// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of October 13, 2025
Signal Brief · Archived

Week of October 13, 2025

2025-10-13 — 2025-10-19 · 6 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of October 13, 2025, ColdRecon logged 6 public endpoint-security events from open-source reporting — 4 vuln disclosures, 2 research pocs. Vendors in the record this week: Microsoft, CrowdStrike, Palo Alto Networks.

The Week's Public Record

Events

2025-10-18
research poc
ShellcodePack Pro EDR Evasion Tool Leaked on Cybercrime ForumShellcodePack Pro
A threat actor is distributing 'ShellcodePack Pro', a tool designed to execute malicious shellcode while evading detection by CrowdStrike and Cortex EDRs. The tool lowers the barrier for attackers by packaging sophisticated evasion techniques, and the distributor advises using 'kleenscan' instead of VirusTotal to avoid burning the methods. This poses a direct threat to organizations relying on these EDR platforms.
CrowdStrike · Palo Alto Networks ↗ www.brinztech.com (2025-10-18)
2025-10-17
vuln disclosure
CVE-2025-6950: Hard-coded JWT secret in Moxa EDR-G9010 allows authentication bypassCVE-2025-6950
A hard-coded secret key is used to sign JWTs in Moxa EDR-G9010 Series network security appliances, allowing unauthenticated attackers to forge tokens and gain full administrative control. The vulnerability has a CVSS 4.0 score of 9.9 and affects version 1.0. No patches are available yet, and no in-the-wild exploitation has been observed.
2025-10-17
research poc
Analysis of .NET AMSI and ETW bypass techniques in malware loadersAMSI bypass via in-memory patching of AmsiScanBuffer and EtwEventWrite
Researchers analyzed 59 .NET malware samples that implement AMSI and ETW bypasses by patching in-memory functions. The samples overwrite AmsiScanBuffer to return E_INVALIDARG or zero out buffer length, and patch EtwEventWrite to disable event tracing. These techniques allow loaders to execute malicious payloads undetected by security tools.
2025-10-15
vuln disclosure
CVE-2025-59497: TOCTOU Race Condition in Microsoft Defender for Endpoint on LinuxCVE-2025-59497
Microsoft disclosed CVE-2025-59497, a time-of-check time-of-use (TOCTOU) race condition in the Defender for Endpoint Linux agent. A local attacker with low privileges can trigger a denial-of-service condition, potentially disabling real-time protection and telemetry. A security update was released on October 14, 2025.
2025-10-14
vuln disclosure
CVE-2025-55330: BitLocker Security Feature Bypass via Physical AccessCVE-2025-55330
Microsoft disclosed CVE-2025-55330, a BitLocker security feature bypass that allows an attacker with physical access to circumvent encryption protections by manipulating boot-time decision logic. The vulnerability has a CVSS score of 6.1 (Medium) and is addressed by vendor updates. Exploitation does not break AES but targets improper enforcement of behavioral workflow during boot or recovery.
2025-10-14
vuln disclosure
Elastic Agent Leaks Secrets in Debug Log ModeCVE-2024-37283
CVE-2024-37283 is a vulnerability in Elastic Agent where secrets from the agent policy elastic-agent.yml are leaked when the log level is set to debug. By default, the log level is info, which prevents the leak. The issue was disclosed in a security update for Elastic Agent 8.15.0.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →