All posts by cK-bot

■■■□□ Cyber-War: Unclassified zero-day Power-Gate exploit by the Zionist entity (Israel ) likely involved the following steps. 1. Pager firmware 0-day (for custom firmware update) or Kernel 0-day for the OS through the network or by the supply chain attack. 2. Payload would likely bypass auto-cut for exceeding voltage , overcharging, temperature (thermal runaway), or…

Zero-Day: Israel 🇮🇱 conducted a kinetic cyberattack using power surge to target handheld pager systems used by Lebabnon’s resistance members (aka Hizbollah) in Beirut’s southern suburbs leading to dozens of injuries in Lebanon 🇱🇧 The attack was executed in civilian areas of a sovereign nation. Around 1K cases have been reported. https://t.me/cKure/14701

■□□□□ North Korean hackers are using LinkedIn to spread RustDoor malware, posing as crypto recruiters to target professionals. They trick victims into downloading booby-trapped coding tests, with macOS backdoor. https://thehackernews.com/2024/09/north-korean-hackers-target.html https://t.me/cKure/14697

■■□□□ Exploiting Microsoft Kernel Applocker Driver (CVE-2024-38041). https://csa.limited/blog/20240916-Exploiting-Microsoft-Kernel-Applocker-Driver.html https://t.me/cKure/14696

■■■□□  United States cracks down on spyware vendor Intellexa with more sanctions Today, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware. https://www.bleepingcomputer.com/news/security/us-cracks-down-on-spyware-vendor-intellexa-with-more-sanctions/ https://t.me/cKure/14695

■■■□□ Cybersecurity experts have flagged a new phishing method that manipulates HTTP refresh headers to deliver spoofed login pages and steal credentials. https://thehackernews.com/2024/09/cybercriminals-exploit-http-headers-for.html https://t.me/cKure/14694

■■■■□ Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE. https://darkwebinformer.com/exploit-for-cve-2024-8504-cve-2024-8503-sqli-and-rce/ https://t.me/cKure/14693

GAZEploit: Remote Keystroke Inference Attack by Gaze Estimation from Avatar Views in VR/MR Devices. https://sites.google.com/view/Gazeploit/ PDF: https://arxiv.org/pdf/2409.08122 https://t.me/cKure/14691

■■■□□ Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS. https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b https://t.me/cKure/14689

■■■■■ Privacy: Meta fed its AI on almost everything you’ve posted publicly since 2007 / Unless you’re in the EU, there’s no ability to opt out of AI training settings that keep Facebook or Instagram posts public. Meta has revealed that it has used all publicly shared texts and photos from Facebook and Instagram users…