All posts by John Doe

■■■□□ Google says hackers behind UK retail cyber campaign now also targeting US. https://therecord.media/scattered-spider-suspected-retail-hackers-google-alert

■■□□□ DEFCON32 Exploiting insecure OTA updates to create the worlds first toothbrush Botnet. The author dumped the firmware and discovered that the toothbrush tries to connect to a specific Wi-Fi network with the password “12345678” to search for updates. Now, they can connect to other toothbrushes.

■■■■■ The RoKRAT family typically uses 3 cloud-based API services and tokens. Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story) ◈ Executive Summary Disguised the content as an academic forum invitation from a South Korean national security think tank to attract attention Lured…

■■■■□ A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. https://thehackernews.com/2025/05/russia-linked-apt28-exploited-mdaemon.html

■■■■■ World’s first CPU-level ransomware can “bypass every freaking traditional technology we have out there” — new firmware-based attacks could usher in new era of unavoidable ransomware. https://www.tomshardware.com/pc-components/cpus/worlds-first-cpu-level-ransomware-can-bypass-every-freaking-traditional-technology-we-have-out-there-new-firmware-based-attacks-could-usher-in-new-era-of-unavoidable-ransomware

■■■□□ A new (more difficult) era for mXSS will come soon! If nothing breaks, Chromium will start escaping “” in attributes starting with M138. https://chromestatus.com/feature/6264983847174144

■■■■■ Here’s a full technical rewrite of the WhatsApp vs. NSO Group spyware case, focusing on CVE-2019-3568, its exploitation logic, and WhatsApp’s patch implementation: ➿➿ CVE-2019-3568 – WhatsApp VoIP Stack RCE Exploit Summary CVE-ID: CVE-2019-3568 Vulnerability Type: Memory corruption – heap-based buffer overflow Attack Vector: Remote, via malformed RTCP (Real-time Transport Control Protocol) packets sent…

■■■■□ NSO Fallout Between April and May 2019, NSO Group’s Pegasus spyware targeted 1,223 WhatsApp users across 51 countries. The distribution of victims by country is as follows: Country Number of Victims Mexico 456 India 100 Bahrain 82 Morocco 69 Pakistan 58 Indonesia 54 Israel 51 Spain 12 Netherlands 11 Hungary 8 France 7 United…

■■■■□ Jewish NSO group Fallout. NSO Group developed a specialized system called the WhatsApp Installation Server (WIS) to deploy its Pegasus spyware. This server sent malformed messages through WhatsApp’s infrastructure, mimicking legitimate traffic. These messages exploited vulnerabilities in WhatsApp’s code, causing target devices to reach out to NSO-controlled servers and install the spyware—all without user…

■■■■□ Seven things we learned from WhatsApp vs. NSO Group spyware lawsuit. Seven things we learned from WhatsApp vs. NSO Group spyware lawsuit