International Cyber Digest
@intcyberdigest.bsky.social
Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts, in your mailbox soon...
https://x.com/IntCyberDigest
https://infosec.exchange/@InternationalCyberDigest
https://x.com/IntCyberDigest
https://infosec.exchange/@InternationalCyberDigest
‼️ The Beckett Collectibles data breach we forwarded is now live. North American users can register at Have I Been Pwned to check if their data was leaked.
November 20, 2025 at 1:14 PM
‼️ The Beckett Collectibles data breach we forwarded is now live. North American users can register at Have I Been Pwned to check if their data was leaked.
‼️The Eurofiber breach data we forwarded to Have I Been Pwned has been indexed.
Possible victims of the breach can now check whether their data has been leaked.
Check it out: haveibeenpwned.com/Breach/Eurof...
Possible victims of the breach can now check whether their data has been leaked.
Check it out: haveibeenpwned.com/Breach/Eurof...
November 20, 2025 at 9:17 AM
‼️The Eurofiber breach data we forwarded to Have I Been Pwned has been indexed.
Possible victims of the breach can now check whether their data has been leaked.
Check it out: haveibeenpwned.com/Breach/Eurof...
Possible victims of the breach can now check whether their data has been leaked.
Check it out: haveibeenpwned.com/Breach/Eurof...
Statements by someone completely off the rails.
November 20, 2025 at 9:01 AM
Statements by someone completely off the rails.
💪 We're launching a monthly series to highlight cybersecurity community members' contributions.
Submit nominations via DM or Signal (in bio) with reasons for recognition.
This week's nominee is Belgian national @DidierStevens: A pioneer in malware analysis.
Submit nominations via DM or Signal (in bio) with reasons for recognition.
This week's nominee is Belgian national @DidierStevens: A pioneer in malware analysis.
November 20, 2025 at 5:00 AM
💪 We're launching a monthly series to highlight cybersecurity community members' contributions.
Submit nominations via DM or Signal (in bio) with reasons for recognition.
This week's nominee is Belgian national @DidierStevens: A pioneer in malware analysis.
Submit nominations via DM or Signal (in bio) with reasons for recognition.
This week's nominee is Belgian national @DidierStevens: A pioneer in malware analysis.
🛠️ OctoSQL
OctoSQL is predominantly a CLI tool which lets you query a plethora of databases and file formats using SQL through a unified interface, even do JOINs between them. (Ever needed to join a JSON file with a PostgreSQL table? OctoSQL can help you with that.)
OctoSQL is predominantly a CLI tool which lets you query a plethora of databases and file formats using SQL through a unified interface, even do JOINs between them. (Ever needed to join a JSON file with a PostgreSQL table? OctoSQL can help you with that.)
November 20, 2025 at 3:45 AM
🛠️ OctoSQL
OctoSQL is predominantly a CLI tool which lets you query a plethora of databases and file formats using SQL through a unified interface, even do JOINs between them. (Ever needed to join a JSON file with a PostgreSQL table? OctoSQL can help you with that.)
OctoSQL is predominantly a CLI tool which lets you query a plethora of databases and file formats using SQL through a unified interface, even do JOINs between them. (Ever needed to join a JSON file with a PostgreSQL table? OctoSQL can help you with that.)
‼️We received a list of allegedly all North American emails included in the Beckett leak.
A concerned customer, who is frustrated that Beckett is not communicating about the leak, sent the info with to us.
We shared this list with @troyhunt for addition to Have I Been Pwned.
A concerned customer, who is frustrated that Beckett is not communicating about the leak, sent the info with to us.
We shared this list with @troyhunt for addition to Have I Been Pwned.
November 19, 2025 at 7:07 PM
‼️We received a list of allegedly all North American emails included in the Beckett leak.
A concerned customer, who is frustrated that Beckett is not communicating about the leak, sent the info with to us.
We shared this list with @troyhunt for addition to Have I Been Pwned.
A concerned customer, who is frustrated that Beckett is not communicating about the leak, sent the info with to us.
We shared this list with @troyhunt for addition to Have I Been Pwned.
🚨‼️ WhatsApp leaks data of more than 3.5 billion users
WhatsApp's entire member directory was freely accessible online.
Austrian researchers downloaded all phone numbers and other profile data – including public keys – without any obstacles.
WhatsApp's entire member directory was freely accessible online.
Austrian researchers downloaded all phone numbers and other profile data – including public keys – without any obstacles.
