Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts.

‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message. Claude Code is sending info like timezone, proxy and possible AI Lab connections into the system prompt in ways Chinese users can't notice. A coding agent with repo and command permissions should not silently hide routing metadata inside prompts. This is a serious breach of user trust.
859
2,714
17,505
5,212,806
‼️ Meet the scammer who drained a cancer patient's treatment fund, ruining many lives to drive sports cars and wear expensive watches. He is an Argentine immigrant in the US, and the OSINT nerds who found him have reported him to ICE.
417
827
7,687
1,125,964
‼️🇰🇵 Another North Korean hacker using AI to alter his face caught while trying to infiltrate Bitso. Meet "Sebastian," a software engineer from Colombia who can't speak Spanish. Strange, right?
73
549
6,573
1,403,008
🚨 vx-underground reverse-engineered the malware that stole $32k donated to Rastaland for his cancer fight. They uncovered the entire infrastructure, operations, the people that fell victim, and people behind it.
113
539
5,735
2,934,049
‼️ China's largest cybersecurity firm, Knownsec, was breached, exposing details of China's state cyber operations. The data includes cyberweapon documentation, internal hacking tool source code, and global target lists covering over 20 countries, including Japan, Vietnam, and India. A spreadsheet lists 80 hacked foreign organizations, plus evidence of 95 GB of stolen Indian immigration data and 3 TB of call records from South Korean mobile operator LG U Plus. One of the documents mention a malicious power bank, disguised as a charging device. Knownsec is key to China's cybersecurity, providing advanced defense and offensive capabilities, including espionage tools. A thread with their tools 🧵
120
1,482
4,888
614,807
🚨 Multiple cybercriminals were arrested during Operation SIMCARTEL. Europol and Latvian law enforcement dismantled five servers, seized 1,200 SIM box devices and 40,000 active SIM cards. The criminals were linked to over 1,700 cyber fraud cases in Austria and 1,500 in Latvia, causing losses of several million euros, including EUR 4.5 million in Austria and EUR 420,000 in Latvia.
72
545
3,868
517,746
‼️ Proton is cancelling journalists by blocking their mail accounts. This has huge consequences for their reputation and for all the people who thought they were safe by avoiding big tech.
158
643
3,503
421,546
🚨 The Discord breach is worse than expected! - 1.5 TB of data - Over 2 million government ID photos - Threat actor publishes some user data due to Discord's inaction Sample of a user showing her face, ID, and a written note:
109
532
2,926
923,148
‼️An Anduril engineer uploaded a hardcoded private key, hashed root passwords, and internal Anduril emails to a public repository. We sent a responsible disclosure to Anduril last year but received no reply. This company is currently operating autonomous killer drones above your head.
75
182
2,498
430,205
🚨 The friend pendant is not your friend Someone reverse-engineered the device, exposing lack of basic security: - Anyone can connect via Bluetooth and hear the microphone's recordings - Friend's audio is unencrypted. - Audio can be accessed on non onboarded devices as well
49
220
2,285
184,081
🚨 Discord Breach Update - Discord negotiated with the threat actor for two weeks, promising payment. - Discord then ceased communication. - The threat actor, now angry, is releasing files individually. Leaked tables will be posted next.
🚨 The Discord breach is worse than expected! - 1.5 TB of data - Over 2 million government ID photos - Threat actor publishes some user data due to Discord's inaction Sample of a user showing her face, ID, and a written note:
39
257
1,891
262,771
‼️ X preloads links without user clicks, raising serious cybersecurity and OPSEC concerns. Malicious code could load automatically, or your identity could be exposed to malicious actors.
46
139
1,881
238,757
❗️🐭 Your gaming mouse might be eavesdropping due to a critical vulnerability named Mic-E-Mouse.
16
198
1,813
117,129
❌ Vercel’s new head of security is off to a good start with all his personal information uploaded into a folder on his website.
34
46
1,334
281,065
‼️ North Korean hackers from the Chollima APT, part Lazarus, were caught. Meet Mateo and Alfredo, skilled engineers, allegedly from Mexico. But actually North Korean hackers.They were caught using AI to alter their faces and voices during a job interview. Their goal was to infiltrate Western companies, especially in crypto, Web3, and fintech, posing as software engineers for corporate espionage and financial theft.
