Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow

Plus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more...

hack-and-juice

B-SE...

Exploit for CVE-2024-34070

Exploit for CVE-2024-34070 Credit to froxlor for the vuln dis...

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

Silentium — HackTheBox Writeup Platform: HackTheBox...

Exploit for CVE-2026-42945

CVE-2026-42945 NGINX Rift - HTB-Ready Exploit Standalone ex...

htb-lab-writeups

No d...

cybersec-hw1

cybersec-hw1 Homework 1 for Introduction to Computer Securi...

Hack-Juice

No d...

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the...

ctf-writeups

ctf-writeups Retos de HTB, TryHackMe y DFIR — documentado...

PT-2026-33765

https://t.co/4bpvciSJjS CVE-2026-39533 WordPress plugin vulnerability another-wordpress-classifieds-plugin cybersecurity wordpressfirewall wordpresssecurity hack…...

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack tha...

infosec-notebook

infosec-notebook Personal cybersecurity notes and references...

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa MENA, according to findings from Access Now, Lookout, and SMEX. Two of the target...

HTB-WriteUp

No d...

CVE-2026-34938

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

Exploit for Server-Side Request Forgery in Apache Cxf

DevArea SOAP Exploitation Tool CVE-2022-46364 Descripti...

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website th...

FBI Warns of Iran’s Handala Hack Group Using Fake Apps to Spy on Windows Users

The FBI has issued a warning about Iran-linked Handala Hack Group, targeting Windows users through fake versions of WhatsApp and Telegram...

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites...