All posts by John Doe

■■■■■ 🔍 Google fixes two Android zero-day bugs actively exploited likely by state sponsored hackers. CVE-2024-53197 CVE-2024-53150 Google fixes two Android zero-day bugs actively exploited by hackers https://source.android.com/docs/security/bulletin/2025-04-01

📣 Oracle quietly confirms public cloud data breach, customer data stolen. The attacker exploited a vulnerability in Oracle Access Manager to breach Oracle-hosted servers. The vulnerability is tracked as CVE-2021-35587 and was assigned a critical severity score 9.8/10. It was patched in mid-January 2022, raising questions over whether Oracle kept its own servers vulnerable to…

■■□□□ Microsoft: Windows CLFS zero-day exploited by ransomware gang Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims’ systems. https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/

■■■□□ Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring. Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring

■■■■□ QuickShell : Sharing is Caring About an RCE Attack Chain on Quick Share. https://i.blackhat.com/Asia-25/Asia-25-Yair-QuickShell-Sharing-is-Caring.pdf

■■■■■ RCE Attack Chain on Google’s – Quick Share. QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

■■□□□ Possible zero-day in Juniper product. On Wednesday, SANS Institute’s Johannes Ullrich said he noticed a surge in scans for the username “t128,” which, when accompanied by the password “128tRoutes,” is a well-known default account for Juniper’s Session Smart Networking products. “About 3,000 source IPs took part in these scans,” reported Ullrich, the dean of…

🎲🐬 Feberis Pro: The Ultimate 4-in-1 Expansion Board for Flipper Zero. www.mobile-hacker.com/2025/03/31/feberis-pro-the-ultimate-4-in-1-expansion-board-for-flipper

■□□□□ Even some computer engineers are jobless to write this: Fake shell saying it is root (as if it was privilege escalation). Waste of time to people who have jobs. Content shared by fellow researcher .

■■■■□ We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain. The Acronis Threat Research Unit (TRU) was presented with an interesting threat chain and malware sample for analysis that involved a known cyberthreat along with some interesting twists in targeting and obfuscation. https://www.bleepingcomputer.com/news/security/we-smell-a-dcrat-revealing-a-sophisticated-malware-delivery-chain/