All posts by John Doe

■■□□□ Hackers Leverage Raw Disk Reads to Bypass EDR Solutions and Access Highly Sensitive Files. Hackers Leverage Raw Disk Reads to Bypass EDR Solutions and Access Highly Sensitive Files

■■■■□ New TP-Link zero-day surfaces as CISA warns other flaws are exploited. https://www.bleepingcomputer.com/news/security/new-tp-link-zero-day-surfaces-as-cisa-warns-other-flaws-are-exploited/

■□□□□ 📰 Microsoft reports, “Multiple international subsea cables were cut in the Red Sea,” impacting the Azure Cloud platform.

■■□□□ Military | Declassified | Bad Intel | Bad Work | War Crimes US Navy SEALs killed several North Korean fishermen after encountering them by accident during a botched mission, US news outlet reports. Later the videos of these fishermen were downed in ocean by puncturing lungs of these fishermen by 🔪 stabbing them. https://www.aljazeera.com/news/2025/9/6/us-navy-seals-killed-north-korean-civilians-during-botched-mission-report

■■□□□ Correction for https://t.me/cKure/16273. Attribution to Google was incorrect. The attack did happen. Threat actor unknown.

🤖 CVE-2025-48539: Android bluetooth stack access over adjacent WiFi with no user interaction. With chains privilege escalation, the attacker can do full device access remotely. https://osv.dev/vulnerability/ASB-A-406785684

🤖 CVE-2025-48539 seems like an interesting bug! Android RCE over adjacent WiFi with no user interaction. https://osv.dev/vulnerability/ASB-A-406785684

■■□□□ The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest. Everything to know about the mishap that threatened to expose millions of users’ queries. https://arstechnica.com/information-technology/2025/09/the-number-of-mis-issued-1-1-1-1-certificates-grows-heres-the-latest/

■■■□□ Researchers find secret ties and vulnerabilities in popular VPN apps. https://me.mashable.com/tech/60374/researchers-find-secret-ties-and-vulnerabilities-in-popular-vpn-apps

■■■■□ Unconfirmed: CVE-2025-48558 Android BatteryService Implicit Intent Hijacking. In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.