A new module has been merged into NetExec: change-password🔥 Accounts with STATUS_PASSWORD_EXPIRED aren't a problem anymore, just reset their password. You can also abuse ForceChangePassword to reset another user's password. Made by @kriyosthearcane, @mehmetcanterman and me

Phishing Pretext: An obvious spam email with a header that has a message “<Organization> has flagged this message as a phishing email. Click <button link>Report</link> to submit this to the Security Operations Team”

thecvefoundation.org/ "In response, a coalition of longtime, active CVE Board members have spent the past year developing a strategy to transition CVE to a dedicated, non-profit foundation." They've been planning for the past year.

MITRE announced on April 15 that their CVE contract ends on April 16. That timing alone raises some questions. The language in the message feels very deliberate: “We’re committed,” “considerable efforts,” “if a break were to occur” – while they know a break will happen the next day. That’s not just unfortunate timing. It looks like controlled messaging, maybe even a pressure move. CVE isn’t some massive budget item. It’s a lightweight system with probably a small core team and some automation. I’d guess a handful of full-time staff, not dozens. So cutting this - of all things - doesn’t really look like cost-saving. If the goal was to send a message about funding or contract uncertainty, they picked the most visible and disruptive program. And it worked – everyone’s paying attention. It’s worth noting that MITRE owns the CVE and CWE trademarks. Even if someone else takes over, they’ll still be operating within MITRE’s legal boundaries. All in all, this looks less like a necessary budget cut and more like a strategic decision to generate visibility and urgency. Hard to read it any other way.

CF-Hero: discover the real IP addresses of web applications protected by Cloudflare meterpreter.org/cf-hero-disc…

Improved bypass for Windows 11 OOBE: 1. Shift-F10 2. start ms-cxh:localonly Only required on Home and Pro editions.

We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11. This change ensures that all users exit setup with internet connectivity and a Microsoft Account. blogs.windows.com/windows-in…

The NXCDB of NetExec finally supports the LDAP protocol as well🎉 Long overdue and now finally implemented by @lapinousexy

So good that I have these service renewal emails! From the 5 emails I received this morning, I apparently have spent over $2500 on services! 😂 I'd like to think people wouldn't fall for those scams, but I'm sure they do. Has anyone else seen a major uptick in that and the Loan Service phone scams? Seems like it's daily.

RustPotato: privilege escalation tool meterpreter.org/rustpotato-p…

Local credential theft by replacing the runas binary. github.com/DarkSpaceSecurity…

Video demo of bypassing Windows Defender App Control with Loki C2! Blog with details coming in 1-2 weeks. Yes -- @d_tranman and I created an entire C2 in JavaScript and it bypasses all the things 🥷🧙‍♂️🪄

North Korean Lazarus hackers infect hundreds via npm packages - @billtoulas bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…

Vim Users Warned: Crafted TAR Files Could Trigger Code Execution (CVE-2025-27423) securityonline.info/vim-user…

We have had many positions open up recently, along with some internships. We are 100 percent remote. US only at this point. Spread the word. binarydefense.com/about-us/c…

HTA files just won't quit malwareanalysisspace.blogspo…