The latest Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections

Microsoft's October Windows 11 updates have broken the "localhost" functionality, making applications that connect back to 127.0.0.1 over HTTP/2 no longer function properly.

When attempting to do so, they received errors like "ERR_CONNECTION_RESET" or "ERR_HTTP2_PROTOCOL_ERROR

Windows 11 KB5066835 Patch Tuesday, and even September's KB5065789 preview update are currently affected alongside Windows 2025 Server System.

The good news is -- Microsoft has now fixed Windows bug breaking localhost HTTP connections. Please update your Windows 11 to install the bug fix update.

Follow @TechLeaksZone

Infinity X running smoothly in Nintendo Switch and passing strong integrity with magisk installed for default. Thanks for your job @dozee_off

Welcome again, it has been some time since the previous RC (Release Candidate) release. However, it is worth the wait. The fourth RC has arrived.

PerformanC ReZygisk Release Candidate 4 comes with many improvements to both ReZygisk performance and modules'. It also stabilizes many core systems while also enhancing furtiveness for module loading.

The most notable changes in this release candidate are:
- Added global module preload.
- Improved module description for a more minimalist one.
- Removed completely the (futile) maps hiding mechanism.
- Fixed support for systems using Tango.
- Added support to update from RC to RC from root manager app.

Soon bigger changes are expected to come. Till there ReZygisk RC 4 will provide a solid and stable Zygote injection for its users.

Special thanks for the users who allowed this release to exist by contributing with feedback on each ReZygisk CI (@rezygisk_ci) stability and test builds.



The eyes met in disbelief. I could not trust what I saw.
Before I realized, everything happened. We saw its flaw.

Due to many complaints from some users, derpfest will no longer have a vanilla variant and microg, I will also drop vanilla variants of other Roms that do not support natively, I'm tired of so many complaints

If you want, do it on your own, buy a server, sync it and try to solve the various bugs

Soon I will make a list of the gsis that I will no longer maintain, becoming EOL by myself, and archiving the repository.

Whether for personal reasons, or because I really didn't enjoy building it or I thought the system was a poorly made piece of shit

List

Matrixx
CherishOS
Alphadroid
SuperiorOS
Halcyon
BlissOS
Mist-OS
Clover

🔒 8-character passwords are dead.
💀 Hackers crack “P@ssw0rd!” in months.
🔡 The fix isn’t symbols — it’s length.

16 simple letters beat any complex mix.
Use words, not symbols.

Why your policy still fails ↓ https://thehackernews.com/2025/10/why-you-should-swap-passwords-for.html

Hackers linked to China exploited a “patched” Microsoft SharePoint flaw to break into networks across four continents.

It wasn’t just spying — they found a way to bypass the patch that fixed a previous bypass.

Symantec warns the campaign is still spreading.

Read → https://thehackernews.com/2025/10/chinese-threat-actors-exploit-toolshell.html

Your cloud might flag the same issue across five tools — XDR, CSPM, SIEM, CMDB, and more.

Each reports it differently. None resolve it.

That’s the real challenge: detection is easy; remediation isn’t.

Learn how Pentera Resolve turns alerts into action → https://thehackernews.com/2025/10/bridging-remediation-gap-introducing.html

Which Industries Are Most at Risk for DDoS Attacks?

While DDoS attacks can hit any organization, some industries face far higher risk—and potentially greater impact when they do.

The latest DDoS Resiliency Score (DRS) report ranks the industries most frequently targeted and explains why.

Here's the list of the highest risk sectors. For the full list of industries, see here - https://thn.news/ddos-risk-map

Highest-risk sectors:
💰 Financial Services – Targets of hacktivism and extortion-driven outages.
⚡ Energy – At risk from politically or state-backed disruptions.
🏛️ Government – Frequent hacktivist targets, especially around elections.
🌐 Telecom – Increasingly hit by ransom-based attacks.
🎮 Gaming & Gambling – Vulnerable to extortion and competitive disruption.
💻 SaaS & Software – Susceptible to DDoS that erodes customer trust.

🚨 Developers, check your NuGet packages.

A fake NuGet package “Netherеum.All” — spelled with a Cyrillic ‘e’ — was stealing wallet keys from Ethereum .NET projects.

It even faked 11.7M downloads to look real.

Full story ↓ https://thehackernews.com/2025/10/fake-nethereum-nuget-package-used.html

🔴 A fake “Zoom meeting” from Ukraine’s President’s Office just hacked aid workers. The CAPTCHA wasn’t real — it opened a live remote shell through WebSocket.

A one-day domain. Six months of setup. Russian servers behind it.

The trojan’s still active ↓ https://thehackernews.com/2025/10/ukraine-aid-groups-targeted-through.html

⚠️ An Iranian hacking group used a real email account to plant a new backdoor in 100+ Middle East government networks.

They sent it through real diplomatic inboxes — and it worked.

Read ↓ https://thehackernews.com/2025/10/iran-linked-muddywater-targets-100.html

🚨 CISA just warned about a critical bug in Motex Lanscope (CVE-2025-61932).

Hackers can take control of systems by sending one malicious packet.

It’s already being used in real attacks.

Fix it before Nov 12 ↓ https://thehackernews.com/2025/10/critical-lanscope-endpoint-manager-bug.html

🚨 New Adobe Commerce flaw (CVE-2025-54236, CVSS 9.1) under active attack.

Over 250 exploit attempts in 24 hours—mostly on unpatched Magento sites.

PoC is public. Patch now.

Details → https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html

🎁 Hackers found a new jackpot — cloud gift cards.

A group called Jingle Thief broke into retail cloud systems and quietly issued fake gift cards for months, hiding inside Microsoft 365 accounts.

Full story ↓ https://thehackernews.com/2025/10/jingle-thief-hackers-exploit-cloud.html

In this 20-minute session, learn how to harden your images, secure dependencies, and lock down your CI/CD pipeline against real-world supply chain attacks.

📅 Tuesday, Oct 28 | 8 AM PST | 11 AM EST

🎥 Register Now ↓ https://thn.news/secure-stack-webinar

🚨 Static secrets are fading fast.

Teams using managed identities cut 95% of credential hassle—yet hidden API keys still lurk in legacy systems.

The fix? Run NHI discovery to find every key, then migrate 70–80% to managed identities.

Your roadmap ↓ https://thehackernews.com/2025/10/why-organizations-are-abandoning-static.html