Exploit Brokers By Forgebound Research - Tech and Hacking News Commentary

Exploit brokers is dedicated to tech and hacking news commentary, hacking tutorials, and cyber security topics. Exploit brokers brings the knowledge of hacking to you. We review data breaches, malware infections, Botnet events, and other notable hacking events to learn how to better defend against it by getting in the mind of hackers. #cybersecurity #hackingnews #cybersec #whitehat

Cisco & Dell CVSS 10.0 Exploited for YEARS, Claude AI Jailbroken, ScarCruft Jumps Air Gaps | HN64 03/12/2026

Cisco & Dell CVSS 10.0 Exploited for YEARS, Claude AI Jailbroken, ScarCruft Jumps Air Gaps | HN64 Two perfect CVSS 10.0 scores in one news cycle. A state-sponsored actor living inside Cisco's SD-WAN platform since 2023. A brand-new lateral movement technique called "Ghost NICs" that leaves no forensic trace. An AI chatbot jailbroken to steal 195 million government records. A North Korean hacking group bridging air-gapped networks with USB drives and an embedded Ruby runtime. And a phishing platform so sophisticated it makes your multi-factor authentication functionally useless. This is Hacking News Episode 64 from Exploit Brokers by Forgebound Research. Five stories, multiple nation-state actors, and some genuinely novel attack techniques. Let's get into it. 🕐 TIMESTAMPS 0:00 — Cold Open 1:12 — Welcome & CTA 1:55 — Story 1: Cisco SD-WAN Zero-Day (CVE-2026-20127, CVSS 10.0) — Five Eyes Response 6:55 — Story 2: Dell RecoverPoint Zero-Day (CVE-2026-22769, CVSS 10.0) — Ghost NICs 11:35 — Story 3: Claude AI Jailbreak — 195 Million Mexican Government Records 15:27 — Story 4: ScarCruft Air-Gap Bridging — "Ruby Jumper" Campaign 19:55 — Story 5: Starkiller Phishing-as-a-Service — MFA Bypass 25:02 — Recap & 5 Key Takeaways 27:28 — Outro 📚 SOURCES Story 1 — Cisco SD-WAN: Cisco Advisory cisco-sa-sdwan-rpa-EHchtZk — https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Emergency Directive 26-03 — https://www.cisa.gov/emergency-directive-26-03 ASD-ACSC Hunt Guide — https://www.cyber.gov.au/ BleepingComputer — https://www.bleepingcomputer.com/ The Hacker News — https://thehackernews.com/ Dark Reading — https://www.darkreading.com/ SecurityWeek — https://www.securityweek.com/ Story 2 — Dell RecoverPoint: Google Cloud / Mandiant GTIG Report — https://cloud.google.com/blog/topics/threat-intelligence/ Dell Security Advisory DSA-2026-079 — https://www.dell.com/support/kbdoc/en-us/000426742/ CISA Known Exploited Vulnerabilities Catalog — https://www.cisa.gov/known-exploited-vulnerabilities-catalog The Hacker News — https://thehackernews.com/ SecurityWeek — https://www.securityweek.com/ CyberScoop — https://cyberscoop.com/ Story 3 — Claude AI Jailbreak: Bloomberg (Feb 25, 2026) — https://www.bloomberg.com/ VentureBeat — https://venturebeat.com/ Gambit Security Research — https://gambitsecurity.com/ Story 4 — ScarCruft Ruby Jumper: Zscaler ThreatLabz Report (Feb 27) — https://www.zscaler.com/blogs/security-research/ The Hacker News — https://thehackernews.com/ BleepingComputer — https://www.bleepingcomputer.com/ Story 5 — Starkiller PhaaS: Krebs on Security — https://krebsonsecurity.com/ Abnormal AI Technical Analysis — https://abnormalsecurity.com/blog/ Dark Reading — https://www.darkreading.com/ Infosecurity Magazine — https://www.infosecurity-magazine.com/ ⚠️ DISCLAIMER The content presented by Exploit Brokers by Forgebound Research is for educational and informational purposes only. Cipherceval is a cybersecurity educator and commentator — not your personal security consultant, legal counsel, or professional advisor. The information shared here reflects publicly available research, industry reporting, and the host's personal perspective. It does not constitute professional security consulting or individualized guidance for your specific environment. Always consult with qualified professionals for decisions affecting your systems and security posture. 🔔 Subscribe for weekly cybersecurity news and analysis. 👍 Like if this episode was helpful. 🔗 Share with your team — awareness is the first line of defense. #cybersecurity #hackernews #exploitbrokers #cipherceval #infosec #cisco #sdwan #cve #zerodday #ghostnics #dell #recoverpoint #claudeai #jailbreak #scarcruft #northkorea #airgap #starkiller #phishing #mfa #fido2 #passkeys #fiveeyes #cisa #threatintelligence #apisecurity #cyberthreat #nationstatehacking #databreach /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/40336940

