All posts by John Doe

■■■■■ O2 VoLTE: Locating any customer with a phone call Privacy is dead: For multiple months, any O2 customer has had their location exposed to call initiators without their knowledge. https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

■■■□□ Iran ‘obtains vast quantity’ of secret Israeli military plans. Report by state broadcaster claims nuclear and defence documents were secured in mission a ‘while ago’. Israel recently arrested 2 of its citizen Jews ✡️ in connection with espionage for Iran. https://www.telegraph.co.uk/world-news/2025/06/08/iran-uncovers-secret-israeli-nuclear-defence-plans/

■■■□□ Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux. Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux

■■□□□ Italy Admits Hacking Activists With Israeli Spyware Paragon. The finding by an Italian parliamentary committee comes after WhatsApp announced in January that it had detected that about 100 user accounts were likely hacked using spyware developed by Paragon, an Israeli offensive cyber company. https://www.haaretz.com/israel-news/security-aviation/2025-06-05/ty-article/.premium/italy-admits-activists-were-hacked-with-israeli-spyware-but-not-journalists/00000197-3ff4-d079-ab97-7ff5bd8a0000

■■□□□ United States Secret Service: We recently worked with Federal partners to seize approximately 145 darknet and internet domains, as well as cryptocurrency associated the BidenCash marketplace, a criminal platform used to traffic stolen credit cards and personal information. https://www.secretservice.gov/newsroom/releases/2025/06/us-government-seizes-approximately-145-criminal-marketplace-domains

🟥 Facebook app and other Meta apps are malware that bypass security audits to leak user data to meta servers. The covert method Meta uses to track mobile browsing without consent — even in incognito mode or with a VPN on all androis devices. Patch immediately: Reset the phone and make sure not to install…

■■■□□ Ukraine 🇺🇦 strikes Russian 🇷🇺 bomber-maker with cyber-attack. Following a daring drone attack on Russian airfields, Ukrainian military intelligence may have hacked the servers of Tupolev, the Kremlin’s strategic bomber maker. Local media reports that the Defense Intelligence of Ukraine managed to exfiltrate over 4.4GB of data from Tupolev’s servers, including official correspondence, personal…

🤩Google Chrome’s unique handling of referrer-policy creates a major loophole for silent data siphoning. CVE-2025-4664 proves that even trusted browsers are not immune to catastrophic zero-day vulnerabilities. Cross-origin data is up for grabs if you haven’t updated Chrome or Chromium. Detecting Chrome CVE-2025-4664 vulnerability with Wazuh https://www.techradar.com/pro/security/billions-of-chrome-users-at-risk-from-new-data-stealing-browser-vulnerability-how-to-stay-safe

■■■■■ Qualcomm fixes three Adreno GPU zero-days exploited in attacks. The company says two critical flaws (tracked as CVE-2025-21479 and CVE-2025-21480) were reported through the Google Android Security team in late January, and a third high-severity vulnerability (CVE-2025-27038) was reported in March. docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html https://www.aninews.in/news/national/general-news/6-pakistan-fighter-jets-one-c-130-aircraft-multiple-cruise-missiles-uavs-destroyed-during-iaf-retaliation-in-op-sindoor20250603194710/

■■■□□ CVE-2025-49113: Roundcube RCE. This vulnerability allows authenticated users to execute arbitrary commands via PHP object deserialization. https://x.com/ptswarm/status/1929940817679962141