Michaela Stranovská

🚨 BREAKING: Hackers are now exploiting the cPanel authentication bypass flaw (CVE-2026-41940) to deploy "Sorry" ransomware on compromised websites. Numerous sources say attacks began Thursday, with threat actors breaching servers and deploying a Go-based Linux encryptor that appends the .sorry extension to files. What the ransomware does: 🔴 Encrypts files and appends the ".sorry" extension. 🔴 Protects the encryption key with an embedded RSA-2048 public key 🔴 Drops a README.md ransom note in every folder 🔴 Uses a fixed Tox ID for ransom negotiations Victims are being instructed to contact the attacker via Tox to pay for decryption. This is not related to the older 2018 HiddenTear ".sorry" ransomware. This is a new, Linux-targeting encryptor tied directly to active cPanel exploitation. If you're running cPanel or WHM, patch immediately.

CISOs should consider taking 30 minutes and reading a few random reports from @TheDFIRReport thedfirreport.com/reports/

Let me blow your mind real quick: When you use Remote Desktop (RDP), Windows secretly takes screenshots of what you are doing. It’s called the RDP Bitmap Cache. To make the connection faster, Windows saves small tiles (images) of the remote screen to your hard drive in a bin file. Even if the session is over and the remote server is destroyed... your laptop still holds the cache files. Forensics teams use tools like BMCViewer to stitch those tiles back together. They won't just see logs but the literal email, document, or picture you were looking at. 💀

@d0nutptr This would give me anxiety AF, I remove notification s if it is an option and for email, periodically make rules to Archive or skip inbox XD It is still there, unread, but no pop up about it.

10,000

🚨 Slam dunk your memes into the best competition of the year! Score big laughs and swag during #MemeMadness! ⛹️ Create the best #cybersecurity meme and add it to the thread below to be entered 👇 Rules, details, and previous meme challenges here: bgcd.co/3PF2dR7

You've probably seen this SQL Injection payload before... 🧐 But how does it exactly work? Let's break it down and also craft a few variants for bypassing WAFs! 🤑👇

Yep, ProjectDiscovery.io tools are awesome. Here's a Guide created on how to implement Nuclei into your CI/CD pipeline! blog.projectdiscovery.io/implementing-n…

If you're looking to take your @pdnuclei skills to the next level, we have the ultimate guide for you! Level up: buff.ly/4a92Eep

🚀 picoCTF 2024 Has Officially Started! 🎉 The wait is over – picoCTF 2024 is underway! @CarnegieMellon @TCMSecurity @crl_official @CyLabAfrica @CyLab picoCTF.org

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook netspi.com/blog/technical…

@thegamerzden19 @JezCorden Could be reasoned that some people take it as pure bloatware, instead the programs they want to use. 🤷‍♀️

@JezCorden This is completely bogus to me. I do not see why MS has to uncouple OneDrive or Edge/Bing (especially when they are not dominant). The EU should have had more stringent controls over mobile than PC/Windows.

While Apple does everything it can to resist the EU's DMA regulations, Microsoft is now 100% compliant by letting users uninstall OneDrive, Edge, and Bing on Windows 11. DETAILS: windowscentral.com/software-apps/… #Windows11 #Apple

Fun with Joomla CVE-2023–23752 vulnerability and priv escalation (CVE-2023–1326) in apport-cli < 2.26.0 hackthebox.com/achievement/ma… #hackthebox #htb #cybersecurity

Let me show you how to leverage curlconverter to write API exploits in Python using payloads generated in Burp Suite. danaepp.com/writing-api-ex…

New issue of Executive Offense! "Mobile Hacking Part 2" in which I have an exclusive interview with @0xteknogeek on methodology++ This one is JAM PACKED. imo a must read. (subscribe to see the video, otherwise it doesnt show up) executiveoffense.beehiiv.com/p/executive-of…

Woah. Wtf. All anchors in this 21min news clip and numerous other things are AI powered. Holy smokes, things are going to get wild

A few tests later and you've noticed that the following bypasses all worked as well: You were surprised because you thought it validated your input by parsing the domain Instead, it was just a loosely-scoped regex that allowed you to get the SSO token

OWASP Amass v4.2 has been released with removal of the db subcommand. Typical #bugbounty usage looking like the following: amass enum -d example.com oam_subs -names -d example.com > subs.txt github.com/owasp-amass/am… #owasp #osint #recon #attacksurface

👀

OR 1=1 should not be the go-to example for SQL injection. I understand why it is, but using it without mentioning the risks is teaching bad practice. OWASP, Portswigger, Wikipedia, Rapid7, Snyk etc. are all doing it. I'm gonna die on this hill. 🤬

AI helps greatly translating JavaScript to "Human Readable Language", here's how I found a very straight forward DOM Based XSS in 2 minutes. #BugBounty