2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#Malware_analysis
1⃣ Malicious use of virtual machine infrastructure
https://www.sophos.com/en-us/blog/malicious-use-of-virtual-machine-infrastructure
2⃣ Black Basta: Defense Evasion Capability Embedded in Ransomware Payload
https://www.security.com/threat-intelligence/black-basta-ransomware-byovd
3⃣ Technical Analysis of Marco Stealer
https://www.zscaler.com/blogs/security-research/technical-analysis-marco-stealer
4⃣ Another piece of XWorm: Interesting way to drop the trojan in another malicious script
https://isc.sans.edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682
#WebApp_Security
#Offensive_security
Top 10 New Web Hacking Techniques of 2025
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025
// The top web hacking techniques of 2025 include parser differentials, HTTP/2 CONNECT exploits, cross-origin leaks, cache poisoning, and novel SSRF methods
#Cloud_Security
#Threat_Research
"Cloud Edge Phishing: Breaking the Future of Auth",
OOTB 2025.
// This talk analyzes modern phishing techniques - including OAuth consent hijacking, browser-based MITM proxies, and token-binding attacks - and demonstrates two revolutionary serverless approaches that serve as the ultimate stealthy platforms for phishing Ops
See also:
]-> Authentication Downgrade Attacks: Deep Dive into MFA Bypass (Feb. 2026)
#hardening
#Whitepaper
#Cloud_Security
"Container Security: Docker & Kubernetes Hardening. Complete Enterprise Security Guide", Dec. 2025.
// This guide takes a practical, end-to-end approach to securing containerized environments, covering Docker, Kubernetes, networking, and the supply chain with an operational mindset. Each chapter examines specific security domains in depth, providing practical guidance, real-world examples, and production-ready configurations for securing containerized environments
#tools
#hardening
#MLSecOps
Detecting and Monitoring OpenClaw (clawdbot, moltbot)
1⃣ OpenClaw Detection Scripts
// Detection scripts for MDM deployment to identify OpenClaw installations on managed devices
2⃣ OpenClaw Telemetry Plugin
// Captures tool calls, LLM usage, agent lifecycle, and message events
3⃣ Advanced Cognitive Inoculation Prompt (ACIP)
// Fortifying LLMs against sophisticated prompt injection attacks
crypto-scanner: Open-source CLI tool to find quantum-vulnerable cryptography in your codebase
https://ift.tt/JxXf0lT
Submitted February 07, 2026 at 07:11AM by MindlessConclusion42
via reddit https://ift.tt/fWoIhw8
Django SQL Injection in RasterField lookup (CVE-2026-1207)
https://ift.tt/X0ANszu
Submitted February 06, 2026 at 12:24AM by c0daman
via reddit https://ift.tt/Nd0Jbcl
⤷ Title: Privilege Escalation: Hijacking an Organization via Billing Notifications
════════════════════════
𐀪 Author: Mohamed Fathy
════════════════════════
ⴵ Time: Fri, 06 Feb 2026 20:16:09 GMT
════════════════════════
⌗ Tags: #cybersecurity #penetration_testing #business_logic #security #idor_vulnerability
⤷ Title: Torbbb_Official/understanding-the-evolution-of-darkweb-markets-over-time-29c93a3e3411?source=rss------infosec-5">Understanding the Evolution of Darkweb Markets Over Time
════════════════════════
𐀪 Author: Tor BBB
════════════════════════
ⴵ Time: Fri, 06 Feb 2026 21:24:30 GMT
════════════════════════
⌗ Tags: #infosec #osint #cybersecurity #darkweb
#tools
#Cloud_Security
1⃣ Weaponizing Whitelists:
An Azure Blob Storage Mythic C2 Profile
https://specterops.io/blog/2026/01/30/weaponizing-whitelists-an-azure-blob-storage-mythic-c2-profile
]-> Azure Blob Storage C2 Profile
// The article explores how enterprise firewalls' broad Azure Blob Storage exceptions can be exploited for covert C2, introducing Mythic's "azureBlob" profile that uses container-scoped SAS tokens and blob operations for stealthy C2
2⃣ Moltworker: a self-hosted personal AI agent, minus the minis
https://blog.cloudflare.com/moltworker-self-hosted-ai-agent
// Moltworker enables deploying scalable, secure AI applications on Cloudflare’s platform using Workers, Sandboxes, R2, and Browser Rendering, demonstrated through Slack integrations and open-sourced for global deployment
#Malware_analysis
1⃣ SonicWall Breach Enabled Ransomware Attack
https://www.ctrlaltnod.com/news/sonicwall-breach-enabled-ransomware-attack-on-74-us-banks
2⃣ RedKitten: AI-accelerated Campaign
https://harfanglab.io/insidethelab/redkitten-ai-accelerated-campaign-targeting-iranian-protests
3⃣ Pulsar RAT: When Malware Talks Back
https://www.pointwild.com/threat-intelligence/when-malware-talks-back
#Tech_book
#Malware_analysis
#Blue_Team_Techniques
"Phishing RunBook/PlayBook", 2025
// Phishing playbook guides SOC teams in detecting, analyzing, and responding to phishing threats.
- SOC phishing detection and response guide
- Defines roles, triage, and investigation steps
- Focuses on email, credential, and social engineering threats
- Ensures quick containment and awareness
- Promotes continuous improvement and prevention
#Malware_analysis
#Threat_Research
1⃣ GOGITTER, GITSHELLPAD, and GOSHELL Analysis
https://www.zscaler.com/blogs/security-research/apt-attacks-target-indian-government-using-gogitter-gitshellpad-and-goshell
2⃣ Blackmoon malware + SyncFuture TSM tool
https://www.esentire.com/blog/weaponized-in-china-deployed-in-india-the-syncfuture-espionage-targeted-campaign
3⃣ Inside a Multi-Stage Windows Malware Campaign
https://www.fortinet.com/blog/threat-research/inside-a-multi-stage-windows-malware-campaign
4⃣ MacSync Stealer Returns:
SEO Poisoning and Fake GitHub Repositories
https://daylight.ai/blog/macsync-stealer-returns-seo-poisoning
5⃣ PURELOGS Infostealer Analysis
https://www.swisspost-cybersecurity.ch/news/purelogs-infostealer-analysis-dont-judge-a-png-by-its-header
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (Jan.17-24, 2026)
1⃣ CVE-2026-24061: Telnetd RCE as Root
// This script exploits the CVE-2026-24061 vulnerability in Telnet servers using a malformed USER environment variable
2⃣ Top Agentic AI Security Threats in 2026
// The agentic AI era has arrived. The question is not whether your organization will face agentic threats in 2026. The question is whether you will be ready
3⃣ ISC BIND DoS vulnerability in Drone ID Records
// CVE-2025-13878
4⃣ Pwn2Own Automotive 2026
// Day One Two Three Results
5⃣ Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts
// The vulnerabilities allow for unauth bypass of SSO login authentication via crafted SAML messages when the FortiCloud SSO feature is enabled on affected Devices
6⃣ SmarterTools SmarterMail WT-2026-0001 Auth Bypass
// This issue was patched in ver.9511, released on Jan 15, 2026. If you have not already upgraded, do so immediately. This vulnerability is already being actively exploited!
7⃣ Wireshark 4.6.3 and 4.4.13 Released
// Release notes + download page
8⃣ Bandit v.1.9.3
// Tool to find common security issues in Python code
]-> Analytical review (Jan.10-17, 2026)
#AIOps
#MLSecOps
#Threat_Research
"Agent Skills in the Wild: An Empirical Study of Security Vulnerabilities at Scale", 2026.
// The rise of AI agent frameworks has introduced agent skills, modular packages containing instructions and executable code that dynamically extend agent capabilities. While this architecture enables powerful customization, skills execute with implicit trust and minimal vetting, creating a significant yet uncharacterized attack surface
#MLSecOps
#Infosec_Standards
NIST AI 800-2 (IPD):
"Practices for Automated Benchmark Evaluations of Language Models", Jan. 2026.
// This document identifies practices for conducting automated benchmark evaluations of language models and similar general-purpose AI models that output text. Evaluations of these models, often embedded into systems capable of functioning as chatbots and AI agents, are increasingly common. However, consistent practices to support the validity and reproducibility of such evaluations are only beginning to emerge. The practices presented in this document are intended to reflect best practices; where relevant, practices that are relatively less mature in ecosystem use are labeled as emerging practice
#AppSec
Application Audit Checklist, 2025.
// Checklist to support application audits across governance, access controls, configuration, data integrity, logging, change management, integrations, and recovery
#exploit
#AppSec
1⃣ CVE-2025-67813:
RCE via Quest Desktop Authority Named Pipe
// A vulnerability in Quest Desktop Authority allows authenticated users to remotely execute code and perform malicious operations via a named pipe, which can be mitigated by patches, firewalls, or disabling the service
2⃣ CVE-2026-24002:
RCE sandbox escape in Grist‑Core
// One malicious formula can turn a spreadsheet into a RCE beachhead...
3⃣ CVE-2025-49825:
Teleport remote authentication bypass
// CVE-2025-49825 is a critical Teleport vulnerability allowing attackers to bypass authentication and potentially gain root access via nested SSH certificates if unpatched
#MalDev
#Malware_analysis
#Offensive_security
MacOS Malware Persistence
Part 1 - LaunchAgents. Simple C example
]-> Source code in GitHub
Part 2 - Shell environment hijacking. Simple C example
]-> Source code in GitHub
// Disclaimer
#AIOps
#Tech_book
"Agentic Design Patterns: A Hands-On Guide to Building Intelligent Systems", Oct. 2025.
