X-Request-Purpose: Identifying "research" and bug bounty related scans?

Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are supposed to identify the researcher conducting the scans

https://isc.sans.edu/diary/X-Request-Purpose%3A%20Identifying%20%22research%22%20and%20bug%20bounty%20related%20scans%3F/32436

Proton Breach Observatory

Proton opened up its breach observatory. This website will collect information about breaches affecting companies that have not yet made the breach public.

https://proton.me/blog/introducing-breach-observatory

Microsoft Exchange Server Security Best Practices

A new document published by a collaboration of national cyber security agencies summarizes steps that should be taken to harden Exchange Server.

https://www.nsa.gov/Portals/75/documents/resources/cybersecurity-professionals/CSI_Microsoft_Exchange_Server_Security_Best_Practices.pdf?ver=9mpKKyUrwfpb9b9r4drVMg%3d%3d

MOVEit Vulnerability

Progress published an advisory for its file transfer program MOVEIt . This software has had heavily exploited vulnerabilities in the past.

https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025