en
Feedback
cKure Red

cKure Red

Open in Telegram

The director's cut on critical feeds from InfoSec world ๐ŸŒŽ Main Channel: @cKure โ˜•๏ธ or queries email us ๐Ÿ“จ i@ckure.org

Show more
2 612
Subscribers
+324 hours
+297 days
+7430 days
Posts Archive
๐Ÿ‡ฎ๐Ÿ‡ฑ CARS ARE EXPLODING ACROSS ISRAEL
Iranian cyber units and agents have penetrated the heart of Israel, and multiple assassinations are taking place.
-Ethan Levins (not verbatim)
Source: https://x.com/i/status/2071203804326805937

๐Ÿ“ฑ President of Signal (messenger) on shift in policy.

๐Ÿ’€ The Eternal Jew rises with same tricks up the sleeve: โ€˜Popaโ€™ Botnet Linked to Publicly-Traded Israeli Firm https://x.com/i/status/2067993607597092865

Exploiting CVE-2024-1065 via the Page Cache! A strategy for physical-page UAFs in MIGRATE_MOVABLE, where Dirty Pagetable and Dirty Cred don't apply. https://kuzey.rs/posts/MaliUAF/ Demonstrated on the Mali GPU UAF found by Project Zero.

Free research papers
https://sci-bot.ru/

๐Ÿ“ก๐Ÿ…ฐ๏ธ๐Ÿ…ฐ๏ธ๐Ÿ…ฐ๏ธโŽโŽ๐Ÿ…ฐ๏ธ๐Ÿ…ฐ๏ธ๐Ÿ…ฐ๏ธ๐Ÿ…ฐ๏ธ
PimEyes.Com

๐Ÿ‘ฉโ€๐Ÿ’ป Performing RCE in Internet Explorer via clickjacking!
Credits: Igor Sak-Sakovsky's (๐• | Psych0tr1a)
https://swarm.ptsecurity.com/the-click-that-shouldnt-have-worked-rce-via-clickjacking-in-internet-explorer/

๐Ÿ“ก๐Ÿ›ฐ For 19 years, GPS satellites have secretly broadcast a โ€œnumbers stationโ€ in their public signals. We decoded 12M messages: a 2011 flash where 31 of 32 satellites flipped in hours, โ€œghostโ€ substrings repeating years apart, and a โ€œTEXTโ€ prefix spreading now. https://lsc-pagepro.mydigitalpublication.com/publication/?i=865273&p=62&view=issueViewer https://github.com/sjmurdoch/gps-special-messages https://x.com/i/status/2061829547289387209

Repost from cKure Red
๐Ÿ”—๐Ÿ†’๐Ÿ†’๐Ÿ”ค๐Ÿ†’๐Ÿ†’๐Ÿ†’๐Ÿ†’
Transfer data between devices using just QR codes!
QR-Beam โ€” A browser-based data transfer tool where both sender and receiver run entirely client-side via JavaScript. No installation, simple mobile-friendly UI, and designed for real-world use. The idea isn't new, but was focused on turning it into a practical, production-ready solution with several improvements over existing PoCs.
Beta: https://ckure.org/rx/QR-Beam

Repost from cKure Red
๐Ÿ”—๐Ÿ†’๐Ÿ†’๐Ÿ”ค๐Ÿ†’๐Ÿ†’๐Ÿ†’๐Ÿ†’
Transfer data between devices using just QR codes!
QR-Beam โ€” A browser-based data transfer tool where both sender and receiver run entirely client-side via JavaScript. No installation, simple mobile-friendly UI, and designed for real-world use. The idea isn't new, but was focused on turning it into a practical, production-ready solution with several improvements over existing PoCs.
Beta: https://ckure.org/rx/QR-Beam

