[{"channel_id":1142915694,"post_id":5476,"date":1781866482000,"forwards":"5","views":"277","text":"<b>FortiBleed - Breach How 80,000+ Corporate= Firewalls Were Quietly Compromised<\/b><br><br>If your organization uses a Fortinet firewall or VPN product and appears in this dataset, treat your network perimeter as already compromised and act immediately. SOCRadar rates this campaign <b>Critical<\/b>..:<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/socradar.io\/blog\/fortibleed-fortinet-firewalls-compromised\/\">https:\/\/socradar.io\/blog\/fortibleed-fortinet-firewalls-compromised\/<\/a>","text_length":351,"media":{"root":"\/012\/ZBUAAG6CH0QAAAAAGw-6gu2tHYg","photo":{"thumbs":{"m":{"w":320,"h":187,"hash":"zNTMcrsVRcfKr-WZ1hu2uA&ts=1782141493"},"x":{"w":800,"h":468,"hash":"wY81X06wQMUm-jsNrufvIQ&ts=1782141493"},"y":{"w":1280,"h":749,"hash":"MBBzY7Sg2u4lA7rCMDVuTw&ts=1782141493"},"i":{"bytes":"AYACg|DZqte3aWkeTyx6LnrVjABzgZrA1Yk37g9AAB+VNAWIL+WUtuAAHYE\/41pQTLKmRwR1HWsmxs5WhMnADdM96u20Ukc4yvHIJqXua2i4eZe3D3\/KilopmQVXmtIppkldcsvbsfrRRQBNg+lKBiiigYZ56GiiigR\/\/9k="}}}}},{"channel_id":1142915694,"post_id":5475,"date":1781852148000,"forwards":"1","views":"160","text":"Crypto Clipper uses Tor and worm-like propagation for persistence and control<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/06\/17\/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control\/\">https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/06\/17\/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control\/<\/a><br><br>P.S. it work at current time, In the world of artificial intelligence and technological breakthrough)","text_length":309,"media":{"root":"\/013\/YxUAAG6CH0QAAAAAE7SviJSdRGU","webpage":{"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/06\/17\/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control","type":"photo","title":"Crypto Clipper uses Tor and worm-like propagation for persistence and control","site_name":"Microsoft News","display_url":"microsoft.com\/en-us\/security\/blog\/2026\/06\/17\/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control","description":"Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, Tor-based communications, and worm-like propagation. Beyond stealing cryptocurrency transactions, the malware establishes persistent access and enables follow-on activity through a lightweight backdoor capability.","author":"Microsoft Defender Security Research Team, Microsoft Defender Experts","thumbs":{"m":{"w":320,"h":180,"hash":"ZIesfkD5TAj216MfV8dCww&ts=1782141493"},"x":{"w":800,"h":450,"hash":"f6-uG_bH2VNpGZa9oahxgw&ts=1782141493"},"y":{"w":1000,"h":562,"hash":"JTQAzL6Sj3oz49UtbC4_pg&ts=1782141493"},"i":{"bytes":"AXACg|B1xcPFIVU4A9qrNqNznCuPyFPvD\/pzJ7j+Qq2I03\/6qPHrgU7IzvYptfXYUESg+20UxtQu+7j\/AL5FR3bbbqQKABnoKj3bhg1VkGvUu2l5PJcKjuCpznj2oqKxH+kp+P8AKilYTSLV3YSzXDyq6hWxwfpUQspxGYt8e0nJ4ooqE9AbI\/7Ml\/vp+tO\/s2VerLRRVC5mWLa0aKRXLDA9KKKKpBc\/\/9k="}}}}},{"channel_id":1142915694,"post_id":5474,"date":1781639760000,"forwards":"1","views":"235","text":"Rokarolla : Android Banker with Complete Device Takeover Capabilities<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/zimperium.com\/blog\/rokarolla-android-banker-with-complete-device-takeover-capabilities\">https:\/\/zimperium.com\/blog\/rokarolla-android-banker-with-complete-device-takeover-capabilities<\/a>","text_length":165,"media":{"root":null,"webpage":{"url":"https:\/\/zimperium.com\/blog\/rokarolla-android-banker-with-complete-device-takeover-capabilities","type":"article","title":"Rokarolla : Android Banker with Complete Device Takeover Capabilities","site_name":"Zimperium","display_url":"zimperium.com\/blog\/rokarolla-android-banker-with-complete-device-takeover-capabilities","description":"true"}}},{"channel_id":1142915694,"post_id":5473,"date":1780485669000,"views":"11","text":"HTTP\/2 Bomb<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/blog.calif.io\/p\/codex-discovered-a-hidden-http2-bomb\">https:\/\/blog.calif.io\/p\/codex-discovered-a-hidden-http2-bomb<\/a>","text_length":73,"media":{"root":"\/001\/YRUAAG6CH0QAAAAAmFApNOseCgU","webpage":{"url":"https:\/\/blog.calif.io\/p\/codex-discovered-a-hidden-http2-bomb","type":"photo","title":"Codex Discovered a Hidden HTTP\/2 Bomb","site_name":"blog.calif.io","display_url":"blog.calif.io\/p\/codex-discovered-a-hidden-http2-bomb","description":"14 years ago, I helped break HTTP header compression, then was asked to review the fix, which became part of HTTP\/2. Life has come full circle: today we're releasing an attack I missed.","author":"Calif","thumbs":{"m":{"w":320,"h":160,"hash":"T1Qfv9PnXEDNQAvtlSnjrQ&ts=1782141493"},"x":{"w":800,"h":400,"hash":"gp0-sEqGKwzkO6CccbsULQ&ts=1782141493"},"y":{"w":1280,"h":640,"hash":"bizeHFiN9AQaYB85mIk5Zg&ts=1782141493"},"w":{"w":1600,"h":800,"hash":"NMoxsmkdMLxVbM822GOi9Q&ts=1782141493"},"i":{"bytes":"AUACg|DN8olA2OD3\/wA\/SlMDDt\/L\/Go89s0u85zk5oAUxtxgEgjNNKleopdx9TSE570agJRRRTAQE0E0UUgAMaKKKAFHQ0UUUAf\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5472,"date":1779790446000,"forwards":"3","views":"320","fwd_from":[],"text":"<b>Bumblebee<\/b> (from Perplexity)<br><br>Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/github.com\/perplexityai\/bumblebee\">https:\/\/github.com\/perplexityai\/bumblebee<\/a>","text_length":237,"media":{"root":"\/012\/YBUAAG6CH0QAAAAAGw-6gu2tHYg","webpage":{"url":"https:\/\/github.com\/perplexityai\/bumblebee","type":"photo","title":"GitHub - perplexityai\/bumblebee: Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.","site_name":"GitHub","display_url":"github.com\/perplexityai\/bumblebee","description":"Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises. - perplexityai\/bumblebee","thumbs":{"m":{"w":320,"h":160,"hash":"InjORNOBBC8E5299oImAMw&ts=1782141493"},"x":{"w":800,"h":400,"hash":"Rw1QalocEqnBTsgtulJRpw&ts=1782141493"},"y":{"w":1200,"h":600,"hash":"ybDM3ldxLZOpqgZPJbpbRQ&ts=1782141493"},"i":{"bytes":"AUACg|DVeUIxHy\/i2Kb5\/H8Gf9+nsATyoP1FIFH91fyoAep3KDxz6GgnAJpBkDpSjPegCKGYyEgrjA9c0VLgDoKKAFIpMc0UUAGOD1pe1FFABiiiigD\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5471,"date":1779262101000,"forwards":"1","views":"339","fwd_from":[],"text":"<b>\u26a1 DNS is not just about domains. It is about Trust.<\/b><br><br>Recent supply chain incidents are a strong reminder that modern attacks often start through tools and workflows developers already trust:<br><br>\u2022 npm packages and dependency updates<br>\u2022 compromised maintainer accounts<br>\u2022 VSCode extensions<br>\u2022 GitHub Actions workflows<br>\u2022 fake installers and update mechanisms<br><br>Several recent cases highlight this trend:<br><br>\u2022 Axios compromised on npm - malicious versions dropped a Remote Access Trojan <a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/www.stepsecurity.io\/blog\/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan\">&gt;<\/a><br>\u2022 Compromised VSCode Nx Console <a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/github.com\/nrwl\/nx-console\/security\/advisories\/GHSA-c9j4-9m59-847w\">&gt;<\/a><br>\u2022 OpenAI TanStack npm supply chain attack <a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/openai.com\/index\/our-response-to-the-tanstack-npm-supply-chain-attack\">&gt;<\/a><br>\u2022 OpenAI Axios developer tool compromise <a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/openai.com\/index\/axios-developer-tool-compromise\">&gt;<\/a><br>\u2022 GitHub unauthorized access to internal repositories <a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/x.com\/github\/status\/2056884788179726685\">&gt;<\/a><br><br>The key takeaway: supply chain attacks are becoming more relevant to every developer, engineering team, and company.<br><br><b>DNS security should not be treated as an optional layer.<\/b><br><br>It can provide visibility and control when malicious code attempts to:<br><br>\u2022 connect to C2 infrastructure<br>\u2022 reach phishing domains<br>\u2022 communicate with fake update servers<br>\u2022 exfiltrate data through suspicious endpoints<br><br>If malicious code has already entered the environment, visibility becomes critical...<br><br>At this point, the key questions are simple:<br><br>\u2022 Can you see where it is trying to connect?<br>\u2022 Can you understand whether that connection is expected?<br>\u2022 Can you react before the incident becomes bigger?<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"http:\/\/OpenBLD.net\">OpenBLD.net<\/a> - Security starts earlier than incident response.<br><br>Watch yourself, your emails, your extensions, and your DNS. Peace \u270c\ufe0f","text_length":1466,"media":{"root":"\/00c\/XxUAAG6CH0QAAAAAkfXSK4G7DrU","photo":{"thumbs":{"m":{"w":320,"h":180,"hash":"n2j5dWRBtuzqQfzf6EOSTw&ts=1782141493"},"x":{"w":800,"h":450,"hash":"rUt7ErGtc9ORdkuL2qwZmQ&ts=1782141493"},"y":{"w":1280,"h":720,"hash":"G-O2liYVeOwx9lpSrukF3A&ts=1782141493"},"i":{"bytes":"AXACg|ChHMiRbTEhbpuIzTjcANkRJ2GCtQNt+XHpzT+sW3bznOaQ0yRrp5M4VemOBSR+WFCkDd9KahEeG5HuKSUDIIzz2NIY1wAzY6Z7UUzuaKYrkkYVjzTtgMgySQaKKQ0OPlAle+PekVoiAHDBvUUUUARvszhTnj0oooqhH\/\/Z"}}}}},{"channel_id":1142915694,"post_id":5470,"date":1779090426000,"forwards":"2","views":"339","fwd_from":[],"text":"<b>NGINX ngx_http_rewrite_module Heap-Based Buffer Overflow (Queries and Signatures Only)<\/b><br><br>An unauthenticated attacker can crash the NGINX worker process by sending crafted HTTP requests - CVE-2026-42945:<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/docs.vulncheck.com\/initial-access\/2026-05-15#cve-2026-42945-nginx-ngx_http_rewrite_module-heap-based-buffer-overflow-queries-and-signatures-only\">https:\/\/docs.vulncheck.com\/initial-access\/2026-05-15#cve-2026-42945-nginx-ngx_http_rewrite_module-heap-based-buffer-overflow-queries-and-signatures-only<\/a>","text_length":355,"media":{"root":"\/006\/XhUAAG6CH0QAAAAAufPK_jVvA0Q","webpage":{"url":"https:\/\/docs.vulncheck.com\/initial-access\/2026-05-15","type":"photo","title":"New exploits, detections, and more for ProFTPD, Ollama, WordPress, and