Facebook shields millions of "VIP users" from the company’s standard content moderation practices in a program called "XCheck," according to internal documents obtained by the WSJ.

Critical encryption vulnerability found in secure communications platform Matrix.

https://portswigger.net/daily-swig/critical-encryption-vulnerability-found-in-secure-communications-platform-matrix

A consortium of journalists gained access to a leak of more than 50,000 phone numbers entered into a system used for targeting by Pegasus, a sophisticated spyware product made by the Israel 🇮🇱 sponsored company NSO Group. Governments around the world paid the company vast sums of money to gain access to Pegasus and let them use it to attack their targets.

https://cdn.occrp.org/projects/project-p

Fully Weaponized CVE-2021-40444

Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution), works with arbitrary DLL files.

https://github.com/klezVirus/CVE-2021-40444

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

https://www.bitdefender.com/blog/labs/bitdefender-offers-free-universal-decryptor-for-revil-sodinokibi-ransomware

Cyber-Attack by India 🇮🇳 on Pakistan 🇵🇰 and China 🇨🇳 as Windows Zero-Day(s) made by United States 🇺🇸 company used in spy campaign.

India apparently leaked the Zeroday details and were used by rogue hacking units of South Korea 🇰🇷 (non-state sponsored).

https://www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/

iOS 15 iCloud Private Relay Vulnerability Identified.

https://fingerprintjs.com/blog/ios15-icloud-private-relay-vulnerability/

PandoraFMS 755 - Chained XSS + .htaccess RCE.

https://k4m1ll0.com/chained_exploit_htaccess.html

Latest FinFisher spyware upgrades 'particularly worrying,' says Kaspersky.

Eight-month analysis finds four-layer obfuscation, two-stage loader, and a new UEFI attack

https://go.theregister.com/feed/www.theregister.com/2021/09/28/kasperky_finfisher_spyware_report/

● One of the android devices used to administer this channel was accessed remotely, a few hours ago by an unknown entity.

No modifications to data were noticed on the device.

🔧 Tool: TrevorC2 - Command and Control via Legitimate Behavior over HTTP

https://github.com/trustedsec/trevorc2

PANDORA PAPERS

The largest investigation in journalism history exposes a shadow financial system that benefits the world’s most rich and powerful.

https://www.icij.org/investigations/pandora-papers/

Updated list of Hacking channels on telegram: https://t.me/cKure/7364

● Yet another website: aaqeel01.wordpress.com (Malware Research Website)

☆ Breaking: Phrack 72 has been released.

http://phrack.org/issues/70/1.html

Twitch Data-Leak original post copy and link.

Archived at https://sizeof.cat/

Zero-Day Exploit code: Cisco RV110W UPnP 0day 分析.

https://github.com/badmonkey7/CVE-2021-34730

Breaking: India 🇮🇳: Activists in Togo 🇹🇬 attacked by Indian made spyware.

OSINT report by Amnesty International of a Cyber-Crime apparently by an Indian company that has been linked to the infrastructure used by Donot Group and an Indian cybersecurity company Innefu Labs.

Report: https://github.com/blackorbird/APT_REPORT/blob/master/Donot/Donot%20Group%20%26%20Innefu%20Labs.pdf

Deepfence ThreatMapper helps you to monitor and secure your running applications, in Cloud, Kubernetes, Docker, and Fargate Serverless.

https://github.com/deepfence/ThreatMapper