After “The Art of Evasion” @x33fcon I’m publishing NimSyscallPacker to the public. This is the most advanced public Packer/Loader I’m aware of: github.com/S3cur3Th1sSh1t/Ni…

Hello, If you're a person who enjoys malware and/or knows Python and wants to see malware that targets STEAM and GAMERS, I have the source code to a malware I have named "Stealer.Python.GMBA.Manipulator". This malware was originally noted on Xitter from @GMBA. In summary, this Python malware kills the Steam process and relaunches it with the "-cef-enable-debugging" flag. Because Steam is a Chromium app, this allows the malware payload to manipulate Steam web pages with web socket gunk and Javascript gunk. This malware can "modify" user inventories, "block users", etc. It is all a facade designed to trick and social engineer Steam users into giving their expensive Counter Strike stuff to them. It appears to be written using AI. Regardless of that fact this malware is creative and I like it. The malware source code to this can be found under the "/Python/" directory. It is named "Stealer.Python.GMBA.Manipulator.7z". This malware campaign is still active and the C2 is still live. If you execute the __main__.py file you might cook yourself, so be careful. Alternatively, you can run this in a VM and send the malware campaign authors pictures of Goatse. github.com/vxunderground/Mal…

mini shai-hulud song

You don’t see this every day: attackers hiding C2 infrastructure inside computer science essays on Pastebin using character-level steganography, then wiring it into 26 typosquatted npm packages impersonating some of the ecosystem’s most widely-used libraries. Socket detected the cluster within minutes of publication, uncovering a disciplined, multi-stage operation linked to the Contagious Interview campaign that delivers a full infostealer and RAT stack built to harvest developer credentials. socket.dev/blog/stegabin-26-…

"So, whatever you believe is the current “State of the Art” probably is wrong and is just what you see inside your bubble. We have zero idea about what other Red Teams are doing, or what tricks they have in their bags as result of internal researchs." This is weird because there is significantly more back channel and collab than ever before it just doesn't happen here. The reason it doesn't happen here is some decides to blog for internet points. x-c3ll.github.io/posts/Rant-…

CVE-2026-24061 GNU InetUtils Security Advisory: remote authentication by-pass in telnetd The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter. If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes. This happens because the telnetd server do not sanitize the USER environment variable before passing it on to login(1), and login(1) uses the -f parameter to by-pass normal authentication. openwall.com/lists/oss-secur… codeberg.org/inetutils/inetu…

Episode 168 is here! 🔊 📶 "LoD" The Legion of Doom (LoD) wasn’t just a “hacker group”, it captured the essence of underground hacking in the 80s/90s. BBSes, phreaking, rival crews, and the crackdowns that changed everything. From those humble beginnings came a legacy that still echoes through modern security culture today. darknetdiaries.com/episode/1…

Holy shit… the exploitation of CVE-2025-55182 has reached a new level. There’s now a publicly available Chrome extension on GitHub that automatically scans for and exploits vulnerable sites as you browse. Absolutely wild. 🤦‍♂️

Finally sharing what’s been under wraps for months. @evildaemond and I tore into HID SEOS to build the first open-source implementation for Proxmark3. This is our Black Hat Asia 2025 story → youtube.com/watch?v=mnhGx1i6… #RFIDHacking #SEOS #CyberSecurity

If you want to extend #BloodHound a little bit and use it for other stuff such as passwordaudits, choke point detection and remediation tracking, increase your session data again etc, than this one's for you. luemmelsec.github.io/Whos-a-… NO OpenGraph extension - sorry fan boys

You’ve heard of the Unix 2038 Problem. I bet you haven’t heard of the GPS 2038 problem. Every GPS navigation device in existence experiences an integer overflow every 19.6 years. Last time, it wiped out iPhones, NOAA weather buoys, and a number of flights in China:

SAVE THE DATE! The organisation of the #pts26 edition is starting 😎 📣 Info we can already share are: - 🗓️ Tuesday June 30 to Thursday July 2, 2026 ✅ - 📍as asked in your feedback answers, we will be again at Université Catholique de Lille 🎉 Website & more are coming soon! 😘

1995: The movie Hackers was released. Yes, 30 years ago today. 🤯 It grossed just $7 million at the box office against a budget of $20 million. Ouch. A box office failure, but today it's a cult classic. Crash Override. Acid Burn. Rollerblades. Floppy disks. Hack the Gibson!!!

Happy #HackersDay! Today's the 30th anniversary of "Hackers".

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-0… Cheers to @u1f383 for finding these CVEs the OffensiveCon talk from gteissier & @laomaiweng for inspiration!

Huge thanks to the @hexacon_fr team for bringing BlackHoodie to Paris! A free 4-day security workshop for women by women Oct 6-9. So grateful for our amazing trainers: Sonia (Linux Forensics) Paula (Web/Mobile Sec) & Jiska (iOS Hacking)! blackhoodie.re/Hexacon2025/

Zero Cool day!

we got a persistent 0click on ChatGPT by sharing a doc that allowed us to exfiltrate sensitive data and creds from your connectors (google drive, sharepoint, ..) chat history future conversations it gets worse. we deploy a memory implant #DEFCON #BHUSA @tamirishaysh

40 YEARS AGO - I launched the Amstrad CPC6128. Having a built-in disc drive opened up the machine to more serious business computing and gaming - see youtube.com/watch?v=T14izU3W… The demo at 15:06 shows off the sound and graphics handling - brilliant for 1985. Discs held 1.4MB 💾

hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: hashcat.net/forum/thread-133…