some free time.
> log on to Xbox live
> shot by Assad. https://t.co/tGxl57h3Iu

— Dan Waterfield (@danwaterfield) October 10, 2025

NEW: fresh trouble for mercenary spyware companies like NSO Group.@Apple launching substantial bounties on the zero-click exploits that feed the supply chain behind products like Pegasus & Paragon's Graphite.

With bonuses, exploit developers can hit $5 million payouts. 1/ pic.twitter.com/UkCdpZvHfH

— John Scott-Railton (@jsrailton) October 10, 2025

Minor medical situation on the flight and it’s cool that my wife is able to jump up and help out when they ask for a licensed medical professional.

One day someone will need a regular expression so I stay ready.

— Scott Hanselman 🌮 (@shanselman) October 11, 2025

Interesting idea for a new attack surface. Have an AI injection that uses speakers to play a message that propagates to every listening system, sending an AI injection that uses the speakers to… EarW0rm https://t.co/P2FMVGQ8R8

— thaddeus e. grugq (@thegrugq) October 11, 2025

Dawg, Microsoft found a Threat Actor that compromised a company and modified the internal payroll system so when paychecks were scheduled to be deposited it went into THEIR accounts, NOT the employees.

That's fucking badass wtf I've never seen that before pic.twitter.com/khXnDa6lbt

— vx-underground (@vxunderground) October 11, 2025

We have made Francesco Pollicino's "Fuzzing 1001: Introductory Fuzzing" class playlist public here: https://t.co/6nvpEFot9f for those who'd like to download the videos for offline consumption. As always, the recommendation is for students to take the class as it's meant to be…

— OpenSecurityTraining2 (@OpenSecTraining) October 10, 2025

Imagine you backup your firewall with it's all it's secrets (which are highly sensitive) to a provider and the provider get's compromised? Well that's what appears to have occurred with SonicWall!

They seem to have been pwn3d and then threat actors have decrypted the credentials… pic.twitter.com/ZbZEr5TNq4

— mRr3b00t (@UK_Daniel_Card) October 11, 2025