TP-Link TL-WR940N routers. Queries and signatures for NGINX. Queries for Cisco Catalyst SD-WAN Controller. - Initial Access","site_name":"Vulncheck","display_url":"docs.vulncheck.com\/initial-access\/2026-05-15","description":"CVE-2026-20182: Cisco SD-WAN Authentication Bypass via vHub (ASM Queries Only), CVE-2026-42945: NGINX ngx_http_rewrite_module Heap-Based Buffer Overflow (Queries and Signatures Only), CVE-2026-42167: ProFTPD mod_sql USER SQL Injection Pre-Auth RCE, CVE-2024-37032: Ollama Model Registry Path Traversal Pre-Auth RCE, CVE-2026-23550: Modular Connector WordPress Plugin Unauthenticated Admin Access, CVE-2026-4257: Contact Form by Supsystic WordPress Plugin Twig SSTI Pre-Auth RCE, CVE-2022-24355: TP-Link TL-WR940N Httpd HttpRpmFs File-Extension Stack Overflow","thumbs":{"m":{"w":320,"h":160,"hash":"6vGKUlWMSjYx9xaJiJzrJw&ts=1782141493"},"x":{"w":800,"h":400,"hash":"t6wAknc2lAREIkwXBCnvqA&ts=1782141493"},"y":{"w":1200,"h":600,"hash":"3mt5EucGyBBfZZe1DltPYw&ts=1782141493"},"i":{"bytes":"AUACg|DLVAwB+X8TS+WPVfzoRiE4B+oNBkxwd350xCGP\/aX86QrjuD+NDSE9C34nNNB5zTAlRyntRTHk344xiimA3cQMCjefWiikAb2x1o3H1oooAMk9zRRRQB\/\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5469,"date":1778679866000,"forwards":"1","views":"159","text":"<b>Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim<\/b><br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/xbow.com\/blog\/dead-letter-cve-2026-45185-xbow-found-rce-exim\">https:\/\/xbow.com\/blog\/dead-letter-cve-2026-45185-xbow-found-rce-exim<\/a>","text_length":144,"media":{"root":"\/011\/XRUAAG6CH0QAAAAAADQIKJ9yKhA","photo":{"thumbs":{"m":{"w":320,"h":320,"hash":"PawYdGoONrKhBbFG3j7KjA&ts=1782141493"},"x":{"w":800,"h":800,"hash":"vtMaI4X8h2kMYFVqBc2HUw&ts=1782141493"},"y":{"w":1280,"h":1280,"hash":"yR5DC5VgtJ9jV6MP_JzQFw&ts=1782141493"},"i":{"bytes":"AoACg|Cm7XGpXRVSTnkAnhRUraPKpUNNEC3QEnn9KgsJJ4pmeBN5C\/MvqK0JZYtVEcQdYmBJKsOfwNMRV\/sp\/K8z7RB5f97dxSro8rFlWaIleoBPH6Vp\/ZH\/ALM+zZTfjGccdaqxzRaWskRkErk5CqOfxNICijXGm3QViRjkgHhhRTb+SeWZXnTYSvyr6CimBZ0L\/j7k\/wBz+orSutOhucsRskP8YrAtZpYJg0P3+mPWrx1q5HWKPj2P+NAE32fU\/wDUeb+66eZkdP51btdOhtsMBvkH8ZrP\/te7258mPH0P+NL\/AGvd7d3kJj1waQxmu\/8AH3H\/ALn9TRVG4nkuJTJIeT+lFMRO8c2n3LfJx2JBwRml\/tKbH3Y+mOhoooAat\/IrFhHHk9c5P9fc0o1CUEnahJOec+\/v7miigBI459QugcHBPJA4UUUUUgP\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5468,"date":1778663333000,"forwards":"4","views":"148","text":"<b>AppSecFest 2026 - \u0412 \u044d\u0442\u0443 \u043f\u044f\u0442\u043d\u0438\u0446\u0443 \u0432 \u0410\u043b\u043c\u0430\u0442\u044b, Farabi Hub<\/b><br><br>\u0411\u0443\u0434\u0443\u0442 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b, \u0442\u0438\u043c\u043b\u0438\u0434\u044b, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u0438 IT-\u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u0438, AppSec\/DevSecOps-\u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0438, \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u044b \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.