OpenBullet 2 is a popular tool among attackers for credential-stuffing attacks, offering features like proxy support and CAPTCHA farm integration. Its user-friendly interface and availability of pre-made LoliScript configurations make it accessible even to non-developers.

https://blog.castle.io/open-bullet-2-fraudsters-preferred-credential-stuffing-tool-2/

In 2017, Qihoo 360 founder Zhou Hongyi criticized Chinese experts joining foreign hackathons, urging that discovered vulnerabilities stay within China. His stance aligned with national policy, as domestic competitions now require reporting all findings to the government.

https://youtu.be/8kpnSb4yGR0

https://www.bloomberg.com/news/articles/2025-04-30/chinese-hacking-competitions-fuel-the-country-s-broad-cyber-ambitions

🚨 Stay ahead with real-time CVE scoring updates!

Track daily changes in EPSS & VEDAS at:
👉 https://vedas.arpsyndicate.io

We also push bulk updates to GitHub:
📈 https://github.com/ARPSyndicate/cve-scores

Need deeper CVE insights?
Try our enrichment API:
🔍 https://api.exploit.observer/?keyword=CVE-2025-32370&enrich=True

Sean Heelan discovered a critical zero-day vulnerability, CVE-2025-37899 in the Linux kernel's ksmbd module using OpenAI's o3 language model. This marks one of the first instances where a large language model has independently identified a complex kernel-level security flaw.

https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/

In late October 2024, GTIG identified a compromised government website being used to distribute malware targeting multiple other government organizations. This site delivered a malware strain named TOUGHPROGRESS which utilized Google Calendar as a command and control (C2) mechanism.

https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics

Using KEV or EPSS? Time to try VEDAS.

This webinar exposes the limitations of CISA KEV and FIRST EPSS, and introduces you to a leading prioritization standard: real-time, firsthand exploit intelligence from VEDAS.

Designed to see what the others miss, VEDAS gives security teams early warning on exploitable vulnerabilities that haven't hit the KEV or EPSS radar yet.

You'll Learn:
1. Why KEV and EPSS are failing your prioritization strategy
2. What makes VEDAS different: early warning, greater coverage, and expertise
3. How to integrate VEDAS via Exploit Observer API within your SOC or VM workflow

Who Should Attend:
CISOs, Threat Intel Analysts, Vulnerability Managers, SOC Leads, and anyone tired of relying on stale vulnerability intel.

Duration: 40 minutes + Q&A
Date & Time: To be communicated via Email

Register: https://webinar.arpsyndicate.io

Why VEDAS Beats KEV & EPSS?

Well, VEDAS is powered by the world’s largest vulnerability and exploit database.

KEV is reactive. EPSS is probabilistic.
VEDAS is proactive, intelligent, autonomous and built for real-world defense.

Join us to see how VEDAS changes the vulnerability management game.
https://webinar.arpsyndicate.io

#CyberSecurity #ThreatIntel #VulnIntel #VulnerabilityManagement #DFIR #InfoSec #Tech #Technology