■■□□□ Microsoft: Windows CLFS zero-day exploited by ransomware gang Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims’ systems. https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/
All posts by John Doe
April 7, 2025 at 08:41AM
■■■□□ Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring. Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring
April 5, 2025 at 03:42PM
■■■■□ QuickShell : Sharing is Caring About an RCE Attack Chain on Quick Share. https://i.blackhat.com/Asia-25/Asia-25-Yair-QuickShell-Sharing-is-Caring.pdf
April 5, 2025 at 03:42PM
■■■■■ RCE Attack Chain on Google’s – Quick Share. QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share
April 4, 2025 at 10:04AM
■■□□□ Possible zero-day in Juniper product. On Wednesday, SANS Institute’s Johannes Ullrich said he noticed a surge in scans for the username “t128,” which, when accompanied by the password “128tRoutes,” is a well-known default account for Juniper’s Session Smart Networking products. “About 3,000 source IPs took part in these scans,” reported Ullrich, the dean of…
April 4, 2025 at 01:41AM
🎲🐬 Feberis Pro: The Ultimate 4-in-1 Expansion Board for Flipper Zero. www.mobile-hacker.com/2025/03/31/feberis-pro-the-ultimate-4-in-1-expansion-board-for-flipper
April 3, 2025 at 11:03PM
■□□□□ Even some computer engineers are jobless to write this: Fake shell saying it is root (as if it was privilege escalation). Waste of time to people who have jobs. Content shared by fellow researcher .
April 3, 2025 at 01:03AM
■■■■□ We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain. The Acronis Threat Research Unit (TRU) was presented with an interesting threat chain and malware sample for analysis that involved a known cyberthreat along with some interesting twists in targeting and obfuscation. https://www.bleepingcomputer.com/news/security/we-smell-a-dcrat-revealing-a-sophisticated-malware-delivery-chain/
April 3, 2025 at 12:42AM
■□□□□ GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and organizations to serious security risks. https://www.bleepingcomputer.com/news/security/github-expands-security-tools-after-39-million-secrets-leaked-in-2024/
April 3, 2025 at 12:40AM
■■□□□ Oracle is being accused of poor incident comms as it reels from two reported data security mishaps over the past fortnight, amid a reluctance to publicly acknowledge all of the events as well as allegedly deleting evidence from the web. https://www.theregister.com/2025/04/02/oracle_breach_disaster_planning/