<br><br>+ \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0435 CTF-\u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u044b mimicats \u2013 \u0433\u0434\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u043f\u0440\u043e\u0431\u043e\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u043a\u0438\u043b\u043b\u044b \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u0447\u0430\u0445 \u043f\u043e \u0418\u0411 (\u043c\u0430\u043a\u0441\u0438\u043c\u0443\u043c \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0438, \u043d\u0438\u043a\u0430\u043a\u043e\u0439 \u0442\u0435\u043e\u0440\u0438\u0438)<br>+ \u0412\u043e\u0440\u043a\u0448\u043e\u043f\u044b \u0441 \u0436\u0438\u0432\u043e\u0435 \u043e\u0431\u0449\u0435\u043d\u0438\u0435\u043c \u043d\u0430 \u0442\u0435\u043c\u044b AppSec, DevSecOps, \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u043d\u043e\u0439 \u043a\u0443\u043b\u044c\u0442\u0443\u0440\u044b, \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, \u0438 \u0434\u0430\u0436\u0435 \u0444\u0430\u043a\u0430\u043f\u044b<br><br>\u2022 \u041d\u0430\u0447\u0430\u043b\u043e: 15 \u043c\u0430\u044f, 09:00, Farabi Hub<br><br>\u0412\u0441\u0435 \u0441\u043f\u0438\u043a\u0435\u0440\u044b \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u044e\u0442 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f, \u043c\u043d\u043e\u0433\u0438\u0445 \u0437\u043d\u0430\u044e \u043b\u0438\u0447\u043d\u043e, \u0432\u0441\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u0437\u0434\u0435\u0441\u044c: <a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"http:\/\/appsecfest.kz\">appsecfest.kz<\/a>","text_length":559,"media":{"root":"\/002\/XBUAAG6CH0QAAAAAs3WE_c4nIyE","photo":{"thumbs":{"m":{"w":320,"h":157,"hash":"OiqOe5dvPfFSkOuPHT-kYA&ts=1782141493"},"x":{"w":800,"h":392,"hash":"s-zwIeHpzbE1_tpVbYsQ3Q&ts=1782141493"},"y":{"w":1280,"h":627,"hash":"s5jfwY_Ta17n1pHF8ADBog&ts=1782141493"},"i":{"bytes":"AUACg|DOWMsucqPqaTy+cb0\/OkUnbxScEZq7jA8HHX6VIsRcZUce5qIHBBHbmpRO3Iwpz7UXAjYFTg0U53cpyBj6UUXER5PSgE44NFFSAmc0o55oooAUmiiimwP\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5467,"date":1778570719000,"views":"283","fwd_from":[],"text":"New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet &amp; Auth apps<br><br>..The malware\u2019s primary command-and-control channel has been migrated onto The Open Network (TON) using .adnl endpoints routed through an embedded local TON proxy..:<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/www.threatfabric.com\/blogs\/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app\">https:\/\/www.threatfabric.com\/blogs\/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app<\/a>","text_length":382,"media":{"root":"\/013\/WxUAAG6CH0QAAAAAE7SviJSdRGU","webpage":{"url":"https:\/\/www.threatfabric.com\/blogs\/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app","type":"photo","title":"New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps","site_name":"ThreatFabric","display_url":"threatfabric.com\/blogs\/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app","description":"Perseus is a new Device Takeover (DTO) malware family that specifically looks for user-generated content stored in note taking