New Kurdish Hacktivists Hezi Rash Behind 350 DDoS Attacks in 2 Months

New intelligence on Hezi Rash: See how the Kurdish group launched 350+ DDoS attacks and used DaaS platforms like EliteStress to lower entry barriers...

Malicious code in kurdish-time (npm)

The package kurdish-time was found to contain malicious code...

MAL-2025-24815 Malicious code in kurdish-time (npm)

The package kurdish-time was found to contain malicious code...

Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline , which is assessed with medium confidence to be a sub-cluster within OilRig, a known...

Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the...

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...

kurdishfirmware.com Cross Site Scripting vulnerability OBB-4036778

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusio...

Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group

Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps. Active since at least March 2020, the attacks leveraged as many as six dedicated Facebo...

StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks

The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group a.k.a. Promethium is operating a...

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to contro...

egerin.com XSS vulnerability

Open Bug Bounty ID: OBB-382699 Description| Value ---|--- Affected Website:| egerin.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

Learn Kurdish Language - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Learn Kurdish Language published at the 'play' market has multiple vulnerabilities...

WQFerheng - Kurdish Dictionary - Corrupted files, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application WQFerheng - Kurdish Dictionary published at the 'play' market has multiple vulnerabilities...

MoSpray Mambo Component <= 18RC1 Remote Include Vulnerability

No description provided by source. Kurdish Security MoSpray Remote File Include Vulnerability Original Advisory : http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Clas...

Radio istek scripti 2.5 - Remote Configuration Disclosure Vulnerability

No description provided by source. turkish radio php script ====================================================== RADIO istek scripti tr Version 2.5 tr Remote config Vulnerability ! Found by? :? kurdish hackers team ! C0ntact : pshela at YaHoo .com ! Groups : Kurd-Team ! site : www.kurdteam.org...

Lotus Core CMS 1.0.1 - Remote File Inclusion Vulnerabilities

No description provided by source. phpbb3 Lotus Core CMS v1.0.1 Remote File Include Vulnerabilities Discovered by : Ciph3r MAIL : [email protected] SP TANX4 : Iranian hacker & Kurdish Security TEAM CLASS : remote download cms: http://sourceforge.net/project/showfiles.php?groupid=215112 C0d...

phpRaid <= 3.0.b3 (phpBB/SMF) Remote File Inclusion Vulnerabilities

No description provided by source. Kurdish Security Advisory phpRaid Remote File Include PHPBB/SMF : Sosyalizim'de .srar insan olmakta .srard.r Abdullah Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com & [email protected] Script : phpRaid Script Website :...

Advanced Comment System 1.0 - Multiple RFI Vulnerabilities

No description provided by source. ====================================================== Advanced comment system1.0 Remote File Inclusion Vulnerability ! Found by : kurdish hackers team ! C0ntact : pshela at YaHoo .com ! Groups : Kurd-Team ! site : www.kurdteam.org...