yottajunaid

🛡️ New NGINX Vulnerability Allows Remote Attackers to Trigger Malicious Code Source: cybersecuritynews.com/nginx-buffer-o… A new vulnerability in NGINX JavaScript (njs), tracked as CVE‑2026‑8711, allows unauthenticated remote attackers to trigger a heap‑based buffer overflow that can lead to denial‑of‑service and, in some conditions, remote code execution in the NGINX worker process. The flaw is tied to how the js_fetch_proxy directive handles client‑controlled variables when combined with the ngx.fetch() operation from NGINX JavaScript. The issue arises in the ngx_http_js_module module when js_fetch_proxy is configured with at least one client‑controlled NGINX variable such as , , or . #cybersecuritynews

@github if this is GitHub's own internal code—not just user repos—a buyer gets access to their auth stack, deployment secrets, and CI/CD pipelines. One backdoor planted there turns every GitHub repo into a trojan delivery system. Platform-wide supply chain apocalypse.

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

I2P and Tor are not the same thing. Tor = better for accessing the regular internet anonymously. I2P = better for internal darknet services. Wrong tool = false sense of security.

@DailyDarkWeb 15M GPS activity rows can map PLA base patrols. Just like Strava's 2018 heatmap exposed US bases, China's own fitness app could reveal troop movements. Passport + blood type already makes it a spy's dream.

🇨🇳 A threat actor is advertising the alleged sale of a full database dump tied to GeeXek, described by the actor as “China’s Strava.” According to the underground post, the allegedly exposed dataset contains highly sensitive user information, including: • Names • Email addresses • Birthdays • Passport numbers • Blood types • Physical addresses • Emergency contact information • Password-related data • Competitor/activity records reportedly totaling ~15 million rows The actor additionally claims: • The competitor/activity table alone is approximately 22 GB • User passwords are included • Ongoing access to the platform may still exist and is allegedly available for sale If authentic, this would represent a severe privacy and operational security incident because fitness and activity-tracking platforms can expose: • Geolocation patterns • Daily routines • Travel habits • Home/work location inference • Relationship mapping • Physical movement intelligence The inclusion of passport numbers and emergency contact information substantially increases the potential impact, enabling: • Identity theft • Fraud operations • Social engineering campaigns • Credential abuse • Physical security risks • Intelligence collection targeting high-profile individuals Fitness and sports platforms have historically attracted attention from: • Cybercriminal groups • Intelligence collectors • Nation-state actors • OSINT researchers This is largely due to the value of movement and behavioral metadata, especially when combined with: • Personal identifiers • Email addresses • Authentication data • Health or biometric-related information The reference to “many passwords” and alleged continued access is particularly concerning because it may indicate: • Persistent unauthorized access • Incomplete remediation • Ongoing compromise of backend systems • Potential supply-chain or admin-level intrusion Potentially affected users should: • Reset passwords immediately • Change passwords reused elsewhere • Enable MFA wherever possible • Monitor for phishing attempts • Review connected applications and OAuth access • Be cautious about location-sharing features Organizations operating fitness or location-based platforms should continuously monitor for: • Credential resale activity • Session token abuse • API scraping operations • Geolocation intelligence collection • Underground discussions involving athlete/user data This incident highlights the growing strategic value of: • Behavioral data • Movement intelligence • Health-related metadata • Consumer tracking ecosystems #DDW #Intelligence #CyberSecurity #DarkWeb #DataLeak #ThreatIntelligence #OSINT #Privacy #FitnessTracking #CyberCrime

@DarkWebInformer if this is GitHub's own internal code—not just user repos—a buyer gets access to their auth stack, deployment secrets, and CI/CD pipelines. One backdoor planted there turns every GitHub repo into a trojan delivery system. Platform-wide supply chain apocalypse.

🚨 GitHub source code allegedly offered for sale: Internal orgs and private repositories claimed A threat actor using the alias TeamPCP claims to be selling GitHub source code and internal organization data. The actor claims the dataset includes around 4,000 private repositories and says samples can be provided to interested buyers to verify authenticity. ━━━━━━━━━━━━━━━━━━━━ Target: GitHub Country: United States Sector: Technology / Software Development / Source Code Incident Type: Alleged Source Code Sale Claimed Exposure: Around 4,000 private repositories Actor: TeamPCP Price: Offers over $50,000 ━━━━━━━━━━━━━━━━━━━━ According to the post, the actor claims the material includes source code and internal organization data tied to GitHub’s main platform. The post also references a public file list and includes screenshots showing numerous repository archive names. Why it matters: If authentic, exposed source code and internal repository data could increase the risk of code review by hostile actors, vulnerability discovery, supply chain targeting, impersonation, phishing, and follow-on attacks against developer infrastructure. Status: This remains an unverified underground forum claim. The actor states this is not a ransom attempt and claims the data may be leaked publicly if no buyer is found. Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing

Should I not sleep?

@TheHackersNews DepthFirst AI spotted this, and attackers are already using Vulnhuntr (another AI tool) to find and exploit vulnerable servers automatically. The 18-year-old bug is now an AI vs AI battlefield. Patch NGINX to 1.30.1 and verify ASLR is on.

🚨 NGINX bug (CVE-2026-42945) now under active exploitation. Critical heap overflow in rewrite module. Attackers can crash workers with one request (possible RCE). Patch now if using NGINX ≤1.30.0. Check rewrite/if/set rules. Full details: thehackernews.com/2026/05/nginx-…

The Historical Evolution of Hidden Networks (1970s–Present) [Link in Profile}

Tails OS boots from a USB drive and leaves zero traces on the host machine. Unplug it and it's like you were never there. That's what real anonymity looks like.

@DarkWebInformer 4,371 driver's license scans + 600k rental dates = a map of empty homes. Address, DOB, photo all included. This isn't just identity theft; it's a physical threat to every customer's home while they're on vacation.

🚨🇯🇵 Okinawa Tourist Service allegedly breached: 600K+ customer records and ID document images advertised for sale A threat actor claims to be selling customer data tied to Okinawa Tourist Service, a Japan-based travel and transportation company operating rental car and tourism services. ━━━━━━━━━━━━━━━━━━━━ Target: Okinawa Tourist Service Sector: Travel / Transportation / Car Rental Incident: Data Leak / Sale Exposure: 600K+ customer records and 4,371 ID card image records Actor: sexybroker Country: Japan Date: 17/05/2026 ━━━━━━━━━━━━━━━━━━━━ What’s allegedly included: ▪ Customer records allegedly linked to Okinawa Tourist Service ▪ Names, kana fields, gender, and birth date data ▪ Address, ZIP/postal code, telephone, and email fields ▪ Age and social media-related profile fields ▪ Driver license numbers and license issue/expiration dates ▪ Driver license image references and front/back ID card scans ▪ CSV customer member database and image archive samples Potential impact: The exposed data could be used for identity theft, travel fraud, account impersonation, phishing, and targeted scams against rental car and tourism customers. Status: Unverified underground forum sale listing. The actor posted sample customer fields, archive counts, and driver license image previews as proof. Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing

@DailyDarkWeb 402k records with arrival/departure dates reveal exactly when families are away from home—empty houses. Children's names & ages also likely exposed. This isn't just a booking leak; it's a burglary & kidnapping threat.

🇫🇷 A threat actor is reportedly claiming the leak of a dataset allegedly associated with Belambra, a French hospitality and holiday resort network. According to the underground post, the claimed dataset allegedly contains approximately 402,000 records and is being distributed in JSON format. The post references data categories that may include: • reservation information • booking details • customer-related records • family and children-related booking metadata • stay duration and arrival/departure information At this time, the authenticity, scope, and sensitivity of the alleged dataset remain unverified. Hospitality and travel-related organizations remain frequent targets due to: • large customer databases • payment and reservation ecosystems • identity-rich booking information • loyalty program accounts • seasonal operational pressure • third-party integrations Potential risks associated with this type of exposure include: • phishing campaigns impersonating hotels or travel support • booking-related fraud • identity theft • social engineering attacks • account takeover attempts • scams targeting travelers and families Reservation and travel-related information can significantly enhance phishing effectiveness by allowing attackers to craft highly contextualized messages referencing: • upcoming stays • cancellations • refunds • loyalty benefits • booking modifications Organizations operating within hospitality and tourism sectors should monitor for: • suspicious customer support impersonation • phishing campaigns leveraging booking information • credential reuse attempts • underground redistribution of reservation data • abuse of exposed customer records Customers should remain cautious of unsolicited communications referencing reservations, refunds, payment updates, or travel itinerary changes. Threat actors frequently exaggerate dataset size or attribution in underground leaks, and independent verification of the alleged breach has not yet been established. #DDW #CyberSecurity #France #Hospitality #DataBreach #DarkWeb #ThreatIntelligence

Incognito mode hides your history from your browser. Not from: - Your ISP - Your employer - Your government - The websites you visit You've been misled.

@osintnewsletter @PimEyesOfficial PimEyes just cracked a 28-year-old fugitive case—UK police uploaded a 1997 mugshot and found the suspect hiding in Thailand within seconds, thanks to a neck blemish the AI matched. A scar or a mole can be the new digital fingerprint.

Got a face? @PimEyesOfficial will find where else it appears online - even in low quality images. 👤 One of the most powerful facial recognition search engines available to investigators. Learn more: tools.osintnewsletter.com/osint-tools/pi…

@DailyDarkWeb Leaked hierarchy and phone numbers reveal supply chain handoff points—perfect for planting fake buyers, intercepting shipments, or targeting semiconductor partners. This is economic espionage infrastructure.

🇹🇼 A threat actor is reportedly claiming the compromise of TAITRA, Taiwan’s official trade promotion organization operating across dozens of international offices. According to the underground post, the allegedly exposed information may include: • employee records • corporate email addresses • personal and office phone numbers • department assignments • job titles and management structures • internal organizational hierarchy data • overseas office information • team and reporting relationships The post references multiple international locations tied to TAITRA’s global operations, potentially indicating exposure affecting international business and trade-related infrastructure. At this time, the authenticity, scope, and operational impact of the alleged breach remain unverified. If legitimate, this type of exposure could present significant risks including: • spear-phishing campaigns targeting employees and executives • business email compromise (BEC) • corporate espionage • organizational mapping for future attacks • social engineering operations • targeting of overseas offices and international partners Trade promotion agencies and globally connected organizations are increasingly targeted due to: • international business relationships • geopolitical relevance • extensive contact networks • government-linked operations • cross-border communications infrastructure Organizations should monitor for: • phishing campaigns impersonating TAITRA personnel • credential compromise attempts • suspicious access to partner ecosystems • abuse of leaked organizational structure information • follow-on attacks targeting affiliated entities The publication of organizational hierarchy and contact mapping data can significantly enhance adversarial reconnaissance capabilities even without direct credential exposure. At this stage, independent confirmation of the alleged breach has not been established. #DDW #CyberSecurity #Taiwan #DataBreach #DarkWeb #ThreatIntelligence

I built a full breakdown of this in Module 3.1 at Master-Darknet 👇 yottajunaid.github.io/Master-Darknet… Which part of onion cryptography confuses you most? Drop it below. 👇 #OPSEC #CyberSecurity

Even if a private key is compromised later, past sessions remain secure — that's Perfect Forward Secrecy. But key management is still the weak point. Rotation. Expiration. Storage. Most operators get this wrong. That's how hidden services get taken down.

V2 onion addresses used 1024-bit RSA. That's now considered weak. Modern onion systems prefer ECC — Curve25519 for key exchange and Ed25519 for signatures — because it offers shorter keys, faster computation, and stronger security. V2 was deprecated in 2021. Stop using it.

In TOR v3 onion services, the .onion address is derived from a public key, the address itself is a cryptographic commitment. This is called self-authenticating naming. No DNS. No certificate authority. No third-party trust. You cannot fake a mathematically derived address.

When a TOR client builds a circuit, it performs a Diffie–Hellman key exchange with each relay, creating a unique symmetric session key per hop. github PKC is only used to bootstrap trust. After that — fast symmetric crypto takes over. Smart design. Most people never knew this.

PKC is the mathematical backbone of onion networks like TOR, I2P, and modern mixnets. It solves 4 problems at once: → Key exchange over untrusted networks → Auth without revealing identity → Self-authenticating addresses → Forward secrecy No other system does all 4.

Every TOR relay has 3 keys. A long-term identity key. A signing key. Short-term onion keys. Relays publish signed descriptors so clients can verify authenticity without knowing who operates the relay. You trust the math. Not the person.