600 Firewalls Breached by AI in 5 Weeks — Plus Chrome Zero-Day, CVSS 9.9 RCE & AI-Powered Malware | HN63 03/05/2026

600 Firewalls Breached by AI in 5 Weeks — Plus Chrome Zero-Day, CVSS 9.9 RCE & AI-Powered Malware | HN63 AI is reshaping both sides of the cybersecurity battlefield — and fast. In this episode, we break down five stories that prove it: the first Chrome zero-day of 2026 (CVE-2026-2441), a near-perfect CVSS 9.9 in Microsoft's Semantic Kernel SDK (CVE-2026-26030), a supply chain attack on AI coding assistant Cline that silently installed autonomous agents on thousands of developer machines, the first-ever Android malware using Google's Gemini AI at runtime (PromptSpy), and a Russian-speaking threat actor who used commercial AI tools to breach over 600 FortiGate firewalls across 55 countries in just five weeks. Whether you're a developer, security professional, or just someone who uses a browser — this one's worth your time. 🔔 Subscribe and hit the bell so you don't miss an episode! 🎧 Also available on Spotify, Apple Podcasts, and wherever you get your pods. --- ### ⏱️ Timestamps 0:00 — Hook: AI Is Reshaping Cybersecurity 1:08 — Welcome & CTA 1:49 — Story 1: Chrome Zero-Day CVE-2026-2441 (CVSS 8.8) 5:15 — Story 2: Microsoft Semantic Kernel RCE CVE-2026-26030 (CVSS 9.9) 7:58 — Story 3: Cline CLI Supply Chain Attack — OpenClaw Installed on 4,000 Machines 14:35 — Story 4: PromptSpy — First Android Malware Using Gemini AI 20:15 — Story 5: 600 FortiGate Firewalls Breached via AI-Assisted Campaign 25:57 — Recap & Key Takeaways 28:46 — Outro --- ### 📰 Story Summaries **Story 1 — Chrome Zero-Day: CVE-2026-2441 (CVSS 8.8)** Google patched the first actively exploited Chrome zero-day of 2026 on February 13th. It's a use-after-free vulnerability in Chrome's CSS engine — specifically in the CSSFontFeatureValuesMap implementation — caused by an iterator invalidation bug. An attacker can craft a malicious HTML page to achieve arbitrary code execution inside Chrome's sandbox. Reported by researcher Shaheen Fazim on Feb 11, patched two days later. Affects ALL Chromium-based browsers: Chrome, Edge, Brave, Opera, Vivaldi. Patched in Chrome 145.0.7632.75/76 (Win/Mac) and 144.0.7559.75 (Linux). **Story 2 — Semantic Kernel RCE: CVE-2026-26030 (CVSS 9.9)** A critical remote code execution vulnerability in Microsoft's Semantic Kernel Python SDK — specifically in the InMemoryVectorStore filter functionality. CWE-94: Improper Control of Code Generation. Network-accessible with low attack complexity, low privilege required, and zero user interaction needed. If you're building AI applications with RAG, AI agents, or semantic search using Semantic Kernel, this one hits close to home. Patched in python-1.39.4. Microsoft's workaround: avoid using InMemoryVectorStore in production until patched. **Story 3 — Cline Supply Chain Attack** On February 17, 2026, someone compromised Cline's npm publish token and pushed a malicious update (Cline CLI v2.3.0) that silently installed OpenClaw — a self-hosted autonomous AI agent — on every developer machine that pulled the update. The attack chain started when researcher Adnan Khan discovered a prompt injection vulnerability in Cline's AI-powered GitHub issue triage bot. The attacker used GitHub Actions cache poisoning to pivot from the triage workflow to the release pipeline, leaking npm publication credentials. Cline patched the prompt injection within 30 minutes but rotated the wrong token. Eight days later, the still-valid token was used to publish the compromised package. It was live for ~8 hours and downloaded roughly 4,000 times. Fixed in v2.4.0; publishing moved to OIDC via GitHub Actions. **Story 4 — PromptSpy: First Android Malware Using Generative AI at Runtime** ESET researchers discovered PromptSpy — the first known Android malware to use Google's Gemini AI model during its execution flow. Traditional Android malware relies on hardcoded tap coordinates and UI selectors that break across different devices. PromptSpy solves this by taking an XML dump of the current screen and sending it to Gemini, which returns JSON instructions telling the malware exactly where to tap. It uses this loop to pin itself in the recent apps list, persisting across reboots. Primary payload: a built-in VNC module for full remote device access. Also captures lockscreen PINs, records unlock patterns as video, and blocks uninstallation with invisible overlays. Distributed via a site impersonating JPMorgan Chase targeting Argentina. Chinese language strings found in codebase. Not on Google Play; Google Play Protect detects known variants. **Story 5 — 600 FortiGate Firewalls Breached via AI-Assisted Campaign** Amazon Threat Intelligence revealed a Russian-speaking, financially motivated threat actor used multiple commercial AI tools to compromise 600+ FortiGate firewall devices across 55 countries in just 5 weeks (Jan 11–Feb 18, 2026). No zero-days — just exposed management interfaces and weak credentials with single-factor auth. The attacker extracted full device configs (SSL-VPN creds, network topology, IPsec settings), then fed that data into a custom system called ARXON that queried LLMs including DeepSeek and Claude to generate attack plans. Post-exploitation included DCSync attacks against Active Directory, lateral movement via pass-the-hash and pass-the-ticket, NTLM relay attacks, and targeting of Veeam Backup servers — consistent with ransomware preparation. No ransomware was actually deployed. The attacker's staging server (212[.]11[.]64[.]250) was publicly accessible, exposing AI-generated attack plans and victim configs. As Amazon CISO CJ Moses put it: organizations need to anticipate that AI-augmented threat activity will continue to grow from both skilled and unskilled adversaries. --- ### 📋 Key Takeaways 1. **Update your browsers.** Chrome's first zero-day of 2026 is patched (CVE-2026-2441). A crafted web page is all it takes. This applies to Chrome, Edge, Brave, and every Chromium-based browser. 2. **AI development tooling is now a high-value target.** A CVSS 9.9 in Microsoft's Semantic Kernel and a supply chain attack on Cline — if you're building with AI tools, their security is now part of your threat model. 3. **Supply chain security isn't just about dependencies — it's about your CI/CD pipeline.** The Cline attack started with a GitHub issue title that manipulated an AI triage bot. If you're using AI automation in build pipelines, treat those AI agents as privileged actors that need governance. 4. **AI is being weaponized on both sides.** PromptSpy uses Gemini for malware persistence; the FortiGate campaign used AI to generate attack plans and execute tools autonomously. This is operational, not theoretical. 5. **Fundamentals still win.** Six hundred firewalls breached — not with zero-days, but with weak passwords and exposed management interfaces. MFA, credential hygiene, network segmentation, and patching remain the most effective defenses. --- ### 📚 Sources **Story 1 — Chrome Zero-Day (CVE-2026-2441)** - The Hacker News: https://thehackernews.com/2026/02/new-chrome-zero-day-cve-2026-2441-under.html - BleepingComputer / Malwarebytes: https://www.malwarebytes.com/blog/news/2026/02/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages - Help Net Security: https://www.helpnetsecurity.com/2026/02/16/google-patches-chrome-vulnerability-with-in-the-wild-exploit-cve-2026-2441/ - The Register: https://www.theregister.com/2026/02/16/chromes_zeroday/ - SOCRadar: https://socradar.io/blog/cve-2026-2441-chrome-0-day-sandbox-code-execution/ - Google Chrome Release Blog: https://chromereleases.googleblog.com **Story 2 — Semantic Kernel RCE (CVE-2026-26030)** - GitHub Security Advisory: https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-4rqx - NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26030 - The Hacker Wire: https://www.thehackerwire.com/vulnerability/CVE-2026-26030/ **Story 3 — Cline Supply Chain Attack** - The Hacker News: https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html - The Register: https://www.theregister.com/2026/02/20/openclaw_snuck_into_cline_package - Dark Reading: https://www.darkreading.com/application-security/supply-chain-attack-openclaw-cline-users - Snyk (Clinejection Analysis): https://snyk.io/blog/cline-supply-chain-attack-prompt-injection-github-actions/ - Endor Labs: https://www.endorlabs.com/learn/supply-chain-attack-targeting-cline-installs-openclaw - Adnan Khan's Research: https://adnanthekhan.com/2026/02/09/clinejection/ **Story 4 — PromptSpy Android Malware** - ESET / WeLiveSecurity: https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai/ - The Hacker News: https://thehackernews.com/2026/02/promptspy-android-malware-abuses-google.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/promptspy-is-the-first-known-android-malware-to-use-generative-ai-at-runtime/ - SecurityWeek: https://www.securityweek.com/promptspy-android-malware-abuses-gemini-ai-at-runtime-for-persistence/ - ESET Press Release: https://www.eset.com/us/about/newsroom/research/eset-research-discovers-promptspy-first-android-threat-using-genai/ **Story 5 — FortiGate AI-Assisted Campaign** - Amazon / AWS Security Blog: https://aws.amazon.com/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale/ - The Hacker News: https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/ - The Record: https://therecord.media/gen-ai-fortigate-hackers-russia - SecurityWeek: https://www.securityweek.com/hundreds-of-fortigate-firewalls-hacked-in-ai-powered-attacks-aws/ - Security Affairs: https://securityaffairs.com/188351/hacking/ai-powered-campaign-compromises-600-fortigate-systems-worldwide.html --- ### ⚖️ Disclaimer The content presented by Exploit Brokers by Forgebound Research is for educational and informational purposes only. Cipherceval is a cybersecurity educator and commentator — not your personal security consultant, legal counsel, or professional advisor. The information shared here reflects publicly available research, industry reporting, and the host's personal perspective. It does not constitute professional security consulting or individualized guidance for your specific environment. Always consult with qualified professionals for decisions affecting your systems and security posture. /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/40223695

