Mohamed Mater🇵🇸

rip

34306.lol support iOS 17.2.1 and lower

A Rust dev just killed Headless Chrome. It's called Obscura. The open-source headless browser purpose-built for AI agents and scrapers at scale. Chrome vs Obscura: - Memory: 200MB+ → 30MB - Binary: 300MB+ → 70MB - Page load: 500ms → 85ms - Startup: 2s → Instant - Anti-detect: None → Built-in Single binary. No Node, no Chrome, no dependencies. Stealth mode is brutal: → Per-session fingerprint randomization (GPU, canvas, audio, battery) → 3,520 tracker domains blocked by default → navigator.webdriver masked to match real Chrome → Native function masking so detectors can't sniff it out Drop-in replacement for Puppeteer and Playwright over CDP. Zero code changes. If you run agents or serious scraping at scale, this repo prints money. 100% Opensource.

@laser_cool_gal @M4lcode Can you provide? I think you mean a different one

@M4lcode that kit was already out on github 6 months ago

@vxdb Soc analyst in jurassic world

average soc analyst setup

Nice work @Micro0x00

An open directory at 104.164.55[.]107 contains dropper files with .vrf extensions, and an exposed dashboard tracking active Vidar & Santa Stealer infections. One of the files, pack.vrf uses powershell to send a request to the server (http://104.164.55[.]107/counter.php?u=we&v=12_17.11&m=r&p=v), then contacts two domains, syncedltd[.]com & luminados[.]com to download one of the above stealers. win+r under the Method column likely refers to an ongoing ClickFix style campaign. A TLS certificate on port 443 with a not so creative subject common name of 'vid-bot-server' is shared by 3 additional IPs: 206.245.132[.]40 206.245.132[.]250 104.164.55[.]88 Hashes: pack.vrf - 6b32d3ccda20f0fc03b014e47fd53fcb7fc36e66d84ccfd57d79e5394db08a48 mshta.vrf - b319bd08f83d2a63988f8878bb4570962e0c2b56096506d862a517f126eb3f82 #Vidar #santastealer

@kimmydotzip @loop0420 @h4x0r_dz also believe that some hackers have no knowledge; they buy stealers and distribute it without understanding how they work, so they leave themselves vulnerable.

@kimmydotzip @loop0420 @h4x0r_dz ِActually, it's not just the entire UI. Over the last 3 weeks, I've been working on this: hackers can be targeted through their infrastructure tried via web panel and stealer panel also C2 infra. I saw multiple using vibe coding; others use default creds

#Lazarus C2 Control Panels & About How They Use AI to Industrialize Attacks on Developers #AiSecurity expel.com/blog/inside-la…

Lovable has a mass data breach affecting every project created before november 2025. I made a lovable account today and was able to access another users source code, database credentials, AI chat histories, and customer data are all readable by any free account. nvidia, microsoft, uber, and spotify employees all have accounts. the bug was reported 48 days ago. its not fixed. They marked it as duplicate and left it open.

I vibe coded a tool that fetches your 𝗛𝗮𝗰𝗸𝗲𝗿𝗢𝗻𝗲 programs' 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 scope, downloads the APKs via 𝗮𝗽𝗸𝗲𝗲𝗽, and decompiles them with 𝗷𝗮𝗱𝘅 — all in one go. github.com/0xbartita/h1-a… #hackerone #bugbountytips #android

🚨Cyber Alert ‼️ 🇪🇬Egypt - 𝗕𝗲𝘁𝘁𝗲𝗿 𝗛𝗼𝘂𝘀𝗲 Payload hacking group claims to have breached Better House. Allegedly, the attackers exfiltrated 46 GB of data. Threat actor: Payload Sector: Professional / Scientific / Technical Data exposure (claimed): 46 GB of data Data type: Not specified Observed: Apr 20, 2026 Status: Pending verification ESIX©: 5.04 Full details and impact assessment on HackRisk.io

🇪🇬 Egypt: Gold Investment Platform Database Allegedly Leaked A threat actor is offering a dataset claimed to belong to taiseer.co, an Egyptian mobile platform focused on gold investment. 📊 Key Details: • Target: taiseer.co (Egypt gold investment app) • Volume: ~71,000 users • Format: MySQL dump (CSV) • Core data: ~71,000 unique email addresses 🧠 Claimed Data Scope: • Email addresses (confirmed in sample description) • Potential additional fields (not fully disclosed): User account details Platform activity data 🧠 Threat Intelligence Insight: • Focus on email-only value suggests: Dataset likely intended for spam/phishing campaigns Lower-tier monetization compared to full PII dumps • However, context matters: Users are financially engaged (gold investment) Makes them high-value phishing targets ⚠️ Assessment: • Medium credibility Specific user count and format provided No detailed sample beyond description Could be: Scraped user base Partial leak or marketing database ⚠️ Potential Impact: • Targeted financial phishing campaigns • Investment scams impersonating the platform • Credential stuffing if reused emails 📊 Status: Unverified — monitor for further proof or samples #CyberSecurity #DataLeak #Egypt #FinTech #ThreatIntel #DDW

I pointed claude opus at chrome and told it to build a full v8 exploit for discord. A week of back-and-forth pulling it out of dead ends. 2.3B tokens. $2,283 in API costs, and it popped a shell. hacktron.ai/blog/i-let-cla…

I have been using AIs to find bugs recently and came across a cool site-wide DOM-XSS using Cookie Injection, here is the story of the finding and current state of bug hunting... @renwa/site-dom-xss-using-cookie-injection-the-ai-hackers-are-coming-faster-than-you-think-3ef82f2a991d" target="_blank" rel="nofollow noopener">medium.com/@renwa/site-do…

CTF in 2026

Added a writeups page to my HTB AD machines list, each machine now links to the @ippsec video and @0xdf_ writeup github.com/seriotonctf/Ha…