Good morning. This is your security briefing for Friday, October 03, 2025, covering six articles from yesterday's developments. All attribution is by the article authors, and all article analysis is automated.
Nomad0x7 has released sekken-enum, a Beacon Object File tool that enables Active Directory enumeration through the ADWS protocol from within Cobalt Strike beacons. This represents a new capability for red team operators to perform stealthy Active Directory reconnaissance.
The UK's National Cyber Security Centre published their weekly summary from the CTO covering the week ending October 5th. This regular roundup provides a curated overview of notable security events and developments from NCSC leadership perspective.
Nick G's blog explores how timing attacks work, specifically focusing on vulnerabilities where servers compare strings byte-by-byte. The educational piece explains the mechanics of timing-based side-channel attacks where attackers gain information by measuring cryptographic operation durations.
FortiGuard Labs reports on the Confucius APT group's evolution from document stealers like WooperStealer to Python-based backdoors such as AnonDoor. The state-aligned threat actor, active since 2013, primarily targets government agencies, military organizations, and defense contractors in South Asia using spear-phishing and weaponized Office documents.
Elastic Security Labs provides an updated analysis of the WARMCOOKIE backdoor one year after initial discovery, tracking ongoing development including new campaign markers and variant builds. The malware was disrupted during Europol's Operation Endgame in May 2025, though researchers identified default certificates useful for tracking new command and control infrastructure.
Cisco Talos identified UAT-8099, a Chinese-speaking cybercrime group targeting high-value IIS servers across India, Thailand, Vietnam, Canada, and Brazil for SEO fraud and credential theft. The group uses web shells, Cobalt Strike, BadIIS malware variants, and maintains persistence through RDP, SoftEther VPN, EasyTier, and FRP reverse proxy tools, with victims including universities, technology firms, and telecommunications providers.