International Cyber Digest
@intcyberdigest.bsky.social
Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts, in your mailbox soon...
https://x.com/IntCyberDigest
https://infosec.exchange/@InternationalCyberDigest
https://x.com/IntCyberDigest
https://infosec.exchange/@InternationalCyberDigest
📚 Hacking Formula 1
Accessing Max Verstappen's PII through FIA bugs.
"We stopped testing after seeing that it was possible to access Max Verstappen's passport, resume, license, password hash, and PII.
Accessing Max Verstappen's PII through FIA bugs.
"We stopped testing after seeing that it was possible to access Max Verstappen's passport, resume, license, password hash, and PII.
November 22, 2025 at 3:31 AM
📚 Hacking Formula 1
Accessing Max Verstappen's PII through FIA bugs.
"We stopped testing after seeing that it was possible to access Max Verstappen's passport, resume, license, password hash, and PII.
Accessing Max Verstappen's PII through FIA bugs.
"We stopped testing after seeing that it was possible to access Max Verstappen's passport, resume, license, password hash, and PII.
CTO of the year!
November 22, 2025 at 2:37 AM
CTO of the year!
‼️CrowdStrike confirmed they were hit by an insider threat, someone took screenshots on internal systems and shared them with scattered LAPSUS$ hunters.
scattered LAPSUS$ hunters confirmed to us they paid $30K in total to the insider and gained
scattered LAPSUS$ hunters confirmed to us they paid $30K in total to the insider and gained
November 21, 2025 at 7:08 PM
‼️CrowdStrike confirmed they were hit by an insider threat, someone took screenshots on internal systems and shared them with scattered LAPSUS$ hunters.
scattered LAPSUS$ hunters confirmed to us they paid $30K in total to the insider and gained
scattered LAPSUS$ hunters confirmed to us they paid $30K in total to the insider and gained
🚨 Salesforce revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of attacks.
The investigation indicates these attacks may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.
The investigation indicates these attacks may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.
November 21, 2025 at 4:03 PM
🚨 Salesforce revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of attacks.
The investigation indicates these attacks may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.
The investigation indicates these attacks may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.
‼️ Scattered LAPSUS$ ShinyHunters members have returned with new breaches and serious threats.
They are attempting to orchestrate the murders of Google Threat Intelligence employees in New York.
They also claim to have breached FBI Cellebrite accounts, CrowdStrike, Salesforce, and Palo Alto.
They are attempting to orchestrate the murders of Google Threat Intelligence employees in New York.
They also claim to have breached FBI Cellebrite accounts, CrowdStrike, Salesforce, and Palo Alto.
November 21, 2025 at 10:25 AM
‼️ Scattered LAPSUS$ ShinyHunters members have returned with new breaches and serious threats.
They are attempting to orchestrate the murders of Google Threat Intelligence employees in New York.
They also claim to have breached FBI Cellebrite accounts, CrowdStrike, Salesforce, and Palo Alto.
They are attempting to orchestrate the murders of Google Threat Intelligence employees in New York.
They also claim to have breached FBI Cellebrite accounts, CrowdStrike, Salesforce, and Palo Alto.
‼️ Thousands of domains host injected malicious JavaScript
The malicious code was injected by APT24 into a widely used JavaScript library after compromising a regional digital marketing firm in Taiwan.
The malicious code was injected by APT24 into a widely used JavaScript library after compromising a regional digital marketing firm in Taiwan.
November 21, 2025 at 3:15 AM
‼️ Thousands of domains host injected malicious JavaScript
The malicious code was injected by APT24 into a widely used JavaScript library after compromising a regional digital marketing firm in Taiwan.
The malicious code was injected by APT24 into a widely used JavaScript library after compromising a regional digital marketing firm in Taiwan.
‼️ The Beckett Collectibles data breach we forwarded is now live. North American users can register at Have I Been Pwned to check if their data was leaked.
November 20, 2025 at 1:14 PM
‼️ The Beckett Collectibles data breach we forwarded is now live. North American users can register at Have I Been Pwned to check if their data was leaked.
‼️The Eurofiber breach data we forwarded to Have I Been Pwned has been indexed.
Possible victims of the breach can now check whether their data has been leaked.
Check it out: haveibeenpwned.com/Breach/Eurof...
Possible victims of the breach can now check whether their data has been leaked.
Check it out: haveibeenpwned.com/Breach/Eurof...
November 20, 2025 at 9:17 AM
‼️The Eurofiber breach data we forwarded to Have I Been Pwned has been indexed.
Possible victims of the breach can now check whether their data has been leaked.
Check it out: haveibeenpwned.com/Breach/Eurof...
Possible victims of the breach can now check whether their data has been leaked.
Check it out: haveibeenpwned.com/Breach/Eurof...
Statements by someone completely off the rails.
November 20, 2025 at 9:01 AM
Statements by someone completely off the rails.
💪 We're launching a monthly series to highlight cybersecurity community members' contributions.
Submit nominations via DM or Signal (in bio) with reasons for recognition.
This week's nominee is Belgian national @DidierStevens: A pioneer in malware analysis.
Submit nominations via DM or Signal (in bio) with reasons for recognition.
This week's nominee is Belgian national @DidierStevens: A pioneer in malware analysis.
November 20, 2025 at 5:00 AM
💪 We're launching a monthly series to highlight cybersecurity community members' contributions.
Submit nominations via DM or Signal (in bio) with reasons for recognition.
This week's nominee is Belgian national @DidierStevens: A pioneer in malware analysis.
Submit nominations via DM or Signal (in bio) with reasons for recognition.
This week's nominee is Belgian national @DidierStevens: A pioneer in malware analysis.
🛠️ OctoSQL
OctoSQL is predominantly a CLI tool which lets you query a plethora of databases and file formats using SQL through a unified interface, even do JOINs between them. (Ever needed to join a JSON file with a PostgreSQL table? OctoSQL can help you with that.)
OctoSQL is predominantly a CLI tool which lets you query a plethora of databases and file formats using SQL through a unified interface, even do JOINs between them. (Ever needed to join a JSON file with a PostgreSQL table? OctoSQL can help you with that.)
November 20, 2025 at 3:45 AM
🛠️ OctoSQL
OctoSQL is predominantly a CLI tool which lets you query a plethora of databases and file formats using SQL through a unified interface, even do JOINs between them. (Ever needed to join a JSON file with a PostgreSQL table? OctoSQL can help you with that.)
OctoSQL is predominantly a CLI tool which lets you query a plethora of databases and file formats using SQL through a unified interface, even do JOINs between them. (Ever needed to join a JSON file with a PostgreSQL table? OctoSQL can help you with that.)
‼️We received a list of allegedly all North American emails included in the Beckett leak.
A concerned customer, who is frustrated that Beckett is not communicating about the leak, sent the info with to us.
We shared this list with @troyhunt for addition to Have I Been Pwned.
A concerned customer, who is frustrated that Beckett is not communicating about the leak, sent the info with to us.
We shared this list with @troyhunt for addition to Have I Been Pwned.
November 19, 2025 at 7:07 PM
‼️We received a list of allegedly all North American emails included in the Beckett leak.
A concerned customer, who is frustrated that Beckett is not communicating about the leak, sent the info with to us.
We shared this list with @troyhunt for addition to Have I Been Pwned.
A concerned customer, who is frustrated that Beckett is not communicating about the leak, sent the info with to us.
We shared this list with @troyhunt for addition to Have I Been Pwned.
🚨‼️ WhatsApp leaks data of more than 3.5 billion users
WhatsApp's entire member directory was freely accessible online.
Austrian researchers downloaded all phone numbers and other profile data – including public keys – without any obstacles.
WhatsApp's entire member directory was freely accessible online.
Austrian researchers downloaded all phone numbers and other profile data – including public keys – without any obstacles.
