All posts in Uncategorized

■■■■■ Jewish ✡️ state’s another cyber crime unmasked. Hacked in Pakistan: Israeli Spyware Firm Intellexa, Owned by Ex-intel Officer, Still Active Amid United States’ Sanctions. Spyware targets in Pakistan and Iraq 🇮🇶 and a new infection method. The sanctions aren’t deterring Intellexa 💻 https://www.haaretz.com/israel-news/security-aviation/2025-12-04/ty-article-magazine/.premium/israeli-spyware-firm-intellexa-owned-by-ex-intel-officer-still-active-amid-us-sanctions/0000019a-e3e8-db35-afbf-ebfcb8bb0000

■■□□□ Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks. https://thehackernews.com/2025/12/researchers-uncover-30-flaws-in-ai.html

■■■□□ New jamming-proof base in Greenland to help Europe defend against Russia. https://www.euronews.com/next/2025/12/05/could-this-new-jamming-proof-base-in-greenland-help-europe-defend-against-russia

■□□□□ Cloudflare blames today’s outage on React2Shell mitigations. https://www.bleepingcomputer.com/news/security/cloudflare-blames-todays-outage-on-emergency-react2shell-patch/

■■■■□ React2Shell Ultimate – CVE-2025-66478 Scanner. https://github.com/hackersatyamrastogi/react2shell-ultimate

■■■□□ This is the most reliable public detection (at this time) to indicate whether a machine is actually exploitable to CVE-2025-55182 / React2Shell without invoking the RCE and limited FP’s. It triggers an internal error and validates the vulnerable version https://cloud.projectdiscovery.io/library/CVE-2025-55182

■■■□□ OWASP is at the forefront of AI security. We invite you to explore the new OWASP AI Testing Guide, a remarkable contribution from Matteo Meucci and Marco Morana. Additionally, we recommend reviewing the OWASP AI Vulnerability Scoring System (AIVSS), a valuable tool designed to standardize risk prioritization. Our sincere congratulations and gratitude extend to…

■■■■■ Someone can access posts linked to your Instagram even if you’ve made your account private. While Instagram, as a Meta product, implements anti-bot measures to prevent scraping, OSINT tools that rely on third-party services such as Apify to actively maintain functional APIs capable of successfully extracting data are becoming increasingly popular. Recent tools often…

■■■■□ Multiple bugs in Chrome addressed. CVE-2025-13633 Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-13634 Inappropriate implementation in Downloads in Google Chrome on Windows prior to…

■■■■□ Live Stream from Inside Lazarus Group’s IT Workers Scheme. https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/