Forwarded from AXUM SEC
CVE-2025-53770: When SharePoint Zero-Days Proved Perimeter
Security Isn’t Enough
In July 2025, attackers actively exploited a critical SharePoint zero-day to gain unauthenticated RCE, deploy web shells, steal machine keys, and persist even after patching.
The hard truth?
Patching closes the door, but it doesn’t tell you who already walked in.
Modern attacks blend into normal operations and stay quiet. Defending against them takes more than alerts it takes continuous validation and real exposure visibility.
That’s where AxumSec comes in.
Because modern threats don’t wait and security shouldn’t either.
💬 What cyber risk do you think organizations still underestimate?
🔗 https://preregister.axumsec.com
Security Isn’t Enough
In July 2025, attackers actively exploited a critical SharePoint zero-day to gain unauthenticated RCE, deploy web shells, steal machine keys, and persist even after patching.
The hard truth?
Patching closes the door, but it doesn’t tell you who already walked in.
Modern attacks blend into normal operations and stay quiet. Defending against them takes more than alerts it takes continuous validation and real exposure visibility.
That’s where AxumSec comes in.
Because modern threats don’t wait and security shouldn’t either.
💬 What cyber risk do you think organizations still underestimate?
🔗 https://preregister.axumsec.com
🔥3
The Hacker News
Researchers uncovered SHADOW#REACTOR, a multi-stage campaign delivering Remcos RAT. It starts with an obfuscated VBS launcher, moves through PowerShell, and rebuilds fragmented text payloads in memory. The defining trait is text-only stagers and LOLBin abuse…
First time seeing text-based stagers in the wild 😮💨 These guys are creative as hell fr
their Attack chain was like :
> Obfuscated VBS → PowerShell → Text payload fragments → .NET Reactor loader → MSBuild.exe → Remcos RAT
> All in-memory reconstruction (fileless where possible)
> Self-healing downloaders that retry if payloads fail
The whole "access-as-a-service" economy is wild rn 😂
They did slip up tho large .txt files being processed by powerShell would raise SOC eyebrows but their evasion game was strong good
Text-based payloads avoid signature detection
.NET Reactor obfuscation breaks static analysis
Living-off-the-land with MSBuild.exe
Memory-only execution avoids file scanning
Overall rating: 8.5/10 😂😂
solid OPSEC, creative TTPs, but that PowerShell + .txt combo is a bit loud for sustained stealth 🙃
@AfroSec
their Attack chain was like :
> Obfuscated VBS → PowerShell → Text payload fragments → .NET Reactor loader → MSBuild.exe → Remcos RAT
> All in-memory reconstruction (fileless where possible)
> Self-healing downloaders that retry if payloads fail
The whole "access-as-a-service" economy is wild rn 😂
They did slip up tho large .txt files being processed by powerShell would raise SOC eyebrows but their evasion game was strong good
Text-based payloads avoid signature detection
.NET Reactor obfuscation breaks static analysis
Living-off-the-land with MSBuild.exe
Memory-only execution avoids file scanning
Overall rating: 8.5/10 😂😂
solid OPSEC, creative TTPs, but that PowerShell + .txt combo is a bit loud for sustained stealth 🙃
@AfroSec
🤯2⚡1🤓1
Forwarded from Florida🛸
I built my own AI News Pipeline (and why?..."readily made" apps weren't enough for me:(
I have seen many apps that claim to deliver customized news, but most of them are hidden systems where you can't control the logic, or they get the facts wrong..i wanted a system that acted as a high level content curator, so I built a custom ETL pipeline to solve this for myself
Here is what you won't find in most AI news apps:
-Parallel Data Architecture: this prevents AI hallucinations by splitting the data stream. the LLM handles the creative rewrite, while the original URLs are preserved in a separate path.
- Local LLM: by running the intelligence layer locally, i eliminated API costs,privacy concerns and third-party subscriptions.
- Smart Ranking & Filtering: delivering only the top 6 highest value stories
As a result,i no longer wake up to a mess of notifications...i just get a professional and summarized briefing of exactly what I need to know
I have seen many apps that claim to deliver customized news, but most of them are hidden systems where you can't control the logic, or they get the facts wrong..i wanted a system that acted as a high level content curator, so I built a custom ETL pipeline to solve this for myself
Here is what you won't find in most AI news apps:
-Parallel Data Architecture: this prevents AI hallucinations by splitting the data stream. the LLM handles the creative rewrite, while the original URLs are preserved in a separate path.
- Local LLM: by running the intelligence layer locally, i eliminated API costs,privacy concerns and third-party subscriptions.
- Smart Ranking & Filtering: delivering only the top 6 highest value stories
As a result,i no longer wake up to a mess of notifications...i just get a professional and summarized briefing of exactly what I need to know
⚡9🔥4
Forwarded from Cyber Vanguard @ CTBE
Are you ready to join today and tomorrow's cybersecurity foot soldiers?
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️💥 bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️💥 bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
⚡3
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.
https://fearsoff.org/research/cloudflare-acme
so i was Just reading about logic bug in Cloudflare's ACME validation Found by Fearsoff .
when Cloudflare handles SSL cert challenges (/.well-known/acme-challenge/*), it turns off WAF so CAs can validate without interference but the old logic sometimes disabled WAF even for invalid tokens, letting malicious requests slip through to origin. smooth bypass path.
i also saw that Cloudflare posted about it Cloudflare blog
they patched it quick and they said that no evidence of exploitation so far,
( nah i dont believe that tho 🙄)
@AfroSec
so i was Just reading about logic bug in Cloudflare's ACME validation Found by Fearsoff .
when Cloudflare handles SSL cert challenges (/.well-known/acme-challenge/*), it turns off WAF so CAs can validate without interference but the old logic sometimes disabled WAF even for invalid tokens, letting malicious requests slip through to origin. smooth bypass path.
i also saw that Cloudflare posted about it Cloudflare blog
they patched it quick and they said that no evidence of exploitation so far,
@AfroSec
1⚡1🤔1🤯1
aight guys
one step forward always ✨
today i took the CRTA exam and passed uk it was a bit tricky at some point but i handled it 💪
through this cert i learned:
• Red Teaming
• Pentesting
• MITRE ATT&CK
• Web & Network Attacks
• Enterprise Tech
• Windows Security
• Adversary Simulation
• Red Team Methodologies
but look you gotta have a researcher mindset. you gotta explore beyond the course and the syslabs.
tbh i subscribed to this for the sake of infra, yk… for pivot and stuff like that.
anyway let's celebrate small wins here 🎉
thanks that you guys are here all the time.
like i said always one step forward
@AfroSec
one step forward always ✨
today i took the CRTA exam and passed uk it was a bit tricky at some point but i handled it 💪
through this cert i learned:
• Red Teaming
• Pentesting
• MITRE ATT&CK
• Web & Network Attacks
• Enterprise Tech
• Windows Security
• Adversary Simulation
• Red Team Methodologies
but look you gotta have a researcher mindset. you gotta explore beyond the course and the syslabs.
tbh i subscribed to this for the sake of infra, yk… for pivot and stuff like that.
anyway let's celebrate small wins here 🎉
thanks that you guys are here all the time.
like i said always one step forward
@AfroSec
3🔥26🎉3🏆2⚡1