November 19, 2025 at 2:53 PM
🚨‼️ WhatsApp leaks data of more than 3.5 billion users
WhatsApp's entire member directory was freely accessible online.
Austrian researchers downloaded all phone numbers and other profile data – including public keys – without any obstacles.
WhatsApp's entire member directory was freely accessible online.
Austrian researchers downloaded all phone numbers and other profile data – including public keys – without any obstacles.
‼️ Cloudflare has released a report on yesterday's outage.
It wasn't DNS...
A change to permissions in one of their database systems caused the database to output multiple duplicate entries into a “feature file” used by their Bot Management system. That file then doubled in size.
It wasn't DNS...
A change to permissions in one of their database systems caused the database to output multiple duplicate entries into a “feature file” used by their Bot Management system. That file then doubled in size.
Cloudflare outage on November 18, 2025
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.
blog.cloudflare.com
November 19, 2025 at 1:58 PM
‼️ Cloudflare has released a report on yesterday's outage.
It wasn't DNS...
A change to permissions in one of their database systems caused the database to output multiple duplicate entries into a “feature file” used by their Bot Management system. That file then doubled in size.
It wasn't DNS...
A change to permissions in one of their database systems caused the database to output multiple duplicate entries into a “feature file” used by their Bot Management system. That file then doubled in size.
📚 Exploiting Citrix NetScaler CVE-2025-12101
Memory leak vulnerability combined with reflected XSS in Citrix NetScaler appliances.
Read:
labs.watchtowr.com/is-it-citrix...
Memory leak vulnerability combined with reflected XSS in Citrix NetScaler appliances.
Read:
labs.watchtowr.com/is-it-citrix...
November 19, 2025 at 3:30 AM
📚 Exploiting Citrix NetScaler CVE-2025-12101
Memory leak vulnerability combined with reflected XSS in Citrix NetScaler appliances.
Read:
labs.watchtowr.com/is-it-citrix...
Memory leak vulnerability combined with reflected XSS in Citrix NetScaler appliances.
Read:
labs.watchtowr.com/is-it-citrix...
📚 Remote Code Execution in UniFi Access (CVE-2025-52665)
Writeup of the recently found critical RCE vulnerability in Ubiquiti UniFi Access.
www.catchify.sa/post/cve-202...
Writeup of the recently found critical RCE vulnerability in Ubiquiti UniFi Access.
www.catchify.sa/post/cve-202...
November 19, 2025 at 2:17 AM
📚 Remote Code Execution in UniFi Access (CVE-2025-52665)
Writeup of the recently found critical RCE vulnerability in Ubiquiti UniFi Access.
www.catchify.sa/post/cve-202...
Writeup of the recently found critical RCE vulnerability in Ubiquiti UniFi Access.
www.catchify.sa/post/cve-202...
‼️🇪🇺 The European Commission has launched market investigations into cloud computing services under the Digital Markets Act.
These investigations will assess Amazon and Microsoft.
The DMA aims to ensure contestable and fair markets in the digital sector.
These investigations will assess Amazon and Microsoft.
The DMA aims to ensure contestable and fair markets in the digital sector.
November 18, 2025 at 10:45 PM
‼️🇪🇺 The European Commission has launched market investigations into cloud computing services under the Digital Markets Act.
These investigations will assess Amazon and Microsoft.
The DMA aims to ensure contestable and fair markets in the digital sector.
These investigations will assess Amazon and Microsoft.
The DMA aims to ensure contestable and fair markets in the digital sector.
🛠️ CL4R1T4S
Fully extracted system prompts, guidelines, and tools from OpenAI, Google, Anthropic, xAI, Perplexity, Cursor, Windsurf, Devin, Manus, Replit, and more — covering virtually all major AI models and agents.
Go see: github.com/elder-pliniu...
Fully extracted system prompts, guidelines, and tools from OpenAI, Google, Anthropic, xAI, Perplexity, Cursor, Windsurf, Devin, Manus, Replit, and more — covering virtually all major AI models and agents.
Go see: github.com/elder-pliniu...
November 18, 2025 at 4:19 AM
🛠️ CL4R1T4S
Fully extracted system prompts, guidelines, and tools from OpenAI, Google, Anthropic, xAI, Perplexity, Cursor, Windsurf, Devin, Manus, Replit, and more — covering virtually all major AI models and agents.
Go see: github.com/elder-pliniu...
Fully extracted system prompts, guidelines, and tools from OpenAI, Google, Anthropic, xAI, Perplexity, Cursor, Windsurf, Devin, Manus, Replit, and more — covering virtually all major AI models and agents.
Go see: github.com/elder-pliniu...
❗️Kraken ransomware benchmarks a victim machine before starting encryption
The malware creates a test file, encrypts it, and assigns a score based on the machine's speed.
Depending on the score, it decides to fully or partially encrypt the files.
The malware creates a test file, encrypts it, and assigns a score based on the machine's speed.
Depending on the score, it decides to fully or partially encrypt the files.
November 18, 2025 at 2:37 AM
❗️Kraken ransomware benchmarks a victim machine before starting encryption
The malware creates a test file, encrypts it, and assigns a score based on the machine's speed.
Depending on the score, it decides to fully or partially encrypt the files.
The malware creates a test file, encrypts it, and assigns a score based on the machine's speed.
Depending on the score, it decides to fully or partially encrypt the files.
‼️ 3D printer company Flashforge threatened to snitch on its own customers if they print firearms.
This has raised many questions among its customers about what data they collect and why they have such a threatening tone.
Many 3D printers these days use the cloud for printing.
This has raised many questions among its customers about what data they collect and why they have such a threatening tone.
Many 3D printers these days use the cloud for printing.
November 17, 2025 at 10:47 PM
‼️ 3D printer company Flashforge threatened to snitch on its own customers if they print firearms.
This has raised many questions among its customers about what data they collect and why they have such a threatening tone.
Many 3D printers these days use the cloud for printing.
This has raised many questions among its customers about what data they collect and why they have such a threatening tone.
Many 3D printers these days use the cloud for printing.
❗️Middle East Eye has published an article as a result of our post. They've asked us for comment:
"It is a disgrace that a phone company would sell devices with bloatware. You've already paid for the phone, and now Samsung is making their customers pay double, this time with their data"
"It is a disgrace that a phone company would sell devices with bloatware. You've already paid for the phone, and now Samsung is making their customers pay double, this time with their data"
Samsung users report ‘unremovable’ Israeli bloatware AppCloud on devices
Digital rights group says silence from Samsung raises fears over covert data access
www.middleeasteye.net
November 17, 2025 at 4:34 PM
❗️Middle East Eye has published an article as a result of our post. They've asked us for comment:
"It is a disgrace that a phone company would sell devices with bloatware. You've already paid for the phone, and now Samsung is making their customers pay double, this time with their data"
"It is a disgrace that a phone company would sell devices with bloatware. You've already paid for the phone, and now Samsung is making their customers pay double, this time with their data"
Reposted by International Cyber Digest
‼️ Unremovable Israeli Spyware Found on Samsung Devices
Samsung faces backlash over AppCloud, an Israeli-developed app pre-installed on budget Galaxy A and M series devices.
Samsung faces backlash over AppCloud, an Israeli-developed app pre-installed on budget Galaxy A and M series devices.
November 15, 2025 at 2:37 AM
‼️ Unremovable Israeli Spyware Found on Samsung Devices
Samsung faces backlash over AppCloud, an Israeli-developed app pre-installed on budget Galaxy A and M series devices.
Samsung faces backlash over AppCloud, an Israeli-developed app pre-installed on budget Galaxy A and M series devices.
🛠️ Seedbox Lite
A modern, lightweight torrent streaming application with instant playback.
Try: github.com/hotheadhacke...
A modern, lightweight torrent streaming application with instant playback.
Try: github.com/hotheadhacke...
November 16, 2025 at 6:45 PM
🛠️ Seedbox Lite
A modern, lightweight torrent streaming application with instant playback.
Try: github.com/hotheadhacke...
A modern, lightweight torrent streaming application with instant playback.
Try: github.com/hotheadhacke...
📚 Windows ARM64 Internals - Deconstructing Pointer Authentication
In-depth research into Windows ARM64 internals and pointer authentication mechanisms.
In-depth research into Windows ARM64 internals and pointer authentication mechanisms.
November 16, 2025 at 5:13 PM
📚 Windows ARM64 Internals - Deconstructing Pointer Authentication
In-depth research into Windows ARM64 internals and pointer authentication mechanisms.
In-depth research into Windows ARM64 internals and pointer authentication mechanisms.
‼️ Thousands of servers seized in Operation Endgame
Dutch police seized thousands of CrazyRDP servers in Zoetermeer, Netherlands, at Serverion's datacenter.
