Simple liner for CVE-2025-55182 React2Shell:

subfinder -dL wildcards.txt -all -recursive > subs.txt

Nuclei -t CVE-2025-55182.yaml -l final.txt

Add FOFA, Shodan,Zoomeye filters : vul.cve="CVE-2025-55182" , asn="REDACTED" && (app="Next.js" || app="React.js")

#infosec #cybersec

To truly understand how important privacy solutions such as Monero (XMR) are, you first need to learn how transactions involving pseudonymous cryptocurrencies (BTC, ETH, SOL, etc.) can be traced.

Crypto Asset Tracing Handbook:

"[...] seeks to provide clear and practical guidance to help a broader audience understand the basic framework of on-chain tracing, learn how to use key tools, and strengthen their ability to assess and respond to on-chain risks."

https://github.com/slowmist/Crypto-Asset-Tracing-Handbook/blob/main/README_EN.md

#Lazarus Group’s Famous Chollima uses GitHub spam, fake recruiters, and AI interview tools to slip into finance, crypto, and healthcare companies as “IT workers”.

👨‍💻 Get a rare inside view of how these operatives work, communicate, and attempt to maintain access.

https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/

Comprehensive Guide: Reverse Engineering Tutorials for Beginners

Extracts Windows SAM and SYSTEM files using Volume Shadow Copy Service (VSS) with multiple exfiltration options and XOR obfuscation:
Lists Volume Shadow Copies using VSS and creates one if necessary
Extracts SAM and SYSTEM files from the Shadow Copy
Uses NT API calls for file operations (NtCreateFile, NtReadFile, NtWriteFile)
Supports XOR encoding for obfuscation
Exfiltration methods: Local save or Network transfer

https://github.com/ricardojoserf/SAMDump

DeepSeek released a desktop automation agent that runs locally.

It can use any desktop app, opens files, browses websites, and automates tasks without cloud connections.

100% Open-Source.


https://github.com/bytedance/UI-TARS-desktop

The current 25H2 build of Windows 11 and future builds will include increasingly more AI features and components. This noscript aims to remove ALL of these features to improve user experience, privacy and security.

https://github.com/zoicware/RemoveWindowsAI

Today we are disclosing the details of CVE-2025-64155, an unauth argument injection leading to root remote code execution affecting the Fortinet FortiSIEM.

Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog.


https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/

This blog post provides an in-depth analysis of #Turla's #Kazuar v3 loader and how it tries to slip past modern defenses:

• Sideloading via MFC satellite DLLs
• Control flow redirection trick (+ POC)
• Patchless ETW and AMSI bypasses (+ POC)
• Extensive COM usage for registry, file and folder operations (+ partial POC)
• Strings encryption (+ IDAPython decryption noscript)
• Including IOCs and Yara rules


https://r136a1.dev/2026/01/14/command-and-evade-turlas-kazuar-v3-loader/

lol 😅

https://creepylink.com/

DumpBrowserSecrets has been updated to v1.1 featuring compile-time string obfuscation, API hashing, command-line argument and PPID spoofing via NtCreateUserProcess and more.

https://github.com/Maldev-Academy/DumpBrowserSecrets

Bypassing Windows Administrator Protection

https://projectzero.google/2026/26/windows-administrator-protection.html