๐Ÿ”—๐Ÿ†’๐Ÿ†’๐Ÿ”ค๐Ÿ†’๐Ÿ†’๐Ÿ†’๐Ÿ†’
Transfer data between devices using just QR codes!
QR-Beam โ€” A browser-based data transfer tool where both sender and receiver run entirely client-side via JavaScript. No installation, simple mobile-friendly UI, and designed for real-world use. The idea isn't new, but was focused on turning it into a practical, production-ready solution with several improvements over existing PoCs.
Beta: https://ckure.org/rx/QR-Beam

๐Ÿ˜” Mini Plasma Zero-Day by Chaotic Eclipse (aka Nightmare Eclipse) with a total of 6 0-Days in 6 weeks.
Official blog: https://deadeclipse666.blogspot.com
https://blog.barracuda.com/2026/05/19/nightmare-eclipse-zero-days-grudge

๐Ÿ“ฑAnthropic co-founder says there is a "real possibility that AI will displace human labor at a very large scale," and that supporting those people "will be a moral imperative of historic proportions."
And we do not have a mechanism while most of the control of AI is with few wealthy nations and individuals.

๐Ÿ” ๐Ÿ” ๐Ÿ” ๐Ÿ” ๐Ÿ” ๐Ÿ” ๐Ÿ” โž–๐Ÿ” ๐Ÿ” ๐Ÿ”  https://www.theverge.com/tech/935202/flipper-devices-one-zero-wireless-multi-tool-linux-open-source-com
๐Ÿ” ๐Ÿ” ๐Ÿ” ๐Ÿ” ๐Ÿ” ๐Ÿ” ๐Ÿ” โž–๐Ÿ” ๐Ÿ” ๐Ÿ”  https://www.theverge.com/tech/935202/flipper-devices-one-zero-wireless-multi-tool-linux-open-source-computer

๐Ÿค– ๐Ÿ†’๐Ÿ†’๐Ÿ†’๐Ÿ†’๐Ÿ†’๐Ÿ†’ Earlier today Cloudflare's CSO shared how they tested Anthropic Mythos using an unreleased 8-stage vulnerability-discovery agent. Opus implemented the agent and it works via Claude SDK with a Pro or Max subscription, no API.
https://github.com/evilsocket/audit
๐• | Simone

๐Ÿš€40K Starlink terminals hacked to lure Russians into a cyber trap as per anti-Russia propaganda news.
40,000 Starlink terminals go dark. Russian soldiers scramble for answers and turn to Telegram. They donโ€™t realise theyโ€™ve just walked into a trap. The journalists travelled across Ukraine from Lviv to the front line in Zaporizhzhia to uncover a pretty audacious cyber operation. Meet Goldfinger and the 256 Cyber Assault Brigade and Yaro, and the 128th Mechanised Brigade, holding the line in the south.

๐Ÿคฉ โ—๏ธโ—๏ธโ—๏ธโ—๏ธโ—๏ธโ—๏ธ LLM used to make a Zero-Day by APT group on a popular software. The zero day was a 2FA bypass via logic bug ๐Ÿชฒ
Security researchers at Alphabetโ€™s Google said they believe a cybercrime group used artificial intelligence to create a hacking tool that can bypass defenses in a widely-used tool to administer computer systems. The scheme, which was foiled when Google alerted the tool developer, would mark the first time that Googleโ€™s Threat Intelligence Group caught a hacker using an AI-generated โ€œzero-dayโ€ in such a way, according to a report published Monday.

โš ๏ธโš ๏ธโš ๏ธโš ๏ธโš ๏ธโš ๏ธ CVE-2026-0073: Critical Android Zero-Click, Zero-Day exploit in wireless debugging (if enabled) can allow adjacent hacker (in same network) to execute code as shell user.

๐Ÿ…ฐ๏ธ๐Ÿ…ฐ๏ธ๐Ÿ…ฐ๏ธ๐Ÿ”ข๐Ÿ…ฐ๏ธ๐Ÿ…ฐ๏ธ๐Ÿ…ฐ๏ธ Devcore team chained โ›“๏ธโ€๐Ÿ’ฅ 4 logic bugs to achieve sandbox escape in Microsoft Edge in PwnยฒOwn 2026, Berlin.