12144
News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings * Multilingual (En, Ru). * Forum - forum.sys-adm.in * Chat - @sysadm_in * Job - @sysadm_in_job * ? - @sysadminkz
DuneSlide: Two Critical RCE vulnerabilities via Zero-Click Prompt Injection in Cursor IDE
https://www.catonetworks.com/blog/duneslide-two-critical-rce-vulnerabilities/
Crypto Clipper uses Tor and worm-like propagation for persistence and control
https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/
P.S. it work at current time, In the world of artificial intelligence and technological breakthrough)
HTTP/2 Bomb
https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
⚡ DNS is not just about domains. It is about Trust.
Recent supply chain incidents are a strong reminder that modern attacks often start through tools and workflows developers already trust:
• npm packages and dependency updates
• compromised maintainer accounts
• VSCode extensions
• GitHub Actions workflows
• fake installers and update mechanisms
Several recent cases highlight this trend:
• Axios compromised on npm - malicious versions dropped a Remote Access Trojan >
• Compromised VSCode Nx Console >
• OpenAI TanStack npm supply chain attack >
• OpenAI Axios developer tool compromise >
• GitHub unauthorized access to internal repositories >
The key takeaway: supply chain attacks are becoming more relevant to every developer, engineering team, and company.
DNS security should not be treated as an optional layer.
It can provide visibility and control when malicious code attempts to:
• connect to C2 infrastructure
• reach phishing domains
• communicate with fake update servers
• exfiltrate data through suspicious endpoints
If malicious code has already entered the environment, visibility becomes critical...
At this point, the key questions are simple:
• Can you see where it is trying to connect?
• Can you understand whether that connection is expected?
• Can you react before the incident becomes bigger?
OpenBLD.net - Security starts earlier than incident response.
Watch yourself, your emails, your extensions, and your DNS. Peace ✌️
Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim
https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps
..The malware’s primary command-and-control channel has been migrated onto The Open Network (TON) using .adnl endpoints routed through an embedded local TON proxy..:
https://www.threatfabric.com/blogs/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app
PamDOORa: Analyzing a New Linux PAM-Based Backdoor for Sale on the Dark Web
https://flare.io/learn/resources/blog/pamdoora-new-linux-pam-based-backdoor-sale-dark-web
Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise
https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/
Securing the git push pipeline: Responding to a critical remote code execution vulnerability
https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/
FakeWallet crypto stealer spreading through iOS apps in the App Store
During our investigation, we identified 26 phishing apps in the App Store mimicking the following major wallets:
• MetaMask
• Ledger
• Trust Wallet
• Coinbase
• TokenPocket
• imToken
• Bitpie
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
MCPwn: A CVSS 9.8 One-Line MCP Bug That Hands Over Your Nginx to Anyone on the Network – Actively Exploited in the Wild
https://pluto.security/blog/mcp-bug-nginx-security-vulnerability-cvss-9-8/
Unauthenticated MCP Endpoint Allows Remote Nginx Takeover PoC:
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf
Operation NoVoice: Rootkit Tells No Tales
WhatsApp under attack *
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-research-operation-novoice-rootkit-malware-android/
Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites
https://iverify.io/blog/darksword-ios-exploit-kit-explained
New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering
https://www.bluevoyant.com/blog/new-a0backdoor-linked-to-teams-impersonation-and-quick-assist-social-engineering
Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel
https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/
FortiBleed - Breach How 80,000+ Corporate= Firewalls Were Quietly Compromised
If your organization uses a Fortinet firewall or VPN product and appears in this dataset, treat your network perimeter as already compromised and act immediately. SOCRadar rates this campaign Critical..:
https://socradar.io/blog/fortibleed-fortinet-firewalls-compromised/
Rokarolla : Android Banker with Complete Device Takeover Capabilities
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities
Bumblebee (from Perplexity)
Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.
https://github.com/perplexityai/bumblebee
NGINX ngx_http_rewrite_module Heap-Based Buffer Overflow (Queries and Signatures Only)
An unauthenticated attacker can crash the NGINX worker process by sending crafted HTTP requests - CVE-2026-42945:
https://docs.vulncheck.com/initial-access/2026-05-15#cve-2026-42945-nginx-ngx_http_rewrite_module-heap-based-buffer-overflow-queries-and-signatures-only
AppSecFest 2026 - В эту пятницу в Алматы, Farabi Hub
Будут экспертные эксперты, тимлиды, специалисты, представители IT-индустрии, AppSec/DevSecOps-практики, инженеры по безопасности.
+ будет открытое CTF-соревнование от команды mimicats – где можно пропробовать свои скиллы в реальных задачах по ИБ (максимум практики, никакой теории)
+ Воркшопы с живое общением на темы AppSec, DevSecOps, инженерной культуры, процессы, и даже факапы
• Начало: 15 мая, 09:00, Farabi Hub
Все спикеры заслуживают внимания, многих знаю лично, все детали здесь: appsecfest.kz
Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology
https://blog.vega.io/posts/cve-2026-22679-weaver-ecology-exploitation/
TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook
Trojan that contains a dynamic infection chain with a heavy anti-analysis loading component that can deploy two embedded payloads (worm, banker). The observed infection chain bundles a malicious MSI installer inside a ZIP file. These MSI installer packages are abusing a signed Logitech program called Logi AI Prompt Builder..:
https://www.elastic.co/security-labs/tclbanker-brazilian-banking-trojan
BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector
https://arcticwolf.com/resources/blog-uk/bluenoroff-uses-clickfix-fileless-powershell-ai-generated-fake-zoom-meetings-to-target-web3-sector/
Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained
https://www.rapid7.com/blog/post/tr-kyber-ransomware-double-trouble-windows-esxi-attacks-explained/
Internet Protocol Version 8 (IPv8)
coming..
https://www.ietf.org/archive/id/draft-thain-ipv8-00.html
SecuritySnack - OpenAI Anti-Ads Malware
This report details the discovery of a malicious Chrome extension, named "ChatGPT Ad Blocker", found on the Google Chrome Web Store.
https://dti.domaintools.com/securitysnacks/securitysnack-openai-anti-ads-malware
How TeamPCP's supply chain attack evolved
The malicious campaign that started with Trivy and Checkmarx has shifted to LiteLLM. Here's how — and what's different this time:
https://www.reversinglabs.com/blog/teampcp-supply-chain-attack-spreads
BlackSanta EDR-Killer
A Silent Threat Targeting Recruitment Workflows. Aryaka Threat Labs has uncovered a sophisticated malware campaign:
The malware performs system reconnaissance and conducts environment checks to detect sandboxes, virtual machines, and debugging tools to evade analysis. A key component, BlackSanta, acts as an EDR-killer, disabling security solutions to ensure malicious payloads run undetected.
Once established, the malware communicates with command-and-control servers over encrypted HTTPS to exfiltrate sensitive data, demonstrating a persistent and highly sophisticated cyber threat..
The Forgotten Bug: How a Node.js Core Design Flaw Enables HTTP Request Splitting
https://r3verii.github.io/cve/2026/02/27/nodejs-toctou.html
Refund scam impersonates Avast to harvest credit card details
https://www.malwarebytes.com/blog/threat-intel/2026/02/refund-scam-impersonates-avast-to-harvest-credit-card-details