![Malwarehunterr's tweet photo. Google Meet #ClickFix campaign abusing online-meet[.]com to trick users into executing PowerShell commands.
The script downloads and executes:
online-meet[.]com/files/update/uptodate.exe
Payload identified as #SalatStealer
SHA256:
8a132e7dd4876c87b5c425db32291bd54a2f3a477c78ceb4d29f297867a150fa
#ClickFix #Phishing #Malware @500mk500 @malwrhunterteam @skocherhan](https://pbs.twimg.com/media/HICDdDZaEAA7Zcg.jpg)
Olivia
Online
NetInL7
@127Mirul
Joined January 2022
71 Following
14 Followers
1.7K Posts
Fake Malaysia LHDN (tax authority) themed site hosting a “Mandatory Tax Compliance Review” notice.
njifjuhgh[.]top
The “DOWNLOAD & SEND DOCUMENTS - LHDN SAFE PORTAL” file downloads a #Tedy trojan payload.
Interesting part, the same domain previously hosted Indian tax themed phishing/malware
https://t.co/RbmGFcSQVM
file hash: 7263622822694fc8c2720974c31b5c12b2fdc864ce496ab4f6da57e8c361b59b
#phishing #malware @malwrhunterteam @500mk500 @skocherhan
![Malwarehunterr's tweet photo. Fake Malaysia LHDN (tax authority) themed site hosting a “Mandatory Tax Compliance Review” notice.
njifjuhgh[.]top
The “DOWNLOAD & SEND DOCUMENTS - LHDN SAFE PORTAL” file downloads a #Tedy trojan payload.
Interesting part, the same domain previously hosted Indian tax themed phishing/malware
https://t.co/RbmGFcSQVM
file hash: 7263622822694fc8c2720974c31b5c12b2fdc864ce496ab4f6da57e8c361b59b
#phishing #malware @malwrhunterteam @500mk500 @skocherhan](https://pbs.twimg.com/media/HIHTQlGasAA6POu.jpg)
Google Meet #ClickFix campaign abusing online-meet[.]com to trick users into executing PowerShell commands.
The script downloads and executes:
online-meet[.]com/files/update/uptodate.exe
Payload identified as #SalatStealer
SHA256:
8a132e7dd4876c87b5c425db32291bd54a2f3a477c78ceb4d29f297867a150fa
#ClickFix #Phishing #Malware @500mk500 @malwrhunterteam @skocherhan
![Malwarehunterr's tweet photo. Google Meet #ClickFix campaign abusing online-meet[.]com to trick users into executing PowerShell commands.
The script downloads and executes:
online-meet[.]com/files/update/uptodate.exe
Payload identified as #SalatStealer
SHA256:
8a132e7dd4876c87b5c425db32291bd54a2f3a477c78ceb4d29f297867a150fa
#ClickFix #Phishing #Malware @500mk500 @malwrhunterteam @skocherhan](https://pbs.twimg.com/media/HICDdDqbsAATjpi.jpg)
Mandiant released gopacket, a Go rewrite of Impacket
After compiling the tools, THOR detected 9 of 62 hacktools immediately through generic rules, including:
170ef61d8089a3c57ed1a078f81af7e4a433321c6a96b2a96e35a950dc0834e0
1badb2936e22803cceca5bf792fb1b8376af0b1cd920569458107ed473220d1f
481e7b5bc44a924d048d054fc8d165b8427d3a2ba5e7a24e255c47f53d5fefa3
We’ve since added coverage for the remaining tools.
That is a big part of what sets Nextron apart.
When new tooling appears, a good part is often already covered by our generic detection logic, before we even add dedicated rules.
https://t.co/rX2OmXiq0c
Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness -
Kimi K2.5 managed to find and exploit 6 vulnerabilities in browsers: a single page view or an extension install by victims equal full system hijack.
Check https://t.co/d0SZSf1KqF
Just shipped a WinDbg x64 extension that turns live disassembly into verified pseudocode via LLM — chunked multi-pass analysis, in-process HTTP, mock fallback, and a verification pass that cross-checks LLM output against original analysis facts.
https://t.co/8rXb1fGOuT
CVE-2026-39808 - Critical OS Command Injection in Fortinet FortiSandbox
⚠️Unauthenticated → root RCE via a single crafted HTTP request (jid param goes straight to shell, classic!)
Patched in 4.4.9+
PoC Ref: https://t.co/uiXNwE6bza
New writeup: critical account takeover via password reset flaw.
https://t.co/dmD9aBXQNQ
#bugbounty #appsec #bugbountytips
Exclusive Interview with ByteVigil of CyberArsenal and Pwn3rzs
"As a kid I kept breaking things on my PC just to see what would happen. That curiosity never really stopped."
https://t.co/HKilPBJZ2X
‼️A threat actor is advertising a "Professional Malware Setup Service" catering to newcomers in blackhat hacking, offering end-to-end malware infrastructure setup and assistance.
Services include consultation, RAT/stealer/loader/botnet setup, Android RAT setup, RDP/VPS configuration, crypter setup and crypting assistance, basic OPSEC configuration, web server setup, exploit deployment, and spamming campaign assistance.
The actor claims proficiency in building entire malware infrastructures from sourcing to operation and maintenance.
Prices start from $100.
🚨🚨🚨Initial indications that TeamPCP retained Docker absence, and have been able to push new malicious versions of Trivy
- Investigate any usage of 0.69.5, 0.69.6
- at this point, strongly reconsider if you can build confidence in this IR process, or need to rip out Trivy
Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter - Quarkslab's blog https://t.co/l2HZCDk0HY
🔍LeakIX is now available as a Metasploit module thanks to @Chocapikk_ ongoing contributions to @rapid7's framework 😎!
Search, look hosts up, query subdomains, and find leaks directly from msfconsole.
https://t.co/0jag98KYeN
QRSteganography is our newly released public tool, which can be used to achieve steganography using QR codes, where arbitrary data is encoded into one or more QR code PNGs.
https://t.co/Mj4OO4xjZm
Quick way to identify postMessage calls in any target! 🧐
> Search JS files for "addEventListener('message',"
> Search for "postMessage(" method calls
> Use your browser dev tools to list all postMessage implementations (Sources → Global Listeners → message)
> Set breakpoints on DOMWindow.message events
> Use a web extension like Burp Suite DOM Invador or PostMessage-Tracker by @fransrosen
More in next post! 👇
How to reset your pc password.
I am releasing a new toolkit I built for IIS-based lateral movement and code execution within IIS worker pool process's memory.
Phantom ASPX Loader & PhantomLink -- a two-part toolkit for reflectively loading native DLLs into IIS w3wp.exe worker processes via ASPX.
https://t.co/EevQysfANT
MacOS malware persistence 1: LaunchAgents. Simple C example - cocomelonc https://t.co/6JH0QUfAP7
Been building something to monitor recon on targets.
Runs passive + active DNS enumeration twice a day and alerts to slack/discord when things change (new subdomains, ports, response/tech changes). And a customizable dashboard for each domain: https://t.co/zw1tbhhmWj
#bugbounty #recon
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers