Check your HTTP/2 shit. Similar to the Rapid Reset vuln, this is another DoS in HTTP/2 they're calling Made You Reset.
https://www.imperva.com/blog/madeyoureset-turning-http-2-server-against-itself/
Patches in NGINX, Envoy, Apache, and HAProxy added thresholds for stream resets and behavioral analytics to flag clients abusing the protocol.
Tomcat also has an advisory for it:
https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyfThe MadeYouReset vulnerability was found to affect several widely used HTTP/2 server implementations, including Netty, Jetty, Apache Tomcat, IBM WebSphere, and BIG-IP.
https://deepness-lab.org/publications/madeyoureset/
Here's the Netty advisory for this:
https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4
I hear ImageMagick is fun to hack on. Go nuts.
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
Here, have more.
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
I hear ImageMagick is fun to hack on. Go nuts.
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
There are so many of these little apps that people are running within user permissions that are creepy as hell and hard to track down if you play whack-a-mole instead of explicit allow lists.
https://www.gdatasoftware.com/blog/2025/08/38247-justaskjacky-ai-trojan-horse-comeback
#threatIntel
I know I keep saying it but I really need to kick #GAYINT into gear. Unit42 is using weird names for individual groups or operations that they're calling strike teams within Muddled Libra / UNC3944 / Scattered Spider / Lapsus$ / whatever new name the multi-billion dollar security companies are calling the kids these days.
https://unit42.paloaltonetworks.com/muddled-libras-strike-teams/
#threatIntel
Picus Security has a nice timeline on the escalation of Raspberry Robin.
https://www.picussecurity.com/resource/blog/raspberry-robin-malware-in-2025-from-usb-worm-to-elite-initial-access-broker
#threatIntel
Yet another write-up on Fire Ant, but this one from Sygnia is more thorough than most I've seen.
https://www.sygnia.co/articles/fire-ant-hypervisor-espionage-analysis/
#threatIntel
Apparently there is also a new version of Oyster. IOCs and analysis in the post from Cato Networks.
https://www.catonetworks.com/blog/cato-ctrl-oyster-malware-campaign/
#threatIntel
Intezer has a write-up on a new version of Firewood backdoor. Nothing too exciting but it has some IOC hashes in the post.
https://intezer.com/blog/threat-bulletin-firewood/
#threatIntel
More camera vulns. These ones are in INSTAR 2K+ and 4K models.
https://modzero.com/static/MZ-25-03_modzero_INSTAR.pdf
cR0w