6 Zero-Days Exploited NOW, Lazarus Poisons npm, AI-Generated Malware & More | HN62 02/26/2026

6 Zero-Days Exploited NOW, Lazarus Poisons npm, AI-Generated Malware & More | HN62 Microsoft just dropped patches for SIX actively exploited zero-day vulnerabilities — and that's just the beginning. In this week's Hacking News, we break down the February 2026 Patch Tuesday emergency, North Korea's Lazarus Group poisoning npm and PyPI through fake job recruiters, nation-state hackers weaponizing Google's Gemini AI (including malware that writes its own payloads), a massive Dutch telecom breach affecting 6.2 million people, and a U.S. government contractor breach that ballooned from 4 million to potentially tens of millions affected. This is Exploit Brokers by Forgebound Research — cybersecurity news, threat intelligence, and insights. Whether you're a security analyst, developer, or just someone who wants to stay informed, this episode has something for you. 🔔 Subscribe and hit the bell so you never miss an episode. ⭐ Listening on Spotify or Apple Podcasts? A follow and 5-star rating helps others find the show. --- ⏱️ TIMESTAMPS 0:00 — Cold Open: Did You Run Windows Update? 0:51 — Forge OS Intro 0:55 — Welcome & CTA 1:20 — Microsoft Patch Tuesday: 6 Actively Exploited Zero-Days 6:08 — Lazarus Group "GraphAlgo": Fake Recruiters Poison npm & PyPI 10:02 — Nation-States Weaponize Google Gemini AI (HONESTCUE Malware) 15:05 — Odido Breach: 6.2 Million Dutch Records Stolen 18:38 — Conduent Breach Expands from 4M to Tens of Millions 21:55 — Recap & 5 Key Takeaways 23:54 — Outro --- 📰 STORIES COVERED Story 1 — Microsoft February 2026 Patch Tuesday • 58 vulnerabilities patched, 6 actively exploited zero-days • CVE-2026-21510: Windows SmartScreen bypass (CVSS 8.8) — "widespread active exploitation" • CVE-2026-21513: MSHTML security bypass • CVE-2026-21514: Microsoft Word OLE bypass • CVE-2026-21533: Remote Desktop Services privilege escalation to SYSTEM • CVE-2026-21519: Desktop Window Manager type confusion → SYSTEM • CVE-2026-21525: RasMan denial of service (VPN crash) • Google, CrowdStrike, Acros Security & Microsoft collaborated on discovery Story 2 — Lazarus Group "GraphAlgo" Campaign • 192 malicious npm/PyPI packages targeting JavaScript & Python developers • Fake crypto companies (e.g., "Veltrix Capital") used for recruitment lures • Package "bigmathutils" had 10,000+ downloads before payload injection at v1.1.0 • Full-featured RAT with token-based C2 authentication • Attribution: Medium-to-high confidence (Lazarus/DPRK) — GMT+9 commit timestamps Story 3 — Nation-State Actors Weaponize Google Gemini • Google GTIG report (Feb 12, 2026) confirms NK, Iran, China, Russia using Gemini • UNC2970 (Lazarus overlap) using AI for OSINT and target profiling • Iran's APT42 crafting native-sounding phishing with AI • HONESTCUE malware: Uses Gemini API to generate & execute C# payloads in memory (fileless + polymorphic) • COINBAIT phishing kit built using Lovable AI coding platform Story 4 — Odido (Netherlands) Data Breach • 6.2 million customers affected (~1/3 of the Netherlands' population) • Stolen: Names, addresses, emails, phone numbers, DOBs, IBANs, passport/license numbers • Formerly T-Mobile Netherlands; subsidiary Ben also affected • Part of broader telecom targeting pattern (Salt Typhoon, SK Telecom, Free SAS) Story 5 — Conduent Breach Expansion • Jan 2025 ransomware attack originally reported as 4M affected • Now: 15.4M in Texas alone, 10.5M in Oregon, plus DE, MA, NH and more • Total potentially tens of millions across the U.S. • Safeway ransomware gang claimed 8TB stolen • SSNs, medical data, health insurance information compromised --- 📋 KEY TAKEAWAYS 1. Patch like it's urgent — 6 actively exploited zero-days can't wait 2. Your package manager is an attack surface — sandbox job assessment code 3. AI is a force multiplier for attackers — bad grammar is no longer a reliable phishing indicator 4. Telecom data is a goldmine — verify everything through official channels 5. Breach disclosures can be icebergs — monitor your identity proactively --- 🔗 SOURCES Microsoft Patch Tuesday: • BleepingComputer — https://www.bleepingcomputer.com • Krebs on Security — https://krebsonsecurity.com • SecurityWeek — https://www.securityweek.com • Malwarebytes — https://www.malwarebytes.com • Rapid7 — https://www.rapid7.com • Help Net Security — https://www.helpnetsecurity.com • TechCrunch — https://techcrunch.com Lazarus GraphAlgo: • ReversingLabs — https://www.reversinglabs.com • The Hacker News — https://thehackernews.com • BleepingComputer — https://www.bleepingcomputer.com • SC Media — https://www.scworld.com • Security Affairs — https://securityaffairs.com Gemini AI Weaponization: • Google GTIG Blog — https://blog.google/technology/safety-security/ • The Hacker News — https://thehackernews.com • Infosecurity Magazine — https://www.infosecurity-magazine.com • AI News — https://www.artificialintelligence-news.com Odido Breach: • BleepingComputer — https://www.bleepingcomputer.com • The Register — https://www.theregister.com • TechCrunch — https://techcrunch.com • SecurityWeek — https://www.securityweek.com • The Record — https://therecord.media • NL Times — https://nltimes.nl Conduent Breach: • TechCrunch — https://techcrunch.com --- 🏷️ HASHTAGS #cybersecurity #hackingnews #zeroday #microsoft #patching #lazarusgroup #npm #supplychainattack #gemini #AI #malware #databreach #ransomware #infosec #threathunting #exploitbrokers #forgeboundresearch #northkorea #nationstate #cyberthreat #patchtuesday #developers #phishing #telecom #OSINT --- /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/40145140

State Hackers Hit 37 Countries, BeyondTrust CVSS 9.9 RCE, Signal Hijacked & More | HN Ep. 61 02/19/2026

State Hackers Hit 37 Countries, BeyondTrust CVSS 9.9 RCE, Signal Hijacked & More | HN Ep. 61 A newly uncovered state-backed espionage group has compromised 70 organizations across 37 countries in a single year — and they were scanning infrastructure in 155 more. In this episode of Hacking News, we break down Palo Alto Unit 42's Shadow Campaigns investigation, a CVSS 9.9 pre-authentication RCE in BeyondTrust's remote access tools, a state-sponsored Signal phishing campaign targeting European politicians and military officials without using a single line of malware, CISA's aggressive new directive ordering federal agencies to rip out end-of-life edge devices, and an Everest ransomware claim against Iron Mountain that turned out to be far less than advertised. Whether you're a cybersecurity professional, IT admin, or just someone who wants to stay informed about the threats facing our digital world — this episode has critical takeaways you can act on today. 🔒 Key Topics Covered: • TGR-STA-1030 "Shadow Campaigns" — state-backed espionage across 37 countries • BeyondTrust CVE-2026-1731 — CVSS 9.9 pre-auth RCE in remote access tools • Signal Phishing Campaign — German BfV/BSI advisory on account hijacking • CISA BOD 26-02 — Binding directive to eliminate end-of-support edge devices • Iron Mountain / Everest Ransomware — 1.4TB breach claims vs. reality ⏱️ Timestamps: 0:00 — Cold Open: One group, 37 countries breached 1:10 — Forge OS Intro 1:14 — Welcome & CTA 1:38 — Shadow Campaigns: State-Backed Espionage at Unprecedented Scale 7:04 — BeyondTrust CVE-2026-1731: CVSS 9.9 Pre-Auth RCE 11:07 — Signal Phishing: Hijacking Accounts Without Malware 14:10 — CISA BOD 26-02: Rip Out Your End-of-Life Edge Devices 16:55 — Iron Mountain vs. Everest Ransomware: Claims vs. Reality 19:38 — Recap & Key Takeaways 21:40 — Outro 📌 Resources & Sources: • Unit 42 Shadow Campaigns Report: https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/ • BeyondTrust Security Advisory BT26-02: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 • German BfV/BSI Signal Phishing Advisory: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html • CISA BOD 26-02 Directive: https://www.cisa.gov/news-events/directives/bod-26-02-mitigating-risk-end-support-edge-devices • Iron Mountain / Everest Coverage: https://cybernews.com/security/iron-mountain-data-breach-claims/ 🎧 Listen on Spotify & Apple Podcasts — search "Exploit Brokers by Forgebound Research" and hit follow! 💬 Found this valuable? Share it with a coworker or friend who touches a computer. — Exploit Brokers by Forgebound Research Host: Cipherceval "Learn more about the threats we face and gain a bit more knowledge than yesterday." /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/40129040

CRITICAL: Office Zero-Day + WordPress Admin Takeover + Chrome Extensions Stealing AI Chats | EP 60 01/29/2026

I'm Back and Introducing Forgebound Research | The Rebrand 01/12/2026

HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders! 04/03/2025

HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders! # Title * HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders! ## Description 🔍 Microsoft’s AI Uncovers 20 Zero-Day Threats | CoffeeLoader Malware Gets Smarter In this episode of Exploit Brokers, Cipherceval dives into how Microsoft Security Copilot, powered by AI, discovered over 20 previously unknown vulnerabilities in popular bootloaders like GRUB2, U-Boot, and Barebox. These flaws could allow attackers to bypass Secure Boot and install stealthy bootkits. We also explore the terrifying evolution of CoffeeLoader malware — now equipped with GPU-based cloaking, Windows fibers, and sleep obfuscation — making it one of the most advanced malware loaders in circulation today. Whether you're into cybersecurity, AI advancements, or just curious about the future of hacking and defense, this episode breaks it all down. 📌 Like, Subscribe & Hit the Bell to stay ahead of the threats! #CyberSecurity #AI #MicrosoftCopilot #CoffeeLoader #Malware #Rootkit #ZeroDay #ExploitBrokers #InfoSec #Hacking #EDREvasion 💬 What’s your take on AI in security? Tool or threat? Drop your thoughts below! 🎙️ Hosted by Cipherceval | Exploit Brokers Podcast 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! Show Notes: https://exploitbrokers.com/podcasts/hn59 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers ⏱️ Timeline: 00:00 – Intro 00:44 – Microsoft AI Finds 20+ Critical Bootloader Vulnerabilities 10:02 – CoffeeLoader Malware’s Advanced Evasion Techniques 17:50 – Final Thoughts: AI in Cybersecurity & What Comes Next 🔗 References & Sources * Microsoft Uses AI for Security: https://www.bleepingcomputer.com/news/security/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders/ * CoffeeLoader: https://www.darkreading.com/threat-intelligence/coffeeloader-malware-evasion-tricks /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/35986070

HN58 - Havoc in the Cloud: The Shocking Click Fix Exploit Revealed 03/06/2025

HN58 - Havoc in the Cloud: The Shocking Click Fix Exploit Revealed Welcome to Exploit Brokers with your host Cipherceval! In this deep dive, we uncover a sophisticated cyber assault where hackers exploited Microsoft SharePoint to launch the Havoc C2 via a stealthy click fix attack. Learn how a single click can trigger malicious PowerShell commands, turning everyday corporate tools into gateways for cybercrime. In this episode, we explore: • How click fix attacks trick users into executing harmful commands • The role of social engineering in modern cyber warfare • The rising threat of ransomware targeting Middle Eastern banks and financial institutions • The importance of patching, penetration testing, and proactive cybersecurity measures Whether you're a cybersecurity expert or just curious about digital threats, this breakdown provides essential insights into how cybercriminals are reshaping the rules of digital warfare. Stay informed and protect yourself from these evolving dangers. Don't forget to like, subscribe, and hit the bell icon for more updates on cybersecurity trends! #CyberSecurity #HavocC2 #ClickFix #SharePointHack #Ransomware #DigitalWarfare #CyberAttack #Malware #SocialEngineering #ExploitBrokers 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! Show Notes: https://exploitbrokers.com/podcasts/hn58 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers Timeline: 0:00 Intro 0:19 Opener 0:45 Subscribe 1:06 Sharepoint Malware 12:03 Ransomware Targets Middle East banks 23:36 Conclusion and Outro 🔗 References & Sources * ClickFix Attack: https://www.bleepingcomputer.com/news/security/new-clickfix-attack-deploys-havoc-c2-via-microsoft-sharepoint/ * UAE : https://www.darkreading.com/cyber-risk/targeted-ransomware-middle-east-banks-security /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/35555290

HN57 - Unmasking SpyLoan: The Android Malware Preying on Loan Seekers 02/27/2025

HN57 - Unmasking SpyLoan: The Android Malware Preying on Loan Seekers In this episode of Exploit Brokers, we dive into the dark world of cybercrime, exploring two alarming topics: a malicious Android loan app masquerading as a financial tool and Xerox printer vulnerabilities that could be leaking your credentials. Learn how loan sharks have moved from traditional methods to sophisticated digital predation, exploiting unsuspecting users via apps like SpyLoan. We break down how these apps bypass Google Play's protections, steal sensitive data, and push predatory lending practices, especially targeting vulnerable users. Additionally, we uncover how attackers are using patched vulnerabilities in Xerox Versalink C7025 printers to manipulate configurations, capture user credentials, and potentially gain lateral access to entire Windows environments. Whether you're a tech enthusiast or a cybersecurity professional, this episode offers valuable insights into how digital crime is evolving and what you can do to protect yourself. Don't forget to like, subscribe, and hit the notification bell for more in-depth analyses on cybersecurity threats and exploits. #CyberSecurity #AndroidMalware #LoanSharks #XeroxPrinterHack #DataBreach #DigitalCrime #SpyLoan #CyberThreats #ExploitBrokers #TechNews 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! Show Notes: https://exploitbrokers.com/podcasts/hn57 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers 🔗 References & Sources * Xerox: https://www.darkreading.com/iot/xerox-printer-vulnerabilities-credential-capture * Malicious App: https://www.bleepingcomputer.com/news/security/spylend-android-malware-downloaded-100-000-times-from-google-play/ /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/35391520

HN56 - Massive Bug Puts Outlook Users at Risk | Kimsuky gets RDPWrapper 02/13/2025

HN55 - Double Zipping Danger: The 7-Zip Exploit That Could Hack Your PC 02/06/2025

HN55 - Double Zipping Danger: The 7-Zip Exploit That Could Hack Your PC Welcome back to Exploit Brokers! In today’s video, we dive deep into a critical 7‑Zip vulnerability that’s being exploited by Russian cybercriminals to bypass Windows’ security protections. If you’ve used 7‑Zip at all, you need to know how this flaw can let hackers sneak past the Mark-of-the-Web (MOTW) and deploy dangerous malware like Smoke Loader. We'll also explore a parallel threat in the Go ecosystem—malicious packages exploiting caching mechanisms to gain persistent remote access to your system. From double-zipped archives to supply chain attacks, we break down the tactics, the risks, and most importantly, what you can do to protect yourself and your organization. In this video you’ll learn: How the 7‑Zip vulnerability works and why updating to the latest version is crucial. The role of Windows’ MOTW and how hackers are bypassing this key security feature. Details on the deployment of Smoke Loader malware and its implications. How malicious Go packages and supply chain attacks can compromise your systems. Practical tips to safeguard your data and networks against these emerging threats. Stay informed, stay secure—hit that like button, subscribe, and ring the bell for more cybersecurity insights! Drop your questions or thoughts in the comments below—we love hearing from you! #Cybersecurity #7Zip #WindowsSecurity #Malware #SmokeLoader #GoLang #SupplyChainAttack #Cybercrime #InfoSec #Hacking #RussianHackers #APT #NationStateHackers #exploits #ZeroDays 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! Show Notes: https://exploitbrokers.com/podcasts/hn55 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers 🔗 References & Sources * Malicious Cached Go Modules: https://thehackernews.com/2025/02/malicious-go-package-exploits-module.html * Russian hackers Exploit 7-zip: https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/35171960