22
180
1,229
160,210
🚨 Discord Breach Update Discord maintained a list of accounts that agents were instructed not to interact with, directing them to quietly close tickets without response. Source: NTTS
26
97
1,154
90,444
This is so true 😂
29
73
1,098
30,037
🚨 U.S. Secret Service dismantled a massive SIM network in NYC — 300+ servers & 100K SIM cards capable of crippling telecoms & launching anonymous attacks — neutralized just before world leaders arrived for the UN General Assembly.
47
141
1,041
105,725
Meet the women of Conti ransomware group. 💅
40
88
1,007
199,184
🚨🚨🚨 Google has issued a global security alert advising its 2.5 billion Gmail users to update their passwords following a data breach involving one of its Salesforce databases.
26
88
880
155,947
The entire cybersecurity community right now.
22
75
854
30,558
🚨🔓 @elonmusk won't like this one: @Tesla data has been leaked by @IntelBrokerBF. In an exclusive interview with International Cyber Digest IntelBroker told us "It was really bizarre how we found it". 🧵1/3
Community note
The information comes from the Velocicharge chargers. Not Tesla. Tesla have no such chargers in locations such as Montehiedra. tesla.com/findus/list/su… plugshare.com/location/455828 velocicharge.com/locations
27
94
829
136,190
Ladies and gentlemen, we present to you Conti Ransomware group 💀
22
88
811
182,793
‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware. Goldberg and two other insiders ran ransomware operations since 2023 while employed at cybersecurity firms. After an FBI visit, Goldberg confessed. He now faces up to 50 years in prison.
57
231
800
673,532
‼️🚨 Red Hat breached: Crimson Collective stole 28k private repositories, including credentials, CI/CD secrets, pipeline configs, VPN profiles, and infrastructure blueprints. Our analysis of obtained data: 👇
23
215
799
217,502
‼️ Discord Breach Update vx-u discovered how the threat actor accessed Discord's Zendesk environment. "...the Threat Actors...began sending emails to Discord outsourced [Southeast Asia] employees offering them money [500 USD] in exchange for access to Discords internals."
24
77
756
51,579
🔑 Scattered LAPSUS$ hunters claim that the password of Mandiant's CEO was 'batman'.
15
45
722
99,935
‼️ Chinese hackers were caught and sentenced in Singapore. A police raid on their Mount Sinai bungalow uncovered malware, including RATs linked to PlugX and Shadow Brokers, and foreign government data. They were hired to hack and paid US$3 million in cryptocurrency.
10
115
719
47,124
🚨📧 This is how the npm attackers gained access to maintainer accounts and uploaded their malicious code. Can you spot what's wrong?
54
97
713
130,961
‼️ Proton is cancelling journalists by blocking their mail accounts. This has huge consequences for their reputation and for all the people who thought they were safe by avoiding big tech.
10
31
683
38,630
Replying to @elonmusk
LOL. Diversity is practically what survival of the fittest is all about. More diversity equals a higher chance of survival.
47
33
682
35,463
Bro is scraping websites without consent and complaining that Hetzner is protecting its infrastructure and IP addresses from blacklisting. It's surprising he hasn't been banned yet. @Hetzner_Online Lea, did you see this?
People need to know what they’re signing up for with Hetzner. We spent six figures there, and there’s just no way to reach a real human. I literally asked to talk to someone human one day and they just said "no." And every few weeks, random alerts would pop up, and I’d have to fill hundreds of forms manually just to stop our infra from getting banned in the next 6 hours. Not fun. So for sure their $3 VPS are cheap, But saying hosting your app there is better because AWS went down is like saying you’ll build your own plane to fly transatlantic because a Boeing crashed.
Community note
The user is using Hetzner for scrapping content as a service what could damage the provider and the reputation of their IP addresses due to the scrapping traffic that could be similar to scans hitting many random websites, what's against their ToS. hetzner.com/legal/cloud-se… scrapingbee.co
14
32
682
68,512
‼️ After posting their goodbye note on BreachForums, Scattered Lapsus$ Hunters provided proof of access to FBI NICS (background check) and Google LERS (Law Enforcement Request System).
15
84
666
93,910
cc @Steam stop hosting malware.
9
32
843
68,170
🚨 Breach alert: Attackers claim live access to AT&T infrastructure. Alleged impact: enables SIM-swapping, reading SMS 2FA codes, and accessing a database with ~24M AT&T customer records.
