![DarkJstr's tweet photo. Malvertising via Typosquatting
Identified waybackmachine[.]work impersonating @internetarchive in Google SERP.
The site redirects to speedyload[.]site which loads the real https://t.co/AkNBQicHfL inside an <iframe> (iframe jacking) while injecting scripts from layingframingcomrade[.]com a malicious ad network delivering fake AV popups and push notification abuse gates.
Push notification gate spoofs AdGuard branding (gmna-adguard[.]co[.]in) to gain user trust before requesting browser notification consent.
Evasion: Cloudflare Beacon used for real-time visitor fingerprinting. Payload (invoke.js) returns 403 to datacenter/sandbox IPs / residential only.
layingframingcomrade[.]com WHOIS:
Created: 2026-03-14 recently registered
🧬IOCs:
- waybackmachine[.]work
- speedyload[.]site
- layingframingcomrade[.]com
- gmna-adguard[.]co[.]in
- d7utc02naffc73f8a670.gmna-adguard[.]co[.]in](https://pbs.twimg.com/media/HH4uHZ-XoAgOLnf.jpg)
![DarkJstr's tweet photo. Malvertising via Typosquatting
Identified waybackmachine[.]work impersonating @internetarchive in Google SERP.
The site redirects to speedyload[.]site which loads the real https://t.co/AkNBQicHfL inside an <iframe> (iframe jacking) while injecting scripts from layingframingcomrade[.]com a malicious ad network delivering fake AV popups and push notification abuse gates.
Push notification gate spoofs AdGuard branding (gmna-adguard[.]co[.]in) to gain user trust before requesting browser notification consent.
Evasion: Cloudflare Beacon used for real-time visitor fingerprinting. Payload (invoke.js) returns 403 to datacenter/sandbox IPs / residential only.
layingframingcomrade[.]com WHOIS:
Created: 2026-03-14 recently registered
🧬IOCs:
- waybackmachine[.]work
- speedyload[.]site
- layingframingcomrade[.]com
- gmna-adguard[.]co[.]in
- d7utc02naffc73f8a670.gmna-adguard[.]co[.]in](https://pbs.twimg.com/media/HH4pZEvWUAQDtz_.png)
Olivia
Online
Mohamed Mater🇵🇸
@micro0x00
Hunting Bugs ,IOC & Bad Hackers @dexpose_io
^_^
EWPTX, EJPT,CRTE
OPSEC
Joined June 2020
549 Following
4.6K Followers
2K Posts
@rooted0x01 اكتب عندك قضية تانية سب وقذف
@FlEx0Geek Thank you ❤️❤️
New research disclosed
فريق Dexpose و Darkatlas
قدرنا نعمل identity reveal ل Quellostanco
عضو في Int3x
اللي كان بيتارجت الجامعات والحكومات المصرية
We successfully conducted a full identity reveal on Quellostanco, an active member of the Int3x group, who was systematically targeting Egyptian universities and government entities.
https://t.co/FR45Q1jIOC
Who to follow
How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection
https://t.co/XxaeJnDffF
Author: @s4dbrd
#Kernel #Anticheat #windows
170.205.37[.]154[:]8000
@500mk500
@ViriBack
@skocherhan
@JAMESWT_WT
@malwrhunterteam
#Titanium #HVNC #Panel #CTI #BlueTeam #AndroidMalware
Strictly for defensive purpose
![Fact_Finder03's tweet photo. 170.205.37[.]154[:]8000
@500mk500
@ViriBack
@skocherhan
@JAMESWT_WT
@malwrhunterteam
#Titanium #HVNC #Panel #CTI #BlueTeam #AndroidMalware
Strictly for defensive purpose https://t.co/1FrQHwMOPK](https://pbs.twimg.com/media/HJe5y9XakAAa0Od.png)
185.254.99[.]243[:]5000
@500mk500
@malwrhunterteam
@skocherhan
@AndreGironda
@BlinkzSec
@JAMESWT_WT
#NEXUS #C2 #ControlPanel #panel #ThreatIntel #CTI #BlueTeam
Strictly for defensive purpose
![Fact_Finder03's tweet photo. 185.254.99[.]243[:]5000
@500mk500
@malwrhunterteam
@skocherhan
@AndreGironda
@BlinkzSec
@JAMESWT_WT
#NEXUS #C2 #ControlPanel #panel #ThreatIntel #CTI #BlueTeam
Strictly for defensive purpose https://t.co/Uiqku9zAZ9](https://pbs.twimg.com/media/HJdbHh3bwAARdzx.png)
@Cyber_O51NT Check dm please
Stored XSS in markdown via the DesignReferenceFilter
Read Disclosed Report : https://t.co/hATe8NqWCZ
Report Submitted by vakzz
Bounty 16000$
#UNC1549
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
https://t.co/4Y90BVVHZx
Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict
https://t.co/JMImLh34Yb
Static Kitten APT Adversary Simulation | by S3N4T0R | May, 2026 | Medium https://t.co/MWmcjncXZL
Linux open source C2 with Telegram as a fall back C2
https://t.co/yzGzkjbP1F
#Phishing #Malware #Ransomware #ZeroDay #ThreatIntelligence #Breach #VulnerabilityManagement #PatchManagement
Hola
مساء الخير
ME & @M4lcode published Part 2 of our investigation into Lawxsz, the Argentinian threat actor behind the Valkyrie and Prysmax stealers.
What initially appeared to be fragmented online identities across Telegram, GitHub, Discord, forums, and other platforms ultimately revealed a much larger operational footprint through deep infrastructure correlation, alias analysis, breach intelligence, and OPSEC failures.
In this part of the investigation, we focused on:
* Mapping interconnected aliases and personas
* Tracking reused identifiers
* Correlating breach data and underground activity
* Analyzing attribution-relevant operational mistakes
* Linking historical and current identities tied to the actor
This research demonstrates how seemingly disconnected artifacts can be combined into a coherent attribution picture when viewed through multi-vector intelligence analysis.
In Arabic :
فريق dexpose باستخدام Investigation Portal الخاص بـ Dexpose و ال osint قدرنا نكشف واحد من أنشط مطوري الـ Stealers حالياً.Lawxsz هو المطور الرئيسي لي Valkyrie Stealer
Prysmax Stealer
تم تتبعه بشكل كامل بعد تحقيق OSINT طويل شوية ووضحنا بالتفصيل إزاي وصلنا للداتا دي خطوة بخطوة.في التقرير هتلاقوا:هويته الحقيقية
أخطاء OPSEC اللي وقع فيها
Read the full research here::
https://t.co/Q6Z6kXdnLB
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
This might be the best IDOR I achieved so far with $$$$
1- I tried every possible way to access, edit, or delete the target object but nothing works because the team implemented the proper authorization mechanism for that ----
Forza Horizon 6, set to be released May 19th was leaked today
The developers accidentally uploaded the game files to steam via an update and forgot to encrypt the files
The 155gb build was spotted on SteamDB shortly after
@AabyssZG The Blog Core is very good, BTW.
I think it requires high privileges, reg.exe export HKLM\SAM
The command is a well-known IOC logged in every serious EDR/SIEM. How to handle the detection point?
This was supposed to be my PoC for a Claude Code RCE aimed at Pwn2Own Berlin 2026, but ZDI never got back to me about my entry registration. It looks like I won't be able to register it at all...
Malvertising via Typosquatting
Identified waybackmachine[.]work impersonating @internetarchive in Google SERP.
The site redirects to speedyload[.]site which loads the real https://t.co/AkNBQicHfL inside an <iframe> (iframe jacking) while injecting scripts from layingframingcomrade[.]com a malicious ad network delivering fake AV popups and push notification abuse gates.
Push notification gate spoofs AdGuard branding (gmna-adguard[.]co[.]in) to gain user trust before requesting browser notification consent.
Evasion: Cloudflare Beacon used for real-time visitor fingerprinting. Payload (invoke.js) returns 403 to datacenter/sandbox IPs / residential only.
layingframingcomrade[.]com WHOIS:
Created: 2026-03-14 recently registered
🧬IOCs:
- waybackmachine[.]work
- speedyload[.]site
- layingframingcomrade[.]com
- gmna-adguard[.]co[.]in
- d7utc02naffc73f8a670.gmna-adguard[.]co[.]in
![DarkJstr's tweet photo. Malvertising via Typosquatting
Identified waybackmachine[.]work impersonating @internetarchive in Google SERP.
The site redirects to speedyload[.]site which loads the real https://t.co/AkNBQicHfL inside an <iframe> (iframe jacking) while injecting scripts from layingframingcomrade[.]com a malicious ad network delivering fake AV popups and push notification abuse gates.
Push notification gate spoofs AdGuard branding (gmna-adguard[.]co[.]in) to gain user trust before requesting browser notification consent.
Evasion: Cloudflare Beacon used for real-time visitor fingerprinting. Payload (invoke.js) returns 403 to datacenter/sandbox IPs / residential only.
layingframingcomrade[.]com WHOIS:
Created: 2026-03-14 recently registered
🧬IOCs:
- waybackmachine[.]work
- speedyload[.]site
- layingframingcomrade[.]com
- gmna-adguard[.]co[.]in
- d7utc02naffc73f8a670.gmna-adguard[.]co[.]in](https://pbs.twimg.com/media/HH4ud59WMAMJ1j6.png)
Last Seen Users on Sotwe
penikmat cewek berak
Seen from Indonesia
سالب یبغی موجب
Seen from France
JamestheJerk 🍉
Seen from United States
CharlotteNiya
Seen from Turkey
Altyazılı Erotik Film
Seen from Turkey
فحلكR
Seen from Saudi Arabia
Science2311
Seen from Brazil
Md Faruk
الـعاشق الأسود
然冉老师iiii和生活日记
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers