Oluwaseun 🌐💻

i hope my sister gets everything she wants in life.

🚨Cyber Alert ‼️ 🇳🇬Nigeria - 𝗡𝗡𝗣𝗖 𝗛𝗲𝗮𝗹𝘁𝗵 𝗠𝗮𝗶𝗻𝘁𝗲𝗻𝗮𝗻𝗰𝗲 𝗢𝗿𝗴𝗮𝗻𝗶𝘀𝗮𝘁𝗶𝗼𝗻 XP95 hacking group claims to have breached NNPC Health Maintenance Organisation. Threat actor: XP95 Sector: Financial / Insurance Data exposure (claimed): 200,000 user records Data type: Personal data Observed: Apr 08, 2026 Status: Pending verification ESIX©: 5.73 Full details and impact assessment on HackRisk.io

Malware Analysis Tutorials: a Reverse Engineering Approach fumalwareanalysis.blogspot.com/p/malware-anal…

🚨Cyber Alert ‼️ 🇳🇬Nigeria - 𝗜𝗻𝗱𝘂𝘀𝘁𝗿𝗶𝗮𝗹 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗙𝘂𝗻𝗱 (𝗜𝗧𝗙) NormalLeVrai claims to have breached an Industrial Training Fund employee’s email, allegedly accessing 92 government files including emails, financial records (2019–2026 salaries), budgets, internal documents, and employee/contact data. Threat actor: NormalLeVrai Sector: Gov / Mil / LE Data exposure (claimed): Not specified Data type: Emails, financial records and employee data Observed: Apr 2, 2026 Status: Pending verification ESIX©: 5.79 Full details and impact assessment on HackRisk.io

I finished the Hack the Box COAE cert the day it came out (by about an hour lol) report and all, really was going for first globally. Gonna be close if nothing else! Review coming next week for the cert portion. If you’re interested in a review of the ai red teaming course that is already live on my personal website. I Throughly enjoyed the course and test, saying it opened my mind to a deeper level of systems thinking overall would not be an under statement.

coming here to casually drop that I passed the OSCP exam and maybe the ultimate reason I went offline, I have a lot to write, but first I would like to say thank you to everyone of you, my community for your support, this is by far one of the nicest things to happen to me,

FCMB: Sophisticated API exploitation resulted in the successful siphoning of ₦677 million from a ₦3.5 billion fraudulent attempt. Sterling Bank: A critical middleware vulnerability enabled the exfiltration of sensitive PII for over 900,000 customers. Remita: A massive cloud misconfiguration exposed 3TB of archival data, including transaction logs and infrastructure blueprints. Here is a clean technical breakdown of these incidents: 1. FCMB: The ₦3.5 Billion Heist This was a logic based exploitation of the bank's digital transaction pipeline Attackers identified a flaw in the API reconciliation layer, specifically involving the Payattitude integration By exploiting this vulnerability, hackers initiated transactions that the system validated as successful even though the source accounts were unfunded. This is known as a Zero Balance or Double Spend exploit. While the system eventually flagged the anomaly at the ₦3.5 billion mark, the latency in the bank's real-time fraud monitoring allowed ₦677 million to be successfully routed to mule accounts and withdrawn before the kill switch was activated. 2. Sterling Bank: The 900k+ Record Exfiltration This event was kinda like a Network Intrusion targeted at customer identity data, allegedly carried out by the threat actor ByteToBreach. The breach targeted a critical vulnerability in the Oracle WebLogic Server. This middleware sits between the public facing applications and the bank’s private databases. Attackers bypassed authentication to extract roughly 2.2 GB of data. The data contained Personally Identifiable Information (PII) for over 900,000 customers, including names, contact details, and internal Customer Information File (CIF) numbers. This data is highly valuable for "Social Engineering 2.0, where scammers use real account details to trick victims into revealing OTPs or other lateral valuable infos 3. Remita: The 3TB S3 Infrastructure Exposure This was a Critical Cloud Misconfiguration representing one of the largest infrastructure level exposures in the Nigerian fintech space A massive Amazon S3 Bucket (Cloud Storage) was left in a Public Read state. This meant the data was accessible to anyone with the endpoint URL, requiring no hacking tools or passwords to download The volume 3 Terabytes indicates an entire archival Data Lake was exposed. This typically includes millions of individual files and logs accumulated over years 800GB+ of KYC Documents, Massive troves of sensitive personal data, including Passports, Government IDs, Bank Statements, and Utility Bills Core Databases: Full exports of MySQL and Postgres databases, including three primary databases and over 35,000+ password hashes The Master Keys: Exposure of Government HSM (Hardware Security Module) keys, which are used to encrypt and authorize high-level financial transactions Developer Blueprints: Source code, Docker registries, and GitKraken-to-S3 backups, providing a literal how-to guide for attackers to find further vulnerabilities in the system's logic The exposure included transaction archives, RRR (Remita Retrieval Reference) metadata, and internal system logs. Most dangerously, logs of this size often leak secrets such as API keys and session tokens, which provide a roadmap for attackers to move laterally into other connected financial systems what can we do

‼️🇳🇬 A massive breach allegedly from Remita, a major Nigerian payment processing platform, has been leaked on a popular cybercrime forum. ▪️ Total Size: ~3TB of S3 storage ▪️ Data Includes: 800GB+ of KYC documents (IDs, passports, photos, bank statements, electricity bills), MySQL/Postgres databases, logs, docker registries, source codes, government HSM keys, GitKraken to S3 backups ▪️ Source codes, 35,000+ password hashes, and three databases