November 19, 2025 at 2:53 PM
🚨‼️ WhatsApp leaks data of more than 3.5 billion users
WhatsApp's entire member directory was freely accessible online.
Austrian researchers downloaded all phone numbers and other profile data – including public keys – without any obstacles.
WhatsApp's entire member directory was freely accessible online.
Austrian researchers downloaded all phone numbers and other profile data – including public keys – without any obstacles.
📚 Exploiting Citrix NetScaler CVE-2025-12101
Memory leak vulnerability combined with reflected XSS in Citrix NetScaler appliances.
Read:
labs.watchtowr.com/is-it-citrix...
Memory leak vulnerability combined with reflected XSS in Citrix NetScaler appliances.
Read:
labs.watchtowr.com/is-it-citrix...
November 19, 2025 at 3:30 AM
📚 Exploiting Citrix NetScaler CVE-2025-12101
Memory leak vulnerability combined with reflected XSS in Citrix NetScaler appliances.
Read:
labs.watchtowr.com/is-it-citrix...
Memory leak vulnerability combined with reflected XSS in Citrix NetScaler appliances.
Read:
labs.watchtowr.com/is-it-citrix...
📚 Remote Code Execution in UniFi Access (CVE-2025-52665)
Writeup of the recently found critical RCE vulnerability in Ubiquiti UniFi Access.
www.catchify.sa/post/cve-202...
Writeup of the recently found critical RCE vulnerability in Ubiquiti UniFi Access.
www.catchify.sa/post/cve-202...
November 19, 2025 at 2:17 AM
📚 Remote Code Execution in UniFi Access (CVE-2025-52665)
Writeup of the recently found critical RCE vulnerability in Ubiquiti UniFi Access.
www.catchify.sa/post/cve-202...
Writeup of the recently found critical RCE vulnerability in Ubiquiti UniFi Access.
www.catchify.sa/post/cve-202...
‼️🇪🇺 The European Commission has launched market investigations into cloud computing services under the Digital Markets Act.
These investigations will assess Amazon and Microsoft.
The DMA aims to ensure contestable and fair markets in the digital sector.
These investigations will assess Amazon and Microsoft.
The DMA aims to ensure contestable and fair markets in the digital sector.
November 18, 2025 at 10:45 PM
‼️🇪🇺 The European Commission has launched market investigations into cloud computing services under the Digital Markets Act.
These investigations will assess Amazon and Microsoft.
The DMA aims to ensure contestable and fair markets in the digital sector.
These investigations will assess Amazon and Microsoft.
The DMA aims to ensure contestable and fair markets in the digital sector.
🛠️ CL4R1T4S
Fully extracted system prompts, guidelines, and tools from OpenAI, Google, Anthropic, xAI, Perplexity, Cursor, Windsurf, Devin, Manus, Replit, and more — covering virtually all major AI models and agents.
Go see: github.com/elder-pliniu...
Fully extracted system prompts, guidelines, and tools from OpenAI, Google, Anthropic, xAI, Perplexity, Cursor, Windsurf, Devin, Manus, Replit, and more — covering virtually all major AI models and agents.
Go see: github.com/elder-pliniu...
November 18, 2025 at 4:19 AM
🛠️ CL4R1T4S
Fully extracted system prompts, guidelines, and tools from OpenAI, Google, Anthropic, xAI, Perplexity, Cursor, Windsurf, Devin, Manus, Replit, and more — covering virtually all major AI models and agents.
Go see: github.com/elder-pliniu...
Fully extracted system prompts, guidelines, and tools from OpenAI, Google, Anthropic, xAI, Perplexity, Cursor, Windsurf, Devin, Manus, Replit, and more — covering virtually all major AI models and agents.
Go see: github.com/elder-pliniu...
❗️Kraken ransomware benchmarks a victim machine before starting encryption
The malware creates a test file, encrypts it, and assigns a score based on the machine's speed.
Depending on the score, it decides to fully or partially encrypt the files.
