All posts in Uncategorized

📣 Oracle quietly confirms public cloud data breach, customer data stolen. The attacker exploited a vulnerability in Oracle Access Manager to breach Oracle-hosted servers. The vulnerability is tracked as CVE-2021-35587 and was assigned a critical severity score 9.8/10. It was patched in mid-January 2022, raising questions over whether Oracle kept its own servers vulnerable to…

■■□□□ Microsoft: Windows CLFS zero-day exploited by ransomware gang Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims’ systems. https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/

■■■□□ Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring. Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring

■■■■□ QuickShell : Sharing is Caring About an RCE Attack Chain on Quick Share. https://i.blackhat.com/Asia-25/Asia-25-Yair-QuickShell-Sharing-is-Caring.pdf

■■■■■ RCE Attack Chain on Google’s – Quick Share. QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

■■□□□ Possible zero-day in Juniper product. On Wednesday, SANS Institute’s Johannes Ullrich said he noticed a surge in scans for the username “t128,” which, when accompanied by the password “128tRoutes,” is a well-known default account for Juniper’s Session Smart Networking products. “About 3,000 source IPs took part in these scans,” reported Ullrich, the dean of…

🎲🐬 Feberis Pro: The Ultimate 4-in-1 Expansion Board for Flipper Zero. www.mobile-hacker.com/2025/03/31/feberis-pro-the-ultimate-4-in-1-expansion-board-for-flipper

■□□□□ Even some computer engineers are jobless to write this: Fake shell saying it is root (as if it was privilege escalation). Waste of time to people who have jobs. Content shared by fellow researcher .

■■■■□ We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain. The Acronis Threat Research Unit (TRU) was presented with an interesting threat chain and malware sample for analysis that involved a known cyberthreat along with some interesting twists in targeting and obfuscation. https://www.bleepingcomputer.com/news/security/we-smell-a-dcrat-revealing-a-sophisticated-malware-delivery-chain/

■□□□□ GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and organizations to serious security risks. https://www.bleepingcomputer.com/news/security/github-expands-security-tools-after-39-million-secrets-leaked-in-2024/