Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access
https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access
از اینترنت باز تا حاکمیت اینترنتی: ایران در آستانه عصر تازهای از سرکوب دیجیتال
https://filter.watch/2026/04/20/nvestigative-report-april-2026-from-the-open-internet-to-internet-sovereignty/
https://filter.watch/2026/04/20/nvestigative-report-april-2026-from-the-open-internet-to-internet-sovereignty/
❤2
Any app on recent Android versions can leak certain traffic
A recently discovered bug in Android 16 allows any app to leak traffic outside the VPN tunnel.
As reported in the post The Tiny UDP Cannon: An Android VPN Bypass, Android 16 introduced a bug that allows a malicious app to send traffic outside the VPN tunnel, including with “Always-On VPN” + “Block connections without VPN” turned on. This affects all VPN apps, not just Mullvad VPN. This blog post aims to spread knowledge about this issue to help keep our users safe.
https://mullvad.net/en/blog/any-app-on-recent-android-versions-can-leak-certain-traffic
A recently discovered bug in Android 16 allows any app to leak traffic outside the VPN tunnel.
As reported in the post The Tiny UDP Cannon: An Android VPN Bypass, Android 16 introduced a bug that allows a malicious app to send traffic outside the VPN tunnel, including with “Always-On VPN” + “Block connections without VPN” turned on. This affects all VPN apps, not just Mullvad VPN. This blog post aims to spread knowledge about this issue to help keep our users safe.
https://mullvad.net/en/blog/any-app-on-recent-android-versions-can-leak-certain-traffic
🔥4
Mullvad exit IPs as a fingerprinting vector
Mullvad is one of the few VPN providers that offers multiple exit IPs for its servers. If two people connect to the same server, they will usually end up with different public IPs.With only 578 servers (compared to Proton VPN’s 20,000), this kind of vertical scaling makes sense to avoid cramming too many users onto one IP, which would be a problem on sites with overzealous IP blocks and ratelimits.Surprisingly, the exit IP you are given is not randomized each time you connect to the server, but deterministically picked based on your WireGuard key, which rotates every 1 to 30 days (unless you use a third-party client, in which case it never rotates).But wait.. if each server assigns you an independently picked static exit IP, wouldn’t just a few of those be enough to uniquely identify you among every other Mullvad user?
https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/
Mullvad is one of the few VPN providers that offers multiple exit IPs for its servers. If two people connect to the same server, they will usually end up with different public IPs.With only 578 servers (compared to Proton VPN’s 20,000), this kind of vertical scaling makes sense to avoid cramming too many users onto one IP, which would be a problem on sites with overzealous IP blocks and ratelimits.Surprisingly, the exit IP you are given is not randomized each time you connect to the server, but deterministically picked based on your WireGuard key, which rotates every 1 to 30 days (unless you use a third-party client, in which case it never rotates).But wait.. if each server assigns you an independently picked static exit IP, wouldn’t just a few of those be enough to uniquely identify you among every other Mullvad user?
https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/
❤3
Static Devirtualization of Themida
This article demonstrates devirtualization of CodeVirtualizer/Themida protected code, however the techniques described here apply to pretty much every virtual machine based obfuscator. Only requiring some minor modifications to support each of them. The following is a non-exhaustive list of obfuscators that can be reduced using the technique described in this article.
https://back.engineering/blog/09/05/2026/
This article demonstrates devirtualization of CodeVirtualizer/Themida protected code, however the techniques described here apply to pretty much every virtual machine based obfuscator. Only requiring some minor modifications to support each of them. The following is a non-exhaustive list of obfuscators that can be reduced using the technique described in this article.
https://back.engineering/blog/09/05/2026/
👍5❤2
Comprehensive technical analysis of the MitM attack in the "Telega" app
On the 18th of March creators of a third-party Telegram client called “Telega” activated a hidden feature that enables interception of all traffic between users of their applications and Telegram servers by putting it through servers controlled by them.
Unfortunately, there’s not much info about that, so we’ve made this article with a comprehensive and reproducible analysis of malicious behaviour.
https://dontusetelega.lol/analysis-en
On the 18th of March creators of a third-party Telegram client called “Telega” activated a hidden feature that enables interception of all traffic between users of their applications and Telegram servers by putting it through servers controlled by them.
Unfortunately, there’s not much info about that, so we’ve made this article with a comprehensive and reproducible analysis of malicious behaviour.
https://dontusetelega.lol/analysis-en
🥰4👍1
Media is too big
VIEW IN TELEGRAM
Iranian monarchists say girl's school bombing was "worth it," call for American ground invasion of Iran
💔44🤯4👎2🔥2❤1🥰1
Forwarded from Source Byte
< Scam Alert >
New Threat Actor steal famous "IrLeaks" support ID after their support account been inactive for a while ( their account deleted automatically ) , as i look at my archives this is previous accounts you can use to verify them :
[ + ] Exploit[.]in MemberID :
[ + ] BreachForums UserID :
[ + ] BreachForums Email address :
( Creation time:
[ + ] Telegram channel :
[ + ] Telegram Support :
[ + ] Email address :
New Threat Actor steal famous "IrLeaks" support ID after their support account been inactive for a while ( their account deleted automatically ) , as i look at my archives this is previous accounts you can use to verify them :
[ + ] Exploit[.]in MemberID :
150525 ( Last visited : September 7, 2024 )[ + ] BreachForums UserID :
46196[ + ] BreachForums Email address :
irleaks@proton.me ( Creation time:
1696708552 , Last update: 1710784785 )[ + ] Telegram channel :
1948656476[ + ] Telegram Support :
5128567513 <deleted>[ + ] Email address :
irleaks@tuta.io❤8
Source Byte
< Scam Alert > New Threat Actor steal famous "IrLeaks" support ID after their support account been inactive for a while ( their account deleted automatically ) , as i look at my archives this is previous accounts you can use to verify them : [ + ] Exploit[.]in…
be aware of scammers !
👍4👾3
Forwarded from CyberSecurityTechnologies
Kernel_Debugging_Filesystem_Minifilters.pdf
776.9 KB
#Whitepaper
#Kernel_Security
#Offensive_security
"Debugging Filesystem Minifilters with WinDbg", 2026.
// This technical reference poster explores Windows filesystem minifilters, kernel debugging, and filter communication ports from a red team perspective
#Kernel_Security
#Offensive_security
"Debugging Filesystem Minifilters with WinDbg", 2026.
// This technical reference poster explores Windows filesystem minifilters, kernel debugging, and filter communication ports from a red team perspective
🔥4
Forwarded from Infosec Fortress
Hacefresko
From breaking into my ISP router to finding a MediaTek kernel 0day
From breaking into my ISP router to finding a MediaTek kernel 0day
🔗 Link
#exploitation
#kernel
#linux
#mediatek
#zyxel
———
🆔 @Infosec_Fortress
🔗 Link
#exploitation
#kernel
#linux
#mediatek
#zyxel
———
🆔 @Infosec_Fortress
🔥5❤1
Infosec Fortress
From breaking into my ISP router to finding a MediaTek kernel 0day 🔗 Link #exploitation #kernel #linux #mediatek #zyxel ——— 🆔 @Infosec_Fortress
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from OnHex
CSWF.pdf
1.2 MB
🔴 مرکز فرماندهی عملیات امنیت سایبری سندی با عنوان "چارچوب ملی سرمایه انسانی امنیت سایبری ایران" در کانال بله اشون منتشر کرده.
#ایران #مرکز_فرماندهی_عملیات_امنیت_سایبری
🆔 @onhex_ir
🌍 ONHEXGROUP (Official Links)
یکی از چالشهای عمده حوزه امنیت سایبری کشورها و به طور خاص ایران، کمبود نیروی متخصص و شکاف مهارتی در این حوزه و نیز فقدان نقشهراهی مدون در خصوص مسیرهای شغلی و مقتضیات آن میباشد. این چارچوب با در نظر گرفتن زیستبوم و نیازهای واقعی کشور و با هدف ایجاد یک زبان مشترک و ساختاری منسجم طراحی شده است.
در این چارچوب، مجموعاً ۱۳ عنوان شغلی اصلی که برای وضعیت کنونی کشور و نیاز کلیدی سازمانها و شرکتها مبتلابه هستند، استخراج و وظایف، دانش تخصصی و مهارتهای هر یک به طور شفاف تشریح شده است.
#ایران #مرکز_فرماندهی_عملیات_امنیت_سایبری
🆔 @onhex_ir
🌍 ONHEXGROUP (Official Links)
🗿5👎2❤1
Trend Micro Deep Security Agent Research: Forcing bmhook/tmhook Reloads to Open a Protection Bypass Window
https://matheuzsecurity.github.io/hacking/trendmicro-bmhook-tmhook-reload-bypass/
https://matheuzsecurity.github.io/hacking/trendmicro-bmhook-tmhook-reload-bypass/
❤3
Source Byte
be aware of scammers !
this scammer is trying to mimic original threat actor , now they own irleaks@tuta.io , how? cuz tuta will delete your account after 6 month of inactivity :)
Forwarded from Source Byte
< Scam Alert >
New Threat Actor steal famous "IrLeaks" telegram support ID & tuta mail after their support account been inactive for a while ( their accounts deleted automatically due to privacy policy ) , as i look at my archives this is previous accounts you can use to verify them :
[ + ] Exploit[.]in MemberID :
[ + ] BreachForums UserID :
[ + ] BreachForums Email address :
( Creation time:
[ + ] Telegram channel :
[ + ]Telegram Support : <deleted>
[ + ]Email address :
New Threat Actor steal famous "IrLeaks" telegram support ID & tuta mail after their support account been inactive for a while ( their accounts deleted automatically due to privacy policy ) , as i look at my archives this is previous accounts you can use to verify them :
[ + ] Exploit[.]in MemberID :
150525 ( Last visited : September 7, 2024 )[ + ] BreachForums UserID :
46196[ + ] BreachForums Email address :
irleaks@proton.me ( Creation time:
1696708552 , Last update: 1710784785 )[ + ] Telegram channel :
1948656476[ + ]
5128567513[ + ]
irleaks@tuta.io <deleted by tuta policy>❤6