هکرها برای ۷۳ آسیبپذیری زیرودی در مسابقه Pwn2Own ایرلند، ۱٬۰۲۴٬۷۵۰ دلار کسب کردند
مسابقه هک Pwn2Own ایرلند ۲۰۲۵ با جمعآوری جوایز نقدی به مبلغ ۱٬۰۲۴٬۷۵۰ دلار توسط پژوهشگران امنیتی پس از بهرهبرداری از ۷۳ آسیبپذیری صفر روزه به پایان رسید.
@GoSecurity
https://www.bleepingcomputer.com/news/security/hackers-earn-1-024-750-for-73-zero-days-at-pwn2own-ireland/
مسابقه هک Pwn2Own ایرلند ۲۰۲۵ با جمعآوری جوایز نقدی به مبلغ ۱٬۰۲۴٬۷۵۰ دلار توسط پژوهشگران امنیتی پس از بهرهبرداری از ۷۳ آسیبپذیری صفر روزه به پایان رسید.
@GoSecurity
https://www.bleepingcomputer.com/news/security/hackers-earn-1-024-750-for-73-zero-days-at-pwn2own-ireland/
BleepingComputer
Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland
The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities.
CVE-2022-4445
The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
@GoSecurity
The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
@GoSecurity
WPScan
FL3R FeelBox <= 8.1 - Unauthenticated SQLi
See details on FL3R FeelBox <= 8.1 - Unauthenticated SQLi CVE 2022-4445. View the latest Plugin Vulnerabilities on WPScan.
⚠️ ALERT: A Chrome zero-day (CVE-2025-2783) was exploited to deliver spyware built by Memento Labs — the firm behind past government surveillance tools.
One click in Chromium = full sandbox escape.
@GoSecurity
Read this → https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html
One click in Chromium = full sandbox escape.
@GoSecurity
Read this → https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html
👨💻1
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. [...]
@GoSecurity
https://www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. [...]
@GoSecurity
https://www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
BleepingComputer
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning.
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
@GoSecurity
https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
@GoSecurity
https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
BleepingComputer
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
Forwarded from 1N73LL1G3NC3
Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
🔗 DumpGuard
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
P.S. Previously, crack.sh operated a free service for performing rainbow table lookups to recover NT hashes from NTLMv1 responses, but was recently shut down due to maintenance issues. In its absence, a new free service was published at ntlmv1.com.
Please open Telegram to view this post
VIEW IN TELEGRAM