Every iPhone with an A12 or A13 chip - XS/XR, 11, 2020 SE - has an unpatchable SecureROM exploit. The root bug is in Synopsys’s USB controller, and is exploitable. Requires physical access. Solution: buy a new iPhone. https://t.co/xF1JIJrEke
SmartScreen bypassed. Mark of the Web removed. No Run Dialog. No PowerShell popup. Just a browser file upload.
FileFix is a new ClickFix alternative. Browser file upload opens File Explorer. File Explorer address bar executes OS commands. cmd.exe spawns as a child of Chrome. The user thinks they are pasting a file path.
Executables launched through File Explorer's address bar lose their MOTW attribute entirely. SmartScreen never triggers.
https://t.co/17VpLAxeoM
Author: @mrd0x
#Malware #Phishing #InfoSec
The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding is part of our new report on AI-powered threats.
Apple’s most critical supplier Foxconn has allegedly been breached
>Foxconn Wisconsin data center plant is currently suffering a cyber attack
>8TB of data compromised of 11m files
>Nitrogen Ransomware samples include Google and Intel sample topology specs
Gmail OSINT: collection and analysis of OSINT associated with Gmail accounts & Google services.
In the video, I shared the different techniques and tools you can use to gather info on:
- Account holder
- Account activity & metadata
- Digital footprints, etc.
#Cybersecurity
Nemotron 3 Nano runs nicely with mlx-lm on an M4 Max.
Could be a great model for local use on Mac: MoE + hybrid attention make it fast even for very long context.
Generating in realtime with 4-bit model:
⚠️ Hackers are exploiting a new 7-Zip flaw right now.
A simple ZIP file can break into Windows through a hidden link trick.
The bug’s been patched — but many still haven’t updated.
Details here (CVE-2025-11001) ↓ https://t.co/brEy67rcmQ
🚨 A new WhatsApp worm is spreading fast in Brazil.
It hijacks chats, sends fake messages to all your contacts, and installs a program that steals bank and crypto logins.
... and it updates itself through an email inbox to stay hidden.
Read here ↓ https://t.co/YuJ9pgC8rg
🚨❗ The worst .NET vulnerability ever: request smuggling CVE-2025-55315 with a CVSS score of 9.9
The smuggled request could cause your application code to
👉 Login as a different user (EOP)
👉 Make an internal request (SSRF)
👉 Bypass CSRF checks
👉 Perform an injection attack
🚨New Phishing Attack Using Invisible Characters Hidden in Subject Line Using MIME Encoding
https://t.co/NzuDjzUmhr
A new phishing technique hides invisible Unicode soft hyphens (U+00AD) in MIME-encoded email subject lines to bypass detection.
The obfuscated text looks normal to users but avoids keyword-based filters. Victims are redirected to a fake webmail login page to steal credentials.
Pegasus was a zero-click exploit that took advantage of a, at the time, zero-day exploit of iOS photo renderer in iMessage.
None of these things would protect you from Pegasus.
⚠️ Alert: Pegasus Spyware Returns Smarter, Stealthier, and Harder to Detect! 🕵️♂️📱
The notorious Pegasus spyware is making headlines again. Though it’s been around for years, new versions have surfaced now far more advanced and difficult to detect on Android and other devices.
💥 Remote Code Execution in GitHub Copilot (CVE-2025-53773)
👉 Prompt injection exploit writes to Copilot config file and puts it into YOLO mode, then we get immediate RCE
🔥 Bypasses all user approvals
🛡️ Patch is out today. Update before someone else does it for you
👋Cloudflare Containers are now available in public beta!
Simple, global and programmable compute.
Read about it and see how you can try it.
https://t.co/OaXxrXxDBS