// A comprehensive guide presenting 21 design patterns for building AI agents, using frameworks like LangChain, Crew AI, and Google ADK to create autonomous intelligent systems
Tool: AST-based security scanner for AI-generated code (MCP server)
https://ift.tt/mc6CoVt
Submitted February 06, 2026 at 09:55PM by NoButterfly9145
via reddit https://ift.tt/rbwKiQ3
⤷ Title: Kh_abdel/mitm-lab-tryhackme-detection-blue-vs-red-41fc73ec9594?source=rss------tryhackme-5">MITM lab + tryhackme Detection — Blue vs Red
════════════════════════
𐀪 Author: Khalil
════════════════════════
ⴵ Time: Fri, 06 Feb 2026 21:48:58 GMT
════════════════════════
⌗ Tags: #tryhackme #ethical_hacking #man_in_the_middle_attack #ctf #wireshark
⤷ Title: Why Moltbook is Dangerous: Critical Zero-days Found in My Audit (Full Report)
════════════════════════
𐀪 Author: Saad Khalid
════════════════════════
ⴵ Time: Fri, 06 Feb 2026 21:20:44 GMT
════════════════════════
⌗ Tags: #vulnerability #penetration_testing #cybersecurity #moltbook #ai
⤷ Title: Hacking Networking Services Home Lab
════════════════════════
𐀪 Author: Mainekhacker
════════════════════════
ⴵ Time: Fri, 06 Feb 2026 21:01:00 GMT
════════════════════════
⌗ Tags: #smb #protocol #cybersecurity #hacking #networking
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (Jan.24-31, 2026)
1⃣ Critical eScan Supply Chain Compromise
// Anti-virus vendor eScan was compromised, and its update servers were used to install malware on some customer systems
2⃣ Fake Clawdbot VS Code Extension Installs ScreenConnect RAT
// The news about Clawdbot (now Moltbot) is used to distribute malware, in particular malicious VS Code extensions
3⃣ OpenSSL Updates
// OpenSSL released its monthly updates, fixing a potential RCE
4⃣ DoS Vulnerabilities in React Server Components
// Another folowup fix for the severe React vulnerability from last year, but now only fixing a DoS condition
5⃣ CVE-2026-21509 - MS Office 0-Day
// Microsoft released an out-of-band patch for Office fixing a currently exploited vulnerability
6⃣ StackRox 4.8.8 Kubernetes Security Platform + OpenAEV 2.0.14 Adversarial Exposure Validation Platform
// New releases have been released
7⃣ GnuPG 2.5.17
// This version fixes a critical security bug in versions 2.5.13 to 2.5.16
8⃣ Hacking Clawdbot and Eating Lobster Souls
// Part 2
9⃣ Operation Bizarre Bazaar
// First Attributed LLMjacking Campaign with Commercial Marketplace Monetization
1⃣0⃣ Silent Brothers: Ollama Hosts Form Anonymous AI Network Beyond Platform Guardrails
]-> Analytical review (Jan.17-24, 2026)
#MLSecOps
"Llama-3.1-FoundationAI-SecurityLLM-Reasoning-8B Technical Report", Jan 2026.
]-> Foundation-Sec-8B-Reasoning, the first open-source native reasoning model for cybersecurity
#Research
#IoD_Security
"A Large-Scale Evaluation Suite of Security, Resilience, and Trust for LLM-based UAV Agents over 6G Networks", 2026.
]-> Repo
// Large-scale benchmark for evaluating security, resilience, and trust of LLM-based UAV agents under realistic adversarial conditions in 6G-enabled networks, featuring layered attack taxonomies and CWE-aligned evaluation
#Analytics
#Research
"Frontier AI Auditing: Toward Rigorous Third-Party Assessment of Safety and Security Practices at Leading AI Companies", Jan 2026.
// We define frontier AI auditing as rigorous third-party verification of frontier AI developers' safety and security claims, and evaluation of their systems and practices against relevant standards, based on deep, secure access to non-public information
#MLSecOps
#Offensive_security
"Reasoning Hijacking: Subverting LLM Classification via Decision-Criteria Injection", 2026.
]-> Criteria Attack Dataset
// Current LLM safety research predominantly focuses on mitigating Goal Hijacking, preventing attackers from redirecting a model's high-level objective. In this paper, we argue that this perspective is incomplete and highlight a critical vulnerability in Reasoning Alignment. We propose a new adversarial paradigm: Reasoning Hijacking and instantiate it with Criteria Attack, which subverts model judgments by injecting spurious decision criteria without altering the high-level task goal
#Analytics
#Threat_Research
"Red Report 2025:
The Top 10 Most Prevalent MITRE ATT&CK Techniques. SneakThief and The Perfect Heist".
// This year's findings highlight a new era of adversarial sophistication in infostealer attacks, epitomized by malware like "SneakThief," which executed in a kill chain what has come to be known as "The Perfect Heist." Although the SneakThief malware is a fictitious name in this scenario, its attack patterns reflect real-world incidents. This advanced threat leverages stealth, persistence, and automation to infiltrate networks, bypass defenses, and exfiltrate critical data