All posts by John Doe

■■■■■ Google finds custom backdoor being installed on SonicWall network devices. https://arstechnica.com/security/2025/07/google-finds-custom-backdoor-being-installed-on-sonicwall-network-devices/

■■■■■ RenderShock 0-Click Vulnerability Executes Payloads via Background Process Without User Interaction. RenderShock 0-Click Vulnerability Executes Payloads via Background Process Without User Interaction

■■■■□ United States’ NSA hacked Huawei and its customers, specifically Iran. This was a major hack by fundamentals. A classic supply-chain attack. 🎸 I saw the fallout in a neighbouring country at the time. They used another backdoor password for maintenance which caused some issues.

■□□□□ Multi critical vulnerabilities exist is the latest version of A****** CMS incl. FU-RCE, SQLi, ATO by Token abuse. 🎸 Will post details as soon as we have permission. CVEs being filed.

■■■□□ ✅OWASP AITG (Artificial Intelligence Testing Guide). ⚙️Documentation: https://github.com/OWASP/www-project-ai-testing-guide/tree/main ✨Data: https://github.com/joey-melo/payloads/tree/main/OWASP%20AITG-APP 🤗Hugging Face: https://huggingface.co/datasets/joey-melo/owasp-aitg-app-payloads/tree/main Credits: Joey Melo (Red Team Specialist)

🎸 JWT-Breaker is a client-side web application designed to aid in the security assessment of JSON Web Tokens (JWTs). It provides capabilities for decoding JWTs, performing various dictionary and brute-force attacks on HMAC-signed tokens, and identifying common JWT-related vulnerabilities. https://github.com/AamerShah/JWT-Breaker

■■■■□ 4️⃣ GitHub repositories host malware disguised as tools that gamers, and privacy-seekers are likely to download. The fake VPN 🧠 campaign drops malware straight into AppData and hides it from plain view Process injection through MSBuild.exe allows this malware to operate without triggering obvious alarms. GitHub Abused to Spread Malware Disguised as Free VPN…

■■■■■ SIRIUS📡 Sirius Scan, an open-source comprehensive vulnerability scanner that leverages community-driven security intelligence and automated penetration testing capabilities. https://github.com/SiriusScan/Sirius

🔥Fabian Bräunlein and Luca Melette, security researchers, have recently unveiled their research on European streetlights and power plants, which utilize the radio ripple control system developed by EFR. Their findings indicate that EFR systems employ an 💣 unencrypted RF 🚨 protocol to transmit control commands via longwave radio to a multitude of devices, including relays…

■■■■■ 🚨 A researcher discovered a dangerous vulnerability in smartphone eSIM Technology. 🔘👾Cybersecurity researchers have succeeded in identifying a serious weakness in eSIM technology that could underpin smartphone intrusions. 🔘Thevulnerability was discovered in the eUICC cards of the Irish company Kigen, which has announced that more than two billion SIM cards in IoT devices use…