Paying for your VPS with Monero doesn’t mean you’re anonymous. This video explains why financial privacy isn’t the same as operational security and how assuming otherwise can expose you.
https://youtube.com/watch?v=OqzMrhcMcUM
https://youtube.com/watch?v=OqzMrhcMcUM
YouTube
Your VPS Provider Can Still Betray You, Monero or Not
Paying for your VPS with Monero doesn’t mean you’re anonymous. This video explains why financial privacy isn’t the same as operational security and how assuming otherwise can expose you.
Monero is excellent at protecting on-chain transaction data, but once…
Monero is excellent at protecting on-chain transaction data, but once…
A hacker has stolen customer data from TeleMessage, an obscure Israeli company that sells modified messaging apps to the U.S. government. The breach includes messages from its versions of Signal, WhatsApp, Telegram, and WeChat. TeleMessage recently gained attention after Mike Waltz revealed he used it in a meeting with Trump.
https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/
https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/
404 Media
The Signal Clone the Trump Admin Uses Was Hacked
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.
This bug is one of the most dangerous types of bugs that exist, a wormable RCE in the apple airplay protocol. This video explains what a UAF is, what a Type Confusion is, and how Rust may have fixed it.
https://www.youtube.com/watch?v=AZ0WM6U48lI
https://www.youtube.com/watch?v=AZ0WM6U48lI
YouTube
this might be the biggest bug of the year
This bug is one of the most dangerous types of bugs that exist, a wormable RCE in the apple airplay protocol. In this video we break down what a UAF is, what a Type Confusion is, and how Rust may have fixed it.
https://www.oligo.security/blog/airborne
🏫…
https://www.oligo.security/blog/airborne
🏫…
Micah Lee analyses the source code for the unofficial Signal app used by Trump officials.
https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
micahflee
Here's the source code for the unofficial Signal app used by Trump officials
💡Update May 4, 2025: I have published quite the follow-up story, if I may say so myself: The Signal Clone the Trump Admin Uses Was Hacked
Update May 6, 2025: I've written a new detailed analysis. The findings are based on the TM SGNL source code and are…
Update May 6, 2025: I've written a new detailed analysis. The findings are based on the TM SGNL source code and are…
Eddie Zhang leverages AI to uncover an authentication bypass and remote code execution in OpenGamePanel.
https://projectblack.io/blog/vibe-hacking-open-game-panel-rce/
https://projectblack.io/blog/vibe-hacking-open-game-panel-rce/
Research Blog | Project Black
Vibe Hacking: Finding Auth Bypass and RCE in Open Game Panel
You've heard of vibe coding, but have you considered vibe hacking? I tried thinking less to find an authentication bypass and RCE in OpenGamePanel.
India's sovereign platform for aggregating and disseminating cyber threat intelligence.
https://ctigrid.arpsyndicate.io
https://ctigrid.arpsyndicate.io
SlowMist Researchers dive deep into the Lockbit Breach.
https://slowmist.medium.com/when-hackers-get-hacked-analyzing-the-breach-of-lockbit-23b8f553747d
https://slowmist.medium.com/when-hackers-get-hacked-analyzing-the-breach-of-lockbit-23b8f553747d
Medium
When Hackers Get Hacked: Analyzing the Breach of LockBit
LockBit’s leaked database exposed BTC addresses, private keys, chat logs, and linked companies.
Should we launch cyber offensive against Pakistan?
#OpSindoor #OperationSindoor #IndiaPakistanWar
#OpSindoor #OperationSindoor #IndiaPakistanWar
Anonymous Poll
56%
YES 😈
44%
NO 🙅♂
Ben Folland explores how defenders can exploit flaws in Telegram-based malware to disrupt C2 communications subsequently revealing insights into their backend infrastructure and other cybercrime activities.
https://polygonben.github.io/malware%20analysis/Compromising-Threat-Actor-Communications/
https://polygonben.github.io/malware%20analysis/Compromising-Threat-Actor-Communications/
Polygonben
Compromising Threat Actor Communications
Traditionally, the vast majority of malware would communicate to a threat actor owned server via a threat actor owned domain or IP address. This domain or IP would likely be hardcoded within the malware sample somewhere, such that when executed, it would…
U.S. is investigating hidden communication tech in Chinese solar and battery equipment while pushing for trusted gear in its power grid.
https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/
https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/
Reuters
Rogue communication devices found in Chinese solar power inverters
U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said.
OpenBullet 2 is a popular tool among attackers for credential-stuffing attacks, offering features like proxy support and CAPTCHA farm integration. Its user-friendly interface and availability of pre-made LoliScript configurations make it accessible even to non-developers.
https://blog.castle.io/open-bullet-2-fraudsters-preferred-credential-stuffing-tool-2/
https://blog.castle.io/open-bullet-2-fraudsters-preferred-credential-stuffing-tool-2/
The Castle blog
Open Bullet 2: The preferred credential stuffing tool for bots
Open Bullet 2 is an open-source software, specialized in credential stuffing attacks, i.e. attacks that use bots to automatically steal user accounts at scale by automatically testing stolen credentials found in data breaches. It can target both websites…
In 2017, Qihoo 360 founder Zhou Hongyi criticized Chinese experts joining foreign hackathons, urging that discovered vulnerabilities stay within China. His stance aligned with national policy, as domestic competitions now require reporting all findings to the government.
https://youtu.be/8kpnSb4yGR0
https://www.bloomberg.com/news/articles/2025-04-30/chinese-hacking-competitions-fuel-the-country-s-broad-cyber-ambitions
https://youtu.be/8kpnSb4yGR0
https://www.bloomberg.com/news/articles/2025-04-30/chinese-hacking-competitions-fuel-the-country-s-broad-cyber-ambitions
Bloomberg.com
Chinese Hacking Competitions Fuel the Country’s Broad Cyber Ambitions
Participants are required to turn findings over to the Chinese government.
🚨 Stay ahead with real-time CVE scoring updates!
Track daily changes in EPSS & VEDAS at:
👉 https://vedas.arpsyndicate.io
We also push bulk updates to GitHub:
📈 https://github.com/ARPSyndicate/cve-scores
Need deeper CVE insights?
Try our enrichment API:
🔍 https://api.exploit.observer/?keyword=CVE-2025-32370&enrich=True
Track daily changes in EPSS & VEDAS at:
👉 https://vedas.arpsyndicate.io
We also push bulk updates to GitHub:
📈 https://github.com/ARPSyndicate/cve-scores
Need deeper CVE insights?
Try our enrichment API:
🔍 https://api.exploit.observer/?keyword=CVE-2025-32370&enrich=True
VEDAS Scores for CVEs (https://github.com/ARPSyndicate/cve-scores) is a more reliable, capable, and intelligence-driven alternative to EPSS.
LinkedIn Post: https://www.linkedin.com/posts/glatisant_vulnerability-vulnintel-vulnrichment-activity-7331612428687884288-BIDG
LinkedIn Post: https://www.linkedin.com/posts/glatisant_vulnerability-vulnintel-vulnrichment-activity-7331612428687884288-BIDG
Sean Heelan discovered a critical zero-day vulnerability, CVE-2025-37899 in the Linux kernel's ksmbd module using OpenAI's o3 language model. This marks one of the first instances where a large language model has independently identified a complex kernel-level security flaw.
https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/
https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/
Sean Heelan's Blog
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API ̵…