Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!

Administered by:

Server stats:

254
active users

bolha.us: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#zeroday

1 post1 participant0 posts today
Public
0x40k

Seriously, EncryptHub isn't messing around! 🤯 They've jumped *right* on that Windows bug (CVE-2025-26633) that literally *just* got fixed. Talk about moving fast...

So, the exploit? It involves the Microsoft Management Console (MMC), those MSC files, and something called MUIPath. Sounds pretty techy, right? But basically, it's a clever workaround. EncryptHub crafts two MSC files – same name, one legit, one malicious. Windows doesn't double-check properly and ends up loading the nasty one. Boom! 💥

You see, as a pentester, I constantly witness attackers twisting legitimate system functions just like this. Your automated scanners? Yeah, they'll likely miss it completely. This kind of thing really needs hands-on analysis to catch. And yeah, updates are crucial, folks! Make sure you get CVE-2025-26633 patched ASAP. Oh, and those random MSI installers from sources you don't know? Big nope. Steer clear! ☝️

Have you run into attacks like this before? Or maybe you've got some other sneaky Windows tricks up your sleeve? Drop 'em in the comments!

#Pentest#Infosec#ZeroDay
Public
Opalsec :verified:

Hey #CyberSecurity pros! 👋 Ready to dive into the latest threats and breaches making headlines?

Our latest blog post is packed with need-to-know info to keep you ahead of the curve.

🗞️ opalsec.io/daily-news-update-t

Here's a quick rundown of what's inside:

🕵️‍♂️ FamousSparrow's Return: The Chinese government-backed hacking group is back, targeting organizations in North America. Important distinction: ESET insists on tracking them separately from Salt Typhoon. Remember to prioritize TTPs and IOCs/IOAs accordingly!

🗄️ RedCurl's Ransomware Twist: This corporate espionage group is now deploying "QWCrypt" ransomware, targeting Hyper-V servers. Phishing emails with malicious IMG attachments are the initial attack vector.

😬 StreamElements Data Breach: A third-party service provider suffered a breach, exposing data of 210,000 customers.!

🏛️ NSW Court System Data Theft: Sensitive documents, including AVOs, were stolen from the NSW Online Registry website. This could have serious consequences for victims of domestic violence.

👨‍🎓 NYU Website Defacement: A hacker compromised NYU's website, leaking personal data of over 1 million students. Even with good intentions, the collateral damage is unacceptable.

💰 Defense Contractor Fined: MORSE Corp will pay millions for failing to meet federal cybersecurity requirements. Third-party risk management is crucial!

🤖 Atlantis AIO Automates Credential Stuffing: This new platform automates credential stuffing attacks against 140 online services. Stay vigilant against brute force attacks!

🚨 Chrome Zero-Day Exploited: Google patched a zero-day vulnerability exploited in espionage campaigns targeting Russian organizations. Keep your browsers updated!

👦 UK Warns of 'Com Networks': The UK's NCA is warning of a growing threat from online networks of teenage boys who are "dedicated to inflicting harm and committing a range of criminality." A very worrying trend that we need to be aware of.

Ready for the full scoop? Read the full blog post here 👉 opalsec.io/daily-news-update-t

Opalsec · Daily News Update: Thursday, March 27, 2025 (Australia/Melbourne)Audio Summary: Thursday, March 27, 2025 (Australia/Melbourne)0:00/292.1521× Chinese ‘FamousSparrow’ Hackers Resurface The Chinese government-backed hacking group FamousSparrow, thought to be dormant since 2022, has allegedly been targeting organisations in the U.S., Mexico, and Honduras. ESET researchers discovered suspicious activity on a U.S. trade
#InfoSec#DataBreach#Ransomware
Public
Panethos

Best TV/Streaming dramas of the 1st quarter of 2025

Severance – Source: nytimes.com
  1. Severance (Seasons 1-2) – Apple+ – if this show doesn’t will every award possible, it will be a crime against art and humanity!

2. The Diplomat (Season 2) – Netflix

3. Silo (Season 2) – Apple+

4. The Night Agent (Season 2) – Netflix

5. Zero Day (Season 1) – Netflix

6. Prime Target (Season 1) – Apple+

Source: droidjournal.com

With Season 6 of The Handmaid’s Tale coming out on Hulu in April, as well as Season 3 of The Diplomat (Netflix) and Season 5 of Slow Horses (Apple+) due to be released this year, the drama competition will be intense. Peace!

Source: epicdope.com
#acting#art#drama
Public
Danmc2

SECOND CHANCES: A tough standup #comedy veteran rehires a writer to help her win a second shot at landing a late night talk show. A one term US President is asked to lead an investigation into a cyber attack. What does Pomona make of Season 3 of #Hacks with #JeanSmart & #robertdeniro's new #Netflix show #ZeroDay?.. loveitinpomona.blogspot.com/20 #tv #hannaheinbinder #paulwdowns #HelenHunt #christopherlloyd #JoanAllen #jesseplemons #matthewmodine #lizzycaplan #jsmithcameron #conniebritton #billcamp

Hannah Einbinder and Jean Smart in Season 3 of Hacks.
Robert de Niro leads an all star cast that includes Jesse Plemons and Connie Britton in Zero Day.
Hacks creator Paul W Downs as Deborah Vance's manager Jimmy
Matthew Modine and Lizzy Caplan play Congressional politics in Netflix's slick thriller Zero Day.
Public
Hollywood Outbreak

Lizzy Caplan reflects on her unforgettable experience working alongside Robert De Niro in Zero Day. From admiration to laughter, hear why the acting legend left a lasting impression on her.

#RobertDeNiro #LizzyCaplan #ZeroDay #Netflix #NetflixSeries #TV #TVNews #Television #Entertainment #EntertainmentNews #Celebrities #Celebrity #CelebrityNews #CelebrityInterviews #TelevisionNews

hollywoodoutbreak.com/2025/03/

Hollywood Outbreak · Why Robert De Niro Was More Than A Legend To Lizzy Caplan On 'Zero Day'Lizzy Caplan reflects on her unforgettable experience working alongside Robert De Niro in Zero Day. From admiration to laughter, hear why the acting legend left a lasting impression on her.
Public
0x40k

Whoa, Apple just patched a *major* security flaw! 🕳️ Seems like they squashed a zero-day exploit in WebKit that was already being used in the wild. Seriously, go check your iPhones, iPads, and Macs *right now*!

What does this mean, exactly? Well, attackers could potentially inject malicious code into your device. Not good, right?

So, what should you do? Update IMMEDIATELY! Seriously, do it ASAP. You can find the update in your system settings. Don't delay!

As a pentester, I constantly see people underestimate browser security. Honestly, it's a huge entry point for attackers! Manual testing is invaluable here; automated scans often miss these kinds of vulnerabilities.

Have you updated yet? What are your thoughts on Apple's overall security? 🤔

#infosec#apple#security
ExploreLive feeds
About