All posts by John Doe

🎃HOW APT37 EMPLOYED ROKRAT SHELLCODE AND STEGANOGRAPHIC TECHNIQUE ℹ️ Researchers have identified a new variant of RoKRAT, the malware associated with North Korea’s APT37 group. This version employs two-stage encrypted shellcode execution and steganography to conceal malicious code inside image files, enabling evasion from traditional detection methods. 📍 INFECTION VECTOR ■ The intrusion begins with…

■■■□□ Big Brother is watching: Wi-Fi signals can track you in your home It could open the door to mass surveillance. https://theweek.com/tech/wifi-signals-now-tracking-users-at-home

■■■■■ 📱 New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature. New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature

■■■■■ WinRAR zero-day exploited to plant malware on archive extraction. www.bleepingcomputer.com/news/security/winrar-zero-day-flaw-exploited-by-romcom-hackers-in-phishing-attacks/

■■■■□ A non native arrested for driving smishing SMS blasters around Vietnam 🇻🇳 Risk, Fraud & Security The fake base stations sent messages claiming recipients had to pay a traffic fine. Foreign National Arrested for Driving Smishing SMS Blasters around Vietnam

PHRACK – 72 72nd Edition of Phrack has been released in limited capacity. Full release in a few days. https://phrack.org/

■■□□□ ‘The best solution is to murder him in his sleep’: AI models can send subliminal messages that teach other AIs to be ‘evil,’ study claims. https://www.livescience.com/technology/artificial-intelligence/the-best-solution-is-to-murder-him-in-his-sleep-ai-models-can-send-subliminal-messages-that-teach-other-ais-to-be-evil-study-claims

■■□□□ Microsoft Bounty Program year in review: $17 million in rewards. This is in 12 month’s time. https://msrc.microsoft.com/blog/2025/08/microsoft-bounty-program-year-in-review-17-million-in-rewards/

■□□□□ The CVE Scoring Trap — Why “Critical” Doesn’t Always Mean Critical A recent analysis shows CVSS ratings often exaggerate real risk: 📊 33,000+ CVEs in 2024 — only ~12% of “critical” ones truly critical in practice. 🔍 Review of 140 major CVEs → 88% of “Critical” & 57% of “High” labels misleading. ⚠️ Example:…

■■■□□ SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls. SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls