// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of December 29, 2025
Signal Brief · Archived

Week of December 29, 2025

2025-12-29 — 2026-01-04 · 2 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of December 29, 2025, ColdRecon logged 2 public endpoint-security events from open-source reporting — 1 incident, 1 research poc. Vendors in the record this week: Resecurity.

The Week's Public Record

Events

2026-01-03
incident
Threat Actors Claim Breach of Resecurity, Firm Says It Was a HoneypotResecurity Honeypot Incident
Threat actors known as 'Scattered Lapsus$ Hunters' claimed to have breached cybersecurity firm Resecurity, posting screenshots of alleged internal data. Resecurity stated the accessed systems were a deliberately deployed honeypot containing synthetic data, used to monitor the attackers. The incident highlights the use of deception technology to gather threat intelligence on adversaries.
2025-12-30
research poc
EDR Jammer: Bypassing EDR via Windows Filtering Platform DriverEDR Jammer
A research proof-of-concept demonstrates using a BYOVD attack to load a custom unsigned WFP driver, creating a transparent proxy to intercept and block EDR/XDR agent traffic to SOC servers. This bypasses tamper protection and other defenses by operating below the firewall at the kernel level.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →