xlabs_v1 Mirai Botnet Exploits ADB to Build IoT DDoS-for-Hire Network
Hunt.io exposes xlabs_v1, a Mirai-derived botnet hijacking IoT devices via exposed ADB on port 5555.
Ciphers Security – Cybersecurity, OSINT, DFIR & Ethical Hacking Library
Latest News
Adversary-in-the-Middle Phishing Campaign Hits GoDaddy ManageWP via Google Ads
Guardio Labs exposes an AitM phishing campaign using Google sponsored ads to steal ManageWP credentials.
CVE-2026-26956: Critical vm2 Sandbox Escape via WebAssembly Hits 1.3M-Download Node.js Library
CVE-2026-26956 (CVSS 9.8) lets attackers escape the vm2 Node.js sandbox via WebAssembly exception handling. Patch.
VoidStealer Bypasses Chrome App-Bound Encryption Without Code Injection or Privilege Escalation
VoidStealer v2.0 bypasses Chrome's App-Bound Encryption using a hidden debugger to extract the master decryption.
Dirty Frag: Public Root Exploit Hits All Major Linux Distros, Partial
Dirty Frag (CVE-2026-43284, CVE-2026-43500) is a Linux kernel LPE chain with a working public exploit..
CVE-2026-0300: Critical PAN-OS Zero-Day Gives Attackers Root Access to Firewalls
CVE-2026-0300 is a critical buffer overflow in Palo Alto PAN-OS firewalls actively exploited since April.
CVE-2026-0300: Unauthenticated Root RCE Zero-Day Actively Exploited in Palo Alto PAN-OS
CVE-2026-0300 is a CVSS 9.3 buffer overflow in PAN-OS User-ID Authentication Portal allowing root RCE..
Gemini CLI Prompt Injection Flaw Could Have Poisoned Google’s Own Supply
A critical prompt injection in Gemini CLI's --yolo mode allowed attackers to push arbitrary code.
Russia-Linked Hackers Breached Five Polish Water Treatment Plants, ABW Reports
Poland's Internal Security Agency reveals ICS breaches at five water treatment plants. Hackers gained control.
CVE-2026-6973: Ivanti EPMM Zero-Day Exploited, 850+ Servers Exposed
CVE-2026-6973 is a new Ivanti EPMM RCE zero-day being actively exploited. Patches released for 12.6.1.1,.
TrustFall: AI Coding Agents Exploitable with One Enter Keypress
TrustFall attack shows how malicious repos can hijack Claude Code, Cursor, Gemini CLI, and Copilot.
CVE-2025-68670: Critical Pre-Auth RCE in xrdp Exposes Linux Remote Desktop Servers
CVE-2025-68670 is a CVSS 9.8 pre-authentication RCE buffer overflow in xrdp Linux remote desktop. Upgrade.
MOST VIEWS POST
Blog
Port Scanning Techniques: Nmap, Zenmap, and Scanning Through Firewalls
Master every port scanning technique in Nmap: SYN, NULL, FIN, Xmas, Idle scans, firewall.
Oracle Monthly Critical Security Patch Updates (CSPU) Guide: Runbook Changes and Verification Automation
Oracle's monthly critical security patch update (CSPU) starts May 28, 2026. Update your runbook.
SHA-1 Algorithm Explained: How It Works, Step by Step
A step-by-step technical breakdown of the SHA-1 algorithm — padding, message schedule, 80-round compression,.
VENOMOUS#HELPER RMM Detection: Stop SimpleHelp and ScreenConnect Backdoors
VENOMOUS#HELPER hit 80+ orgs via SimpleHelp and ScreenConnect backdoors. Detection checklist, KQL queries, PowerShell.