edr-evasion
ZeroDay Field Notes - Payloads in the Browser, Rootkits in the ATM
EDR evasion with RONINGLOADER, Windows admin bypass, browser push C2, router AitM updates, Lazarus tweaks, and an ATM heist with a Pi.
UncleSp1d3r
I'm a computer security pro who loves creating custom tools. I'm all about building secure systems and diving into Rust and GoLang. Let's connect and team up!
zero-days
ZeroDay Field Notes: Shells, Shadows, and Sandbox Escapes
APT chains hitting Citrix and Cisco with stealthy webshells, new RATs and a Go packer boosting EDR evasion; also destructive ops and proxy C2.
hyper-v
ZeroDay Field Notes: Hiding in Plain Sight with Hyper-V
Explores using Hyper-V as a covert hideout for stealthy C2 and persistence, with real-world campaigns and toolchains.
ZeroDay Field Notes - Tricks, Treats, and Fresh Shells
A weekly security roundup of VM escapes, DLL hijacks, browser exfiltration tricks, phishing evasion, and hybrid Linux-on-Windows ransomware campaigns.
malware
ZeroDay Field Notes - Some Assembly Required: Your Weekly Logon Script
Weekly security roundup of new malware, exploits, supply-chain tricks, and defense notes across Linux, Windows, and cloud.
f5
Sunday Edition - Sunday Edition — 2025‑10‑19
Security roundup detailing F5 compromise, Patch Tuesday Windows EoPs, GoAnywhere MFT exploit, KEV updates, and practical mitigations
patch-tuesday,
Wednesday Edition - Midweek Patchquake: WSUS RCE, Preview-Pane Traps, and the Last Hurrah for Win10
Overview of October 2025 Patch Tuesday: four high-risk flaws, patch priorities, and guidance as Windows 10 reaches end of support.
oracle
Sunday Edition - Perimeter Problems, Patching Frenzy
A weekly security briefing on active exploits (Oracle EBS CVE-2025-61882), botnets, phishing, and urgent patching and defense guidance.
edge
Special Edition - Edge security roundup: RondoDox, Gladinet 0-day, SonicWall
Threat briefing on edge campaigns: RondoDox, phpMyAdmin poisoning, Gladinet 0-day, SonicWall backups breach, with quick defensive actions.
Midweek Patch Panic: Oracle’s Zero‑Day, Red Hat’s Repo Raid, and BRICKSTORM in the Walls
This week showed up with a zero‑day, a repo rummage, and an appliance backdoor that thrives where your EDR can’t follow. Oracle shipped an emergency patch, Red Hat is untangling a Consulting GitLab breach, IBM rushed fixes for identity appliances, and Talos reminded everyone not to feed untrusted
Perimeter Pyromania, Middleware Meltdowns, and a Phantom in Your Browser
This week felt like a greatest-hits playlist you didn’t ask for: pre-auth RCE in Oracle EBS, GoAnywhere back in the spotlight (again), Cisco edge gear under active fire, and a VMware zero-day that quietly lived rent-free for almost a year. Sprinkle in a malicious npm package siphoning your password