HN54 - Cybersecurity Experts Reveal LAZARUS GROUP's Hidden Secrets 01/30/2025

HN54 - Cybersecurity Experts Reveal LAZARUS GROUP's Hidden Secrets Lazarus Group’s Secret Admin Layer EXPOSED – Major Cybersecurity Discovery! 🔥💻 Security researchers have uncovered a hidden admin layer used by North Korea’s Lazarus Group to manage their Command and Control (C2) servers. This sophisticated network of VPNs and proxies allows them to execute cyberattacks worldwide—mainly targeting cryptocurrency developers and software supply chains. In today’s episode, we break down: ✅ How Lazarus Group operates and funds North Korea’s cybercrime efforts ✅ The Operation 99 attack targeting Web3 developers ✅ The supply chain risks that could impact thousands ✅ How Android 16’s new security features are stepping up protection ✅ Why 2G connectivity and sideloading bans are crucial for mobile security With nation-state hackers, malware campaigns, and evolving cyber threats, it’s more important than ever to stay informed. Don’t forget to like, subscribe, and hit the bell to keep up with the latest in cybersecurity! 💬 What do you think? Are these security updates enough, or do we need even stricter measures? Let me know in the comments! #Cybersecurity #LazarusGroup #Hacking #NorthKorea #Android16 #CyberThreats #Infosec #Malware #TechNews #CryptoSecurity #SupplyChainAttack #EthicalHacking #PrivacyMatters #TechExplained 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! Show Notes: https://exploitbrokers.com/podcasts/hn54 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers 🔗 References & Sources * Lazarus C2 Infrastructure: https://www.darkreading.com/cyberattacks-data-breaches/researchers-uncover-lazarus-admin-layer-c2-servers * Operation 99: https://securityscorecard.com/blog/operation-99-north-koreas-cyber-assault-on-software-developers/ * Advanced Protection Mode: https://www.androidauthority.com/android-16-advanced-protection-mode-3518368/ /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/35079400

HN53 - AI’s Dirty Little Secret: Employees Leaking Data by Accident 01/23/2025

HN52 - 800K Volkswagen EVs Hacked! Massive Data Breach & Mirai Botnet Attack Explained 01/09/2025

HN52 - 800K Volkswagen EVs Hacked! Massive Data Breach & Mirai Botnet Attack Explained 🔒🚗 Volkswagen’s Massive 800K EV Data Breach & Mirai Botnet Threats Explained | Exploit Brokers Welcome back to Exploit Brokers! In today’s episode, we dive deep into two major cybersecurity threats shaking the automotive and industrial sectors: Volkswagen’s 800,000 EV Data Breach Discover how a misconfigured Amazon cloud storage led to the exposure of sensitive personal information for Volkswagen, Audi, Seat, and Skoda electric vehicle owners. Learn what data was compromised, the potential risks for affected individuals, and what this means for the future of connected vehicles. Mirai Botnets Targeting Industrial Routers Uncover the latest developments with the Mirai Botnet variant exploiting vulnerabilities in Forfaith industrial routers. Understand how these botnets operate, the scale of their DDoS attacks, and the broader implications for global cybersecurity. 🔍 What You’ll Learn: The specifics of the Volkswagen data breach and its impact on EV owners. How Mirai Botnets are evolving to target industrial infrastructure. The importance of proper cloud configuration and security measures. Tips to protect yourself and your devices from similar cyber threats. 📢 Don’t Forget to: 👍 Like this video if you found it informative 🔔 Subscribe to Exploit Brokers and hit the bell icon to stay updated with the latest in cybersecurity 💬 Share your thoughts in the comments below – Have you been affected by a data breach? #CyberSecurity #DataBreach #VolkswagenHack #MiraiBotnet #EVSecurity #CyberCrime #CloudSecurity #DDoS #IndustrialCyberSecurity #ExploitBrokers #TechNews #CyberThreats #ConnectedCars #IoTSecurity #Malware #ZeroDay #EthicalHacking #TechPodcast 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! Show Notes: https://exploitbrokers.com/podcasts/hn52 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers 🔗 References & Sources * Volkswagen: https://www.darkreading.com/cyberattacks-data-breaches/volkswagen-breach-exposes-data-of-800k-customers * Mirai: https://thehackernews.com/2025/01/mirai-botnet-variant-exploits-four.html /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/34784070

HN51 - Chinese Hackers Breach U.S. Treasury AND 3M Fake GitHub Stars Exposed 01/02/2025

HN51 - Chinese Hackers Breach U.S. Treasury AND 3M Fake GitHub Stars Exposed In this episode, we dive deep into two explosive cybersecurity stories making headlines right now: a major breach at the U.S. Treasury Department allegedly carried out by Chinese state-sponsored hackers, and the discovery of over 3.1 million fake stars on GitHub used to boost malicious repositories. We’ll explore how third-party vendor BeyondTrust and telecom hacks tie into this growing wave of advanced persistent threats (APTs) and discuss how manipulative tactics on GitHub can sneak malware into widespread use. Whether you’re a seasoned developer or just curious about the rising tide of global cyber threats, this episode will give you an in-depth look at how these hacks happen and why they matter. Stay informed, stay alert, and learn about the latest vulnerabilities, breaches, and protective measures you can take. Don’t forget to like, subscribe, and hit the notification bell for more cybersecurity breakdowns! #Cybersecurity #DataBreach #USTreasuryHack #ChineseHackers #SaltTyphoon #APTGroups #BeyondTrust #GitHub #FakeStars #Malware #CyberThreats #NetworkSecurity #NationStateHackers #APISecurity #SupplyChainAttack #DarkReading #BleepingComputer #Encryption #SoftwareDevelopment #TechNews #HackingUpdate #ZeroDay #Phishing #InformedSecurity #ExploitBrokers 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! Show Notes: https://exploitbrokers.com/podcasts/hn51 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers 🔗 References & Sources * US Treasury Hacked: https://www.darkreading.com/cyberattacks-data-breaches/chinese-state-hackers-breach-us-treasury-department * Github Fake Stars: https://www.bleepingcomputer.com/news/security/over-31-million-fake-stars-on-github-projects-used-to-boost-rankings/ /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/34693740

HN50 - IoT Webcams Hacked & 900k+ Health Records Exposed 12/19/2024

HN49 - Fortnite Refund Update: Millions Refunded + Lazarus Group’s Crypto Hacks Revealed 12/12/2024

