Sources

EtherDream's Blog

LFYSEC

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

Mandiant Threat Intelligence

Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

Mandiant Threat Intelligence

Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition

Mandiant Threat Intelligence

Submit #775435: Shenzhen HCC Technology Co., Ltd M6PLUS MPOS M6PLUS-FW-1V.31-N Cleartext Sensitive Data Transmission [Accepted]

Vuldb Submit

Submit #775434: Shenzhen HCC Technology Co., Ltd M6PLUS MPOS M6PLUS-FW-1V.31-N Missing Anti-Replay Protection [Accepted]

Vuldb Submit

Submit #775433: Shenzhen HCC Technology Co., Ltd M6PLUS MPOS M6PLUS-FW-1V.31-N Missing Cryptographic Authentication [Accepted]

Vuldb Submit

What is Threat Detection, Investigation & Response (TDIR)

Sygnia

Incident Response Strategies for Technology and SaaS Companies

Sygnia

Developing Incident Response Team Communication and Coordination Practices

Sygnia

Move fast and save things: A quick guide to recovering a hacked account

WeLiveSecurity

EDR killers explained: Beyond the drivers

WeLiveSecurity

Face value: What it takes to fool facial recognition

WeLiveSecurity

I am not a robot: ClickFix used to deploy StealC and Qilin

Sophos Threat Research

Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations

Sophos Threat Research

A big finish to 2025 in December’s Patch Tuesday

Sophos Threat Research

AL26-005 – Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-20963

CCCS - Alerts and advisories

Apple security advisory (AV25-722) – Update 1

CCCS - Alerts and advisories

Apple security advisory (AV25-464) – Update 1

CCCS - Alerts and advisories

Sources

EtherDream's Blog

前端黑魔法 —— 如何让自己的函数变成原生函数 - EtherDream

前端黑魔法 —— 隐藏网络请求的调用栈 - EtherDream

HTTP 网关 GZIP 页面零开销注入 JS - EtherDream

LFYSEC

LoRexxar's Blog

Re0(2) - OpenClaw到底为什么爆火？

Re0(1) - AI变革的时代来了吗？

不容错过的2025年度漏洞：React2Shell（CVE-2025-55182）分析

Troy Hunt

Weekly Update 495

Weekly Update 494

Weekly Update 493

Mandiant Threat Intelligence

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition

Vuldb Submit

Submit #775435: Shenzhen HCC Technology Co., Ltd M6PLUS MPOS M6PLUS-FW-1V.31-N Cleartext Sensitive Data Transmission [Accepted]

Submit #775434: Shenzhen HCC Technology Co., Ltd M6PLUS MPOS M6PLUS-FW-1V.31-N Missing Anti-Replay Protection [Accepted]

Submit #775433: Shenzhen HCC Technology Co., Ltd M6PLUS MPOS M6PLUS-FW-1V.31-N Missing Cryptographic Authentication [Accepted]

Sygnia

What is Threat Detection, Investigation & Response (TDIR)

Incident Response Strategies for Technology and SaaS Companies

Developing Incident Response Team Communication and Coordination Practices

WeLiveSecurity

Move fast and save things: A quick guide to recovering a hacked account

EDR killers explained: Beyond the drivers

Face value: What it takes to fool facial recognition

Sophos Threat Research

I am not a robot: ClickFix used to deploy StealC and Qilin

Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations

A big finish to 2025 in December’s Patch Tuesday

CCCS - Alerts and advisories

AL26-005 – Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-20963

Apple security advisory (AV25-722) – Update 1

Apple security advisory (AV25-464) – Update 1

Sources

EtherDream's Blog

LFYSEC

LoRexxar's Blog

Troy Hunt

Mandiant Threat Intelligence

Vuldb Submit

Sygnia

WeLiveSecurity

Sophos Threat Research

CCCS - Alerts and advisories

Managed ad