2025-03-13 | Hacker Trends

5 Posts

Chinese snoops spotted on end-of-life Juniper routers • The Register

https://www.theregister.com/2025/03/12/china_spy_juniper_routers/

5 Posts

Exploiting Reversing (ER) series: article 05 | Hyper-V (part 01) – Exploit Reversing

https://exploitreversing.com/2025/03/12/exploiting-reversing-er-series-article-05/

4 Posts

New SuperBlack ransomware exploits Fortinet auth bypass flaws

https://www.bleepingcomputer.com/news/security/new-superblack-ransomware-exploits-fortinet-auth-bypass-flaws/

4 Posts

Microsoft apologizes for removing VSCode extensions used by millions

https://www.bleepingcomputer.com/news/microsoft/microsoft-apologizes-for-removing-vscode-extensions-used-by-millions/

4 Posts

DeepSeek spits out malware code with a little persuasion • The Register

https://go.theregister.com/feed/www.theregister.com/2025/03/13/deepseek_malware_code/

4 Posts

GitHub - iSee857/CVE-2025-24813-PoC: Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)

https://github.com/iSee857/CVE-2025-24813-PoC

4 Posts

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

https://thehackernews.com/2025/03/github-uncovers-new-ruby-saml.html

4 Posts

Disclosing YouTube Creator Emails for a $20k Bounty

https://brutecat.com/articles/youtube-creator-emails

4 Posts

libxml2:api: Stack-buffer-overflow in xmlValidateElementContent [392687022] - OSS Fuzz

https://issues.oss-fuzz.com/issues/392687022

4 Posts

Microsoft says button to restore classic Outlook is broken

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-button-to-restore-classic-outlook-is-broken/

3 Posts

Booking.com | Official site | The best hotels, flights, car rentals & accommodations

http://Booking.com

3 Posts

Windows Notepad to get AI text summarization in Windows 11

https://www.bleepingcomputer.com/news/microsoft/windows-notepad-to-get-ai-text-summarization-in-windows-11/

3 Posts

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials - The GitHub Blog

https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

3 Posts

GitLab patches critical authentication bypass vulnerabilities

https://www.bleepingcomputer.com/news/security/gitlab-patches-critical-authentication-bypass-vulnerabilities/

3 Posts

Medusa Ransomware Made 300 Critical Infrastructure Victims - SecurityWeek

https://www.securityweek.com/medusa-ransomware-made-300-critical-infrastructure-victims/

3 Posts

Lookout Discovers North Korean APT37 Mobile Spyware | Threat Intel

https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37

3 Posts

ArechClient; Decoding IOCs and finding the onboard browser extension | by Jason Reaves | Walmart Global Tech Blog | Mar, 2025 | Medium

https://medium.com/walmartglobaltech/arechclient-decoding-iocs-and-finding-the-onboard-browser-extension-477f8796568d

3 Posts

Support channel binding and ldap signing for ntlm and kerberos auth by zblurx · Pull Request #1919 · fortra/impacket · GitHub

https://github.com/fortra/impacket/pull/1919

3 Posts

oss-security - CVE-2025-27363: out of bounds write in FreeType <= 2.13.0

https://www.openwall.com/lists/oss-security/2025/03/13/1

Chinese snoops spotted on end-of-life Juniper routers • The Register

Exploiting Reversing (ER) series: article 05 | Hyper-V (part 01) – Exploit Reversing

New SuperBlack ransomware exploits Fortinet auth bypass flaws

Microsoft apologizes for removing VSCode extensions used by millions

DeepSeek spits out malware code with a little persuasion • The Register

GitHub - iSee857/CVE-2025-24813-PoC: Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

Disclosing YouTube Creator Emails for a $20k Bounty

libxml2:api: Stack-buffer-overflow in xmlValidateElementContent [392687022] - OSS Fuzz

Microsoft says button to restore classic Outlook is broken

Booking.com | Official site | The best hotels, flights, car rentals & accommodations

Windows Notepad to get AI text summarization in Windows 11

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials - The GitHub Blog

GitLab patches critical authentication bypass vulnerabilities

Medusa Ransomware Made 300 Critical Infrastructure Victims - SecurityWeek

Lookout Discovers North Korean APT37 Mobile Spyware | Threat Intel

ArechClient; Decoding IOCs and finding the onboard browser extension | by Jason Reaves | Walmart Global Tech Blog | Mar, 2025 | Medium

[原创]Hyper-v虚拟磁盘驱动vhdmp.sys漏洞汇总分析-二进制漏洞-看雪-安全社区|安全招聘|kanxue.com

oss-security - CVE-2025-27363: out of bounds write in FreeType <= 2.13.0

Juniper patches bug that let Chinese cyberspies backdoor routers

Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data

CVE-2025-24048 - Security Update Guide - Microsoft - Windows Hyper-V Elevation of Privilege Vulnerability

Volt Typhoon Strikes Massachusetts Power Utility

Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

Support channel binding and ldap signing for ntlm and kerberos auth by zblurx · Pull Request #1919 · fortra/impacket · GitHub

oss-security - CVE-2025-27363: out of bounds write in FreeType <= 2.13.0