All posts by John Doe

■■■□□ Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring. Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring

■■■■□ QuickShell : Sharing is Caring About an RCE Attack Chain on Quick Share. https://i.blackhat.com/Asia-25/Asia-25-Yair-QuickShell-Sharing-is-Caring.pdf

■■■■■ RCE Attack Chain on Google’s – Quick Share. QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

■■□□□ Possible zero-day in Juniper product. On Wednesday, SANS Institute’s Johannes Ullrich said he noticed a surge in scans for the username “t128,” which, when accompanied by the password “128tRoutes,” is a well-known default account for Juniper’s Session Smart Networking products. “About 3,000 source IPs took part in these scans,” reported Ullrich, the dean of…

🎲🐬 Feberis Pro: The Ultimate 4-in-1 Expansion Board for Flipper Zero. www.mobile-hacker.com/2025/03/31/feberis-pro-the-ultimate-4-in-1-expansion-board-for-flipper

■□□□□ Even some computer engineers are jobless to write this: Fake shell saying it is root (as if it was privilege escalation). Waste of time to people who have jobs. Content shared by fellow researcher .

■■■■□ We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain. The Acronis Threat Research Unit (TRU) was presented with an interesting threat chain and malware sample for analysis that involved a known cyberthreat along with some interesting twists in targeting and obfuscation. https://www.bleepingcomputer.com/news/security/we-smell-a-dcrat-revealing-a-sophisticated-malware-delivery-chain/

■□□□□ GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and organizations to serious security risks. https://www.bleepingcomputer.com/news/security/github-expands-security-tools-after-39-million-secrets-leaked-in-2024/

■■□□□ Oracle is being accused of poor incident comms as it reels from two reported data security mishaps over the past fortnight, amid a reluctance to publicly acknowledge all of the events as well as allegedly deleting evidence from the web. https://www.theregister.com/2025/04/02/oracle_breach_disaster_planning/

■■■■□ Cyber-Attack on Israel: Hackers exploit voicemail to hijack Telegram accounts in Israel, experts warn Cyber campaign, traced to Bangladesh and Indonesia, uses fake profiles and social engineering to breach Telegram accounts; Experts urge Israelis to disable voicemail or change default PINs and activate two-step verification for protection. https://www.ynetnews.com/business/article/sya8100kayg