Stephen Miller

🚨 CISA Flags Palo Alto Networks PAN-OS Vulnerability as Exploited in Attacks Source: https://t.co/UJ88yGE1Cs CISA has added a critical Palo Alto Networks PAN-OS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The vulnerability affects PAN-OS, the operating system that powers Palo Alto Networks firewalls. It enables attackers to bypass authentication mechanisms and establish unauthorized VPN access. The flaw allows remote attackers to circumvent security restrictions without valid credentials. #cybersecuritynews

OSEP Exam Practice Training (Online) – Registration Open! 🚀 Ready to level up your offensive security skills and prepare for advanced red team operations? Join Ignite Technologies’ Exclusive “Capture The Flag” (CTF) Based OSEP Practice Program and train in a real-world, attack-driven environment designed for serious cybersecurity professionals. 🔗 Register Now: https://t.co/M0O5kD9QDl 💬 WhatsApp: https://t.co/voKiTY3DWO 📧 Email: [email protected] 📚 Training Modules Include: 🚀 Introduction 🔍 Advanced Information Gathering 🎯 Initial Access & Client-Side Attacks 🛡️ Bypassing Security Controls 🪟 Windows Privilege Escalation 🐧 Linux Privilege Escalation 🧭 Active Directory Enumeration 🔁 Lateral Movement 🏰 Active Directory Attacks 🌐 Web Application Attacks 🕳️ Tunneling & Pivoting 🧬 Post-Exploitation & Persistence 🥷 Defense Evasion & OPSEC 🧪 Custom Malware & Tool Development 💥 Advanced Exploitation 📝 Reporting & Documentation This program is ideal for professionals preparing for advanced offensive security certifications and those aiming to strengthen their red teaming capabilities. Seats are limited. Secure yours today. 🚀 #CyberSecurity #InfoSec #EthicalHacking #RedTeam #PenetrationTesting #CloudSecurity #OSCP #OSEP #ActiveDirectory #SecurityTraining #CyberSecurityTraining

🚨 INTRODUCING THE ABACUS AI SUPERCOMPUTER - literally build ANY cloud service with a prompt - host open-source LLMs & always-on agents - bring your own Codex, Claude or Anti-gravity - multi-agent architectures with Opus 4.8 and GPT 5.5 - run 3D games or any other server at scale - connect git and collaborate with teams Build a billion dollar business by simply prompting in english!!

‼️ HackerOne disclosed it was training its AI with "12+ years of real-world vulnerability data," and now is in damage control after backlash over how it marketed its new AI product. That line set researchers off. Bug bounty hunters accused HackerOne of using researchers' reports and prior bounty findings to train its Hai agentic AI system, framing it as theft. HackerOne answered the next day. It admitted the messaging "created confusion" and stated that researcher submissions are not used to train, fine-tune, or improve generative AI models. The company said this applies across H1 Continuous Testing, H1 Agentic PTaaS, and Hai, and that third-party model providers are barred from retaining or using researcher data for their own training. It said it updated its website language. This week the platform launched H1 Continuous Testing, pitched as "continuous assurance built for how attacks actually work." Its own page says the product uses specialized AI agents to find, validate, and prove exploitable risk across applications. The gap that remains: the marketing still credits "12+ years of real-world vulnerability data," while the denial is scoped tightly to training generative models. HackerOne has not said what that data set actually is, or how it differs from the submissions hunters spent more than a decade filing.

📚 Awesome Cybersecurity List: 1000+ Elite Security Resources in One Place 🔥 Curated collection of: • Exploit Development • Reverse Engineering • Malware Analysis • Linux & Windows Internals • Kernel Exploitation • Android & iOS Security • Hardware Hacking • Browser Exploitation • Vulnerability Research • Real-world CVE Writeups • Pwn2Own Reports • CTF Solutions From beginner fundamentals to cutting-edge 0-day research. A must-have resource for Pentesters, Threat Researchers, Malware Analysts, and Security Engineers. 🔗 https://t.co/8hDWQp2lSN #CyberSecurity #InfoSec #Pentesting #ThreatIntelligence #MalwareAnalysis #ReverseEngineering

