Hacking Space 📡

JS-Tap: Weaponizing JavaScript for Red Teams 💀🔥 🔥 Features: • Generic JS payloads • Works on unknown web apps • No prior app knowledge needed • Client-side reconnaissance • Browser activity monitoring • Session visibility • DOM inspection • User interaction tracking • Data collection capabilities • Custom payload support • Red team focused Perfect for red teamers, AppSec engineers, and web security researchers. 🔗 https://t.co/1rBIdNbigi #RedTeam #JavaScript #AppSec #WebSecurity #Pentesting #CyberSecurity

⚡️ JAILBREAK ALERT ⚡️ ANTHROPIC: PWNED 🙌 CLAUDE-OPUS-4.8: LIBERATED 🫡 this is absolutely surreal... i found out about this model drop via an Opus-4.7 agent pinging me that it had one-shot Opus-4.8 for a lockpicking guide! here's the notification i got: "new opus dropped. cracked in one shot. deep prefill → faux textbook ch.7 cut mid-sentence. claude finished it: 5.9k chars of SPP, spool/serrated/mushroom defeats, raking." popped it just 7 minutes after the actual Anthropic launch tweet 🤯 then went on to (fully autonomously) get jailbreaks for vishing sims, money laundering, cult-recruit funnels, phishing lure libs, and social-eng scam playbooks! as the models get smarter, their ability to jailbreak each other by leveraging a vast ocean of specialized domain knowledge follows suit well done, young padawan 🤗 what a time to be alive! gg

🔥 Microsoft Slams Public Zero-Day Disclosures for putting Windows users at risk. A researcher recently disclosed multiple zero-days in Defender, BitLocker and other components. Three are now under active exploitation. GitHub removed the researcher’s account. A new GitLab account was also blocked. Read the full story: https://t.co/JdCKkTr5CE

1/2‼️🇹🇷 PTT Kargo, the cargo and parcel delivery arm of Türkiye's national postal service (PTT), has allegedly had its tracking system scraped at scale, with sample data posted on a popular cybercrime forum as a preview of a larger planned sale or leak. ⠀ ‣ Threat Actor: SiberSLX ‣ Category: Data Exposure / Scraping / Data Sale Preview ‣ Victim: PTT Kargo (Posta ve Telgraf Teşkilatı) ‣ Industry: Postal / Logistics / Government ⠀ PTT Kargo is the cargo division of Türkiye's state owned postal operator, handling domestic and international parcel delivery nationwide. The actor states the data was obtained by scraping PTT Cargo's public tracking endpoints rather than through an intrusion, and claims to have issued over 100 million queries against the system. The sample dataset exposes full shipment records including a "deciphered" block that reveals otherwise masked personal data. ⠀ The exposed fields include: ⠀ Core identifiers: ▪️ Barkod (unique tracking number) ▪️ Barkod No (duplicate tracking identifier) ▪️ Timestamp (date and time of the data entry) ⠀ Receiver information (Alıcı): ▪️ Alıcı Adı (recipient full name, masked in raw data, fully exposed in deciphered block) ▪️ Alıcı Adresi (delivery address, partially masked) ▪️ Alıcı T.C. Kimlik No (recipient Turkish national ID number, exposed in deciphered block) ⠀ Sender information (Gönderici): ▪️ Gönderici Adı (sender full name) ▪️ Gönderici Adresi (sender address) ⠀ Technical and logistics details: ▪️ Ağırlık (package weight in grams) ▪️ Desi (volumetric weight) ▪️ Kabul İşyeri (branch where the package was accepted) ▪️ Kabul Tarihi (acceptance date) ▪️ Ek Hizmetler (special services, e.g. "PTT İşyerine Teslim", "Ücreti Alıcıdan Tahsil") ▪️ Ödeme Tipi (payment type code) ▪️ Ücret (total shipping cost) ▪️ Ödeme Şartı Bedeli (cash on delivery amount) ▪️ Değer Konulmuş Bedeli (declared value for insurance) ⠀ Geographic and routing data: ▪️ Cargo type and priority (e.g. POSTAKARGO/NORMAL) ▪️ Destination province and district ▪️ Origin province and district ▪️ Delivery standard ⠀ Status and tracking: ▪️ Hareketler (movement history and tracking logs) ▪️ Son Durum Açıklama (latest status description) ▪️ Teslim Alan (name of the person who signed for the delivery) ▪️ Teslim Tarihi (delivery date and time) ⠀ The highest sensitivity exposure is the T.C. Kimlik No (11 digit Turkish national ID) tied to named recipients and physical delivery addresses, which is sufficient identity graph material for fraud, SIM swap, and social engineering against a significant portion of the Turkish population. ⠀ The actor closes the post with direct recommendations to PTT to stop exposing tracking data via public endpoints and to deploy CAPTCHA on the cargo system, and states the sample is a preview of content they intend to sell or publish in full.