All posts in Uncategorized

■■■□□ This Spyware Campaign Is Targeting Android Users Via Messaging Apps. https://lifehacker.com/tech/this-spyware-campaign-is-targeting-android-users-via-messaging-apps

■■■■□ Google confirms data stolen in breach by known hacker group. Hackers used voice phishing to access Google’s internal Salesforce system and steal data. https://cyberguy.com/security/google-confirms-data-stolen-breach-known-hacker-group/ https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion?rev=7194ef805fa2d04b0f7e8c9521f97343

■■■□□ Zero-Day: Elastic EDR 0-Day Vulnerability Allows Attackers to Bypass Detection, Execute Malware, and Cause BSOD. New Elastic EDR 0-Day Vulnerability Allows Attackers to Bypass Detection, Execute Malware, and Cause BSOD

■■■□□ I Found 10x More SQLi Flaws Using This Bash Trick My Secret to Faster SQLi Testing? Ghauri + Bash. https://infosecwriteups.com/i-found-10x-more-sqli-flaws-using-this-bash-trick-6300ca3a0f14

■□□□□ An OSINT Board. Inside the Abercrombie & Fitch International Sex Trafficking Network Mapping the People, Power, and Processes Behind the Network. https://pfpresearch.substack.com/p/inside-the-abercrombie-and-fitch

⚠️Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability. https://zimperium.com/blog/the-rooting-of-all-evil-security-holes-that-could-compromise-your-mobile-device Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability

■■■□□ A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices. The flaw, tracked as CVE-2025-52970 and dubbed “Fort-Majeure” by its discoverer, stems from improper parameter handling in the application’s cookie parsing mechanism. FortiWeb Authentication Bypass Vulnerability…

■■■■■ Mastering Web Cache Deception Vulnerabilities: An Advanced Bug Hunter’s Guide Advanced Tactics, Payloads and Real-World Methods to Uncover Hidden Cache Deception Flaws. https://infosecwriteups.com/mastering-web-cache-deception-vulnerabilities-an-advanced-bug-hunters-guide-b7b500b482e3

■■■□□ Researchers at cybersecurity firm Profero cracked DarkBit ransomware encryption, allowing victims to recover files for free. Researchers cracked the encryption used by DarkBit ransomware

■■■■■ Palo Alto Networks 》Malware Analysis. https://github.com/PaloAltoNetworks/Unit42-Threat-Intelligence-Article-Information/blob/main/Mega-Malware-Analysis-Tutorial-Featuring-Donut.pdf