CrazyRDP is linked to numerous cybercrime and CSAM cases.
Video: x.com/IntCyberDige...
Dutch police seized thousands of CrazyRDP servers in Zoetermeer, Netherlands, at Serverion's datacenter.
CrazyRDP is linked to numerous cybercrime and CSAM cases.
Video: x.com/IntCyberDige...
x.com
November 16, 2025 at 12:10 PM
‼️ Thousands of servers seized in Operation Endgame
Dutch police seized thousands of CrazyRDP servers in Zoetermeer, Netherlands, at Serverion's datacenter.
CrazyRDP is linked to numerous cybercrime and CSAM cases.
Video: x.com/IntCyberDige...
Dutch police seized thousands of CrazyRDP servers in Zoetermeer, Netherlands, at Serverion's datacenter.
CrazyRDP is linked to numerous cybercrime and CSAM cases.
Video: x.com/IntCyberDige...
📚 Breaking Intel's Software Guard eXtensions (SGX)
DRAM bus interposition attack against SGX. Complete hardware-level control demonstration.
Read: wiretap.fail
DRAM bus interposition attack against SGX. Complete hardware-level control demonstration.
Read: wiretap.fail
November 16, 2025 at 12:14 AM
📚 Breaking Intel's Software Guard eXtensions (SGX)
DRAM bus interposition attack against SGX. Complete hardware-level control demonstration.
Read: wiretap.fail
DRAM bus interposition attack against SGX. Complete hardware-level control demonstration.
Read: wiretap.fail
📚 Hacking the Nokia Beacon 1 Router
The Nokia WiFi Beacon 1 is a dual-band Wi-Fi 5 (802.11ac) mesh router designed to extend wireless coverage and eliminate dead zones throughout a home.
Read: spaceraccoon.dev/nokia-beacon...
The Nokia WiFi Beacon 1 is a dual-band Wi-Fi 5 (802.11ac) mesh router designed to extend wireless coverage and eliminate dead zones throughout a home.
Read: spaceraccoon.dev/nokia-beacon...
November 15, 2025 at 9:26 PM
📚 Hacking the Nokia Beacon 1 Router
The Nokia WiFi Beacon 1 is a dual-band Wi-Fi 5 (802.11ac) mesh router designed to extend wireless coverage and eliminate dead zones throughout a home.
Read: spaceraccoon.dev/nokia-beacon...
The Nokia WiFi Beacon 1 is a dual-band Wi-Fi 5 (802.11ac) mesh router designed to extend wireless coverage and eliminate dead zones throughout a home.
Read: spaceraccoon.dev/nokia-beacon...
‼️The EuroFiber breach impacts over 3,600 clients. The threat actor provided us with a list of affected clients, we've decided to share the list for supporting blue team research and impact analysis.
Notable companies and organizations include:
- Airbus
- Multiple French ministries
- Thales
- Orange
Notable companies and organizations include:
- Airbus
- Multiple French ministries
- Thales
- Orange
Source Code | n6JP4 | Rocket Powered Pastebin
a simple, no-frills, command-line driven pastebin service powered by the Rocket web framework.
paste.rs
November 15, 2025 at 1:11 PM
‼️The EuroFiber breach impacts over 3,600 clients. The threat actor provided us with a list of affected clients, we've decided to share the list for supporting blue team research and impact analysis.
Notable companies and organizations include:
- Airbus
- Multiple French ministries
- Thales
- Orange
Notable companies and organizations include:
- Airbus
- Multiple French ministries
- Thales
- Orange
Famous Threat Actor Quotes #QuoteOfTheDay
November 15, 2025 at 4:22 AM
Famous Threat Actor Quotes #QuoteOfTheDay
📚 Hacking Air Canada's In-flight Network
A Story About Bypassing Air Canada's In-flight Network Restrictions.
Read it: ramsayleung.github.io/en/post/2025...
A Story About Bypassing Air Canada's In-flight Network Restrictions.
Read it: ramsayleung.github.io/en/post/2025...
November 15, 2025 at 3:31 AM
📚 Hacking Air Canada's In-flight Network
A Story About Bypassing Air Canada's In-flight Network Restrictions.
Read it: ramsayleung.github.io/en/post/2025...
A Story About Bypassing Air Canada's In-flight Network Restrictions.
Read it: ramsayleung.github.io/en/post/2025...