16
99
655
62,688
Happy beginnings. Sad endings. Don't do cybercrime, kids.
‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware. Goldberg and two other insiders ran ransomware operations since 2023 while employed at cybersecurity firms. After an FBI visit, Goldberg confessed. He now faces up to 50 years in prison.
14
52
631
275,469
🚨Two 17-year-old Dutch teenagers were arrested for performing Russian espionage. They used a Wi-Fi sniffer near Europol, Eurojust, and the Canadian Embassy. Recruited via Telegram by a pro-Russian hacker, one is now detained for 14 days, the other is placed under house arrest with an ankle monitor. The father of one, shocked, described his son as a computer-savvy gamer with no worldly interests. The arrests followed a tip from Dutch intelligence (AIVD), this is the first known case of minors recruited by a foreign power in the Netherlands.
16
103
619
70,962
‼️The guy who reverse-engineered friend just deleted the thread explaining all the vulnerabilities. Possibly he’s being pressured. Anyway, we've documented them for you.
🚨 The friend pendant is not your friend Someone reverse-engineered the device, exposing lack of basic security: - Anyone can connect via Bluetooth and hear the microphone's recordings - Friend's audio is unencrypted. - Audio can be accessed on non onboarded devices as well
7
46
608
60,776
❗️ The threat actor quotes Discord's official statement on government-ID image numbers, then taunts and reveals the actual figures.
6
58
633
126,452
🚨 BREAKING: Here's a statement from Valentin, identified by OSINT nerds as the scammer allegedly draining cancer treatment funds. Do you think he's telling the truth?
‼️ Meet the scammer who drained a cancer patient's treatment fund, ruining many lives to drive sports cars and wear expensive watches. He is an Argentine immigrant in the US, and the OSINT nerds who found him have reported him to ICE.
161
36
589
295,982
🚨 Very concerning 0-click zero-day vulnerability for sale: allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on fully patched Windows 10/11 and Windows Server 2022 systems. The exploit is “reliable, low-resource, and bypasses the latest security mitigations.” Price: 25k POC:
26
100
596
77,917
‼️ Discord was breached two weeks ago. Attackers accessed government ID photos, contact details, payment info, and more. We noticed Discord is sending different emails; we found two versions.
22
110
584
56,741
❗ The developer of the @NeoFreeBird app, which reverses X's Twitter branding and unlocks premium features for free, was invited by an X engineer to join X. Unbeknownst to the engineer, the developer, whose app removes X's branding and who displays a rainbow flag in his bio, would clearly never work for Musk.
16
41
592
130,290
🚨‼️ Israeli defense contractor breached Cyber Toufan, allegedly an Iranian state actor, just released security cam footage of defense contractor Maya. The cameras seem located in a meeting room (!) and a workshop. There are hours of footage of confidential conversations in the meeting room. We can see them working on weapons prototypes/mockups of: - drones - missiles - tracking and launching systems
15
116
581
201,172
Is this true, @discord? Why would you keep information like this stored after confirmation of age?
10
20
577
57,548
‼️ Unremovable Israeli Spyware Found on Samsung Devices Samsung faces backlash over AppCloud, an Israeli-developed app pre-installed on budget Galaxy A and M series devices. Investigations reveal the app is embedded in the operating system, preventing full removal. Even when disabled, AppCloud remains on the device, reappears after updates, and can covertly install additional software.
1,101
12,071
34,431
8,107,268
Let's not forget when @ProtonPrivacy shared the IP address of a French activist with authorities. The company has widely claimed that it doesn't log users' IP addresses. Weird, huh?
12
40
550
28,548
🚨 We've confirmed in a VM that this PoC suspends EDR, we've tested it on Defender. EDR-Freeze: A tool that puts EDRs and antivirus into a coma state.