The malware creates a test file, encrypts it, and assigns a score based on the machine's speed.
Depending on the score, it decides to fully or partially encrypt the files.
November 18, 2025 at 2:37 AM
❗️Kraken ransomware benchmarks a victim machine before starting encryption
The malware creates a test file, encrypts it, and assigns a score based on the machine's speed.
Depending on the score, it decides to fully or partially encrypt the files.
The malware creates a test file, encrypts it, and assigns a score based on the machine's speed.
Depending on the score, it decides to fully or partially encrypt the files.
‼️ 3D printer company Flashforge threatened to snitch on its own customers if they print firearms.
This has raised many questions among its customers about what data they collect and why they have such a threatening tone.
Many 3D printers these days use the cloud for printing.
This has raised many questions among its customers about what data they collect and why they have such a threatening tone.
Many 3D printers these days use the cloud for printing.
November 17, 2025 at 10:47 PM
‼️ 3D printer company Flashforge threatened to snitch on its own customers if they print firearms.
This has raised many questions among its customers about what data they collect and why they have such a threatening tone.
Many 3D printers these days use the cloud for printing.
This has raised many questions among its customers about what data they collect and why they have such a threatening tone.
Many 3D printers these days use the cloud for printing.
🛠️ Seedbox Lite
A modern, lightweight torrent streaming application with instant playback.
Try: github.com/hotheadhacke...
A modern, lightweight torrent streaming application with instant playback.
Try: github.com/hotheadhacke...
November 16, 2025 at 6:45 PM
🛠️ Seedbox Lite
A modern, lightweight torrent streaming application with instant playback.
Try: github.com/hotheadhacke...
A modern, lightweight torrent streaming application with instant playback.
Try: github.com/hotheadhacke...
📚 Windows ARM64 Internals - Deconstructing Pointer Authentication
In-depth research into Windows ARM64 internals and pointer authentication mechanisms.
In-depth research into Windows ARM64 internals and pointer authentication mechanisms.
November 16, 2025 at 5:13 PM
📚 Windows ARM64 Internals - Deconstructing Pointer Authentication
In-depth research into Windows ARM64 internals and pointer authentication mechanisms.
In-depth research into Windows ARM64 internals and pointer authentication mechanisms.
📚 Breaking Intel's Software Guard eXtensions (SGX)
DRAM bus interposition attack against SGX. Complete hardware-level control demonstration.
Read: wiretap.fail
DRAM bus interposition attack against SGX. Complete hardware-level control demonstration.
Read: wiretap.fail
November 16, 2025 at 12:14 AM
📚 Breaking Intel's Software Guard eXtensions (SGX)
DRAM bus interposition attack against SGX. Complete hardware-level control demonstration.
Read: wiretap.fail
DRAM bus interposition attack against SGX. Complete hardware-level control demonstration.
Read: wiretap.fail
📚 Hacking the Nokia Beacon 1 Router
The Nokia WiFi Beacon 1 is a dual-band Wi-Fi 5 (802.11ac) mesh router designed to extend wireless coverage and eliminate dead zones throughout a home.
Read: spaceraccoon.dev/nokia-beacon...
The Nokia WiFi Beacon 1 is a dual-band Wi-Fi 5 (802.11ac) mesh router designed to extend wireless coverage and eliminate dead zones throughout a home.
Read: spaceraccoon.dev/nokia-beacon...
November 15, 2025 at 9:26 PM
📚 Hacking the Nokia Beacon 1 Router
The Nokia WiFi Beacon 1 is a dual-band Wi-Fi 5 (802.11ac) mesh router designed to extend wireless coverage and eliminate dead zones throughout a home.
Read: spaceraccoon.dev/nokia-beacon...
The Nokia WiFi Beacon 1 is a dual-band Wi-Fi 5 (802.11ac) mesh router designed to extend wireless coverage and eliminate dead zones throughout a home.
Read: spaceraccoon.dev/nokia-beacon...