meet VMkatz, github.com/nikaiw/VMkatz

About AI Recommendation Poisoning microsoft.com/en-us/security…

🚨‼️Telnet has a critical vulnerability that was introduced in 2015 and has been recently patched The vulnerability allows attackers to remotely authenticate as root without user interaction. A PoC has already been released.

#Calisto Group Phishing TTPs & IOCs Update blog.sekoia.io/ngo-reporters…

Code-formatters expose thousands of secrets from banks, govt, tech orgs bleepingcomputer.com/news/se… #Security

𝗢𝘂𝘁𝗹𝗼𝗼𝗸 𝗦𝘁𝗮𝗿𝘁𝘂𝗽 𝗣𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝗲 𝘃𝗶𝗮 𝗥𝗲𝗴𝗶𝘀𝘁𝗿𝘆 𝗠𝗼𝗱𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 (T1112) Recent research (e.g., Splunk’s NotDoor Insights) highlights that adversaries can achieve persistence in Microsoft Outlook by modifying the registry key 𝗟𝗼𝗮𝗱𝗠𝗮𝗰𝗿𝗼𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝗢𝗻𝗕𝗼𝗼𝘁. When enabled, this setting forces Outlook to automatically load any configured VBA macros at startup, granting attackers a reliable foothold on the compromised system. This technique aligns with 𝗠𝗜𝗧𝗥𝗘 𝗔𝗧𝗧&𝗖𝗞 𝗧1112 (𝗠𝗼𝗱𝗶𝗳𝘆 𝗥𝗲𝗴𝗶𝘀𝘁𝗿𝘆) and represents a stealthy persistence mechanism. Detection opportunities include monitoring for: - Creation or modification of the 𝗟𝗼𝗮𝗱𝗠𝗮𝗰𝗿𝗼𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝗢𝗻𝗕𝗼𝗼𝘁 registry value - Unexpected macro execution during Outlook startup - Correlation with known malware families such as NotDoor, which leverage this method to maintain access Implementing the below KQL detection rule for this registry modification can help defenders identify and disrupt malware that abuses Outlook for persistence. #Cybersecurity #OutlookPersistence #T1112

Evasion Techniques: Human Behavior Mimicry in Android Malware Herodotus distinguishes itself from most device takeover malware families by incorporating human behavior simulation during remote control sessions. This technique is designed to evade behavioral biometric detection systems, which typically flag automated or robotic interactions as suspicious. threatfabric.com/blogs/new-a…

Is this real or a joke CVE-2025-55315 ? ASP.NET Core is vulnerable to http request smuggling !!!! And why is no one talking about it? github.com/advisories/GHSA-5…

F5 BIG-IP RCE: A trivial TMUI flaw led to RCE. Need to quickly audit your own company's exposure? Use the specific Shodan dork: title:"BIG-IP®" org:"[Your Company's Legal Name]" 👈 Patch now. #BIGIP #RCE #Exploit #Security #BugBounty #bugbountytips

#APT35 Hunting & IOCs Rules stormshield.com/news/apt35-p…

new completely unedited-written-at-7am-no-sleep blog post (im so sorry @RhinozzCode) where i drop a fairly useless 0day i've been holding onto for a while now maia.crimew.gay/posts/im-bor…

𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗘𝘅𝗽𝗼𝘀𝗲𝗱 𝗠𝗖𝗣 𝗦𝗲𝗿𝘃𝗲𝗿 🤖 🚨 Trend Micro found 492 MCP servers exposed online—no auth, no encryption. These act as backdoors to sensitive data like cloud resources, customer info & internal tools. 🔓 90% allow direct read access via natural language—no coding needed to exfiltrate data. trendmicro.com/vinfo/us/secu… Exposed MCP servers pose a risk for organizations utilizing them. The below KQL identify the list of endpoints running MCP Server with the risk exposure associated.🔥 detections.ai/share/rule/S7H… #Cybersecurity #MCPServer #ExposureManagement

💥 Remote Code Execution in GitHub Copilot (CVE-2025-53773) 👉 Prompt injection exploit writes to Copilot config file and puts it into YOLO mode, then we get immediate RCE 🔥 Bypasses all user approvals 🛡️ Patch is out today. Update before someone else does it for you

Top 5 RMM Tools #1 | Overview & Why It Matters ANY.RUN released stats on the 5 most exploited Remote Monitoring & Management (RMM) tools in H1 2025 — see chart Why should we care about them? Because: ● They reveal attackers' favorite backdoor channels ● Help blue teams identify potential backdoors and malicious implants ● Enable threat hunting via ZoomEye with precise queries This thread will break down each tool with exploitation patterns & search tips. #MalwareThreats #phishing #ZoomEye #cybersecurity #OSINT

Did you know a GeoJSON containing all country borders is only 1MB? Small enough to search in real-time

Cobalt Strike Beacon delivered via GitHub and social media DLL Hijacking Crash reporting Send Utility BsSndRpt.exe BugSplatRc64.dll Preference: Malicious profiles on popular online platforms securelist.com/cobalt-strike…

#Darkhotel #DarkSeal The malicious North Korean input method installer "hana9.30_x64_9.exe" 72.10.160[.]162:443 94.242.61[.]116:443 mp.weixin.qq.com/s/Cx-v95Ua8…

opsec like bedrock

it's not FAANG anymore it's GAYMAN

Bug Bounty Tip You can hide your XSS payload inside SVG or Math element to bypass custom XSS Sanitisers or WAF filters