12
95
560
44,536
UPDATE: About those 12,000 files that allegedly leaked from the security firm Knownsec (知道创宇) onto GitHub: Here's what we know so far from public reporting, company statements, and translated Chinese forum posts. No independent sources confirm the quantity posted in many articles we came across. On 31-10-2025, a user created a thread on a known illegal marketplace for an "exclusive sale of KNOWNSEC Chinese infosec company data." This thread had the same screenshots attached that were circulating on several social media platforms three days later. The thread owner updated the post on 02 Nov 2025 12:51 GMT, adding more samples by linking to the image-sharing host ibb[.]co. The metadata of images uploaded to this host reveal that the user uploaded a total of 63 images between Sun, 02 Nov 2025 12:35:00 and 12:35:48 GMT. Some of the images first publicly surfaced the day after in a blog post authored by a user who goes by "netaskari." On 05-11-2025, several security-focused WeChat accounts reported a Knownsec (知道创宇) leak, suggesting that an insider was involved. We've seen claims that accounts on WeChat had specific data altered or removed. On 07-11-2025, another update on the illegal market followed, in which the thread owner stated that they had sold the data and that it would no longer be for sale. According to Security419 (据安全419), the underlying intrusion occurred in 2023 via a 0-day vulnerability within the infrastructure of a "third-party cloud desktop provider," affecting a limited number of employee cloud desktops. Knownsec further mentions that its honeypot detected the activity in 2023, and their IR team contained, cleaned, and traced it. We found no evidence that supports a more recent breach. Reported scope (per Knownsec): "employee contact lists, internal training materials, a subset of customer names, and dark-web monitoring/early-warning data." Knownsec also reported that its business systems are stable, that the 2023 incident has been closed, and that it has been in contact with the relevant regulators. Besides several mentions that the company's data had leaked onto GitHub, thorough OSINT does not reveal any such repository has been reported on. Given the timeline of events, we firmly believe this to be false. As the first post in the GitHub leak got published by an outlet that describes itself as an Artificial Intelligence-Driven Media Outlet, we believe the event was confused with another Chinese leak, the "I-Soon" leak, which actually occurred on GitHub and received a TOS takedown shortly after.
‼️ China's largest cybersecurity firm, Knownsec, was breached, exposing details of China's state cyber operations. The data includes cyberweapon documentation, internal hacking tool source code, and global target lists covering over 20 countries, including Japan, Vietnam, and India. A spreadsheet lists 80 hacked foreign organizations, plus evidence of 95 GB of stolen Indian immigration data and 3 TB of call records from South Korean mobile operator LG U Plus. One of the documents mention a malicious power bank, disguised as a charging device. Knownsec is key to China's cybersecurity, providing advanced defense and offensive capabilities, including espionage tools. A thread with their tools 🧵
4
106
535
78,597
❗️ More photos from the raid.
🚨 Multiple cybercriminals were arrested during Operation SIMCARTEL. Europol and Latvian law enforcement dismantled five servers, seized 1,200 SIM box devices and 40,000 active SIM cards. The criminals were linked to over 1,700 cyber fraud cases in Austria and 1,500 in Latvia, causing losses of several million euros, including EUR 4.5 million in Austria and EUR 420,000 in Latvia.
8
55
520
58,243
‼️ The $1M zero-click WhatsApp RCE demo planned for Pwn2Own Ireland 2025 was canceled. "they did not feel their research was ready to publicly demonstrate" 👀 What is really going on here?
5
45
511
57,855
Context:
🚨 vx-underground reverse-engineered the malware that stole $32k donated to Rastaland for his cancer fight. They uncovered the entire infrastructure, operations, the people that fell victim, and people behind it.
1
25
516
82,439
❗️We spotted another case of Proton disabling mails. This time they pulled the plug on a paying customer with premium account.
19
63
484
31,249
🛠️ PoC CVE-2025-32463 LPE→Root Local Privilege Escalation to Root via Sudo chroot in Linux github.com/kh4sh3i/CVE-2025-…
5
105
512
31,486
🚨 Meet Sevy aka Darya, a member of Scattered LAPSUS$ Shiny Hunters and an admin of their Telegram group. She is a Russian national living in Turkey and a drug addict who commits crimes to support her addiction.
64
32
489
215,250
🚨 Hacking the Airport X-Ray Machine: 11 Vulnerabilities in a Popular Scanner Security researcher Felix Zuber shares his findings from penetration testing the populair Smiths Detection HI-SCAN 6040i X-ray machine. The process includes analysis, threat modeling, attack vector mapping, exploitation, and a list of discovered vulnerabilities. This is reportedly the first public pentest of an airport X-ray scanner.
