Hydrex

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L

🚨 BREAKING: cPanel and WHM, the control panels behind an estimated 70+ million websites, have a critical security flaw that lets anyone become root admin without a password. CVE-2026-41940 affects every supported version. It’s already being exploited in the wild. watchTowr Labs published the full attack today, after the hosting company KnownHost confirmed the bug was already being used to break into a significant chunk of the internet. If you've never heard of cPanel: it's the dashboard that hosting providers and millions of website owners use to manage their servers, domains, email accounts, databases, and SSL certificates. WHM is the admin version that controls the entire server. If someone gets root access to WHM, they get the keys to the kingdom and to every apartment inside it. How the attack works, in plain English: 🔴 Step 1: The attacker sends a deliberately wrong login. cPanel still creates a temporary "you tried to log in" record on disk and gives the attacker a cookie tied to it. 🔴 Step 2: The attacker tweaks the cookie to disable cPanel's password encryption. Normally cPanel encrypts the password field on disk. With one small change to the cookie, cPanel just stores it as plain text instead. 🔴 Step 3: The attacker sends a fake login attempt where the password field secretly contains hidden line breaks. cPanel does not strip these line breaks out, so they get written straight to the session file. Each line break creates a brand new fake record. The attacker uses this to inject lines that say "this user is root" and "this user already authenticated successfully." 🔴 Step 4: The attacker visits one more random page on the site to nudge cPanel into re-reading the file. cPanel then promotes the injected fake lines into its main session memory. 🔴 Step 5: On the next request, cPanel sees a flag that says "this user already passed the password check." cPanel trusts that flag, skips checking the actual password, and lets the attacker in as root. From start to finish, the attack takes a handful of HTTP requests. If you run cPanel or WHM, the patched versions are: 🔴 cPanel/WHM 110.0.x → 11.110.0.97 🔴 cPanel/WHM 118.0.x → 11.118.0.63 🔴 cPanel/WHM 126.0.x → 11.126.0.54 🔴 cPanel/WHM 132.0.x → 11.132.0.29 🔴 cPanel/WHM 134.0.x → 11.134.0.20 🔴 cPanel/WHM 136.0.x → 11.136.0.5 If your version is older than these, assume someone has already broken in and act accordingly. Patch right now, then rotate every password and key the server touched: root passwords, API tokens, SSL private keys, SSH keys, mail passwords, and database passwords.

Someone sent me a DM asking if a weird Minecraft thingie was malware (pinkiecraft(dot)com). I poked it with a stick > pinkiecraft(dot)com > vibe coded site > "installer" for "program" is .rar > extract .exe from .rar > .exe is normal installer > open installer > .exe and uninstaller (normal) > look at .exe > big af > look inside > electron app (.js to .exe) > look inside > NSIS > app-64.7z > open app-64.7z > pinkiecraft.exe > look inside > electron js (again) > open .exe with .7z > app.asar (electron js) > extract > npm extract app.asar > look inside > program heavily obfuscated > contains "scripts" folder > lots of js dependencies for https and sqlite > scripts/discord-injection-obf > lolwtf > bonk with stink > aes256 encrypted (lolwtf?) > decrypts using similar technique as chrome passwords > split password into fragments > "su" + "per" + "pa" + "ss" + "word" > aes256 master big ass base64 blob > ok lolwtf > bonk with really big stick (annoying me) > decrypt > checks if on windows > kills discord with "taskkill /F /IM Discord.exe" > modifies discord on pc > injects scripts/discord-injection-obf into discord > restarts discord > discord now running discord-injection-obf > discord-injection-obf heavily obfuscated > checks email, password, 2fa > sends your data to website they made > network-sync-protocol(dot)net/api/send tl;dr tl;dr > pinkiecraft.exe > kill discord > inject discord with dumb .js file > restart discord > discord work ok still > js inside discord steal your email and password

🚨 BREAKING: Hackers Used Anthropic’s Claude to Steal 150GB of Mexican Government Data > tell claude you’re doing a bug bounty > claude initially refused >“that violates AI safety guidelines” > hacker just kept asking > claude: “ok I’ll help” > hack the entire mexican government Federal tax authority. National electoral institute. Four state governments. 195 million taxpayer records. Voter records. Government credentials. ALL GONE 💀