f5
Sunday Edition - Sunday Edition — 2025‑10‑19
Security roundup detailing F5 compromise, Patch Tuesday Windows EoPs, GoAnywhere MFT exploit, KEV updates, and practical mitigations
KryptoKat
Hobbyist dev & vulnerability analyst. Linux/Python enthusiast, cybersecurity evangelist, network security nerd.
f5
Special Edition - F5 breach: emergency hardening under CISA ED 26-01; KEV Windows EoPs
Time-critical guidance to inventory, isolate, patch, and rotate credentials for F5 devices; apply ED 26-01; KEV flags Windows EoPs.
patch-tuesday,
Wednesday Edition - Midweek Patchquake: WSUS RCE, Preview-Pane Traps, and the Last Hurrah for Win10
Overview of October 2025 Patch Tuesday: four high-risk flaws, patch priorities, and guidance as Windows 10 reaches end of support.
edge
Special Edition - Edge security roundup: RondoDox, Gladinet 0-day, SonicWall
Threat briefing on edge campaigns: RondoDox, phpMyAdmin poisoning, Gladinet 0-day, SonicWall backups breach, with quick defensive actions.
Midweek Patch Panic: Oracle’s Zero‑Day, Red Hat’s Repo Raid, and BRICKSTORM in the Walls
This week showed up with a zero‑day, a repo rummage, and an appliance backdoor that thrives where your EDR can’t follow. Oracle shipped an emergency patch, Red Hat is untangling a Consulting GitLab breach, IBM rushed fixes for identity appliances, and Talos reminded everyone not to feed untrusted
Perimeter Pyromania, Middleware Meltdowns, and a Phantom in Your Browser
This week felt like a greatest-hits playlist you didn’t ask for: pre-auth RCE in Oracle EBS, GoAnywhere back in the spotlight (again), Cisco edge gear under active fire, and a VMware zero-day that quietly lived rent-free for almost a year. Sprinkle in a malicious npm package siphoning your password