applications.","thumbs":{"m":{"w":320,"h":180,"hash":"7K6C7Ct3wMmktZ4zFLz10A&ts=1782141493"},"x":{"w":800,"h":450,"hash":"jVg8F89D0WcdlVCo1HdYDQ&ts=1782141493"},"y":{"w":1280,"h":720,"hash":"ScjOsUSgstnucovo8-Zb8w&ts=1782141493"},"w":{"w":2560,"h":1440,"hash":"lXCxQxrTk30qZb-GW_JFAQ&ts=1782141493"},"i":{"bytes":"AXACg|CuPLMa8Hd35FNYAdP50wYx15oBUHk0yRwFBFPG3GVOaVfmBJGAKLglcizRT5MKuRRSuOxDinBQaKKYIlj2oOhp+9cfdNFFSaWIpAHH3T+dFFFAWP\/Z"}}}}},{"channel_id":1142915694,"post_id":5466,"date":1778518812000,"forwards":"1","views":"217","text":"<b>Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology<\/b><br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/blog.vega.io\/posts\/cve-2026-22679-weaver-ecology-exploitation\/\">https:\/\/blog.vega.io\/posts\/cve-2026-22679-weaver-ecology-exploitation\/<\/a>","text_length":155,"media":{"root":"\/00d\/WhUAAG6CH0QAAAAAyfLB9KNdE1g","webpage":{"url":"https:\/\/blog.vega.io\/posts\/cve-2026-22679-weaver-ecology-exploitation","type":"photo","title":"Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology","site_name":"Vega Blog","display_url":"blog.vega.io\/posts\/cve-2026-22679-weaver-ecology-exploitation","description":"The Vega Threat Research team identified active exploitation of CVE-2026-22679, a critical unauthenticated RCE in Weaver E-cology, 14 days before public in-the-wild reporting. This report details real-world exploitation and post-compromise behavior.","author":"Daniel","thumbs":{"m":{"w":320,"h":178,"hash":"28lRleFV-QBaEvIObqZ0nQ&ts=1782141493"},"x":{"w":800,"h":446,"hash":"K9ExFi5EbFYA-EXWhtvt3A&ts=1782141493"},"y":{"w":1024,"h":571,"hash":"uovkY4ffShytaeXbvEJq3Q&ts=1782141493"},"i":{"bytes":"AWACg|Cog6VeSPgdge9MiERQhVzgZ570s0hSTYOg6c0rktMV2wcU3hutEgkGXO3Z29aijcvweuaYDJQN5oqxLEgJycD3oqblENoQWOc7cc4p7yAuWAOGHQ0UUdRlcys7gN93pgVPsiQ7iZCfrRRTENncyYxwMdM0UUUAf\/\/Z"}}}}},{"channel_id":1142915694,"post_id":5465,"date":1778256139000,"forwards":"5","views":"207","text":"<b>PamDOORa: Analyzing a New Linux PAM-Based Backdoor for Sale on the Dark Web<\/b><br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/flare.io\/learn\/resources\/blog\/pamdoora-new-linux-pam-based-backdoor-sale-dark-web\">https:\/\/flare.io\/learn\/resources\/blog\/pamdoora-new-linux-pam-based-backdoor-sale-dark-web<\/a>","text_length":166,"media":{"root":"\/00c\/WRUAAG6CH0QAAAAAkfXSK4G7DrU","photo":{"thumbs":{"m":{"w":320,"h":191,"hash":"FlRGiM6CLiXaAkuhEQ88mA&ts=1782141493"},"x":{"w":800,"h":477,"hash":"92dp0ZmUy5xtxXM1UvpAxw&ts=1782141493"},"y":{"w":1030,"h":614,"hash":"Y80yl2unANP9rh3dyymNqQ&ts=1782141493"},"i":{"bytes":"AYACg|DX3ru25+bGcd8U1vLJ+bGcU37Mn2nz8tvxjrxSmBTKJOdw96AfkGIgAcDnpTSNpQGPO48mnvGrHdzkdOaHdht2rnJwfYUAiQAAYHSio1djI4IAUY2nPWigCSiiigApkm7ACgHJ5z6UUUAQxyB7qSIxsAgBDYODRRRQM\/\/Z"}}}}},{"channel_id":1142915694,"post_id":5464,"date":1778221731000,"forwards":"2","views":"75","text":"<b>TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook<\/b><br><br>Trojan that contains a dynamic infection chain with a heavy anti-analysis loading component that can deploy two embedded payloads (worm, banker). The observed infection chain bundles a malicious MSI installer inside a ZIP file. These MSI installer packages are abusing a signed Logitech program called Logi AI Prompt Builder..:<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/www.elastic.co\/security-labs\/tclbanker-brazilian-banking-trojan\">https:\/\/www.elastic.co\/security-labs\/tclbanker-brazilian-banking-trojan<\/a>","text_length":472,"media":{"root":"\/00c\/WBUAAG6CH0QAAAAAkfXSK4G7DrU","photo":{"thumbs":{"m":{"w":320,"h":175,"hash":"fu_nTBjCnjD56S3twTD-Ww&ts=1782141493"},"x":{"w":800,"h":437,"hash":"--dz7Io-vkStUYFo1lP-6A&ts=1782141493"},"y":{"w":1024,"h":559,"hash":"P9NwTcvW9QW2rI4HeG2SNg&ts=1782141493"},"i":{"bytes":"AWACg|DKjj3c9hUuxT90cjrSQNwVx1GKfEQxAGMkc8VexGrY9V3IEVMn2HNO+xShTmFs\/wAqcEeMBl4NW0uUS1xK4J5DKepobGoXV7mPLGV9PzBoqW5kR5XMYITjGaKQyGNsGnRuQw5oooESyTMUAbBHuKjJGPuLRRQ9yo\/CR5xkUUUUCZ\/\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5463,"date":1778044780000,"forwards":"1","views":"133","text":"Breaking