All posts in Uncategorized

■■■■□ Havoc C2 with AV/EDR Bypass Methods in 2024 (Part 1). https://medium.com/@sam.rothlisberger/havoc-c2-with-av-edr-bypass-methods-in-2024-part-1-733d423fc67b

■■■□□ Deploy Hidden Virtual Machine For VMProtections Evasion and Dynamic Analysis. https://r0ttenbeef.github.io/Deploy-Hidden-Virtual-Machine-For-VMProtections-Evasion-And-Dynamic-Analysis/

■■□□□ Kimsuky #APT exploited #BlueKeep #RDP flaw in attacks against South Korea and Japan. Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

■■■□□ Cookie-Bite Attack Lets Hacker Bypass MFA & Maintain Access to Cloud Servers. New Cookie-Bite Attack Let Hackers Bypass MFA & Maintain Access to Cloud Servers

■■■■□ SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks. SuperCard X Android Malware A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraud cashouts. https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

■■□□□ LDAP Injection 💉 Dependency Injector. Covers why it’s crucial for clean code, with Python examples before Go. 🎞 https://youtu.be/BhLpqRev80s

■■■■□  Active! Mail RCE flaw exploited in attacks on Japanese orgs. An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. https://www.bleepingcomputer.com/news/security/active-mail-rce-flaw-exploited-in-attacks-on-japanese-orgs/

■■□□□ New Malware Targets Docker — but it’s not about crypto mining anymore. Hackers are hijacking Docker to run fake nodes on a Web3 network called Teneo. Instead of mining, they farm TENEO tokens by sending fake heartbeat signals. 🔹 325+ downloads from Docker Hub https://thehackernews.com/2025/04/docker-malware-exploits-teneo-web3-node.html

■■□□□ Privilege Escalation in Google Cloud! A serious bug in Cloud Composer (GCP) let attackers with edit access take control of key services like Cloud Storage and Artifact Registry by uploading malicious code. https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html

■■■■□ Russian state-sponsored hackers have attempted to sabotage Dutch critical infrastructure in attacks this year and last, according to the Dutch Military Intelligence and Security Service’s annual public report, published Tuesday. https://www.defensie.nl/actueel/nieuws/2025/04/22/russische-brutaliteit-om-samenleving-te-ontwr https://therecord.media/dutch-mivd-report-russian-cyber-sabotage