¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
İbrahim BALOĞLU - Siber Güvenlik Paylaşımları
Ir al canal en Telegram
Mevcut grup, Siber Güvenlik alanında paylaşımlar yapmak için oluşturulmuştur.
Mostrar más1 068
Suscriptores
+224 horas
+47 días
+2430 días
Carga de datos en curso...
Canales Similares
Nube de Etiquetas
Menciones Entrantes y Salientes
---
---
---
---
---
---
Atraer Suscriptores
junio '26
junio '26
+16
en 0 canales
mayo '26
+57
en 0 canales
Get PRO
abril '26
+65
en 0 canales
Get PRO
marzo '26
+45
en 0 canales
Get PRO
febrero '26
+38
en 1 canales
Get PRO
enero '26
+46
en 0 canales
Get PRO
diciembre '25
+30
en 0 canales
Get PRO
noviembre '250
en 0 canales
Get PRO
octubre '250
en 0 canales
Get PRO
septiembre '250
en 0 canales
Get PRO
agosto '250
en 0 canales
Get PRO
julio '250
en 0 canales
Get PRO
junio '250
en 0 canales
Get PRO
mayo '250
en 0 canales
Get PRO
abril '250
en 0 canales
Get PRO
marzo '250
en 0 canales
Get PRO
febrero '250
en 0 canales
Get PRO
enero '250
en 0 canales
Get PRO
diciembre '240
en 0 canales
Get PRO
noviembre '24
+88
en 0 canales
Get PRO
octubre '24
+129
en 0 canales
Get PRO
septiembre '24
+53
en 0 canales
Get PRO
agosto '24
+48
en 0 canales
Get PRO
julio '24
+54
en 0 canales
Get PRO
junio '24
+46
en 0 canales
Get PRO
mayo '24
+53
en 0 canales
Get PRO
abril '24
+48
en 0 canales
Get PRO
marzo '24
+68
en 0 canales
Get PRO
febrero '24
+83
en 0 canales
Get PRO
enero '24
+70
en 0 canales
Get PRO
diciembre '23
+264
en 0 canales
| Fecha | Crecimiento de Suscriptores | Menciones | Canales | |
| 12 junio | +2 | |||
| 11 junio | +2 | |||
| 10 junio | +1 | |||
| 09 junio | +2 | |||
| 08 junio | +2 | |||
| 07 junio | +1 | |||
| 06 junio | +2 | |||
| 05 junio | +2 | |||
| 04 junio | 0 | |||
| 03 junio | 0 | |||
| 02 junio | +2 | |||
| 01 junio | 0 |
Publicaciones del Canal
#DFIR
1⃣ A deep technical analysis of Windows input pipelines, security telemetry, and why PuTTY, WinSCP, MySQL, SSH, and SFTP passwords may leak into system memory
https://hexderef.com/windows-11-passwords-in-memory-lsass-ctfmon-analysis
2⃣ Aether - Windows memory-forensics and threat hunting tool
https://github.com/0xsp-SRD/aether
| 2 | #AppSec
#Threat_Research
1⃣ Click Or Trick (CVE-2025-59199):
Escaping the Sandbox with Windows URIs
https://www.safebreach.com/blog/click-or-trick-cve-2025-59199-escaping-the-sandbox-with-windows-uris
2⃣ Adobe Acrobat Reader Escript.api UAF RCE
https://blog.exodusintel.com/2026/06/01/adobe-acrobat-reader-escript-api-use-after-free-remote-code-execution
3⃣ Exploiting Windows Defender's Remediation Workflow for LPE
https://blog.calif.io/p/redsun-exploiting-windows-defenders | 563 |
| 3 |  Linux LPE Toolkit
*
Multi ARCH набор для повышения привилегий в Linux, 19 готовыми и компилируемыми во время выполнения эксплойтов.
Автоматически определяет версию ядра, фильтрует патченные эксплойты, пробует каждый до root.
*
Download | 480 |
| 4 | Hidden HTTP/2 Bomb
*
FOR nginx, Apache httpd, Microsoft IIS, Envoy, Cloudflare Pingora
*
WriteUP + LABs + PoCs | 429 |
| 5 | #NetSec
#Threat_Research
1⃣ Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
// CVE-2026-5426 enabled RCE via shared ASPNET machine keys, leading to web shells, privilege escalation, and malware deployment, with mitigation requiring key rotation and vigilant monitoring
2⃣ Laravel Lang Packages Compromised
// Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets
3⃣ Google API keys keep working after you delete them
// When you delete a Google API key, it says it’s immediately deleted. Our testing says ~23 min. During that window, an attacker with a leaked key keeps access to your data and enabled APIs
4⃣ Unauthenticated InfoLeak to Full Admin Compromise on ZTE ZXHN H168N
// CVE-2021-21735 - critical flaw in ZTE routers allowing unauthenticated access to sensitive configuration data, enabling full device compromise and WLAN takeover
5⃣ Critical heap buffer overflow in 7-Zip
// CVE-2026-48095 | 653 |
| 6 | #Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (May 16-23, 2026)
1⃣ GRO Frag - seventh Copy Fail vulnerability that grants root privileges to Linux
// Affected: Linux 6.0+ (unprivileged, requires io_uring)
2⃣ Cisco Secure Workload Unauthorized API Access Vulnerability CVE-2026-20223
// Affects Cisco Secure Workload Cluster Software on SaaS and on-prem deployments, regardless of device configuration
3⃣ Anonymous SQLI in Drupal Core (CVE-2026-9082)
// PostgreSQL-specific SQLi in Drupal core allows anonymous users to execute malicious queries via JSON endpoints, fixed by resetting array keys before SQL translation
4⃣ Flipper One Project
// Isn't an upgrade to Flipper Zero - it's a completely different project with its own goals..
5⃣ Critical security flaws in Google Cloud's internal APIs
// CVE-2026-2031
6⃣ DirtyDecrypt is another Copy Fail vulnerability that grants root privileges on Linux
// A prototype exploit is available
7⃣ ModuleJail for locking unused Linux kernel modules
// A single POSIX shell script that shrinks a Linux host's kernel-module attack surface by writing a modprobe.d blacklist
8⃣ Pwn2Own Berlin 2026:
Day Three Results and Master of Pw
// Day One / Two Results
]-> Analytical review (May 09-16, 2026) | 694 |
| 7 |  CVE-2026-20182 Cisco Catalyst SD-WAN
MetaSploit bypass module
*
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
RCE PoC
*
#network | 675 |
| 8 | #AppSec
#Threat_Research
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
https://securelist.com/exiftool-compromise-mac/119866
// critical RCE vulnerability in ExifTool ≤13.49 on macOS, exploitable via malicious image metadata | 701 |
| 9 | #DFIR
#Tech_book
#Blue_Team_Techniques
"SIEM Use Case Engineering Playbook:
100 Detailed Use Cases for Rule Creation, Alert Design, Incident Grouping and SOC Response", 2026.
// A 2026 SIEM use case must be more than a single event trigger. It should describe a realistic threat scenario, identify the logs required, define the building blocks, state the rule logic, generate a useful alert, create an incident when evidence is strong and guide the analyst towards containment or closure | 769 |
| 10 | #Tech_book
#Cyber_Education
"SOC Analyst Career Guide
Become highly skilled in security tools, tactics, and techniques to jumpstart your SOC analyst career", 2025.
// This book focuses on breaking into cybersecurity the right way, through grit, curiosity, and practical execution. Being a SOC analyst is not glamorous. It involves long hours, messy data, and living on the edge of someone else’s breach. Yet for those who thrive on chaos, who find purpose in connecting dots that others overlook, and who take satisfaction in stopping threats before anyone else even notices, this is where you belong | 770 |
| 11 | #Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (May 02-09, 2026)
1⃣ Apache httpd http2 vulnerability
// CVE-2026-23918: double free and possible RCE on early reset
2⃣ MorphKatz
// Windows x64 polymorphic machine-code rewriter
3⃣ Chaining ISC DHCP Server Features for Unauthenticated Root RCE
// A chain of ISC DHCP Server features enables unauthenticated remote root access via OMAPI manipulation and 'execute()' statements, bypassing traditional memory or logical bugs
4⃣ TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot
// Two PoC variants: poc/ is the 1-click developer machine variant (opens the OS calculator, works on all four CLIs, poc-ci-pipeline/ is the 0-click headless CI variant
5⃣ Wireshark 4.6.5 Released
// Release notes + download page
6⃣ PCPJack: Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
// PCPJack targets exposed services including Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web apps, enabling both external propagation and lateral movement inside victim environments
7⃣ Dropbear SSH 2026.90 | 705 |
| 12 |  CVE-2026-42945 RIFT - RCE NGINX
*
PoC | 633 |
| 13 | #exploit
#Mobile_security
#Kernel_Security
A 0-click exploit chain for the Pixel 10:
When a Door Closes, a Window Opens..
