hackspace

This blog post provides an in-depth analysis of #Turla's #Kazuar v3 loader and how it tries to slip past modern defenses: • Sideloading via MFC satellite DLLs • Control flow redirection trick (+ POC) • Patchless ETW and AMSI bypasses (+ POC) • Extensive COM usage for registry, file and folder operations (+ partial POC) • Strings encryption (+ IDAPython decryption script) • Including IOCs and Yara rules https://r136a1.dev/2026/01/14/command-and-evade-turlas-kazuar-v3-loader/

Today we are disclosing the details of CVE-2025-64155, an unauth argument injection leading to root remote code execution affecting the Fortinet FortiSIEM. Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog. https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/

The current 25H2 build of Windows 11 and future builds will include increasingly more AI features and components. This script aims to remove ALL of these features to improve user experience, privacy and security. https://github.com/zoicware/RemoveWindowsAI

DeepSeek released a desktop automation agent that runs locally. It can use any desktop app, opens files, browses websites, and automates tasks without cloud connections. 100% Open-Source. https://github.com/bytedance/UI-TARS-desktop

Extracts Windows SAM and SYSTEM files using Volume Shadow Copy Service (VSS) with multiple exfiltration options and XOR obfuscation: Lists Volume Shadow Copies using VSS and creates one if necessary Extracts SAM and SYSTEM files from the Shadow Copy Uses NT API calls for file operations (NtCreateFile, NtReadFile, NtWriteFile) Supports XOR encoding for obfuscation Exfiltration methods: Local save or Network transfer https://github.com/ricardojoserf/SAMDump

Comprehensive Guide: Reverse Engineering Tutorials for Beginners

#Lazarus Group’s Famous Chollima uses GitHub spam, fake recruiters, and AI interview tools to slip into finance, crypto, and healthcare companies as “IT workers”. 👨‍💻 Get a rare inside view of how these operatives work, communicate, and attempt to maintain access. https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/

To truly understand how important privacy solutions such as Monero (XMR) are, you first need to learn how transactions involving pseudonymous cryptocurrencies (BTC, ETH, SOL, etc.) can be traced. Crypto Asset Tracing Handbook: "[...] seeks to provide clear and practical guidance to help a broader audience understand the basic framework of on-chain tracing, learn how to use key tools, and strengthen their ability to assess and respond to on-chain risks." https://github.com/slowmist/Crypto-Asset-Tracing-Handbook/blob/main/README_EN.md

Simple liner for CVE-2025-55182 React2Shell: subfinder -dL wildcards.txt -all -recursive > subs.txt Nuclei -t CVE-2025-55182.yaml -l final.txt Add FOFA, Shodan,Zoomeye filters : vul.cve="CVE-2025-55182" , asn="REDACTED" && (app="Next.js" || app="React.js") #infosec#cybersec

https://github.com/ynsmroztas/NextRce

https://www.youtube.com/watch?v=oVQqd-MWgII