■■■■■ Apple just patched a zero-day under active attack. CVE-2025-24201 let hackers escape the WebKit sandbox-Apple calls the exploit extremely sophisticated.
All posts in Uncategorized
June 13, 2025 at 12:26PM
■■■□□ The Pakistan Airports Authority (PAA) appears to have been compromised, their email infrastructure being used to distribute password-protected ZIP archives containing a previously undocumented malware. https://x.com/WhichbufferArda/status/1933300356370325981
June 13, 2025 at 06:20AM
■■■■■ Graphite spyware used in Apple iOS zero-click attacks on journalists. https://www.bleepingcomputer.com/news/security/graphite-spyware-used-in-apple-ios-zero-click-attacks-on-journalists/
June 13, 2025 at 05:54AM
■■□□□ Data-Leak: 🇮🇷🇮🇱🇺🇳 Iran has released documents revealing that IAEA chief Grossi has been fully coordinated with Israel and acting on its orders. The documents are part of those that Iran managed to take out of Israel the other day.
June 13, 2025 at 04:42AM
■□□□□ As Israel hits Iran with missiles in Tehran, online war of information has begun, as wikipedia becomes the propaganda point. https://en.m.wikipedia.org/wiki/June_2025_Israeli_strikes_in_Iran
June 12, 2025 at 10:53PM
■□□□□ European Union has its own DNS resolver; DNS4EU. https://www.joindns4.eu/
June 12, 2025 at 09:49PM
■■■■■ Microsoft Outlook Vulnerability Let Attackers Execute Arbitrary Code Remotely. Microsoft Outlook Vulnerability Let Attackers Execute Arbitrary Code Remotely
June 12, 2025 at 07:08PM
■■■□□ Forensic analysis confirms ✅ two more European journalists targeted with Paragon’s Graphite spyware. Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
June 12, 2025 at 05:17PM
■■■■■ ⚠️ Zero-click AI exploit in Microsoft 365 Copilot (CVE-2025-32711, CVSS 9.3) lets attackers steal sensitive data silently via email—no user interaction needed. Details ↓ https://thehackernews.com/2025/06/zero-click-ai-vulnerability-exposes.html
June 12, 2025 at 05:16PM
■■■■□ From trust to threat. Cybercriminals hijack expired Discord invites, quietly redirecting users to malicious servers. Social engineering and multi-stage loaders with evasion techniques enable stealthy delivery of malware bundles (RATs & stealers) bypassing AV detection. https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/