🔥Telegram İfşa

New Pixnapping Attack: allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561) Pixnapping is not fixed and probably affects all Androids. PoC: Not available yet. Steal 2FA codes 👇

CVE-2025-59287 WSUS Remote Code Execution hawktrace.com/blog/CVE-2025-… #infosec #wsus #cve-2025-59287

You all nailed the last one ! CVE stands for Common Vulnerabilities and Exposures! Now, let’s see who’s been paying attention at THCon: which speaker coined the “CV Enhancer” acronym during a THCon talk? 1️⃣Lucas Georget 2️⃣Jiska Classen 3️⃣Daniel Gruss 4️⃣Théo Gordyjan

Confirmed! Team DDOS (kiddo & Freddo Espresso 🧊) used an octo-symphony of 8(!) different bugs to complete their SOHO Smashup of the QNAP Qhora-322 + TS-453E. They earn themselves $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OIreland

Credential Guard was supposed to end credential dumping. It didn't. Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️ ghst.ly/4qtl2rm

Well done everyone for last week's quiz! The answer was Jiska! This week's question: What is Quishing? 1️⃣ A quantum encryption attack 2️⃣ A voice phishing attack 3️⃣ A 20th century Norwegian scientific 4️⃣ An attack which involves replacing a QR code with a malicious one

Hello everyone! 👋 You can already save the date for our next edition, the THCon 2026, taking place on the 5th and 6th of May! 🎉

Analysis of LockBit ransomware - version 4.0. chuongdong.com/reverse%20engi…

Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here: semperis.com/blog/exploitin… 🙃

Ready for THCon 2026 ? In the meantime, you can (re)watch some highlights of the previous years. This is a short extract from "Bringing the Science of Cybersecurity out of the Dark Ages" presented in 2025 by @[email protected] 👉 youtu.be/pDwSHoT2g2I?t=…

I have released an OpenGraph collector for network shares and my first blogpost at SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 specterops.io/blog/2025/10/3…

Here's the answer : Quishing is an attack which involves replacing a QR code with a malicious one ! (cloudflare.com/learning/secur…) Now it's time for the new question : Human error accounts for what percentage of cyber breaches ? 1️⃣35% 2️⃣50% 3️⃣75% 4️⃣95%

The Call for paper is open for THCon 2026 ! You can find all relevant information at thcon.fr/cfp/ There are some news this year regarding the submission formats and talks length, so be sure to check it out !

Here's the answer to last week's quiz: human error accounts for 95% of cyber breaches (see infosecurity-magazine.com/news/data-brea…) Time for a new one: What does MFA stand for? 1️⃣ Main Firewall Access 2️⃣ Malware Free Account 3️⃣ Multi-Factor Authentication 4️⃣ Manual File Approval