All posts by John Doe

■■□□□ State-Sponsored Actors Try ClickFix. https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix https://www.forbes.com/sites/zakdoffman/2025/04/21/do-not-click-if-you-see-this-on-your-pc-its-an-attack/

■□□□□ Fallout: Spying on Israeli citizens and protestors and using operations to deter court appearances by Benjamin Netanyahu. Israeli spy agency head: Ronen Bar accuses Netanyahu of demanding illegal operations. https://www.aljazeera.com/news/2025/4/22/israeli-spy-chief-accuses-netanyahu-of-demanding-illegal-operations

■■■■■ ⚡️ Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps 10 other certificates ‘were mis-issued and have now been revoked’. https://www.theregister.com/2025/04/22/ssl_com_validation_flaw/

■■■■□ Flutter Mobile Application Reverse Engineering Tool by Compiling Dart AOT Runtime. 🔤🔤🔤🔤🔤🔤🔤 Currently, the application supports only Android libapp.so (arm64 only). Also, the application is currently working only against recent Dart versions. https://github.com/worawit/blutter

■■■■■ Interesting thread. Malicious #NPM Campaign #Lazarus C2 Web Panel http://{IP}:1224/keys or /pdown + http://{IP}:1245/login + XAMPP + HTML Title = L-Administrator https://x.com/blackorbird/status/1912904527092785487

■■■■□ Compiled to WebAssembly so as to enable emulation of 64-bit Windows binaries within a browser environment. https://momo5502.github.io/emulator/

⚡️ Full Disclosure | A Hardware Zero-Day Drop: Bypassing Lock – Microchip/Atmel SAM4C32 📱https://wiki.recessim.com/view/ATSAM4C32 ▶️https://youtu.be/IOD5voFTAz8

■■■■■ Bypassing Windows Defender antivirus in 2025. Using Direct Syscalls and XOR encryption. https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-1/ https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-2/

■■■■■📍Everyone knows your location: Tracking myself down through in-app ads. https://timsh.org/tracking-myself-down-through-in-app-ads/ 📍Everyone knows your location, Part 2: Try it yourself and share the results. https://timsh.org/everyone-knows-your-location-part-2-try-it-yourself/ ➿➿➿➿➿➿➿➿➿➿ analyse-ad-traffic l: A guide + python notebook that helps to collect, analyse and visualise requests sent by a mobile device while using some app. https://github.com/tim-sha256/analyse-ad-traffic

■□□□□ CA/Browser Forum has approved a proposal to reduce the maximum validity of SSL/TLS certificates from the current 398 days to just 47 days by 2029. SSL/TLS Certificates Validity To Be Reduced From 398 Days to 47 Days