Sys-Admin InfoSec
News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings
* Multilingual (En, Ru).
* Forum – forum.sys-adm.in
* Chat – @sysadm_in
* Job – @sysadm_in_job
* ? – @sysadminkz
Recent Posts
Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users
https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users
https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users
CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains
https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/
https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/
December 2025 Security Updates
This release consists of the following 57 Microsoft CVEs:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
This release consists of the following 57 Microsoft CVEs:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
Windows Stealers: How Modern Infostealers Harvest Credentials
https://deceptiq.com/blog/windows-stealers-technical-analysis
https://deceptiq.com/blog/windows-stealers-technical-analysis
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
Critical Security Vulnerability in React Server Components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps
https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps
https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps
Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
New Banking Trojan Distributed Through WhatsApp
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spiderlabs-ids-new-banking-trojan-distributed-through-whatsapp/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spiderlabs-ids-new-banking-trojan-distributed-through-whatsapp/
Cloudflare outage takes down X and ChatGPT
https://www.bbc.com/news/articles/c629pny4gl7o
https://www.bbc.com/news/articles/c629pny4gl7o
Logitech Data Breach — What We Know As 0-Day Hack Attack Confirmed
https://www.forbes.com/sites/daveywinder/2025/11/15/logitech-data-breach---what-we-know-as-0-day-hack-attack-confirmed/
https://www.forbes.com/sites/daveywinder/2025/11/15/logitech-data-breach---what-we-know-as-0-day-hack-attack-confirmed/
Whisper Leak: A novel side-channel attack on remote language models
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
Evading Elastic Security: Linux Rootkit Detection Bypass
https://matheuzsecurity.github.io/hacking/bypassing-elastic/
https://matheuzsecurity.github.io/hacking/bypassing-elastic/
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
High-Level Attack Idea - AI Kill Chain + Demo
https://embracethered.com/blog/posts/2025/claude-abusing-network-access-and-anthropic-api-for-data-exfiltration/
Иллюзия [без] опасности на Profit Security Day
14 ноября в Алматы пройдет Profit Security Day (след. пятница).
Key-аспекты:
- наблюдение за тем, каково понимание нынешнего представителя ИБ о реалиях и возможностях нападающей стороны
- как это представление коррелируется с реалиями суровой действительности
- возможность пообщаться с интересными людьми
Интересно послушать мнение на тему - [Без] опасного использования ИИ.
До начала осталось 10 дней. Все детали здесь:
- https://profitday.kz/security
14 ноября в Алматы пройдет Profit Security Day (след. пятница).
Key-аспекты:
- наблюдение за тем, каково понимание нынешнего представителя ИБ о реалиях и возможностях нападающей стороны
- как это представление коррелируется с реалиями суровой действительности
- возможность пообщаться с интересными людьми
Интересно послушать мнение на тему - [Без] опасного использования ИИ.
До начала осталось 10 дней. Все детали здесь:
- https://profitday.kz/security
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT
https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser/
https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser/
Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs
GhostCall attack heavily targets the macOS devices of executives at tech companies and in the venture capital sector by directly approaching targets via platforms like Telegram, and inviting potential victims to investment-related meetings linked to Zoom-like phishing websites:
https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/
GhostCall attack heavily targets the macOS devices of executives at tech companies and in the venture capital sector by directly approaching targets via platforms like Telegram, and inviting potential victims to investment-related meetings linked to Zoom-like phishing websites:
https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/
Related Channels & Groups
Eset nod32 licennse key fully trial
nod key eset code eset keys 🪐Eset internet security 🛡Eset Antivirus ✈️Eset Smart Security eset smart security premium key 💻Eset Cyber Security 💫Eset Cyber Security Pro 🌐Eset Endpoint Security et تفعيل ايست نود 32
Admin.Anshlak
Самое читаемое анти-сообщество в СНГ. Жёстче и правдивей любого СМИ. Инста: снесена! Есть что рассказать – @KlaraAdmin_bot [email protected] Реклама: @krisstoforchik
Львівська міська рада
Офіційний телеграм-канал Львівської міської ради. Сайт Львівської міської ради: https://city-adm.lviv.ua Ми у Фейсбук: https://www.facebook.com/lviv.adm Ми в Інстаграм: https://www.instagram.com/lviv.adm/
🔥 OFFICIAL YASHVIR GAMING ADMIN 🔥
Join us here: https://t.me/imakeconfigs
