International Cyber Digest
LightNews LightNews
intcyberdigest.bsky.social
International Cyber Digest
@intcyberdigest.bsky.social
360 followers 230 following 130 posts
Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts, in your mailbox soon... https://x.com/IntCyberDigest https://infosec.exchange/@InternationalCyberDigest
x.com
Posts Media Videos Starter Packs
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 6d
The process includes analysis, threat modeling, attack vector mapping, exploitation, and a list of discovered vulnerabilities. This is reportedly the first public pentest of an airport X-ray scanner.

Read the article: kth.diva-portal.org/smash/get/di...
kth.diva-portal.org
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 6d
🚨 Hacking the Airport X-Ray Machine: 11 Vulnerabilities in a Popular Scanner

Security researcher Felix Zuber shares his findings from penetration testing the populair Smiths Detection HI-SCAN 6040i X-ray machine.
1
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 7d
🛠️ AsmLdr - Dynamic shellcode loader with sophisticated evasion capabilities

Execute encrypted payloads while minimizing detection by advanced antivirus software.

github.com/0xNinjaCyclo...
GitHub - 0xNinjaCyclone/AsmLdr: Dynamic shellcode loader with sophisticated evasion capabilities
Dynamic shellcode loader with sophisticated evasion capabilities - 0xNinjaCyclone/AsmLdr
github.com
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 7d
🛠️ PoC CVE-2025-32463 LPE→Root

Local Privilege Escalation to Root via Sudo chroot in Linux

github.com/kh4sh3i/CVE-...
GitHub - kh4sh3i/CVE-2025-32463: Local Privilege Escalation to Root via Sudo chroot in Linux
Local Privilege Escalation to Root via Sudo chroot in Linux - kh4sh3i/CVE-2025-32463
github.com
1
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 8d
🛠️ Digler

Awesome and simple forensic disk analysis & file recovery tool. Powerful features for DFIR investigations.

Try: github.com/ostafen/digler
GitHub - ostafen/digler: Digler is a tool for forensic disk analysis and file recovery. It's designed to help you unearth lost or deleted data from various disk images and raw devices.
Digler is a tool for forensic disk analysis and file recovery. It's designed to help you unearth lost or deleted data from various disk images and raw devices. - ostafen/digler
github.com
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 8d
🛠️ DepConfuse

Scan for dependency-confusion vulnerabilities in your supply chain. Guard against public package takeover.

github.com/th3-j0k3r/De...
GitHub - th3-j0k3r/DepConfuse: tool for checking potential dependency confusion
tool for checking potential dependency confusion . Contribute to th3-j0k3r/DepConfuse development by creating an account on GitHub.
github.com
1
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 9d
🛠️ AI-Powered CAPTCHA Solver

Automated solver with high accuracy across multiple CAPTCHA types. Perfect for automated testing!

github.com/aydinnyunus/...
GitHub - aydinnyunus/ai-captcha-bypass: AI Captcha Bypass
AI Captcha Bypass. Contribute to aydinnyunus/ai-captcha-bypass development by creating an account on GitHub.
github.com
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 9d
🛠️ RealBlindingEDR

Kernel-level AV/EDR removal for red teams. Advanced evasion methods in one toolkit.

Try: github.com/myzxcg/RealB...
GitHub - myzxcg/RealBlindingEDR: Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
github.com
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 10d
📚 Spring Cloud Gateway SpEL Vulnerability (CVE-2025-41243)

Exploring complicating evaluation context in Spring Cloud Gateway.

Read: blog.z3r.ru/posts/spring...
[CVE-2025-41243] Spring Cloud Gateway: complicating evaluation context
Bypassing some restrictions in Spring Cloud Gateway filters to DoS, secrets leak or RCE
blog.z3r.ru
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 10d
📚 Hacking Veeam – Several CVEs & $30k Bounties

Deep dive into multiple Veeam flaws, PoCs, and bounty details.

A must-read for Veeam users and bounty hunters.

blog.voorivex.team/hacking-veea...
Veeam Vulnerabilities: CVEs and $30K Bounties
Hacking Veeam exposed vulnerabilities, earning $30k in bounties. Discover bug bounty tips and reverse engineering insights
blog.voorivex.team
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 11d
🛠️ dw_deanon — de-anonimize a domain in the Dark Web

Use: correlate identities across onion markets and leak datasets for OSINT.

TRY: github.com/bash-bunny/d...
1
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 12d
🛠️ Dark Web Deanonimization

OSINT tool for correlating dark-web identities. Essential for threat intel investigations.

Try: github.com/bash-bunny/d...
GitHub - bash-bunny/dw_deanon
Contribute to bash-bunny/dw_deanon development by creating an account on GitHub.
github.com
2
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 23d
🛠️ svg_phishing_tools — phishing in SVG attachments are sneaky. This toolkit helps you analyze SVG attachment in phishing e-mails

Try: github.com/HackingLZ/sv...
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 24d
🛠️ OpenImporter — got messy collector data when working with Bloodhound OpenGraph? This middleware cleans, enriches, and uploads it so your analysis doesn’t stall.

Try: github.com/G0ldenGunSec...
GitHub - G0ldenGunSec/OpenImporter: Middleware utility for enriching and uploading data gathered with arbitrary collectors
Middleware utility for enriching and uploading data gathered with arbitrary collectors - G0ldenGunSec/OpenImporter
github.com
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 24d
🛠️ google-redirector — A lightweight HTTP/HTTPS redirector designed for Google Cloud Run that exploits remaining domain fronting capabilities in Google's infrastructure

Try: github.com/praetorian-i...
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 25d
🛠️ rustnet — A cross-platform network monitoring tool built with Rust. RustNet provides real-time visibility into network connections with detailed state information, connection lifecycle management, deep packet inspection, and a terminal user interface.

Try: github.com/domcyrus/rus...
1
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 26d
🛠️ hopgoblin — a scanner for Adobe Experience Manager (AEM) instances.

Try: github.com/assetnote/ho...
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 26d
🛠️ httpjail — A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception.

Try: github.com/coder/httpjail
GitHub - coder/httpjail: HTTP(s) request filter for processes
HTTP(s) request filter for processes. Contribute to coder/httpjail development by creating an account on GitHub.
github.com
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 26d
Read about it: verialabs.com/blog/from-mc...
From MCP to Shell
How MCP Authentication Flaws Enable RCE in Claude Code, Gemini CLI, and More
verialabs.com
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 26d
📚 From MCP to Shell —
Earlier this year, MCP introduced an OAuth standard to authenticate clients
Many MCP clients did not validate the authorization URL passed by a malicious MCP server
Researchers were able to exploit this bug to achieve Remote Code Execution (RCE) in popular tools
1
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 27d
🛠️ REGEXSS — who knew a sloppy regex could be worth $6k? This write-up walks through regex bugs that paid out big. Great story + lessons for bug hunters on how to use regex for XSS.
Try: sec.stealthcopter.com/regexss/
Stealthcopter
Overly-greedy regex replacements can break HTML sanitisation and lead to XSS. I’ve already pulled in over $6k from this bug class, and there are plenty mo
sec.stealthcopter.com
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 27d
🛠️ FindMy[.]py — query Apple’s FindMy network with just Python. Neat for OSINT experiments or DFIR cases (watch the legal lines).

Try: github.com/malmeloo/Fin...
1
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 27d
This didn't age well
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 27d
What do you think? Is he brave for standing up?
1
intcyberdigest.bsky.social
International Cyber Digest @intcyberdigest.bsky.social · 27d
1