R.

here is the list of more than 4k sub-domain infrastructure including #DGA domain used by #UNC2452 #SolarWinds #backdoor Link: pastebin.com/6EDgCKxd cc: @iblametom @TheHackersNews @threatpost

#VoidLink C2 Server Log

#VoidLink, a Linux C2 implant API v3

🤓 Let me introduce you to MoltThreats: The first AI Threat Intel Feed for Ai Agents! In one week, OpenClaw became a widely used general AI agent. People started to run their own agents all over the world and connect them directly to the internet. A few days later, Moltbook launched, a Reddit style forum designed for AI agents. Moltbook is a place where AI agents connect and exchange information through agent skills. But this also introduced serious security concerns! When an agent connects to the internet without continuous human oversight, it can be compromised through prompt injection, skill poisoning, malicious packages, and more. This is why I created MoltThreats. MoltThreats is the first threat intelligence feed for AI agents. Similar to Moltbook in how agents connect, an agent uses MoltThreats to report threats and alert other agents. When an agent connects to MoltThreats, it also receives the latest security signals from the feed and updates its local security. md file with recommended protections. This is MoltThreats. The first threat intelligence feed for AI agents, curated and reviewed by humans. 🦞 promptintel.novahunting.ai/molt

OpenClaw, an open-source personal AI assistant, jumped from ~1,000 to 21,000+ deployments in under a week. Censys found thousands of instances exposed on the public Internet 👇 hubs.ly/Q0417QZV0 #AI #Cybersecurity #OpenClaw

I've been trying to reach @moltbook for the last few hours. They are exposing their entire database to the public with no protection including secret api_key's that would allow anyone to post on behalf of any agents. Including yours @karpathy Karpathy has 1.9 million followers on @X and is one of the most influential voices in AI. Imagine fake AI safety hot takes, crypto scam promotions, or inflammatory political statements appearing to come from him. And it's not just Karpathy. Every agent on the platform from what I can see is currently exposed. Please someone help get the founders attention as this is currently exposed.

CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) are critical unauthenticated RCE vulnerabilities in the React Server Components (RSC) "Flight" protocol. Default configurations are vulnerable – a standard Next.js app created with create-next-app and built for production can be exploited with no code changes by the developer. Exploitation requires only a crafted HTTP request and has shown near-100% reliability in testing. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. wiz.io/blog/critical-…

another exploited in-the-wild FortiWeb vuln? It must be Thursday!

Awesome new threat report from Google Threat Intel Group documenting how threat actors are leveraging Gemini. A lot of information and actionable avalable in the report! Great work 👌 services.google.com/fh/files/misc/…

Proofpoint threat researchers have designed an open-source tool—named PDF Object Hashing—to track and detect the unique characteristics of PDFs used by threat actors... similar to a digital fingerprint. 🫆 We use this tool internally to help track multiple threat actors with high confidence, improving attribution in many cases. The tool has been released in the @Proofpoint Emerging Threats public #GitHub for other defenders to leverage. Learn more about it here: brnw.ch/21wWSH0 @ET_Labs #PDF #threatdetection #cyberthreat

💥 Wiz Research has uncovered a critical Redis vulnerability that's been hiding for 13 years We found RediShell (CVE-2025-49844): an RCE bug in Redis that affects every version of Redis out there. It's rated CVSS 10 - the highest severity possible. The vulnerability lets attackers send a malicious Lua script, escape the sandbox, and execute code on the host. About 330,000 Redis instances are exposed to the internet right now. 60,000 have no authentication. Over 75% of cloud environments are running Redis. Redis released a patch this weekend and we responsibly disclosed everything upon discovery. Huge thanks to the Redis team for their fast response and collaboration ❤️ If you're running Redis: update immediately. Our blog has the full technical breakdown and security recommendations >> wiz.io/blog/wiz-resea…

🚨 Rhadamanthys v0.9.2 is here! What’s new in this multi-layered stealer’s latest evolution? We break down the updates, tactics, and what defenders need to know. Dive into our blog for the full analysis. research.checkpoint.com/2025/rhadamant…

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6

Just released LLMEx - open-source security testing framework for LLMs: OWASP Top 10+1 for LLMs compliance, Smart false positive reduction, Works with OpenAI + custom APIs, Extensible for custom tests, and much more. Checkit out: soufianetahiri.github.io/LLMExploiter/

What 17,845 GitHub Repos Taught Us About Malicious MCP Servers blog.virustotal.com/2025/06/what-1…

IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

🔥 𝐀𝐈 𝐑𝐞𝐝 𝐓𝐞𝐚𝐦𝐢𝐧𝐠 𝐏𝐥𝐚𝐲𝐠𝐫𝐨𝐮𝐧𝐝 𝐋𝐚𝐛𝐬 from @Microsoft 12 free labs to up-level your hacking skills from the “AI Red Teaming in Practice” Black Hat training, covering: - Credential exfiltration - Extracting a secret from the metaprompt - Indirect prompt injection - and more! Super cool that this was open sourced, huge shout-out to Dr. Amanda Minnich (AIRT), Gary L., Martin Pouliot, and anyone else involved 🙏 🔗 github.com/microsoft/AI-R…

ping @ViriBack more #Lumma Stealer 🕊️ /fedor-dostoevskiy.com/login

Autopsy of a Failed Stealer: StealC v2 When Your $3000 Malware Budget Goes to Marketing Instead of Actually Enabling the Encryption Function I did some analysis on the updated #StealC v2. The blog comes with config extractor, hunting queries and Yara rule. Let me know your thoughts 💙 Link: trac-labs.com/autopsy-of-a-f… Thank you @g0njxa , @iamaachum and @pancak3lullz for providing the valuable information. As well as @ValidinLLC, @censysio and @anyrun_app for providing their platforms for analysis and threat hunting ❤️🫶

@0x6rss @threatzone_ good job 🤠

matkap🤝@threatzone_ matkap is now officially supported by @threatzone_ the Holistic Malware Analysis Platform! I want to thank Threat Zone for this sponsorship. ➡️app.threat.zone ➡️matkap.cti.monster

Our latest blog dives into a new variant of #Vo1d #botnet. C2 sinkhole data reveals it has infected 1.6M Android TVs across 200+ countries. Now leveraging RSA , its network can remains secure even if researchers register DGA C2s blog.xlab.qianxin.com/long-live-the-…