sysadm_in_channel | Technologies

Telegram-канал sysadm_in_channel - Sys-Admin InfoSec

12144

News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings * Multilingual (En, Ru). * Forum - forum.sys-adm.in * Chat - @sysadm_in * Job - @sysadm_in_job * ? - @sysadminkz

Subscribe to a channel

Sys-Admin InfoSec

DuneSlide: Two Critical RCE vulnerabilities via Zero-Click Prompt Injection in Cursor IDE

https://www.catonetworks.com/blog/duneslide-two-critical-rce-vulnerabilities/

Читать полностью…

Sys-Admin InfoSec

Crypto Clipper uses Tor and worm-like propagation for persistence and control

https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/

P.S. it work at current time, In the world of artificial intelligence and technological breakthrough)

Читать полностью…

Sys-Admin InfoSec

HTTP/2 Bomb

https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb

Читать полностью…

Sys-Admin InfoSec

⚡ DNS is not just about domains. It is about Trust.

Recent supply chain incidents are a strong reminder that modern attacks often start through tools and workflows developers already trust:

• npm packages and dependency updates
• compromised maintainer accounts
• VSCode extensions
• GitHub Actions workflows
• fake installers and update mechanisms

Several recent cases highlight this trend:

• Axios compromised on npm - malicious versions dropped a Remote Access Trojan >
• Compromised VSCode Nx Console >
• OpenAI TanStack npm supply chain attack >
• OpenAI Axios developer tool compromise >
• GitHub unauthorized access to internal repositories >

The key takeaway: supply chain attacks are becoming more relevant to every developer, engineering team, and company.

DNS security should not be treated as an optional layer.

It can provide visibility and control when malicious code attempts to:

• connect to C2 infrastructure
• reach phishing domains
• communicate with fake update servers
• exfiltrate data through suspicious endpoints

If malicious code has already entered the environment, visibility becomes critical...

At this point, the key questions are simple:

• Can you see where it is trying to connect?
• Can you understand whether that connection is expected?
• Can you react before the incident becomes bigger?

OpenBLD.net - Security starts earlier than incident response.

Watch yourself, your emails, your extensions, and your DNS. Peace ✌️

Читать полностью…

Sys-Admin InfoSec

Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

Читать полностью…

Sys-Admin InfoSec

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

..The malware’s primary command-and-control channel has been migrated onto The Open Network (TON) using .adnl endpoints routed through an embedded local TON proxy..:

https://www.threatfabric.com/blogs/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app

Читать полностью…

Sys-Admin InfoSec

PamDOORa: Analyzing a New Linux PAM-Based Backdoor for Sale on the Dark Web

https://flare.io/learn/resources/blog/pamdoora-new-linux-pam-based-backdoor-sale-dark-web

Читать полностью…

Sys-Admin InfoSec

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/

Читать полностью…

Sys-Admin InfoSec

Securing the git push pipeline: Responding to a critical remote code execution vulnerability

https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/

Читать полностью…

Sys-Admin InfoSec

FakeWallet crypto stealer spreading through iOS apps in the App Store

During our investigation, we identified 26 phishing apps in the App Store mimicking the following major wallets:

• MetaMask
• Ledger
• Trust Wallet
• Coinbase
• TokenPocket
• imToken
• Bitpie

https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/

Читать полностью…

Sys-Admin InfoSec

MCPwn: A CVSS 9.8 One-Line MCP Bug That Hands Over Your Nginx to Anyone on the Network – Actively Exploited in the Wild

https://pluto.security/blog/mcp-bug-nginx-security-vulnerability-cvss-9-8/

Unauthenticated MCP Endpoint Allows Remote Nginx Takeover PoC:

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf

Читать полностью…

Sys-Admin InfoSec

Operation NoVoice: Rootkit Tells No Tales

WhatsApp under attack *

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-research-operation-novoice-rootkit-malware-android/

Читать полностью…

Sys-Admin InfoSec

Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites

https://iverify.io/blog/darksword-ios-exploit-kit-explained

Читать полностью…

Sys-Admin InfoSec

New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering

https://www.bluevoyant.com/blog/new-a0backdoor-linked-to-teams-impersonation-and-quick-assist-social-engineering