8
94
508
47,439
@vxunderground notes that this was not only his effort: Here are the cool and badass people I worked with: - @zachxbt - @John5725424446 - @andreee_eeeeee - @escrow_ - @C4L38 - @downsin - "J" - Random nerds who provided "tips" to us
4
11
548
58,782
Some photo's of Zhdanova and Beketova from Conti ransomware group 💋💅
19
27
460
47,230
When not scamming people, he enjoys making brainless TikTok videos with his girlfriend.
19
9
462
65,716
‼️ An AI gun detection system, @Omnilert, flagged a teen holding a bag of chips as a gunman. "I was holding a Doritos bag with two hands and one finger out, and they thought it was a gun." "Eight cop cars pulled up. They approached me with guns, shouting, 'Get on the ground,' and I was confused." "They searched me and found nothing."
19
35
439
56,855
✅ Vercel's new head of security deleted the file with his personal information after our post. Glad we could teach him about OpSec.
❌ Vercel’s new head of security is off to a good start with all his personal information uploaded into a folder on his website.
5
10
452
46,201
🛠️ KeyloggerScreenshot Tool for comprehensive surveillance: record keystrokes, screenshots, mouse clicks & audio. Try: github.com/Kill0geR/Keylogge…
3
66
446
22,734
☠ Lenovo CVE-2025-8061 Exploit PoC and write-up for shell popping against LnvMSRIO.sys (3.1.0.36) driver. Try: github.com/symeonp/Lenovo-CV…
2
81
449
26,945
Conti ransomware group lives extravagantly in Dubai, enjoying the yacht lifestyle.
28
28
423
127,124
❗️JUST IN: CL0P ransomware group allegedly leaked Oracle source code online.
8
56
421
38,881
‼️ Iranian nation-state APT CharmingKitten exposed on GitHub. Exposure includes: - Official APT internal network documents - Employee photos - Attack reports - Translation documents - Internal chat files
5
72
422
62,196
The threat actor told us about Discord that "they do not purge the tickets after resolution btw"
1
15
421
56,787
🛠️ HikvisionExploiter HikvisionExploiter is a powerful and automated exploitation toolkit targeting unauthenticated endpoints on Hikvision IP cameras, particularly those running firmware version 3.1.3.150324. github.com/HexBuddy/Hikvisio…
4
104
425
34,265
vx-underground found a .bat file in the game files that searches for browser credentials and crypto wallets.
4
12
546
149,844
❗️ Bloomberg interviewed Scattered Spider member Noah Urban. He justified his actions because he “just wanted financial freedom”. He was a millionaire before 18 and sentenced to 10 years at 20.
8
21
400
25,478
‼️ The Iranian state actor is releasing more footage We can see they’re developing parts for what seems to be weapon systems. We can also see they expanded their operation this year by adding multiple Bambu Lab X1C printers to their arsenal.
🚨‼️ Israeli defense contractor breached Cyber Toufan, allegedly an Iranian state actor, just released security cam footage of defense contractor Maya. The cameras seem located in a meeting room (!) and a workshop. There are hours of footage of confidential conversations in the meeting room. We can see them working on weapons prototypes/mockups of: - drones - missiles - tracking and launching systems
8
55
409
62,766
💭 The one on the left lost everything, harmed no one, and shows kindness. The one on the right has everything—a dream jawline, a pretty face, a nice girlfriend—but still chose to steal from the one on the left. What a world we live in... Take care of each other.
20
37
404
27,245
‼️ It's absurd how Proton bashes other companies when they themselves mingle with government entities and process batch scripts from them that deactivate journalists' accounts without asking a single word.
10
27
371
18,843
❗️I remember Anonymous back in the day — it used to be a community of highly intellectual individuals who came together to share knowledge and help each other. They actually stood on moral high ground. Now they’ve become a joke. When did they turn into n00bs?
Anonymous has hacked all Kremlin servers. Anonymous is applying its own digital sanctions on Russia. We demand they surrender and fully leave all Ukrainian territory. #OpRussia
44
27
380
31,539
Lastly, @vxunderground identified the campaign's orchestrator, who is already celebrating their victims and splurging on champagne and parties!
15
15
497
78,844
📚 Zero-Day in TP-Link AX10 Router (CVE-2025-9961) Exploiting a zero-day vulnerability in the TP-Link AX10 router. Read: blog.byteray.co.uk/8745f9af9…
5
62
387
34,004
‼️ Iranian nation-state APT CharmingKitten exposed on GitHub: Episode 3! - BellaCiao malware samples - Google Drive phishing guides - Malware usage guides - Malware specification sheets & MORE!
4
57
379
31,804
The threat actor writes: "its funny how discord tried to phrase this as a "third party vendor" incident when a majority of the blame falls directly on them"
2
10
374
17,610
The Drainer malware spread through Steam via a game called Block Blasters.
6
25
491
165,321
‼️ Meet the Chinese man who has sold over 6,500 counterfeit licenses to Americans and Canadians, making over $750k. He used more than 83 domains and multiple social media accounts to promote his services.
15
31
363
29,860
🚨BREAKING: Trump’s Treasury Secretary just leaked a warning text from Ag Sec Brooke Rollins: “Argentina sold soy to China… this gives China more leverage over us.” What iPhone is he using—and which version of iOS?
23
25
357
95,392
❗ Microsoft disables File Explorer previews Microsoft announced that File Explorer (formerly Windows Explorer) will now automatically block file previews for items downloaded from the Internet. The change is designed to prevent credential theft attacks delivered through malicious documents.
25
61
364
34,638
‼️🇰🇵 And another North Korean state-sponsored hacker caught trying to get that sweet Western money for the great, yet petty, Kim Jong-un. Meet “Jesús Sebastián” from Barranquilla, Colombia. Does he speak Spanish? I don’t think so.
14
59
375
53,099
vx-underground retrieved logs and infrastructure data of the criminals, including details on 970 victims.
3
12
452
81,611
He found their Telegram credentials hardcoded in the drainer and used them to investigate their operation.
1
11
458
96,626
“Yep, that’s me. You’re probably wondering how I got into this situation …”
3
10
337
24,193
🛠️ BreachForums Database Search OSINT Tool Search a BreachForums username to view linked data: profile details, emails, historical IPs, and posts. Perfect for attribution and threat research. Try: bf.based.re
5
66
389
37,741
I thought they married us because of our LEGO collection.
29
29
333
20,466
🚨 The Iranian nation-state actor claims to have had access to defense companies Elbit and Rafael, and more, allegedly through an FTP server. They're now sharing blueprints of what seem to be rocket castings from Rafael. This is really painful to watch.
🚨‼️ Israeli defense contractor breached Cyber Toufan, allegedly an Iranian state actor, just released security cam footage of defense contractor Maya. The cameras seem located in a meeting room (!) and a workshop. There are hours of footage of confidential conversations in the meeting room. We can see them working on weapons prototypes/mockups of: - drones - missiles - tracking and launching systems
11
71
330
54,172
Living the fast life... until some nerds catch up to you.
12
10
336
60,915
🚨 F5 breached by nation-state threat actor; attackers stole BIG-IP source code and vulnerability data. Read the official statement: my.f5.com/manage/s/article/K…
6
103
322
104,460
🤐 We are reposting the article that got Phrack zine banned from Proton, because @ProtonPrivacy is trying to silence them. This is not only their story. This is also our story. We will not be silenced.
7
40
308
16,436
🛠️ RealBlindingEDR Kernel-level AV/EDR removal for red teams. Advanced evasion methods in one toolkit. Try: github.com/myzxcg/RealBlindi…
1
60
316
20,066
🛠️ Al-Khaser A PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. Try: github.com/ayoubfaouzi/al-kh…
6
44
297
17,994
🚨 Vulnerabilities were discovered in Microsoft’s Defender for Endpoint's Cloud Communication Microsoft says no biggie and didn’t fix. Impact = authentication bypass, data/command spoofing, information disclosure, and the ability to upload malicious files to investigation packages destined for security analysts.
5
66
305
31,490
📚 AD Domain-Join Owning PoC Compromising the Active Directory through domain-join account attacks in 2025. Read: shelltrail.com/research/acti…
2
63
298
25,227
❌ Block .SVG attachments on your mail server. Thank us later.
10
31
289
22,330
🚨 Discord breach data is allegedly being used in an email scam campaign. Reddit users report receiving unsolicited Zendesk support tickets sent from official email addresses belonging to Tinder, Zendesk, Kahoot, and other major brands. A Zendesk vulnerability being exploited?
8
34
279
25,035
🍿 We just received a screenshot of a chat allegedly showing @phantom's head of security picking a fight with Scattered Lapsus$ ShinyHunters saying "We also operate in Russia"... implying they'll be caught soon.
10
16
273
46,175