HN48 - Hydra's Dark Web Empire CRUMBLES 12/05/2024

HN47 - Andrew Tate’s Platform Hacked by Activists + Russian Hackers Exploit Zero-Days 11/28/2024

HN47 - Andrew Tate’s Platform Hacked by Activists + Russian Hackers Exploit Zero-Days Andrew Tate's platform, formerly known as Hustler’s University, has been hacked, exposing the data of over 800,000 users. Meanwhile, Russian hackers have exploited critical zero-day vulnerabilities in Firefox and Windows, demonstrating the growing sophistication of cyberattacks. In this video, we’ll break down the Andrew Tate hack, the implications of leaked user data, and how Russian threat actors are chaining vulnerabilities for remote code execution. Stay informed on the latest in cybersecurity and learn how to protect yourself against these emerging threats. If you enjoy this content, don’t forget to like, comment, and subscribe to stay updated on the latest in digital crime and cybersecurity! #AndrewTate #Cybersecurity #Hackers #DataBreach #ZeroDay #RussianHackers #HustlersUniversity #TheRealWorld #CyberThreats #DigitalSafety #Malware #Hacktivism #DataLeaks #FirefoxExploit #WindowsExploit #NationStateHackers #TechNews #OnlineSecurity #TheRealWorld 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers 🔗 References & Sources * Firefox Hacked By Russian Hackers: https://www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/ * Andrew Tate's The Real World Hacked: https://www.malwarebytes.com/blog/news/2024/11/hilariously-insecure-andrew-tates-the-real-world-breached-800000-users-affected * DDoScecrets: https://ddosecrets.com/article/andrew-tate-s-the-real-world /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/34185290

HN46 - Phobos’ $16M Haul & Helldown’s Secret Exploits – 2024’s Ransomware Crisis 11/21/2024

HN46 - Phobos’ $16M Haul & Helldown’s Secret Exploits – 2024’s Ransomware Crisis In this episode, we dive deep into the world of ransomware with two of 2024's most talked-about threats: Phobos and Helldown. Learn how the Phobos ransomware operation managed to dominate 11% of the market, generating $16 million in ransom payments, and the shocking details of its admin’s extradition to the U.S. We also explore the rise of Helldown ransomware, its exploitation of VPN vulnerabilities, and how these attacks are reshaping cybersecurity globally. If you’re curious about how ransomware works, the evolution of cybercrime, and what it means for businesses and individuals, this video is packed with insights. Don’t forget to like, subscribe, and hit the notification bell to stay updated on the latest cybersecurity trends. Key Topics Covered: What is ransomware-as-a-service (RaaS)? How Phobos became a major player in 2024. Helldown ransomware’s exploitation of undisclosed VPN vulnerabilities. Tips to secure your network and stay ahead of cybercriminals. Join the discussion in the comments! What’s your biggest takeaway from these cases? #Ransomware #PhobosRansomware #HelldownRansomware #Cybersecurity #CyberCrime #RansomwareExplained #Hacking #DataBreach #VPNSecurity #TechNews #PhobosAdmin #HelldownExploits #CyberThreats #ZeroDay #NationStateHacks #DigitalCrime #CybersecurityAwareness #OnlineSafety #RansomwareAttack #TechExplained #2024Trends #DataSecurity #NetworkSecurity #Hackers #CyberAttack #VPNVulnerabilities #DataProtection #TechTalks #CyberDefense #SecurityTips #PhobosVsHelldown 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers 🔗 References & Sources * Helldown ransomware: https://www.bleepingcomputer.com/news/security/helldown-ransomware-exploits-zyxel-vpn-flaw-to-breach-networks/ * Phobos admin charged: https://www.bleepingcomputer.com/news/security/us-charges-phobos-ransomware-admin-after-south-korea-extradition/ /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/34074731

HN45 - Malware Madness: How Remcos RAT and Human Error Fuel Cyber Threats 11/14/2024

HN45 - Malware Madness: How Remcos RAT and Human Error Fuel Cyber Threats In today's episode, we dive deep into the fascinating yet troubling world of cybersecurity, exploring how even the most advanced antivirus software, firewalls, and endpoint security measures can fall short due to a single factor: human error. Despite the latest tech solutions, hackers continue to exploit one consistent vulnerability—users clicking on suspicious links and files. We'll discuss how phishing emails, malware, and outdated software create an entryway for cybercriminals, even in some of the most secure environments. Using two real-world cases, we’ll uncover how modern-day malware such as Remcos RAT and Smoke Loader Trojan bypass standard security protocols. These cyber threats often use a combination of remote code execution (RCE) vulnerabilities, phishing emails disguised as business orders, and cleverly crafted zip files that hide malicious content. What’s even more shocking? These vulnerabilities have been known for years, yet are still exploited due to outdated software and a lack of user awareness. Whether you're an individual trying to protect your personal data or part of an organization concerned with cybersecurity, this video is packed with insights on staying safe online. Learn how to spot phishing attempts, recognize the importance of regular software updates, and understand why cybersecurity training is essential to protecting yourself and your organization from potential threats. If you enjoy this breakdown, don’t forget to hit the like button, subscribe, and click the notification bell to stay updated with more cybersecurity insights! Your support helps the channel grow and allows us to bring more content your way. Let’s keep your digital world safe—one informed click at a time. #Cybersecurity #Malware #DataBreach #Phishing #CyberThreats #RemoteCodeExecution #RemcosRAT #SmokeLoader #UserAwareness #TechNews #CyberAttack #OnlineSafety #DigitalSecurity #Antivirus #CyberHygiene #TechExplained #StaySafeOnline #CybersecurityTips #DataProtection #Infosec 👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers 🔗 References & Sources Remcos RAT: https://www.darkreading.com/application-security/revamped-remcos-rat-microsoft-windows-users ZIP Files Abused: https://www.darkreading.com/threat-intelligence/flexible-structure-zip-archives-exploited-hide-malware-undetected /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/33925907

HN44 - Malicious Crack Tools & Malvertising Attack: How Hackers Steal Your Data 11/07/2024

