RECON

windows 10/11 - NTLM Hash Disclosure Spoofing

Huntress responded to a 2026 intrusion using compromised SonicWall VPN credentials and a revoked EnCase forensic driver to terminate EDR processes via BYOVD.

The /insights command in Claude Code generates a comprehensive HTML report analyzing your usage patterns across all your Claude Code sessions. It’s designed to help you understand how you interact with Claude, what’s working well, where friction occurs, and how to improve your workflows. It’s output is really cool and I encourage you to try it and read it through! Command: /insights Description: “Generate a report analyzing your Claude Code sessions” Output: An interactive HTML report saved t...

Some data analysis I’ve done has been featured in the Financial Times today – see this article (the link may not work any more unless you have a FT subscription – sorry). The brief story is that I had terrible back pain over Christmas, and spoke to an out-of-hours GP on the phone who prescribed […]

Apple’s new Liquid Glass design language marks a major shift in iOS 26 UI design. Learn what Liquid Glass is, how it works across SwiftUI and UIKit, and what to watch out for when updating an existing iOS app.

# Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE # Date: 2025-10-07 # Exploit Author: Beatriz Fresno Naumova # Vendor Homepage: https://kubernetes.io # Software Link: https://github.com/kubernetes/ingress-nginx ......

# Exploit Title: FortiWeb Fabric Connector 7.6.x - Pre-authentication SQL Injection to Remote Code Execution # Date: 2025-10-05 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifi......

# Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE # Date: 2025-10-07 # Exploit Author: Beatriz Fresno Naumova # Vendor Homepage: https://redis.io/ # Software Link: https://redis.io/ # Version: Affects :>= 8.0.......

# Exploit Title: windows 10/11 - NTLM Hash Disclosure Spoofing # Date: 2025-10-06 # Exploit Author: Beatriz Fresno Naumova # Vendor Homepage: https://www.microsoft.com # Software Link: N/A # Version: Not applicable (this is a generic Windows lib......

# Exploit Title: OctoPrint 1.11.2 - File Upload # Date: 2025-09-28 # Exploit Author: prabhatverma.addada # Vendor Homepage: https://octoprint.org # Software Link: https://github.com/OctoPrint/OctoPrint # Affected Version(s): <= 1.11.2 # Patch......

# Exploit Title: Python aiohttp directory traversal PoC (CVE-2024-23334) # Google Dork: N/A # Date: 2025-10-06 # Exploit Author: Beatriz Fresno Naumova # Vendor Homepage: https://www.aiohttp.org / https://www.python.org # Software Link: https://......

# Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure # Date: 2025-10-06 # Exploit Author: OilSeller2001 # Vendor Homepage: https://www.docker.com/ # Software Link: https://www.docker.com/products/docker-desktop/ # Version: Affe......

The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams.

Energy and utilities cyber threats escalate as ransomware and APT activity rise, Cyfirma reports    Industrial Cyber

ValleyRAT Campaign Uses Trojanized LINE Setup To Harvest Credentials    cyberpress.org