Attacks & Vulnerabilities |
Everest Ransomware Claims Breach at Nissan, Says 900GB of Data Stolen (2 minute read)
The Everest ransomware group claimed to have breached Nissan Motor Corporation, posting screenshots on their dark web leak site showing directory structures with 900GB of allegedly stolen data, including dealership information, financial records, and operational documentation in .csv, .txt, .pgp, and .xls formats. The group issued a five-day deadline before public release, continuing their aggressive 2025-2026 campaign that has targeted ASUS, Chrysler, AT&T, and other major organizations. This marks Nissan's third significant security incident in recent years, following the Qilin ransomware attack on its design subsidiary and the 2023 breach affecting over 100,000 individuals. |
Spanish Energy Company Endesa Hacked (3 minute read)
Hackers broke into Spanish utility Endesa's commercial systems and accessed customer data of over 20 million customers, including identification details, national ID numbers, contract information, and IBAN payment data. The company says passwords were not exposed, operations remain normal, and extra security measures and monitoring are in place. |
Target's Dev Server Offline After Hackers Claim to Steal Source Code (2 minute read)
An unknown threat actor has claimed to have stolen a trove of Target's internal source code and documentation and is selling it on dark web marketplaces. After BleepingComputer contacted Target for comment, the files were taken offline, and Target's Git server became inaccessible from the internet. Multiple Target employees have confirmed that the source code samples are legitimate. |
|
OID-See: Giving Your OAuth Apps the Side-Eye (26 minute read)
OAuth in Microsoft Entra creates complex webs of apps, permissions, and identities that are hard to reason about with tables alone, so modelling everything as a graph reveals abuse paths such as impersonation and long‑lived access that would otherwise stay hidden. OID-See uses Microsoft Graph to map service principals, delegated scopes, app roles, ownership, assignments, and reply URLs into a graph-backed analysis. It then layers scoring and enrichment to highlight risky apps, misleading Microsoft-shaped metadata, and dangerous patterns like broad reachability, wildcard redirects, and stale credentials. |
Stopping Kill Signals Against Your eBPF Programs (5 minute read)
When malicious processes gain elevated privileges, they can disable eBPF agents, weakening a system's security posture. To prevent this, defenders can hook security_task_kill to prevent kill signals from reaching the eBPF agent. However, this also blocks any kill signals sent by defenders, such as to upgrade the agent. Defenders can instead set the eBPF hook to accept a signed signal with a nonce for restarts. |
EventBridge Pattern Matching: A Field Guide (7 minute read)
EventBridge JSONs can become very complex quickly. AWS provides very little documentation to help parse them. Fields at the same level of the JSON are ANDed together, whereas values in an array are ORed together. If a user wants to apply an OR to two fields, they can use the $or operator. However, users should be careful when nesting $ors, as each branch gets expanded into additional sub-patterns that can become contradictory or complex to debug. This post also covers other operators and how to combine them to develop complex Boolean logic. |
|
Anthropic Launches Claude AI for Healthcare with Secure Health Record Access (2 minute read)
Claude for Healthcare enables Pro and Max subscribers in the US to connect health records via HealthEx, Function, and upcoming Apple Health/Android Health Connect integrations for medical history summarization and test result explanations. The implementation features privacy-by-design controls allowing users to manage data sharing permissions, with health data explicitly excluded from model training. Anthropic's Acceptable Use Policy requires qualified professional review of outputs for high-risk healthcare decisions, acknowledging AI limitations in medical contexts. |
RedTeam-Tools (GitHub Repo)
This GitHub repository contains a collection of 150+ tools and resources that can be useful for red teaming activities. Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context. |
|
GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials (4 minute read)
Check Point Research identified an upgraded GoBruteforcer campaign targeting cryptocurrency and blockchain project databases, exploiting weak credentials spread via AI-generated server-deployment tutorials and legacy XAMPP stacks that expose FTP and phpMyAdmin interfaces. The Golang-based botnet features an obfuscated IRC bot, dynamic credential lists that include crypto-focused usernames, and a module that queries TRON blockchain addresses for non-zero balances. Separately, GreyNoise observed 80,469 sessions over 11 days from threat actors systematically probing 73+ LLM endpoints across major AI providers, hunting for misconfigured proxy servers that leak API access. |
Dutch Port Hacker Sentenced to Prison (3 minute read)
A Dutch man was sentenced to seven years in prison for hacking port logistics systems in the Netherlands and Belgium to support cocaine smuggling operations. He used malware delivered via USB sticks, with help from an insider, to gain remote access, steal data, and intercept communications. |
Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam (3 minute read)
Dutch authorities have arrested a 33-year-old Dutch suspect at Schiphol Airport, accusing him and two linked companies of running AVCheck, a major counter-antivirus platform that lets criminals test and fine-tune malware against multiple security products. AVCheck, dismantled in May 2025 during Operation Endgame, allegedly helped attackers perfect campaigns by identifying which targets and defenses were easiest to evade. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| |
0 Comments