⚠️ ALERT: A Chrome zero-day (CVE-2025-2783) was exploited to deliver spyware built by Memento Labs — the firm behind past government surveillance tools.
One click in Chromium = full sandbox escape.
@GoSecurity
Read this → https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html
One click in Chromium = full sandbox escape.
@GoSecurity
Read this → https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html
👨💻1
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. [...]
@GoSecurity
https://www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. [...]
@GoSecurity
https://www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
BleepingComputer
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning.
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
@GoSecurity
https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
@GoSecurity
https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
BleepingComputer
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
Forwarded from 1N73LL1G3NC3
Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
🔗 DumpGuard
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
P.S. Previously, crack.sh operated a free service for performing rainbow table lookups to recover NT hashes from NTLMv1 responses, but was recently shut down due to maintenance issues. In its absence, a new free service was published at ntlmv1.com.
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from 1N73LL1G3NC3
Conquest
A feature-rich and malleable command & control/post-exploitation framework developed in Nim.
Blog: https://jakobfriedl.github.io/blog/nim-c2-traffic/
A feature-rich and malleable command & control/post-exploitation framework developed in Nim.
Blog: https://jakobfriedl.github.io/blog/nim-c2-traffic/
Win_Sec_Int.pdf
6.3 MB
"Windows Security Internals:
A Deep Dive into Windows Authentication, Authorization, and Auditing", 2024.
Advanced-Process-Injection-Workshop by CyberWarFare Labs
@GoSecurity
https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop
@GoSecurity
https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop
GitHub
GitHub - RedTeamOperations/Advanced-Process-Injection-Workshop
Contribute to RedTeamOperations/Advanced-Process-Injection-Workshop development by creating an account on GitHub.