Hackers are turning TikTok into a malware delivery tool.

From ClickFix to fake Spotify "boosts"—hackers are now using AI-generated TikToks to trick users into running malicious commands. One video got 500K views before takedown.

🔆 t.me/techpsyche

✳️ Hᴏᴡ Sᴏᴄɪᴀʟ Eɴɢɪɴᴇᴇʀɪɴɢ Wᴏʀᴋs?

🌀ɢᴀᴛʜᴇʀ ɪɴғᴏʀᴍᴀᴛɪᴏɴ: ᴛʜɪs ɪs ᴛʜᴇ ғɪʀsᴛ sᴛᴀɢᴇ, ʜᴇ ʟᴇᴀʀɴs ᴀs ᴍᴜᴄʜ ᴀs ʜᴇ ᴄᴀɴ ᴀʙᴏᴜᴛ ᴛʜᴇ ɪɴᴛᴇɴᴅᴇᴅ ᴠɪᴄᴛɪᴍ. ᴛʜᴇ ɪɴғᴏʀᴍᴀᴛɪᴏɴ ɪs ɢᴀᴛʜᴇʀᴇᴅ ғʀᴏᴍ ᴄᴏᴍᴘᴀɴʏ ᴡᴇʙsɪᴛᴇs, ᴏᴛʜᴇʀ ᴘᴜʙʟɪᴄᴀᴛɪᴏɴs ᴀɴᴅ sᴏᴍᴇᴛɪᴍᴇs ʙʏ ᴛᴀʟᴋɪɴɢ ᴛᴏ ᴛʜᴇ ᴜsᴇʀs ᴏғ ᴛʜᴇ ᴛᴀʀɢᴇᴛ sʏsᴛᴇᴍ.

🌀ᴘʟᴀɴ ᴀᴛᴛᴀᴄᴋ: ᴛʜᴇ ᴀᴛᴛᴀᴄᴋᴇʀs ᴏᴜᴛʟɪɴᴇ ʜᴏᴡ ʜᴇ/sʜᴇ ɪɴᴛᴇɴᴅs ᴛᴏ ᴇxᴇᴄᴜᴛᴇ ᴛʜᴇ ᴀᴛᴛᴀᴄᴋ

🌀ᴀᴄϙᴜɪʀᴇ ᴛᴏᴏʟs: ᴛʜᴇsᴇ ɪɴᴄʟᴜᴅᴇ ᴄᴏᴍᴘᴜᴛᴇʀ ᴘʀᴏɢʀᴀᴍs ᴛʜᴀᴛ ᴀɴ ᴀᴛᴛᴀᴄᴋᴇʀ ᴡɪʟʟ ᴜsᴇ ᴡʜᴇɴ ʟᴀᴜɴᴄʜɪɴɢ ᴛʜᴇ ᴀᴛᴛᴀᴄᴋ.

🌀ᴀᴛᴛᴀᴄᴋ: ᴇxᴘʟᴏɪᴛ ᴛʜᴇ ᴡᴇᴀᴋɴᴇssᴇs ɪɴ ᴛʜᴇ ᴛᴀʀɢᴇᴛ sʏsᴛᴇᴍ.

🌀ᴜsᴇ ᴀᴄϙᴜɪʀᴇᴅ ᴋɴᴏᴡʟᴇᴅɢᴇ: ɪɴғᴏʀᴍᴀᴛɪᴏɴ ɢᴀᴛʜᴇʀᴇᴅ ᴅᴜʀɪɴɢ ᴛʜᴇ sᴏᴄɪᴀʟ ᴇɴɢɪɴᴇᴇʀɪɴɢ ᴛᴀᴄᴛɪᴄs sᴜᴄʜ ᴀs ᴘᴇᴛ ɴᴀᴍᴇs, ʙɪʀᴛʜᴅᴀᴛᴇs ᴏғ ᴛʜᴇ ᴏʀɢᴀɴɪᴢᴀᴛɪᴏɴ ғᴏᴜɴᴅᴇʀs, ᴇᴛᴄ. ɪs ᴜsᴇᴅ ɪɴ ᴀᴛᴛᴀᴄᴋs sᴜᴄʜ ᴀs ᴘᴀssᴡᴏʀᴅ ɢᴜᴇssɪɴɢ.