Читать полностью…

Sys-Admin InfoSec

Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel

https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/

Читать полностью…

Sys-Admin InfoSec

FortiBleed - Breach How 80,000+ Corporate= Firewalls Were Quietly Compromised

If your organization uses a Fortinet firewall or VPN product and appears in this dataset, treat your network perimeter as already compromised and act immediately. SOCRadar rates this campaign Critical..:

https://socradar.io/blog/fortibleed-fortinet-firewalls-compromised/

Читать полностью…

Sys-Admin InfoSec

Rokarolla : Android Banker with Complete Device Takeover Capabilities

https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities

Читать полностью…

Sys-Admin InfoSec

Bumblebee (from Perplexity)

Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.

https://github.com/perplexityai/bumblebee

Читать полностью…

Sys-Admin InfoSec

NGINX ngx_http_rewrite_module Heap-Based Buffer Overflow (Queries and Signatures Only)

An unauthenticated attacker can crash the NGINX worker process by sending crafted HTTP requests - CVE-2026-42945:

https://docs.vulncheck.com/initial-access/2026-05-15#cve-2026-42945-nginx-ngx_http_rewrite_module-heap-based-buffer-overflow-queries-and-signatures-only

Читать полностью…

Sys-Admin InfoSec

AppSecFest 2026 - В эту пятницу в Алматы, Farabi Hub

Будут экспертные эксперты, тимлиды, специалисты, представители IT-индустрии, AppSec/DevSecOps-практики, инженеры по безопасности.

+ будет открытое CTF-соревнование от команды mimicats – где можно пропробовать свои скиллы в реальных задачах по ИБ (максимум практики, никакой теории)
+ Воркшопы с живое общением на темы AppSec, DevSecOps, инженерной культуры, процессы, и даже факапы

• Начало: 15 мая, 09:00, Farabi Hub

Все спикеры заслуживают внимания, многих знаю лично, все детали здесь: appsecfest.kz

Читать полностью…

Sys-Admin InfoSec

Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology

https://blog.vega.io/posts/cve-2026-22679-weaver-ecology-exploitation/

Читать полностью…

Sys-Admin InfoSec

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

Trojan that contains a dynamic infection chain with a heavy anti-analysis loading component that can deploy two embedded payloads (worm, banker). The observed infection chain bundles a malicious MSI installer inside a ZIP file. These MSI installer packages are abusing a signed Logitech program called Logi AI Prompt Builder..:

https://www.elastic.co/security-labs/tclbanker-brazilian-banking-trojan

Читать полностью…

Sys-Admin InfoSec

BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

https://arcticwolf.com/resources/blog-uk/bluenoroff-uses-clickfix-fileless-powershell-ai-generated-fake-zoom-meetings-to-target-web3-sector/

Читать полностью…

Sys-Admin InfoSec

Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

https://www.rapid7.com/blog/post/tr-kyber-ransomware-double-trouble-windows-esxi-attacks-explained/

Читать полностью…

Sys-Admin InfoSec

Internet Protocol Version 8 (IPv8)

coming..

https://www.ietf.org/archive/id/draft-thain-ipv8-00.html

Читать полностью…

Sys-Admin InfoSec

SecuritySnack - OpenAI Anti-Ads Malware

This report details the discovery of a malicious Chrome extension, named "ChatGPT Ad Blocker", found on the Google Chrome Web Store.

https://dti.domaintools.com/securitysnacks/securitysnack-openai-anti-ads-malware

Читать полностью…

Sys-Admin InfoSec

How TeamPCP's supply chain attack evolved

The malicious campaign that started with Trivy and Checkmarx has shifted to LiteLLM. Here's how — and what's different this time:

https://www.reversinglabs.com/blog/teampcp-supply-chain-attack-spreads

Читать полностью…

Sys-Admin InfoSec

BlackSanta EDR-Killer

A Silent Threat Targeting Recruitment Workflows. Aryaka Threat Labs has uncovered a sophisticated malware campaign:

The malware performs system reconnaissance and conducts environment checks to detect sandboxes, virtual machines, and debugging tools to evade analysis. A key component, BlackSanta, acts as an EDR-killer, disabling security solutions to ensure malicious payloads run undetected.

Once established, the malware communicates with command-and-control servers over encrypted HTTPS to exfiltrate sensitive data, demonstrating a persistent and highly sophisticated cyber threat..

Читать полностью…

Sys-Admin InfoSec

The Forgotten Bug: How a Node.js Core Design Flaw Enables HTTP Request Splitting

https://r3verii.github.io/cve/2026/02/27/nodejs-toctou.html

Читать полностью…

Sys-Admin InfoSec

Refund scam impersonates Avast to harvest credit card details

https://www.malwarebytes.com/blog/threat-intel/2026/02/refund-scam-impersonates-avast-to-harvest-credit-card-details

Читать полностью…
Subscribe to a channel