All posts by John Doe

■■■■□ Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets. Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets

■■■□□ Intel suggests Israeli state sponsored threat actors are running free VPN apps to access data of people. As per a source; the primary target is Iran.

■■■■■ The minefield between syntaxes: exploiting syntax confusions in the wild https://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits

■■■■□ Thread actor “Sylhet Gang-SG” has targeted Moroccan Airlines website on their latest attack. https://check-host.net/check-report/336a069cka52

■■□□□ Google Says Some VPN Apps Are Actually Dangerous Malware. https://www.gizchina.com/google-2/google-says-some-vpn-apps-are-actually-dangerous-malware

■■■■□ Cyber-Attack by Iranian state sponsored hacker group. The Hendala group announces that it sent flowers to an Israeli scientist, after gaining access to a system allegedly related to the Soreq nuclear center. It is likely that the flower delivery was carried out by a local collaborator, who placed the bouquet inside the scientist’s car…

■■■■□ Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks. Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks

Inside 💭💭💭💭 Origins, Motives, and Methods of a Rapidly Expanding Hacktivist Collective. ckure.org/archives/18075

■■■□□ New Unauthenticated DoS Vulnerability Crashes Next.js Servers with a Single Request. New Unauthenticated DoS Vulnerability Crashes Next.js Servers with a Single Request

🔄Tomiris wreaks Havoc: New tools and techniques of the APT group. Tomiris wreaks Havoc: New tools and techniques of the APT group