🚨Cyber Alert ‼️ 🇳🇬Nigeria - 𝗦𝘁𝗲𝗿𝗹𝗶𝗻𝗴 𝗕𝗮𝗻𝗸 𝗟𝘁𝗱 Threat actor ByteToBreach claims to have breached Sterling Bank Ltd, alleging the compromise of customer and employee data linked to approximately 900,000 accounts and over 3,000 staff. Threat actor: ByteToBreach Sector: Financial / Insurance Data exposure (claimed): 900,000 customer accounts and 3,000 employee records Data type: Banking records, identity documents (BVN, NUBAN, passport and driver’s licence), transaction histories, loan records, credit scores, and employee data Observed: Mar 27, 2026 Status: Pending verification ESIX©: 6.18 Full details and impact assessment on HackRisk.io

@instablog9ja F9

Be Honest, How Would You Rate NEPA in Your Area? ⚡📊🤔

@Levi_Hack3rman @yeswehack Congrats

Yaaay 🎉🎉🎉 Just found my first valid bug. Thank you @yeswehack

Cybersecurity is not about what you know, it is about what you can do 🔐 👉 Limited-time offers: bit.ly/4bAakbY Build real skills with hands-on labs and certification prep before March 26. #CyberSecurity #InfoSec #TechSkills

@instablog9ja Lmao

“Banking no dey shout… but money dey talk 😏💸” Do you agree or cap? 👀👇

@instablog9ja Fuel

Which Product Would You Bring Back to ₦100? 💸🤔

AV/EDR Lab Environment Setup A curated list of various resources helpful in building own malware-centric research lab. A post by Udayveer Singh (@m4lici0u5) Source: an0nud4y.notion.site/AV-EDR-Lab-Env… #redteam #blueteam #maldev #malwaredevelopment

Hi @RaenestApp I am a Security Engineer and a student. The essential Item missing from my setup is a powerstation. An itel 1kWh Power Tank + solar panel would help me stay consistent, research more, and keep improving. Thank you🥹 fash335200 #RaenestMakeAWish #raenestat

🚩 Excited to share that I’ve earned the @hackthebox_eu CPTS certification. 10 intense days — completed 12/14 objectives and submitted a 100+ page commercial-grade report. Tough but incredibly rewarding. 💪 #CPTS #HackTheBox #PenTesting #OffensiveSecurity

@Njackblue @Bridgways I blame rosenior for this man

@Bridgways Apart from sarr who came into the team this season this is our best pairing CB. Drawing level at 2-2 we should have only thought of seeing that game out to get a proper fixture at the bridge. He didn’t make a sub until 81’ This is on the coach not the players

@0x_venus @SegunShowunmi @mehdirhasan They are paid for this, cos wth is this

@SegunShowunmi @mehdirhasan I pity your children SMH 🤦‍♂️ Well, age doesn’t define intelligence

Hostility Is Not Journalism. Mehdi Hassan Take Note. There is a clear difference between tough journalism and outright hostility. One serves the public interest. The other serves the ego of the interviewer. Unfortunately, the recent exchange between @mehdirhasan and presidential spokesperson @BwalaDaniel fell squarely into the latter category. What viewers witnessed was not a serious interview. It was an attempted public ambush. From the outset, the tone was aggressively confrontational. Questions were framed less as inquiries into governance and more as prosecutorial traps. Responses were repeatedly interrupted before they could develop. Clarifications were brushed aside. The atmosphere was unmistakable: this was not a conversation designed to inform viewers but a spectacle designed to embarrass the guest. Serious journalism does not operate this way. The craft of interviewing demands discipline. It requires the ability to ask difficult questions while still allowing the guest to articulate answers. It requires intellectual confidence strong enough to permit disagreement without descending into open hostility. Above all, it requires a commitment to substance over theatrics. That commitment was glaringly absent. Nigeria is currently grappling with a range of serious national challenges economic restructuring, security threats, governance reforms, and the complex work of stabilizing a large and dynamic democracy. A responsible interviewer would have used the opportunity to interrogate the administration’s policies on these matters: What strategies are being deployed? What reforms are underway? What outcomes should citizens expect? Instead, viewers were treated to an exercise in selective outrage and repetitive interruption. Even more troubling was the insinuation that political realignment is somehow illegitimate. Democratic politics is built on shifting alliances. Individuals and movements evolve. Former opponents become partners when national circumstances demand cooperation. This is neither shocking nor dishonorable; it is one of the defining characteristics of democratic political life. History provides countless examples. Leaders across the world have entered alliances with former adversaries when the demands of governance required it. To pretend otherwise is either intellectual dishonesty or a deliberate attempt to create sensationalism where none exists. But the deeper problem in the interview was tone. A journalist who openly ridicules or repeatedly attempts to humiliate a guest crosses an important professional boundary. The role of the interviewer is to hold power accountable not to behave like a courtroom prosecutor seeking a viral “gotcha” moment. When the pursuit of humiliation replaces the pursuit of insight, journalism loses its credibility. Audiences deserve better than that. They deserve interviews that illuminate policy, probe governance, and help citizens understand how leaders intend to confront the pressing challenges of the day. What they do not need is a theatrical performance in which hostility is mistaken for intellectual rigor. Respectful engagement does not weaken journalism; it strengthens it. Firm questioning does not require contempt. Professionalism does not require aggression. If global media wishes to retain its claim to moral authority as a watchdog of democracy, it must remember a basic principle: the goal of journalism is to inform the public, not to stage spectacles at the expense of civility and substance. The interview in question did neither. It was not a demonstration of fearless journalism. It was a demonstration of how easily the craft can slide into something far less admirable when provocation becomes the objective and professionalism is abandoned. Otunba Segun Showunmi The Alternative

@naijasecforce Niceee

We've just released a scanner that checks to see if a target server is vulnerable to F5 BIG-IP Unauthenticated Remote Command Execution (CVE-2020-5902). github.com/nsflabs/CVE-20…