What is CTF & How to solve CTF: https://t.me/zerotrusthackers/75

Red Team Free Course: https://t.me/zerotrusthackers/68

Cyber Security Course for Beginners: https://udemy.com/course/certified-secure-netizen/

Google Dorks for Information Gathering: https://t.me/zerotrusthackers/54

Cyber Security Vocabulary: https://t.me/zerotrusthackers/71

Password Attacks: https://t.me/zerotrusthackers/67

More Security Resources Here:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918

25th May |🛡Cyber Security Free Udemy Coupons Added
━━━━━━━━━━━━━━━━━━━━━
https://tinyurl.com/udemycouponsfree
━━━━━━━━━━━━━━━━━━━━━
#01 Mastering Cybersecurity Vulnerability Management (101 Level)
https://techurl.in/aRnoo

#02 Linux Bash Scripting
https://techurl.in/QHWMe

#03 Cybersecurity 101: Foundations for Absolute Beginners
https://techurl.in/MseUi

#04 AZ-500: Microsoft Azure Security Technologies - May 2025
https://techurl.in/uSJPo

#05 Identify and Prevent Phishing Attacks: Before They Harm You
https://techurl.in/pCHnC

#06 PowerShell Regular Expressions: Regex Master Class
https://techurl.in/NopOB

#07 Mastering Cybersecurity Ransomware Incident Response (101)
https://techurl.in/rJySS

#08 AWS Certified Cloud Practitioner Foundational 101 Course
https://techurl.in/JzZyi

#09 PowerShell Functions Master Class
https://techurl.in/IUioc

#10 CSSLP 101 : Certified Secure Software Lifecycle Professional
https://techurl.in/ylLmc

#11 CDMP Course : Certified Data Management Professional (101)
https://techurl.in/vuJOE

#12 File & Folder Management Using PowerShell: For Beginners
https://techurl.in/Vrosl

#13 Practical IoT Security and Penetration testing for Beginners
https://techurl.in/YrHoH

#14 Windows Hacking Uncovered: Log Analysis & Defense
https://techurl.in/ovWQV

#15 Windows Security
https://techurl.in/EAooS

#16 Hackers Toolkit
https://techurl.in/RjQNU

#17 SY0-501: CompTIA Security+ Practice Test - 2025
https://techurl.in/IwZra

#18 1Z0-062: Oracle Database 12c Install Practice Test - 2025
https://techurl.in/mvrkT

━━━━━━━━━━━━━━━━━━━━━
Udemy Coupons Expire After 1000 Redemptions
Join Our Channels for Instant Alerts
━━━━━━━━━━━━━━━━━━━━━
Join Our WhatsApp Channel:
https://whatsapp.com/channel/0029Vatt3A635fLoJKXrp71G
Join Our Telegram Channel:
https://t.me/udemycoursecouponsfree
━━━━━━━━━━━━━━━━━━━━━
Do share in your groups.✨

How to enroll to the courses

Remote Information Security Engineer Job at Sporty Group

- In this role, you will Engineer, implement and monitor security measures for the protection of our computer systems, applications and infrastructure, such as, WAF, DDoS, DNS, Networking, VPN etc.

