cKure Red

🖼The One-Man APT, Part I: A Picture That Can Execute Code on the Target.

https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/

Please open Telegram to view this post

VIEW IN TELEGRAM

🤮1

1.74K views06:21

cKure Red

cKure Red pinned «🖼The One-Man APT, Part I: A Picture That Can Execute Code on the Target. https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/»

06:21

cKure Red

Google 🔍 Engineer dropped a book. A comprehensive guide to building agentic AI systems.

Key points:

Concepts: Prompt chaining, routing, memory, planning, safety, and evaluation.

✅Patterns: Design methods for multi-agent setups, tool-using agents, and autonomous workflows.

✅Hands-on: Code samples for implementing these patterns in real-world apps.

✅Goal: Help developers build reliable, scalable, and safe intelligent agents.

Think of it as a playbook for advanced AI agent design.

📱

https://docs.google.com/document/d/1rsaK53T3Lg5KoGwvf8ukOUvbELRtH-V0LnOIFDxBryE/mobilebasic

Please open Telegram to view this post

VIEW IN TELEGRAM

Google Docs

Agentic Design Patterns

Agentic Design Patterns 👉 🧠 ✅ I’m excited to share that my new book, "Agentic Design Patterns: A Hands-On Guide to Intelligent AI Agents," is officially out! 👉 🧠 ✅ In a field moving at lightning speed, this book focuses on the durable, fundamental patterns…

🔥5

5.55K views19:44

cKure Red

🤖 CVE-2025-48539: Android bluetooth stack access over adjacent WiFi with no user interaction. With chains privilege escalation, the attacker can do full device access remotely.

https://osv.dev/vulnerability/ASB-A-406785684

Please open Telegram to view this post

VIEW IN TELEGRAM

osv.dev

OSV - Open Source Vulnerabilities

Comprehensive vulnerability database for your open source projects and dependencies.

🔥21

2.08K viewsedited 20:54

cKure Red

⚽️ APT28 embed payloads inside PNG files.

https://blog.sekoia.io/apt28-operation-phantom-net-voxel/

Please open Telegram to view this post

VIEW IN TELEGRAM

Sekoia.io Blog

APT28 Operation Phantom Net Voxel

APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.

🔥2👍1

2.1K views15:36

cKure Red

🔦 TOR VPN Beta - Silent release

https://play.google.com/store/apps/details?id=org.torproject.vpn

https://www.techradar.com/vpn/vpn-services/the-tor-project-quietly-launches-a-beta-android-vpn-and-looks-for-testers

Google Play

Tor VPN Beta - Apps on Google Play

Tor-powered VPN with per-app routing & network-level privacy

🔥1

1.69K viewsedited 06:03

cKure Red

Claude is hacker as it gets Kali tools via MCP

https://youtube.com/shorts/Uc18mso08Ro

YouTube

I Accidentally Turned Claude Into a Hacker...

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

😁4👍11

1.76K views18:15

cKure Red

🔑

OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely.

➿CVE-2025-9230: Memory Corruption Vulnerability
➿CVE-2025-9231: Timing Side-Channel Flaw

https://cybersecuritynews.com/openssl-vulnerabilities/

Please open Telegram to view this post

VIEW IN TELEGRAM

Cyber Security News

OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely

The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to execute remote code and potentially recover private cryptographic keys.

❤3

2.46K views22:23

cKure Red

📱

Critical zero-click vulnerability (CVE-2025-55177) within WhatsApp has been leveraged in targeted spyware operations, in conjunction with an Apple Imagel0 flaw (CVE-2025-43300).

This combination enabled malicious actors to disseminate exploits via WhatsApp, resulting in potential data exfiltration from the user's Apple device.

The attack sequence involved:
🚫Attacker-controlled delivery
🚫Malicious DNG/remote image (Imagel0) parsing vulnerability (OOB write)
➿ Remote code execution
All occurring without user engagement.

https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/

https://blog.quarkslab.com/patch-analysis-of-Apple-iOS-CVE-2025-43300.html

Please open Telegram to view this post

VIEW IN TELEGRAM

TechCrunch

WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware | TechCrunch

A spyware vendor was behind a recent campaign that abused a vulnerability in WhatsApp to deliver an exploit capable of hacking into iPhones and Macs.

❤2🔥22⚡1

1.94K viewsedited 10:34

cKure Red

🔺

📱

PoC Exploit Released For Nothing Phone Code Execution Vulnerability.

4️⃣

https://github.com/R0rt1z2/fenrir

https://cybersecuritynews.com/nothing-phone-code-execution-vulnerability/

Please open Telegram to view this post

VIEW IN TELEGRAM

GitHub

GitHub - R0rt1z2/fenrir: Let's control MediaTek's bootchain

Let's control MediaTek's bootchain. Contribute to R0rt1z2/fenrir development by creating an account on GitHub.

👍2🔥1

1.6K views19:52

cKure Red

DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains.

EtherHiding, a novel technique where the attackers embed malicious payloads (like JADESNOW and INVISIBLEFERRET malware) within smart contracts on public blockchains (like BNB Smart Chain and Ethereum).

https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding/

Google Cloud Blog

DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains | Google Cloud Blog

North Korea threat actor UNC5342 is leveraging the EtherHiding technique in espionage and financially motivated operations.

🔥5✍11

1.94K viewsedited 15:14

cKure Red

🙋

😴

😊

Spyware fest exposé

▶️

https://youtu.be/xfWyU5iXJ3I

Please open Telegram to view this post

VIEW IN TELEGRAM

YouTube

This Secret Tech Tracked World Leaders, a Vatican Enemy, and Maybe You

► For more, visit Mother Jones: https://www.motherjones.com/politics/2025/10/firstwap-altamides-phone-tracking-surveillance-secrets-assad-erik-prince-jared-leto-anne-wojcicki/

Operating from their base in Jakarta, where permissive export laws have allowed…

4⚡3🔥1🏆1

1.29K views21:16

cKure Red

1:25

This media is not supported in your browser

VIEW IN TELEGRAM

■■■■□ Illegal cell tower location tracking en-masse as FARA disclosure of yet another Jew act emerges.

Credits: Ian Caroll

🤔1😱1😐1

1.25K views22:03

cKure Red

2:08

This media is not supported in your browser

VIEW IN TELEGRAM

🔴

Cybercrime-as-a-Service Takedown

Major coordinated operation leads to the arrest of 7 suspects behind a large-scale SMS spoofing and SIM-boxing network.

Operation highlights:

🔍 26 searches conducted

👥 5 main operators apprehended

📦 1,200 SIM-boxes running 40,000 SIM cards seized

💳 Hundreds of thousands of additional SIM cards confiscated

🌐 5 servers hosting the illegal service dismantled

💻 2 domains — gogetsms.com & apisim.com — seized and replaced with law enforcement splash pages

💶 €431,000 frozen in bank accounts

💰 $333,000 in crypto seized

🚗 4 luxury cars confiscated

💡 Credits: @smspoolnet (𝕏)
🔗 More: https://x.com/DarkWebInformer/status/1978603403354792430

#CyberSecurity #Takedown #OSINT #CyberCrime #LEA