https://projectzero.google/2026/05/pixel-10-exploit.html
// Researchers developed a new exploit chain for Pixel 10, updating previous vulns found in Pixel 9, including Dolby and VPU driver issues. Dolby exploit was adapted for Pixel 10, but LPE link was replaced due to hardware driver differences, leading to the discovery of a critical VPU vulnerability | 669 |
| 14 | #AppSec
#Threat_Research
New Nightmare Eclipse Vulnerabilities
1⃣ YellowKey Bitlocker Bypass Vulnerability
https://github.com/Nightmare-Eclipse/YellowKey
2⃣ GreenPlasma Windows CTFMON Arbitrary Section Creation EoP Vulnerability
https://github.com/Nightmare-Eclipse/GreenPlasma | 646 |
| 15 | #Malware_analysis
1⃣ PamDOORa Linux PAM-Based Backdoor
https://flare.io/learn/resources/blog/pamdoora-new-linux-pam-based-backdoor-sale-dark-web
2⃣ Fake Claude site spreads backdoor
https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor
3⃣ New TrickMo Variant
https://www.threatfabric.com/blogs/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app | 794 |
| 16 | Next.js v16.2.4
*
Security PoC Collection
*
CVE-2026-23870 CVE-2026-44575 CVE-2026-44579 CVE-2026-44574 CVE-2026-44578 CVE-2026-44573 CVE-2026-44581 CVE-2026-44580 CVE-2026-44577 CVE-2026-44576 CVE-2026-44582 CVE-2026-44572 | 777 |
| 17 | #Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (May 02-09, 2026)
1⃣ Apache httpd http2 vulnerability
// CVE-2026-23918: double free and possible RCE on early reset
2⃣ MorphKatz
// Windows x64 polymorphic machine-code rewriter
3⃣ Chaining ISC DHCP Server Features for Unauthenticated Root RCE
// A chain of ISC DHCP Server features enables unauthenticated remote root access via OMAPI manipulation and 'execute()' statements, bypassing traditional memory or logical bugs
4⃣ TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot
// Two PoC variants: poc/ is the 1-click developer machine variant (opens the OS calculator, works on all four CLIs, poc-ci-pipeline/ is the 0-click headless CI variant
5⃣ Wireshark 4.6.5 Released
// Release notes + download page
6⃣ PCPJack: Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
// PCPJack targets exposed services including Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web apps, enabling both external propagation and lateral movement inside victim environments
7⃣ Dropbear SSH 2026.90
]-> Analytical review (Apr.25-May 02, 2026) | 872 |
| 18 | #exploit
#NetSec
1⃣ Android adbd TLS client-authentication bypass
https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass
// no-interaction proximal/adjacent RCE vulnerability (CVE-2026-0073) in adbd’s ADB-over-TCP authentication path
2⃣ Critical Unauthenticated Memory Leak in Ollama
https://www.cyera.com/research/bleeding-llama-critical-unauthenticated-memory-leak-in-ollama
// memory leak vulnerability (CVE-2026-7482) in Ollama allows attackers to exploit improper tensor shape validation in GGUF files to leak sensitive memory data from approximately 300k servers globally | 769 |
| 19 |  CVE-2026-35616 FortiClient EMS Pre-Auth Bypass
*
exploit | 676 |
| 20 |  Debian 13 DHCP server RCE
*
PoC and details | 727 |
