0x7F

🚨 Nightmare Eclipse GitHub account and repositories were suspended yesterday. The researcher who has popped off with zero-days has created a new account on GitLab... https://t.co/tXw6g4UdnM They have a message for Microsoft though and July 14th seems to be a day that will be worth watching.

🚨 Cisco fixed two critical flaws that allow full system takeover without login. CVSS 9.8 vulnerabilities let attackers reset admin passwords (IMC) or run commands as root (SSM On-Prem) using crafted requests. No workaround is available. Patching is required. 🔗 Read → https://t.co/7aouRvDROA

🚨Alert🚨 CVE-2026-24061 (CVSS 9.8): Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access. 🧐Deep Dive :https://t.co/HZZTr0KPF4 🔥PoC : https://t.co/NMdo35SK4a https://t.co/s8c9pWPRHA 📊 30M+ Services are found on the https://t.co/g3tSyh13yE yearly. 🔗Hunter Link:https://t.co/jBfnZq8Il3 👇Query HUNTER : protocol=="telnet" 📰Refer:https://t.co/MRJXrVZr5h https://t.co/nuF42YxqqZ' #hunterhow #infosec #infosecurity #OSINT #Vulnerability

During a recent engagement, we reviewed the collected AutoRuns data from all endpoints on the network. In that dataset, we identified the following scheduled task: Name: 523135538 Command Line: C:\programdata\cp49s\pythonw.exe There are a few things odd here. First, the name of the Scheduled Task (some random numbers). Second, the installation Path (Programdata\cp49s\). Third, Python is launched without any command-line arguments or a reference to a Python script, meaning the interpreter is started by itself. Our initial hypothesis was DLL sideloading. After examining the Python directory, we identified a file named sitecustomize[.]py: "Python's sitecustomize[.]py and usercustomize[.]py are scripts that execute automatically when Python starts, allowing for environment-specific customizations. Adversaries can exploit these files to maintain persistence by injecting malicious code." [1] Path: C:\ProgramData\cp49s\Lib\sitecustomize[.]py Content: See the image below. So, this means that every time the Scheduled Task runs, the Python interpreter is executed, effectively loading the malicious Python file named b5yogiiy3c.dll. A pretty sneaky way, and something you should watch out for during your next hunting session or IR gig. 🤓 [1] https://t.co/XHYcMdYwTD

Statistical Trends in the Growth of Ransomware Victims on the Dark Web Ransomware groups specializing in exfiltrating and leaking victims’ data first emerged on the dark web in 2019. Since their initial appearance, we have been continuously tracking their activities. By Q1 2025, more than 220 distinct groups have been identified as having operated or remaining active. Collectively, these groups have claimed responsibility for exfiltrating and exposing the data of over 20,000 victims worldwide.

"APT Down: The North Korea Files" Is the operator really North Korea’s Kimsuky—or could it, perhaps more plausibly, be China? Analyze the attribution using work files leaked directly from the hacker’s own system. Use StealthMole’s IoL (Indicators of Leakage) module to search the leaked files by keyword. - iol:leak_aptdown_nkf_202508 - in:iol:leak_aptdown_nkf_202508 [keyword]