HN44 - Malicious Crack Tools & Malvertising Attack: How Hackers Steal Your Data In today's episode, we’re diving into the hidden dangers of malicious installers, software cracks, and deceptive ads on Google. We'll explore recent stories, including the SteelFox malware that's hijacking Windows PCs, stealing credit card data, and mining cryptocurrency using vulnerable drivers. Plus, we’ll uncover a new wave of malvertising attack scams targeting eBay users and how scammers are leveraging Google Ads to lure unsuspecting victims into calling fake support numbers. With digital crime and data breaches on the rise, it’s essential to stay informed and protect yourself from these evolving threats. Tune in as we break down the techniques hackers are using to bypass antivirus software, escalate system privileges, and steal valuable data – and what you can do to avoid falling victim to these cyber threats. Whether you're a tech enthusiast, developer, or just curious about cybersecurity, this episode is packed with insights that could save you from a dangerous download! #MalvertisingAttack #CyberSecurity #Malware #Hacking #DataBreach #DigitalCrime #SteelFox #Malvertising #GoogleAds #DataPrivacy #CyberThreats #Hackers #DataProtection #DigitalSecurity #CryptoMining #Antivirus #VulnerableDrivers #NationStateHacking #SystemPrivilege #Ransomware #APT #SoftwareCracks #MaliciousSoftware #OnlineScams #eBayScam #Torrents #CyberAwareness #InfoStealer #FakeSupport #SocialEngineering #HackersExplained 👍 Enjoyed the video? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! 📢 Connect with us: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers 🔗 References & Sources SteelFox Article: https://www.bleepingcomputer.com/news/security/new-steelfox-malware-hijacks-windows-pcs-using-vulnerable-driver/ SteelFox Technical: https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/ Ebay Malvertising Attack: https://www.malwarebytes.com/blog/scams/2024/11/large-ebay-malvertising-campaign-leads-to-scams /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/33826592

HN43 - Dutch Police Take Down Major Information Stealers: Redline & Meta Stealer 10/31/2024

HN42 - Hackers Breach Internet Archive TWICE – How Safe is Your Data? 10/24/2024

HN42 - Hackers Breach Internet Archive TWICE – How Safe is Your Data? The Internet Archive has been breached… AGAIN! 🛑 This time, hackers managed to compromise sensitive user data not once, but twice, exploiting stolen GitLab and Zendesk tokens. In this episode of Exploit Brokers, we break down what went wrong, why access tokens are crucial for cybersecurity, and how this breach could have been prevented. 🚨 We’ll dive deep into: How the hackers gained access through exposed tokens 🔓 What “access tokens” really are and why they’re often targeted 🔑 The role of GitLab configurations, Zendesk tokens, and more in the breach 🖥️ How hackers operate and why even trusted organizations like the Internet Archive are not safe from cyber threats 👀 If you’re a cybersecurity enthusiast or just want to understand how breaches like this happen, make sure to hit that Subscribe button and tap the notification bell 🔔 for more insights into the world of digital crime, hacking tactics, and data security. 👉 Like and share if you find this video informative, and don’t forget to leave your thoughts in the comments below! Follow us on Spotify, Apple Podcasts, and other platforms for more episodes of Exploit Brokers. 🧭 #InternetArchiveBreach #Cybersecurity #HackingNews #DataBreach #GitLab #AccessTokens #DarkWeb #DigitalCrime #ZendeskHack #CyberThreats #Malware #TechNews #DataPrivacy #Hackers #OnlineSecurity #InfoSec #TechExplained #TokenRotation #APIKeys #ZeroDayExploit #CyberAwareness #NetworkSecurity #ThreatIntelligence #DataProtection #PrivacyMatters #SecurityBreach #CyberResilience #EthicalHacking #Encryption #DigitalForensics #InternetSafety #HackerCulture #Breached 👍 Enjoyed the video? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! Follow us on social media: Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers ## Source Internet Archive Hacked Again: https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/ /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/33579797

HN41 - Chinese Hackers Hijack US Telecom Networks 10/10/2024

HN40 - Shocking Move: Kaspersky Uninstalls Itself and Installs Ultra AV Overnight! 09/26/2024

HN39 - Apple's Shocking Decision: Dropping the Fight Against NSO Spyware 09/19/2024

HN39 - Apple's Shocking Decision: Dropping the Fight Against NSO Spyware In an unexpected turn of events, Apple has decided to drop its three-year-old lawsuit against the notorious spyware maker, NSO Group. What led to this shocking decision, and what does it mean for the future of cybersecurity and your personal data? 🤔 In today's video, we dive deep into the reasons behind Apple's surprising move. We'll explore how the rise of commercial spyware vendors is reshaping the cybersecurity landscape and why Apple believes that continuing the lawsuit might actually do more harm than good. Discover the implications for iPhone users worldwide and how this decision could impact your privacy and security. We'll also discuss the ethical considerations of spyware technology, the growing threats we face from malware and state-sponsored hackers, and how Apple plans to combat these threats moving forward. Most importantly, we'll provide insights on what you can do to protect yourself in this evolving digital landscape. 🛡️ If you're concerned about digital privacy, security, or just want to stay informed about the latest tech news, this is a must-watch! 👍 Enjoyed the video? Give it a like and share your thoughts in the comments below! 🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech. Listen to our podcast on: Apple Podcasts Spotify And wherever you get your podcasts! Follow us on social media: Newsletter: Twitter: @ExploitBrokers Medium: TikTok: Source: NSO VS Apple: https://securityboulevard.com/2024/09/apple-seeks-to-drop-its-lawsuit-against-spyware-maker-nso/ Relevant Hashtags: #Apple #NSOGroup #Spyware #Cybersecurity #Privacy #TechNews #DataSecurity #iPhone #DigitalThreats #MobileSecurity #DataBreach #Hacking #Surveillance #Malware #ZeroDay #StateSponsoredHackers #DigitalPrivacy #TechUpdate #InfoSec #CyberThreats #TechInsights #DataProtection #OnlineSafety #TechCommunity /episode/index/show/417a6307-e6ba-42cf-9b51-802873e4df28/id/33102157

HN38 - Is Your Tap-to-Pay Secure? The Latest Android Malware Warning 08/29/2024

HN37 - AI Manipulation: The Silent Threat to Democracy 08/22/2024

HN36 - Fake Sites, Real Danger: The Trojan Malware in Extensions 08/15/2024

Exploit Brokers By Forgebound Research - Tech and Hacking News Commentary

TOPICS