RedShell: A Generative AI-Based Approach to Ethical Hacking

The application of Machine Learning techniques in code generation is now a common practice for most developers. Tools such as ChatGPT from OpenAI leverage the natural language processing capabilities of Large Language Models to generate machine code from natural language descriptions. In the...

infosec-notebook

infosec-notebook Personal cybersecurity notes and references...

PT-2026-31710

Name of the Vulnerable Software and Affected Versions WishList Member X versions prior to 3.29.1 Description A flaw allows users with subscriber privileges to perform arbitrary file uploads. This occurs when the application fails to properly validate files uploaded by users with low-level...

Russian hacking group targets home and small office routers to spy on users

British security officials found that a group linked to the Russian military is spying on users of compromised Small Office/Home Office SOHO routers in a broad cyber espionage campaign. A Microsoft blog goes into the technical details of these attacks. The group, which we’ll refer to as APT28, bu...

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

In Telegram groups, men are sharing thousands of nonconsensual images of women and girls, buying spyware, and engaging in doxing and sexual abuse...

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3...

Possible US Government iPhone Hacking Tool Leaked

Wired writes alternate source: Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install...

Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M

A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’...

Humza-Ahmed-Week-5-Ethical-Hacking-Exploiting-Vulnerabilities

Humza-Ahmed-Week-5-Eth...

Hacking a Robot Vacuum

Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that...

Malicious code in project47 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a3f77d5ebfcf087b4f055d7ce552ee0165eadf99d8cc6dcd0f3c767393099d27 Facebook hacking tool that also forces the user to follow specific accounts --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-1412 Malicious code in project47 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a3f77d5ebfcf087b4f055d7ce552ee0165eadf99d8cc6dcd0f3c767393099d27 Facebook hacking tool that also forces the user to follow specific accounts --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-1410 Malicious code in ighack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 889207a729f6b97c385d6c0afe217776d10331cdf7e5dd511f80e0d01e899842 Instagram hacking tool that besides abusing the Instagram API, also automatically uses user's credentials to follow hardcoded accounts. --- Category: MALICIOUS...

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shar...

Cybersecurity AI: Hacking Consumer Robots in the AI Era

Is robot cybersecurity broken by AI? Consumer robots -- from autonomous lawnmowers to powered exoskeletons and window cleaners -- are rapidly entering homes and workplaces, yet their security remains rooted in assumptions of specialized attacker expertise. This paper presents evidence that...

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence AI-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed...

Israel Hacked Traffic Cameras in Iran

Multiple news outlets are reporting on Israel's hacking of Iranian traffic cameras and how they assisted with the killing of that country's leadership. The New York Times has an article on the intelligence operation more generally...

The research never stops: Zhiniang Peng’s security research story

Some security researchers discover hacking early. Others discover it accidentally. For Zhiniang Peng, it started with curiosity and cybersecurity magazines...

A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals

A highly sophisticated set of iPhone hijacking techniques has likely infected tens of thousands of phones or more. Clues suggest it was originally built for the US government...

Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages

Major Pakistani TV channels, including Geo News and ARY News, were hit by a coordinated cyberattack on 1 March 2026. Hackers took control of live satellite feeds to display unauthorised messages. Read more about the breach, the regional impact, and the reported counter-cyber response...