New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer dlvr.it/TKPsH9 #Malware #Cybersecurity #ACRStealer #Lumma #InformationSecurity

🔥 BYPASS WINDOWS DEFENDER XOR-obfuscate a Sliver C2 payload on Kali, forge a stealth C++ loader, and drop a reverse shell on Win10 in seconds. OUT NOW: youtu.be/lC9zh3_S-zg

Very cool technique. I can see this being used in the wild shortly.

Jálense banda!!!

And here we go, first CVE-2025-53770 exploit hitting the honeypots I deployed. I guess there is a public exploit now somewhere? POST /_layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx HTTP/1.1 Host: xxxx User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64;

Aquí te explico cómo hay una nueva campaña de phishing en Facebook y varios están cayendo: En los últimos días se ha detectado una campaña de ingeniería social en Facebook cuyo objetivo es robar las cookies de sesión de los usuarios para tomar el control de sus cuentas y

▪Cybernews research▪ A Mexican state-owned power company that serves over 99% of the country has been leaking data online for more than three years. #Mexico #dataleak #cybersecurity cnews.link/cfe-data-leak-…

Want to ping an IP from multiple places around the world or see if the hostname uses geolocation-based load balancing? Check out our "geoping" and "geodns" tools that are powered by our GeoNet API: geonet.shodan.io

Un día como hoy, hace 25 años, Soraya Jiménez 🇲🇽 lograba el primer oro🥇olímpico para una mujer mexicana 👏 Descanse en paz 🕊️ ✝️

Man, this is freaking crazy. Really cool to see how everyone teamed up to investigate the game and report it.

Video showcase of the ServiceUI.exe living-off-the-land (sorta) binary: elevation to NT AUTHORITY\SYSTEM, proxied execution that may evade detections AND a viewer-submitted PowerShell wrapper for spawning cmd.exe as Trusted Installer with all privileges 😎 youtu.be/BsEwsKQJtk8

lol

🚨 #Mexico se detectó campaña de suplantación activa contra Banorte 🧩 Dominios e infraestructura asociada banorte[.app → 15.197.148.33, 3.33.130.190 banorte[.live → 104.21.74.115, 172.67.157.240 banorte[.hair → 104.21.49.70, 172.67.160.163 banorte[.lat →

0-Day Alert 🚨 Actor exploiting Oracle E-Business Suite zero-day (CVE-2025-61882). Exploitation has been confirmed and patches are available now. No PoC observed as of today. We have added an Oracle E-Business honeypot for Defused Free users for a limited time - take

The watchTowr team has broken down the Oracle EBS unauth RCE exploit chain (tagged as CVE-2025-61882). Important to note: it is not one vulnerability, but multiple chained together. As always, we'll share more soon.

Usage of Out Of Band testing domains may come in handy for defenders. Watch out for oast domains, specially those used by Burp Suite and Burp Collaborator.

It’s been a couple busy weeks for defenders. Wonder how everyone’s doing.

This is one of the worst ways I've seen threat actors weaponize AITM. Once they're in, I can see them pull this off if an organization is not monitoring for BEC or WorkDay activity. The TTPs in the report show why combating BEC isn't just about password resets anymore.

JOJI NEW JOJI SONG HAS DROPPED!!!🗣️

Don't trust the Host header in HTTP, firstly - check DNS 🧐 Here #ACRStealer mimics Bitdefender (indicates the official website in this POST request, but the real IP is different) 🦎 C2: 87.120.219[.]223 tria.ge/251014-qd8j9aa… virustotal.com/gui/file/83b63… #stealer