🔍 Critical flaws in Microsoft Teams could have allowed attackers to impersonate executives, spoof notifications, and alter messages — breaking the trust of a platform used by 320M+ people.
Read more: https://t.co/Ya1UxMHRyl
#VulnerabilityResearch#MicrosoftTeams#CyberSecurity
Yes ladies and gentleman ... FULLY FREE FOREVER
This whole site ... @theXSSrat and totally reshaped by @0rgis and additionally added new docker and kubernetes labs ... for you ... for free <3
https://t.co/RAolfsheva
https://t.co/LwBBzXkSWF
https://t.co/MKVEadKa4g
https://t.co/PqbDTbHWPz
https://t.co/Htf51ZZssp
https://t.co/JV8AWfJiyv
https://t.co/z0SYKGfxKc
Custom
@tryhackme@hackthebox_eu@PentesterLab
Gimme a call if you need a lab builder or instructor <3 Not joking, if you are interested ... just leave a comment here, i will find your email and offer my services :-)
I was just updating some lists, looks like there have been 59 BSides events so far this year, including 10 in new cities; there are already 76 scheduled for the remainder of 2025, including another 11 first-time cities, and more will be added as the year progresses.
🚨 Launch Alert: The Censys Threat Hunting Module is here. Proactively track adversaries, pivot across malicious infrastructure, scan in real time, and hunt faster — with the most complete view of Internet threats available today. See more: https://t.co/PyhdKkQ0V5 #threathunting
Arkana ransomware group claims to have compromised "Wide Open West - WOW!", one of the largest Internet Service Provider's in the United States.
First and foremost: we have never heard of Arkana ransomware group. We've seen some researchers mention them via their onion domain — but this appears to be their first victim. Their first victim is also a giant.
Second: previously we shared a music montage video Arkana put together illustrating the level of access they claim to have on "WOW". However, upon inspection, the compromise Arkana is claiming to have is far more devastating than initially thought.
Interestingly, Arkana has used some sort of AI tool to provide a high-level overview of their compromise on their onion domain. It reads exactly like a ChatGPT message.
tl;dr
1. Arkana opens by threatening WOW by mentioning lawsuits (incorrectly citing GDPR) by shareholders and customners.
2. Arkana mocks the CEO. They published her company shares, address, address history, e-mail addresses, and social security number. They taunt her.
3. Share generic company information which is public, primarily shareholders, company executives, directors, etc.
4. Provide table layouts impacting 403,000 customers including:
- UserId
- UserName, Password
- SecurityQuestion
- SecurityAnswer
- Email
- Full name
- WOW service package information
5. Demonstrate full access to "Symphonica" — and show themselves allegedly pushing malware to customer devices (in Michigan?).
6. Demonstrate full access to "AppianCloud", they suggest (in their AI summary, and also in the video they made), they can potentially alter billing information or alter financial transactions (?).
7. The images (as well as the video) Arkana share show intimate and detailed access to WOW.
This is very, very, very interesting from a random, suddenly appearing, almost no-name ransomware group. We see ransomware groups appear all the time, rarely do they make an explosive impact like this right out the gate. We personally do not know of many groups capable of NOT ONLY compromising an ISP, but also knowing how to navigate the infrastructure AND ALSO (allegedly, based on the footage provided) push malware to customer devices.
Using CVEmap you can get a list of CVEs with public proofs of concept, that have been marked as exploitable by CISA, are remotely exploitable AND don't have a Nuclei template (yet)!
Flags:
-k / -kev: Marked as exploitable vulnerabilities by CISA
-t=false / -template=false: Has no public Nuclei templates
-poc: Has public published POC
-re / -remote: is remotely exploitable
Credit : @pdiscoveryio
Malicious .svg files with embedded JS are flooding @VirusTotal with almost zero AV detections - looks like a massive phishing campaign
We just published a YARA rule to help you catch them
YARA
https://t.co/uNhvxG2Peb
I didn’t take home the trophy, but being nominated was still a win in my book. Your support means more than any award, so as a thank you, I’m dropping an extra episode this month! Give me a week to put on the finishing touches, you’ll have it soon.
Hackers rejoice!
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at https://t.co/bmo5Lk0Kx9