Apply Here:
https://kenyatrends.co.ke/8wj1

Global Tech Jobs Here👇
https://t.me/techpsyche

SHARE WITH YOUR FRIENDS🥳🥳

𝗧𝗼𝗽 𝟱 𝗗𝗮𝘁𝗮 𝗦𝗰𝗶𝗲𝗻𝗰𝗲 𝗙𝗥𝗘𝗘 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗖𝗼𝘂𝗿𝘀𝗲𝘀 🚀💻

* Data Science Foundations
* SQL for Data Science
* Python for Data Science
* Introduction to Data Science
* Data Science Projects 

𝐋𝐢𝐧𝐤 👇:- 

https://tinyurl.com/yzpdp26d

Enroll For FREE & Get Certified 🎓

28th May | 🥷Bug Bounty Write-Ups

Scripting Outside the Box: API Client Security Risks (2/2)
https://www.sonarsource.com/blog/scripting-outside-the-box-api-client-security-risks-part-2/

Dexodus Lost $300K in a Signature Replay Attack [Here’s the Breakdown]
https://quillaudits.medium.com/dexodus-lost-300k-in-a-signature-replay-attack-heres-the-breakdown-46b7165970e2

Unpatched Critical Vulnerability in TI WooCommerce Wishlist Plugin
https://patchstack.com/articles/unpatched-critical-vulnerability-in-ti-woocommerce-wishlist-plugin/

Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

Hacking Insights: Gaining Access to University of Hyderabad Ganglia Dashboard
https://infosecwriteups.com/hacking-insights-gaining-access-to-university-of-hyderabad-ganglia-dashboard-bdc15f3a82fe

Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers

WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918

🛑 What is Website Defacement? 🛑

A website defacement is an attack on a website that changes the visual appearance of the site or a webpage.

These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.

The most common method of defacement is using SQL Injections to log on to administrator accounts.

Defacements usually consist of an entire page. This page usually includes the defacer’s pseudonym or “Hacking Codename.” Sometimes, the Website Defacer makes fun of the system administrator for failing to maintain server security. Most times, the defacement is harmless, however, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware or deleting essential files from the server.

Google Dorks for Information Gathering: https://t.me/zerotrusthackers/54

Cyber Security Vocabulary: https://t.me/zerotrusthackers/71

Password Attacks: https://t.me/zerotrusthackers/67

How Social Engineering Works: https://t.me/zerotrusthackers/124

More Security Resources Here:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918

29th May | 🥷Bug Bounty Write-Ups

1)IDOR Attacks Made Simple: How Hackers Access Unauthorized Data 🔐
https://infosecwriteups.com/idor-attacks-made-simple-how-hackers-access-unauthorized-data-ca1158d18190

2)How to hunt for (P1, P2) Blind XSS
https://osintteam.blog/how-to-hunt-for-p1-p2-blind-xss-87e027acd85b

3)Bugged by Backup Files: How .zip and .bak Gave Me the Source Code 📦📜
https://infosecwriteups.com/bugged-by-backup-files-how-zip-and-bak-gave-me-the-source-code-872a376b0b2b

4)Subdomain Surfing to Server Secrets 🌊🔐 — How I Took Over a Forgotten Subdomain
https://infosecwriteups.com/subdomain-surfing-to-server-secrets-how-i-took-over-a-forgotten-subdomain-4e9b1147f880

5)The Ultimate Guide to 403 Forbidden Bypass (2025 Edition)
https://osintteam.blog/the-ultimate-guide-to-403-forbidden-bypass-2025-edition-1b2e852e503e

6)Neurocracked CTF Part Three: Neural Network Nexus
https://cybernoweducation.medium.com/neurocracked-ctf-part-three-neural-network-nexus-367f49a70902

7)UniVsThreats CTF 2025 — Dark web Stories — Forensics and Steganography (Medium) writeup
https://medium.com/@ahmedashraf.ragab/univsthreats-ctf-2025-dark-web-stories-forensics-and-steganography-medium-writeup-d02bf04181ef

8)HACK-ERA CTF — Phase 1 Walkthrough
https://infosecwriteups.com/hack-era-ctf-phase-1-walkthrough-63b3316e86c7

9)Hacker101CTF — Model E1337 — Rolling Code Lock — 2/2 FLAGS
https://medium.com/@gus3rmr/hacker101ctf-model-e1337-rolling-code-lock-2-2-flags-f5a279dcd433

10)picoCTF Writeup — Flag Hunters
https://medium.com/@fortydays/picoctf-writeup-flag-hunters-081cb01fa002

Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers

WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918

#bug #bugs #bugbounty #bugbountytip #bugbountytips #hacking #hacker #ethicalhacking #ethicalhacker #ethicalhackers #cybersecurity

𝗠𝗮𝘀𝘁𝗲𝗿 𝗣𝘆𝘁𝗵𝗼𝗻 𝗳𝗼𝗿 𝗙𝗿𝗲𝗲 𝗶𝗻 𝟮𝟬𝟮𝟱: 𝟰 𝗘𝘅𝗽𝗲𝗿𝘁-𝗕𝗮𝗰𝗸𝗲𝗱 𝗖𝗼𝘂𝗿𝘀𝗲𝘀 𝘁𝗼 𝗕𝗼𝗼𝘀𝘁 𝗬𝗼𝘂𝗿 𝗖𝗼𝗱𝗶𝗻𝗴 𝗦𝗸𝗶𝗹𝗹𝘀 🚀💻 

Looking to kickstart your coding journey with Python? 🐍

Whether you’re an aspiring data analyst, a student, or preparing for tech roles, these free Python courses are perfect for beginners!📊📌

𝐋𝐢𝐧𝐤👇:-

https://techurl.in/jesjn

These platforms offer high-quality learning — no fees, no catch✅

New PumaBot botnet brute forces SSH credentials to breach devices

A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads.

Bill Toulas | bleepingcomputer​ .com • May 28, 2025

💡 t.me/zerotrusthackers

APT41 malware abuses Google Calendar for stealthy C2 communication

The Chinese APT41 hacking group uses a new malware named 'ToughProgress' that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service.

Bill Toulas | bleepingcomputer .com • May 28, 2025

💡 t.me/zerotrusthackers

Windows 11 KB5058499 update rolls out new Share and Click to Do features

​​Microsoft has released the KB5058499 preview cumulative update for Windows 11 24H2 with forty-eight new features or changes, with many gradually rolling out, such as the new Windows Share feature and the Click to Do Preview.

Lawrence Abrams | bleepingcomputer .com • May 28, 2025

💡 t.me/zerotrusthackers

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

APT41 used Google Calendar to control TOUGHPROGRESS malware via encrypted events; Google shut it down.

The Hacker News | thehackernews .com • May 29, 2025

💡 t.me/zerotrusthackers

Data broker LexisNexis discloses data breach affecting 364,000 people

Data broker giant LexisNexis Risk Solutions has revealed that unknown attackers stole the personal information of over 364,000 individuals in a December breach.

Sergiu Gatlan | bleepingcomputer​ .com • May 29, 2025

💡 t.me/zerotrusthackers

Microsoft: Windows 11 might fail to start after installing KB5058405

Microsoft has confirmed that some Windows 11 systems might fail to start after installing the KB5058405 security update released during this month's Patch Tuesday.

Sergiu Gatlan | bleepingcomputer .com • May 29, 2025

💡 t.me/zerotrusthackers

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce exploited three SimpleHelp CVEs to hijack an MSP’s RMM tool, steal data, and deploy ransomware on customer systems.

The Hacker News | thehackernews .com • May 29, 2025

💡 t.me/zerotrusthackers

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

Malware with corrupted DOS and PE headers evades detection for weeks, decrypts TLS-based C2 and enables full attacker control.

The Hacker News | thehackernews​ .com • May 29, 2025

💡 t.me/zerotrusthackers

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

DoJ seized 4 domains on May 27 tied to malware crypting tools, disrupting cybercriminal stealth operations.

The Hacker News | thehackernews​ .com • May 31, 2025

💡 t.me/zerotrusthackers

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Linux vulnerabilities CVE-2025-5054 and CVE-2025-4598 let local attackers extract sensitive data via SUID core dumps.

The Hacker News | thehackernews ​ .com • May 31, 2025

💡 t.me/zerotrusthackers

Exploit details for max severity Cisco IOS XE flaw now public

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit.

Bill Toulas | bleepingcomputer .com • May 31, 2025

💡 t.me/zerotrusthackers