All posts by John Doe

■■■□□ Driving into the Unknown: Investigating and Addressing Security Breaches in Vehicle Infotainment Systems. The website is geo locked and done regions are not allowed. https://www.mdpi.com/1424-8220/26/1/77

📻🇮🇷 Active.

■□□□□ OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html

■■■■□ Russia: GRU University, Where Moscow Turns Students into Spies and Hackers. Welcome to the GRU University, Where Moscow Turns Students into Spies and Hackers

👩‍💻 Performing RCE in Internet Explorer via clickjacking! Credits: Igor Sak-Sakovsky’s (𝕏 | Psych0tr1a) https://swarm.ptsecurity.com/the-click-that-shouldnt-have-worked-rce-via-clickjacking-in-internet-explorer/

📡🛰 For 19 years, GPS satellites have secretly broadcast a “numbers station” in their public signals. We decoded 12M messages: a 2011 flash where 31 of 32 satellites flipped in hours, “ghost” substrings repeating years apart, and a “TEXT” prefix spreading now. https://lsc-pagepro.mydigitalpublication.com/publication/?i=865273&p=62&view=issueViewer https://github.com/sjmurdoch/gps-special-messages https://x.com/i/status/2061829547289387209

■■■□□ Lookalike Ghidra, dnSpy, and other download sites turned trusted clicks into TDS redirects. CPR found click hijacking, gated routing, and multiple malware families downstream — including an evasive, previously undocumented framework we call SessionGate. https://research.checkpoint.com/2026/impersonation-click-hijacking-and-tds-inside-a-malware-distribution-ecosystem/

■■□□□ CYBER INTELLIGENCE ALERT: ZERO-DAY VULNERABILITY EXPLOITATION — SERVERS IN CHINA 🇨🇳 [ STATUS: UNCONFIRMED / ACTIVE EXPLOITATION / THREAT ASSESSMENT] An active exploitation campaign targeting web servers and applications in .cn domains has been detected, using zero-day vulnerabilities to gain root access. Affected Entities: Multiple web servers and applications hosted under the .cn domain.…

■■■■□ CVE-2026-48778 & CVE-2026-48800 | Notepad++ | CVSS 7.8 HIGH 🐛 Config file injection – fake Run menu entries execute attacker code and survive reboots ✅ Fixed: Notepad++ 8.9.6.1 (May 27) https://notepad-plus-plus.org/news/v8961-released/

■■■□□ Claude-Red: Offensive security skills for Claude — drop-in SKILL.md files that turn Claude into a context-aware red team operator. https://github.com/SnailSploit/Claude-Red