News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings * Multilingual (En, Ru). * Forum - forum.sys-adm.in * Chat - @sysadm_in * Job - @sysadm_in_job * ? - @sysadminkz
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
https://www.itpro.com/security/phishing/have-i-been-pwned-owner-troy-hunts-mailing-list-compromised-in-phishing-attack
Technical Explanation of NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
https://cti.monster/blog/2025/03/18/CVE-2025-24071.html
GitHub Actions - tj-actions/changed-files action is compromised
The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised. In this attack, the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit...
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign
Analysys:
https://blog.talosintelligence.com/new-persistent-attacks-japan/
Auto-Color: An Emerging and Evasive Linux Backdoor
https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/
Android trojan TgToxic updates its capabilities
..TgToxic is an Android banking trojan discovered by Trend Micro in July 2022. It’s designed to steal user credentials, cryptocurrency from digital wallets and funds from banking and finance apps.
The actors once again changed the way the malware obtains the C2 URL, from a dead drop location to a domain generation algorithm (DGA)..:
https://intel471.com/blog/android-trojan-tgtoxic-updates-its-capabilities
♾ AppSecFest - 25 апреля в Алматы. CFP.
Который год AppSecFest.kz радует контентом, организацией, масштабом. Организаторы настроены на серъезный контент, аудиторию и содержание.
Добрая атмосфера для всех, а + для докладчиков возможность рассказать о своих ресерчах, достижениях в области разработки и защите приложений.
Пока сайт конфы делается, организаторы организуются - ведется CFP набор заявок на доклады связанные с:
- Mobile, Web, X-Platform, Frontend/Backend, Microservices, Docker/K8s, Blockchain, AI, ML
- DevOps, CI/CD, Agile, UI/UX, качеством и безопасностью кода
- SAST, DAST, IAST, API, IaC, Cloud Security, Pentesting, SDLC, DevSecOps, Vulnerability Management
Подать спикер-заявку - https://appsecfest.kz
Vgod RANSOMWARE
The ransomware specifically targets Windows systems using advanced encryption techniques, appending a unique file extension to encrypted files...
https://www.cyfirma.com/research/vgod-ransomware
Leaking the email of any YouTube user for $10,000
https://brutecat.com/articles/leaking-youtube-emails
Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach
https://www.zimperium.com/blog/mobile-indian-cyber-heist-fatboypanel-and-his-massive-data-breach/
Unauthorized Data Upload in Alibaba Cloud Object Storage Service
muhammadwaseem29/unauthorized-data-upload-in-alibaba-cloud-object-storage-service-cefa6abcef7f" rel="nofollow">https://medium.com/@muhammadwaseem29/unauthorized-data-upload-in-alibaba-cloud-object-storage-service-cefa6abcef7f
119 vulnerabilities in LTE/5G (some with RCE)
Cellular networks are considered critical infrastructure both for day-to-day communication and emergency services, to the extend that their availability and reliability is often highly regulated by government agencies... what happens if they suddenly become unavailable?
Research:
https://cellularsecurity.org/ransacked
AWS re:Invent re:Cap в Алматы
AWS re:Invent — здесь Amazon Web Services показывает, каким будет IT завтра. Разбор ключевых анонсов, трендов и новинок, всё самое важное и практичное, можно узнать не летая в Лас-Вегас.
Что будет:
• Самые свежие технологии в облаках, данных, AI/ML и DevOps.
• Полезные инсайты и идеи для вашего бизнеса и проектов.
• Лайфхаки от практиков AWS, которые знают, как это работает в реальной жизни.
• 30 января, 19:00. Алматы, ул. Ходжанова 2/2, MOST IT Hub (8 этаж).
Вход бесплатный.
Спикеры
• Антон Коваленко — 20 лет в IT, Senior Solutions Architect в AWS.
• Александр Бернадский — 15+ лет опыта, Solutions Architect в AWS.
• Мест немного, регистрация здесь
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
One Mikro Typo: How a simple DNS misconfiguration enables malware delivery botnet
This botnet uses a global network of Mikrotik routers to send malicious emails that are designed to appear to come from legitimate domains..:
https://blogs.infoblox.com/threat-intelligence/one-mikro-typo-how-a-simple-dns-misconfiguration-enables-malware-delivery-by-a-russian-botnet/
Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants
https://www.sentinelone.com/blog/readerupdate-reforged-melting-pot-of-macos-malware-adds-go-to-crystal-nim-and-rust-variants/
Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns
https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
StopRansomware: Medusa Ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems
https://socket.dev/blog/typosquatted-go-packages-deliver-malware-loader
Massive Botnet Targets M365 with Stealthy Password Spraying Attacks
https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/
New variant of the Snake Keylogger (also known as 404 Keylogger)
https://www.fortinet.com/blog/threat-research/fortisandbox-detects-evolving-snake-keylogger-variant
LLMjacking targets DeepSeek
https://sysdig.com/blog/llmjacking-targets-deepseek
🧠 OpenBLD.net - ML Predictive Balancing Coming
This is undoubtedly an innovation. OpenBLD.net smart balancing service is now a separate project, introducing key features:
► Detects slow servers before they start lagging
► If an upstream server shows an increase in timeouts or errors → ML predicts potential failures and automatically prepares backup routes before the infrastructure starts "firing"
► Based on historical data, ML knows when servers experience peak loads (e.g., during lunch hours or at the end of the workday)
► Instead of reacting to downtime, it distributes traffic efficiently in advance
► Reduces latency and timeouts by proactively optimizing traffic distribution
► And much more, including environmental factors such as server energy consumption optimization
The balancer operates like a living organism, learning and adapting to conditions on its own)
How does this benefit users?
🚀 More autonomy and focus on your own development.
⚡ More speed.
📢 This week, the updated balancers will be seamlessly integrated into ADA’s infrastructure—the only thing you might notice is the increased speed.
✌️ Stay fast, stay optimized!
Weaponizing Background Images for Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711
https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
https://birkep.github.io/posts/Windows-LPE/
Browser Syncjacking: How Any Browser Extension can Be Used to Takeover Your Device
https://labs.sqrx.com/browser-syncjacking-cc602ea0cbd0
RID Hijacking Technique
RID Hijacking is typically performed by manipulating the Security Account Manager (SAM) database. Threat actors can create an administrator account or escalate privileges to gain administrator access without knowing the password..:
https://asec.ahnlab.com/en/85942/
PlushDaemon compromises supply chain of Korean VPN service
supply-chain attack research:
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
🟩 OpenBLD.net v8 is here – Cache Warming, UNIX Sockets, and More! 🚀
Excited to introduce the next milestone in the evolution of the open DNS service OpenBLD.net! Here’s what’s new:
• Speed – UNIX sockets + Caching + Load Balancing
• Efficiency – Port reuse allows multiple instances to run on the same port
• Load Balancing – Zero logs (except for errors) for maximum performance
• Memory Optimization – The core binaries take up just 6MB, with the cache stored in binary form, totaling only 11MB
• Buffered Disk Writes – When necessary, writes go through dedicated buffers (tested at 10 million entries in 3.3 seconds)
🔥 Cache Warming – Thousands of domains are preloaded to keep the cache hot, ensuring ultra-fast DNS responses
🔐 Security – Supports Prometheus, SIEM, and Syslog exports for advanced monitoring (for business usage needs)
New mechanisms unlock new possibilities—helping you maintain cyber hygiene, save time, and protect your privacy.
Easy setup: https://openbld.net/docs/category/get-started/
Stay safe. Stay free. Peace to all! ✌️
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads
https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads