All posts in Uncategorized

■■■■□ Windows Server 2025 Golden dMSA Attack Enables Authentication Bypass and Password Generation. Windows Server 2025 Golden dMSA Attack Enables Authentication Bypass and Password Generation

■■■■□ SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access. SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access

■■□□□ The tap trap: Android security vulnerability discovered. https://techxplore.com/news/2025-07-android-vulnerability.html

🖥🌐📱 Browser-Reviewer: Browser Reviewer is a portable forensic tool for analyzing user activity in Firefox and Chrome-based browsers for Windows platforms. It extracts and displays browsing history, downloads, bookmarks, and autofill data. The tool allows analysts to tag, comment, and export reports in PDF. It requires no installation and can be executed directly from a…

■■■■■ An unnamed surveillance vendor in Middle East was caught exploiting a new SS7 attack to track people’s phone locations silently. The Good, the Bad, and the Encoding: An SS7 Bypass Attack A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations

■■■■□ Cyber Security NewsVulnerability News Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role. Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role

■■■■■ Google finds custom backdoor being installed on SonicWall network devices. https://arstechnica.com/security/2025/07/google-finds-custom-backdoor-being-installed-on-sonicwall-network-devices/

■■■■■ RenderShock 0-Click Vulnerability Executes Payloads via Background Process Without User Interaction. RenderShock 0-Click Vulnerability Executes Payloads via Background Process Without User Interaction

■■■■□ United States’ NSA hacked Huawei and its customers, specifically Iran. This was a major hack by fundamentals. A classic supply-chain attack. 🎸 I saw the fallout in a neighbouring country at the time. They used another backdoor password for maintenance which caused some issues.

■□□□□ Multi critical vulnerabilities exist is the latest version of A****** CMS incl. FU-RCE, SQLi, ATO by Token abuse. 🎸 Will post details as soon as we have permission. CVEs being filed.