the code: Multi-stage \u2018code of conduct\u2019 phishing campaign leads to AiTM token compromise<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/04\/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise\/\">https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/04\/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise\/<\/a>","text_length":251,"media":{"root":"\/012\/VxUAAG6CH0QAAAAAGw-6gu2tHYg","webpage":{"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/04\/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise","type":"photo","title":"Breaking the code: Multi-stage \u2018code of conduct\u2019 phishing campaign leads to AiTM token compromise","site_name":"Microsoft News","display_url":"microsoft.com\/en-us\/security\/blog\/2026\/05\/04\/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise","description":"Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated messages from attacker-controlled domains.","author":"Microsoft Defender Security Research Team, Microsoft Threat Intelligence","thumbs":{"m":{"w":320,"h":180,"hash":"dkVXYqMErWdWsX5gK0Phhg&ts=1782141493"},"x":{"w":750,"h":422,"hash":"7TQS_SD7cfqR7bG7toVXIA&ts=1782141493"},"i":{"bytes":"AXACg|DNiI24qxGYxy65P0zVePG0c81OPmACg89ae6FsWxc4UeQuWz0Iq5bzrLHlwFccMMVUitkjG\/n8TUtvP+5G4YzUOVi0rk8kkYTLkKvvRWbeMCcZGRRVpXRDIorVCN24gVYAjkl3yIwHqp60UUgRHcSrDgbDgjIBOaSCUTvsIwSMriiipcVa5fM9iDnOO9FFFbLYzZ\/\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5462,"date":1777874398000,"views":"274","text":"BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector<br><br><a target=\"_blank\" rel=\"noreferrer nofollow\" href=\"https:\/\/arcticwolf.com\/resources\/blog-uk\/bluenoroff-uses-clickfix-fileless-powershell-ai-generated-fake-zoom-meetings-to-target-web3-sector\/\">https:\/\/arcticwolf.com\/resources\/blog-uk\/bluenoroff-uses-clickfix-fileless-powershell-ai-generated-fake-zoom-meetings-to-target-web3-sector\/<\/a>","text_length":246,"media":{"root":"\/001\/VhUAAG6CH0QAAAAAmFApNOseCgU","webpage":{"url":"https:\/\/arcticwolf.com\/resources\/blog-uk\/bluenoroff-uses-clickfix-fileless-powershell-ai-generated-fake-zoom-meetings-to-target-web3-sector","type":"photo","title":"BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector - Arctic Wolf","site_name":"Arctic Wolf","display_url":"arcticwolf.com\/resources\/blog\/bluenoroff-uses-clickfix-fileless-powershell-and-ai-generated-zoom-meetings-to-target-web3-sector","description":"Arctic Wolf has identified a targeted intrusion against a North American Web3\/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff, a financially motivated subgroup of DPRK\u2019s Lazarus Group.","author":"Arctic Wolf Labs","thumbs":{"m":{"w":320,"h":178,"hash":"k2Bz_xfKKAQqQ6zosxZhkA&ts=1782141493"},"x":{"w":800,"h":444,"hash":"yV6nfsiBZFy6PDA02ZuYfw&ts=1782141493"},"y":{"w":900,"h":500,"hash":"jWhwoMlWnqLmW366RwzPzQ&ts=1782141493"},"i":{"bytes":"AWACg|DMFPAycCkFWbVVDeY3zbei55NbGREI3PRCfwpxRlGSpA9xVsuAeoIcDKl8Y9ajmA2ABlOD2bOKpMlkKiinqKK0sZNlYU4cHiiis0asd1PNPUUUVaJZKooooqzFn\/\/Z"}}}}}]