🚨 HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora Source: https://t.co/aw380067fE A newly disclosed remote denial-of-service exploit dubbed "HTTP/2 Bomb" targets the default HTTP/2 configurations of the world's most widely deployed web servers, nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora, enabling a single attacker on a home internet connection to exhaust tens of gigabytes of server memory in seconds. Chaining two techniques that have individually been known to the security community for nearly a decade: an HPACK compression bomb and a Slowloris-style connection hold. #cybersecuritynews #vulnerability

A Detailed Guide on Ligolo-Ng 🔥 Telegram: https://t.co/upuP8k8ckB ✴ Twitter: https://t.co/Za7rYILz6E Ligolo-Ng is a modern tunneling and pivoting tool used by penetration testers to perform lateral movement and access internal network services through compromised machines. It enables secure communication channels between attacker and target systems. 📚 What You’ll Learn in This Guide ⚙️ Introduction to Ligolo-Ng 🧰 Installation & Setup 🖥️ Ligolo-Ng Server Configuration 💻 Ligolo-Ng Agent Setup 🌐 Creating Tunnels 🔁 Network Pivoting 📡 Accessing Internal Services 🧪 Scanning Internal Network through Tunnel 📖 Article: https://t.co/RVcDpWZvQD #CyberSecurity #EthicalHacking #Pentesting #RedTeam #Pivoting #InfoSec

🚨 A significant data breach involving MasMovil, one of Spain's leading mobile telecommunications operators, has surfaced on the dark web. Threat actors are offering a comprehensive dataset containing approximately 742,000 customer records, which includes sensitive personally identifiable information (PII), password hashes, and financial order details. **The Incident Details** The data leak, listed on a hacker forum, claims to originate from MasMovil's internal systems. The dataset is being sold for $1,200 and is distributed across three main categories: 1.  **Contacts:** This section contains core customer data, including first and last names, tax IDs, email addresses, physical home addresses, dates of birth, and gender. Crucially, it also includes **password hashes**, posing a direct threat to user account security. 2.  **Orders:** Financial records detailing customer purchases, including billing and shipping addresses, order totals, payment methods, and invoice numbers. 3.  **Support Tickets:** A log of customer service interactions, revealing specific issues, assigned agents, and resolution notes. **Organization Profile and Impact** MasMovil España S.L. is a major player in the Spanish telecommunications market. Operating as a Mobile Virtual Network Operator (MVNO) on the Orange network, it is frequently ranked among the top five mobile operators in the country by subscriber count. Combined with its sister brand Lowi, the group serves over 1.5 million customers. The exposure of nearly 750,000 records represents a substantial portion of the company's user base. The inclusion of tax IDs, physical addresses, and password hashes makes this data highly valuable for identity theft, targeted phishing campaigns, and credential stuffing attacks. Telecom data is particularly sought after because phone numbers and addresses are foundational for social engineering. **Current Status** The data is currently being distributed via file-hosting services such as Gofile. It remains unclear if MasMovil has publicly acknowledged this specific breach or if this data is a result of a recent intrusion or an older leak resurfacing. Customers are advised to monitor their accounts and consider changing their passwords. #ThreatIntelligence #DataBreach

Critical RCE in Everest Forms Pro WordPress plugin under mass exploitation since April. Unauthenticated attackers inject PHP code via form fields to create admin accounts and achieve full site compromise. Key technical details: • CVE-2026-3300, CVSS 9.8 - affects versions ≤1.9.12, patched in 1.9.13 • Flaw in process_filter() function concatenates unsanitized user input into eval() statement • Exploits target "Complex Calculation" feature by breaking string quotes with malicious PHP • Over 29,300 blocked attempts since disclosure, peak exploitation on May 16th with 17,900 attempts Attack methodology: • Single quote injection in text/email/select/radio fields: `';[malicious_php];//` • Most common payload creates "diksimarina" admin account via wp_insert_user() • No authentication required, immediate server-side code execution • Leads to webshell deployment and persistent backdoors DFIR artifacts: • Check WordPress user tables for suspicious admin accounts, especially "diksimarina" • Review web logs for POST requests to /wp-admin/admin-ajax.php with everest_forms parameters • Monitor top attacking IPs: 202[.]56[.]2[.]126, 209[.]146[.]60[.]26, 15[.]235[.]166[.]18 Hunt for recently created WordPress admin accounts and correlate with form submission logs containing single quotes followed by PHP function calls. #DFIR_Radar