Shinyhunters continues to leak data from data owners who have not paid for it. Next target Vimeo...
Example: Udemy 1.4GB data is breached
#DataLeak #Shinyhunters
Example: Udemy 1.4GB data is breached
#DataLeak #Shinyhunters
😱1
Forwarded from Brut Security
🔥 GitHub RCE via single git push!
CVE-2026-3854: Unsanitized push options let attackers run commands on backend servers, bypassing sandboxing (cross-tenant risk).
🔗 Learn how header injection led to full compromise → https://thehackernews.com/2026/04/researchers-discover-critical-github.html?m=1
CVE-2026-3854: Unsanitized push options let attackers run commands on backend servers, bypassing sandboxing (cross-tenant risk).
🔗 Learn how header injection led to full compromise → https://thehackernews.com/2026/04/researchers-discover-critical-github.html?m=1
🔥3
Forwarded from Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
Read “International AITU CTF on Kazakhstan SCADA system PWNED🇰🇿“ by JavaSec.uz on Medium: https://medium.com/@abduxalilovjavohir393/international-aitu-ctf-on-kazakhstan-scada-system-pwned-d9b4655a66f3
Medium
International AITU CTF on Kazakhstan SCADA system PWNED🇰🇿
JavaSec
🔥4
Alleged data breach involving Zoodmall.com 🌍
~816K+ user records across multiple countries reportedly exposed
Breakdown:
• Iraq: ~371K
• Uzbekistan: ~252K
• Lebanon: ~193K
Data may include:
• Full names
• Phone numbers ⚠️
• Country, city & ZIP details
• Addresses
• Payment & transaction data
• Product details (SKU, price, quantity)
⚠️ Why this matters:
→ Targeted scams using order & transaction data
→ Identity theft & location-based risks
→ Financial fraud possibilities
→ Cross-border exposure increases impact
#DataBreach #CyberSecurity #DataLeak #Privacy #Infosec #ThreatIntel
~816K+ user records across multiple countries reportedly exposed
Breakdown:
• Iraq: ~371K
• Uzbekistan: ~252K
• Lebanon: ~193K
Data may include:
• Full names
• Phone numbers ⚠️
• Country, city & ZIP details
• Addresses
• Payment & transaction data
• Product details (SKU, price, quantity)
⚠️ Why this matters:
→ Targeted scams using order & transaction data
→ Identity theft & location-based risks
→ Financial fraud possibilities
→ Cross-border exposure increases impact
#DataBreach #CyberSecurity #DataLeak #Privacy #Infosec #ThreatIntel
😭7❤1😁1
Forwarded from Sploitus Agency
🔴 Kichik Red Team Real Case: Bitta router qanday qilib butun tashkilotni qulatadi?
Ko‘pchilik hali ham shunaqa o‘ylaydi:
“Routerda kichik muammo bo‘lsa ham, undan katta zarar chiqmaydi…”
Lekin real holatda bu fikr juda xato.
---
🧠 Qisqa foundation:
Routerlarda uchraydigan asosiy zaifliklar:
• RCE (auth / unauth)
• Authentication bypass
• Command injection
• Default credentials
• Eski firmware
Va bularni topish qiyin ham emas.
Shodan orqali:
• Internetga ochiq routerlar
• Model va firmware
• Login panel’lar
hammasi ko‘rinib turadi.
---
😤 Real case boshlanishi:
Attacker tashkilotni test qiladi:
• Web app → himoyalangan
• Serverlar → patch qilingan
• AD → relay ishlamaydi
• Endpoint → EDR bor
👉 Bir necha kun urinishlardan keyin ham hech narsa topilmadi.
---
🔍 Burilish nuqtasi:
Attacker tashqaridan qaraydi.
Shodan orqali qidiradi:
port:80 "router"
port:8080 "login"
port:8291 "RouterOS"
👉 Va bitta narsa topadi:
Internetga ochiq turgan D-Link router
---
⚠️ Zaiflik: CVE-2026-0625
Bu oddiy bug emas.
👉 Bu — unauthenticated RCE
Ya’ni:
• Login kerak emas
• Session kerak emas
• Faqat bitta HTTP request yetarli
---
💣 Texnik tafsilot (soddalashtirilgan):
Router’da
Bu endpoint:
• Foydalanuvchi kiritgan qiymatni tekshirmaydi
• Input sanitization yo‘q
Attacker esa:
• Maxsus crafted HTTP request yuboradi
• Parametr ichiga command qo‘shadi (`;`,
Natija:
👉 Router shell’da attacker command’i ishlaydi
---
🔥 Exploit natijasi:
Attacker:
• Reverse shell oladi
• Router OS darajasida ishlaydi
• Root huquqlarga yaqin nazoratga ega bo‘ladi
---
🕸 Shu yerdan keyin eng xavfli bosqich boshlanadi:
Router — bu oddiy qurilma emas.
Bu:
👉 Butun tarmoqning markazi
Attacker:
• Traffic’ni kuzatadi (packet capture)
• DNS’ni o‘zgartiradi (redirect)
• ARP spoofing qiladi
• Internal IP’larni aniqlaydi
---
🔐 Eng muhim zarba:
👉 NTLM authentication’lar ushlab olinadi
Bu degani:
• Foydalanuvchi login bo‘lsa
• Hash router orqali o‘tadi
• Attacker uni yozib oladi
---
🎭 Keyin nima bo‘ladi?
• Pass-the-Hash attack
• Internal service’larga kirish
• Xodimlarga targeted phishing
👉 Attacker endi “tashqaridan kelgan xaker” emas
👉 U “ichki foydalanuvchi”ga aylanadi
---
💥 Natija:
• Lateral movement
• Serverlar compromise
• Credential chain reaction
• To‘liq takeover
---
📄 Va eng qo‘rqinchli joy:
Final report’da faqat:
👉 “Exposed D-Link router (CVE-2026-0625)”
---
😐 Haqiqat esa:
Shu bitta zaiflik:
• Perimeter’ni buzdi
• Ichki tarmoqqa yo‘l ochdi
• Barcha himoyalarni bypass qildi
---
⚠️ Routerlarda yana qanday zaifliklar chiqishi mumkin?
Bu faqat RCE emas.
Ko‘pincha quyidagilar ham bo‘ladi:
🔓 Authentication bypass
👉 Login qilmasdan admin panelga kirish
💣 Command injection
👉 Diagnostic funksiyalar orqali OS command ishlatish
🧬 CSRF (Cross-Site Request Forgery)
👉 Foydalanuvchi orqali router sozlamasini o‘zgartirish
🌐 DNS hijacking
👉 Trafikni fake saytga yo‘naltirish
🔑 Default credentials
👉 Eng oddiy, lekin eng xavfli xato
🕳 Backdoor / hidden account
👉 Ishlab chiqaruvchi yoki malware qoldirgan access
📡 Open management ports
👉 Telnet / SSH / Web internetga ochiq
---
🧩 Xulosa:
Ba’zida:
❌ Zero-day kerak emas
❌ Murakkab exploit ham shart emas
👉 Bitta exposed router yetarli
---
🔐 Tavsiyalar:
• Router’ni internetdan yopish (VPN orqali kirish)
• Firmware’ni doim yangilash
• Default credential’larni o‘zgartirish
• Monitoring va loglarni tekshirish
• Keraksiz servislarni o‘chirish
---
👉 Esda tuting:
“Router — bu kichik qurilma emas.
Bu — butun tarmoqqa kirish eshigi.”
Ko‘pchilik hali ham shunaqa o‘ylaydi:
“Routerda kichik muammo bo‘lsa ham, undan katta zarar chiqmaydi…”
Lekin real holatda bu fikr juda xato.
---
🧠 Qisqa foundation:
Routerlarda uchraydigan asosiy zaifliklar:
• RCE (auth / unauth)
• Authentication bypass
• Command injection
• Default credentials
• Eski firmware
Va bularni topish qiyin ham emas.
Shodan orqali:
• Internetga ochiq routerlar
• Model va firmware
• Login panel’lar
hammasi ko‘rinib turadi.
---
😤 Real case boshlanishi:
Attacker tashkilotni test qiladi:
• Web app → himoyalangan
• Serverlar → patch qilingan
• AD → relay ishlamaydi
• Endpoint → EDR bor
👉 Bir necha kun urinishlardan keyin ham hech narsa topilmadi.
---
🔍 Burilish nuqtasi:
Attacker tashqaridan qaraydi.
Shodan orqali qidiradi:
port:80 "router"
port:8080 "login"
port:8291 "RouterOS"
👉 Va bitta narsa topadi:
Internetga ochiq turgan D-Link router
---
⚠️ Zaiflik: CVE-2026-0625
Bu oddiy bug emas.
👉 Bu — unauthenticated RCE
Ya’ni:
• Login kerak emas
• Session kerak emas
• Faqat bitta HTTP request yetarli
---
💣 Texnik tafsilot (soddalashtirilgan):
Router’da
dnscfg.cgi endpoint mavjud bo‘ladi.Bu endpoint:
• Foydalanuvchi kiritgan qiymatni tekshirmaydi
• Input sanitization yo‘q
Attacker esa:
• Maxsus crafted HTTP request yuboradi
• Parametr ichiga command qo‘shadi (`;`,
&& kabi)Natija:
👉 Router shell’da attacker command’i ishlaydi
---
🔥 Exploit natijasi:
Attacker:
• Reverse shell oladi
• Router OS darajasida ishlaydi
• Root huquqlarga yaqin nazoratga ega bo‘ladi
---
🕸 Shu yerdan keyin eng xavfli bosqich boshlanadi:
Router — bu oddiy qurilma emas.
Bu:
👉 Butun tarmoqning markazi
Attacker:
• Traffic’ni kuzatadi (packet capture)
• DNS’ni o‘zgartiradi (redirect)
• ARP spoofing qiladi
• Internal IP’larni aniqlaydi
---
🔐 Eng muhim zarba:
👉 NTLM authentication’lar ushlab olinadi
Bu degani:
• Foydalanuvchi login bo‘lsa
• Hash router orqali o‘tadi
• Attacker uni yozib oladi
---
🎭 Keyin nima bo‘ladi?
• Pass-the-Hash attack
• Internal service’larga kirish
• Xodimlarga targeted phishing
👉 Attacker endi “tashqaridan kelgan xaker” emas
👉 U “ichki foydalanuvchi”ga aylanadi
---
💥 Natija:
• Lateral movement
• Serverlar compromise
• Credential chain reaction
• To‘liq takeover
---
📄 Va eng qo‘rqinchli joy:
Final report’da faqat:
👉 “Exposed D-Link router (CVE-2026-0625)”
---
😐 Haqiqat esa:
Shu bitta zaiflik:
• Perimeter’ni buzdi
• Ichki tarmoqqa yo‘l ochdi
• Barcha himoyalarni bypass qildi
---
⚠️ Routerlarda yana qanday zaifliklar chiqishi mumkin?
Bu faqat RCE emas.
Ko‘pincha quyidagilar ham bo‘ladi:
🔓 Authentication bypass
👉 Login qilmasdan admin panelga kirish
💣 Command injection
👉 Diagnostic funksiyalar orqali OS command ishlatish
🧬 CSRF (Cross-Site Request Forgery)
👉 Foydalanuvchi orqali router sozlamasini o‘zgartirish
🌐 DNS hijacking
👉 Trafikni fake saytga yo‘naltirish
🔑 Default credentials
👉 Eng oddiy, lekin eng xavfli xato
🕳 Backdoor / hidden account
👉 Ishlab chiqaruvchi yoki malware qoldirgan access
📡 Open management ports
👉 Telnet / SSH / Web internetga ochiq
---
🧩 Xulosa:
Ba’zida:
❌ Zero-day kerak emas
❌ Murakkab exploit ham shart emas
👉 Bitta exposed router yetarli
---
🔐 Tavsiyalar:
• Router’ni internetdan yopish (VPN orqali kirish)
• Firmware’ni doim yangilash
• Default credential’larni o‘zgartirish
• Monitoring va loglarni tekshirish
• Keraksiz servislarni o‘chirish
---
👉 Esda tuting:
“Router — bu kichik qurilma emas.
Bu — butun tarmoqqa kirish eshigi.”
🔥4❤3😁2👍1😴1