A better #XSS PoC!
Notice that we use "OnLoad" and not "OnError".
That's because our X55.is server replies with a valid image and JS script at the same time!
That might trick some poor filters out there but the real reason is to make a remote call.
#BugBounty
#Andariel Add StarshellRAT, JelusRAT, and GopherRAT.
The researchers also identified a staging server operated by the group, which revealed additional artifacts linked to the attacks. Analysis of the server uncovered a combination of new and established techniques and tools employed in Andariel's recent operations, including the privilege escalation tools PrintSpoofer and PetitPotato, as well as exploitation of the bring-your-own-vulnerable-driver (BYOVD) technique—commonly used by other threat actors—to disable antivirus and endpoint detection and response (AV/EDR) products.#Lazarusgithub.com/blackorbird/AP…
IOC:
github.com/WithSecureLabs…
‼️ The German hacker known as "Martha Root" who dresses as a pink Power Ranger just released a video about how she destroyed the white supremacist dating website
It took her months and she had to verify she was white.
Martha used deepfakes to get verified as white and even secretly attended one of their meetups to see what they were up to.
The closest pizzeria to the Pentagon, Nighthawk Brewery & Pizza, continues to report above average traffic.
Extreme Pizza (2nd closest) is also above average
The closest Papa Johns reports above average traffic
Freddies Beach Bar however also has high traffic
As of 7:18pmET
‼️ Unremovable Israeli Spyware Found on Samsung Devices
Samsung faces backlash over AppCloud, an Israeli-developed app pre-installed on budget Galaxy A and M series devices.
Investigations reveal the app is embedded in the operating system, preventing full removal. Even when disabled, AppCloud remains on the device, reappears after updates, and can covertly install additional software.
Scan Git orgs 4 secrets:
/(?i)(password|passwd|pwd|secret|token|apikey|api_key|access_key|secret_key|access_token|api_secret|apiSecret|app_secret|application_key|app_key|appkey|auth_token|authsecret)\s*=\s*["'][^"']{4,}["']/ AND org:adobe AND NOT language:Markdown NOT is:archived
Chinese hacker checks if the computer is a real computer not a sandbox by looking for common installed Desktop shortcuts like WeChat and QQ. Neat trick for Chinese specific desktop compromise ;)
Phones auto-connecting to "FreeWiFi_Secure" Wi-Fi network leak full IMSI in cleartext during EAP-SIM exchange
Anyone nearby with sniffer could capture it → track users, or correlate identities.
Fixed pushed disabling FreeWiFi_Secure on legacy boxes starting Oct 1, 2025.
Link 👇
22K Followers 314 Following#OSINT treasure hunter, investigator, #CyberThreatIntel analyst. Opinions are my own. Follow me on Telegram https://t.co/i6VBbeUXgd for cyber news.
386K Followers 91 FollowingPentagon Pizza Report: Open-source tracking of pizza spot activity around the Pentagon (and other places). Frequent-ish updates on where the lines are long.
2.4M Followers 2K FollowingOpen Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
17K Followers 29 FollowingTechnical Twitter of QiAnXin Technology, leading Chinese security vendor. It is operated by RedDrip Team which focuses on malware, APT and threat intelligence.
1K Followers 27 FollowingThis is your one stop solution to all the notifications and alerts to keep your organisation IT Infrastructure safe from threats and vulnerabilities. #PatchNOW
222K Followers 78 FollowingOne guy. Global cybercrime. Tracked so you don't have to. Ransomware, data breaches, dark web activity, darknet markets, IOCs & emerging threats. Stay informed!
200K Followers 6K FollowingThe leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
254K Followers 3K FollowingAl 👉 seguirnos, te compartiremos información de calidad sobre #Hacking, Somos una empresa 🐲 👇 Colombiana de servicios en #SeguridadInformática
61K Followers 1K FollowingSecurity information portal, testing and certification body.
Organisers of the annual Virus Bulletin conference. @[email protected]