DarkOperator

How easy is CVE-2026-23918 to trigger? 🔸 One TCP connection. 🔸 Two frames. 🔸 HEADERS + immediate RST_STREAM (non-zero error code). That’s it → double-free in mod_http2, worker crashes. Researchers built a working RCE PoC using Apache’s fixed scoreboard + mmap allocator (default on Debian & official Docker). If you’re on 2.4.66 with mod_http2 + threaded MPM: patch to 2.4.67 now. (prefork MPM is safe)

NVIDIA confirms GeForce NOW data breach affecting Armenian users bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

🚨 QLNX, a previously undocumented #Linux RAT, is targeting developers and DevOps systems to steal npm, PyPI, AWS, Kubernetes, Docker, and CI/CD credentials. The malware uses fileless execution, PAM backdoors, eBPF rootkits, and 58 remote commands to maintain covert access and hijack software supply chains. Learn more about QLNX here: thehackernews.com/2026/05/quasar…

We uncovered a new Brazilian banking trojan campaign: TCLBANKER. What makes TCLBANKER notable isn’t just the malware itself, but how it spreads. The campaign uses compromised WhatsApp and Outlook accounts to propagate through trusted user relationships, deploys targeted banking overlays, and incorporates anti-analysis techniques designed to evade detection. For defenders, it’s another example of malware increasingly blending into legitimate user behavior and everyday communication channels, making detection harder and trust easier to exploit. Our latest research breaks down the infection chain, propagation methods, evasion tactics, and detection opportunities observed across the campaign. Read the full analysis: go.es.io/4ewvCKF

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. bleepingcomputer.com/news/security/…

📢⚠️ Researchers have uncovered #ClaudeBleed, a flaw in Anthropic’s Claude for Chrome extension that could let hackers hijack the AI assistant, steal Google Drive files, and access Gmail data. Read more: hackread.com/claudebleed-vu… #CyberSecurity #AI #ClaudeAI #Chrome #Anthropic

The multiplying kernel exploits put most cloud infrastructure at risk. Learn more: cnews.link/two-critical-l…

🛑 REMINDER: Today, May 8, 2026 — #Instagram officially disabled end-to-end encryption for Direct Messages. • Meta can now read all your chats. • Download everything NOW or lose it. • Switch to WhatsApp for encryption. Details: thehackernews.com/2026/03/meta-t…

Señores @ANLA_Col ¿Donde puedo obtener el listado actualizado de Certificados de Emisiones por Prueba Dinámica para consulta de las autoridades competentes? El listado disponible en su sitio web se encuentra desactualizado desde Mayo 2024: anla.gov.co/noticias-anla/…

Cisco source code stolen in Trivy-linked dev environment breach bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Google Threat Intelligence Group is tracking an active supply chain attack 🔎 North Korea-nexus actor UNC1069 compromised the "axios" NPM package (v1.14.1 & 0.30.4), deploying the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux. Learn more: bit.ly/3NZR3Zv

⚡ WARNING - Axios npm (83M weekly downloads) was compromised, turning installs into a malware delivery path. Versions 1.14.1 and 0.30.4 pulled a fake dependency that dropped a cross-platform RAT, then erased evidence. Published using stolen maintainer credentials. 🔗 What happened and how the attack worked → thehackernews.com/2026/03/axios-…

@HackingDave 🤣 Don’t blame the dog. Maybe that owner doesn’t play enough 🤣

😂😂😂

@GOGcom “War Never Changes”

@DiDiFoodCOL Cual canal directo? No puedo enviarles DM si no me siguen!! Y que pasa con los reportes por la app? Por que los inhabilitan??

@DarkOperator @DarkOperator Hola. Hemos activado el canal de atención directa para continuar con el análisis de tu caso. Estaremos atentos a tu próximo mensaje para poder ayudarte lo antes posible.

@DiDiFoodCOL Estoy tratando de reportar un problema con una orden que llegó incompleta y aparece este mensaje en su app. Entonces??

@DiDiFoodCOL A ver, estoy esperando que me sigan para poderles escribir por DM. Necesito que me por favor me resuelvan.

@DarkOperator @DarkOperator Hola. Queremos revisar en detalle tu caso y realizar las validaciones pertinentes, para ello, te invitamos a contactarnos a través de DM. Te esperamos.

DM @DiDiFoodCOL estoy tratando de reportar un problema con una orden incompleta y su app no lo permite. La linea teléfonica de soporte indicada en su página web remite a la app. Con quien reporto el problema??

‼️FALLOUT GIVEAWAY‼️ 🔥Must Follow, Like, RT to enter! - Get an additional entry for tagging someone or leaving a comment on the post.🔥 🏆Winner announced - Jan 15th🗓️ 📦Ships world wide ANYONE can enter.🌎 ‼️‼️I will never ask for money, the winner will receive their items entirely free. This is the only page that will contact you should you win. As always winner chosen at random…. And as always will be tagged when they win in addition to DM from me.‼️‼️

＼🍀伊藤園×INGRESS💎10周年記念／ SNSキャンペーン #ITOEN_INGRESS_10th 抽選で100名様に 「ITO EN x Ingress Dispatch Challenge」 のパスコードをプレゼント🎁 💠応募方法💠 ✔️ @itoen_vdをフォロー ✔️ この投稿をリポスト 12/19(金)迄✨ ▼プレゼント詳細🎁 ＆応募規約 ▼ #伊藤園 #INGRESS