International Cyber Digest
@intcyberdigest.bsky.social
Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts, in your mailbox soon...
https://x.com/IntCyberDigest
https://infosec.exchange/@InternationalCyberDigest
https://x.com/IntCyberDigest
https://infosec.exchange/@InternationalCyberDigest
❗ Ukrainian cybercriminal Yuriy Rybtsov, alias MrICQ, was extradited from Italy to the US to face charges as a suspected Zeus banking trojan developer.
He shared a Donetsk building with Jabber Zeus leader Vyacheslav “Tank” Penchukov, arrested in 2022 and sentenced to 18 years plus $73M restitution.
He shared a Donetsk building with Jabber Zeus leader Vyacheslav “Tank” Penchukov, arrested in 2022 and sentenced to 18 years plus $73M restitution.
November 11, 2025 at 4:19 AM
❗ Ukrainian cybercriminal Yuriy Rybtsov, alias MrICQ, was extradited from Italy to the US to face charges as a suspected Zeus banking trojan developer.
He shared a Donetsk building with Jabber Zeus leader Vyacheslav “Tank” Penchukov, arrested in 2022 and sentenced to 18 years plus $73M restitution.
He shared a Donetsk building with Jabber Zeus leader Vyacheslav “Tank” Penchukov, arrested in 2022 and sentenced to 18 years plus $73M restitution.
‼️ Yutong could remotely detonate its buses.
Norwegian public transport company Ruter found that buses can be disabled and a thermal runaway could potentially be initiated remotely. Yutong buses drive all around Europe.
All SIM cards were removed to block over-the-air updates.
Norwegian public transport company Ruter found that buses can be disabled and a thermal runaway could potentially be initiated remotely. Yutong buses drive all around Europe.
All SIM cards were removed to block over-the-air updates.
November 11, 2025 at 2:37 AM
‼️ Yutong could remotely detonate its buses.
Norwegian public transport company Ruter found that buses can be disabled and a thermal runaway could potentially be initiated remotely. Yutong buses drive all around Europe.
All SIM cards were removed to block over-the-air updates.
Norwegian public transport company Ruter found that buses can be disabled and a thermal runaway could potentially be initiated remotely. Yutong buses drive all around Europe.
All SIM cards were removed to block over-the-air updates.
🛠️ WiFi Client Isolation Bypass
Enables direct communication with clients on open (unencrypted) and WPA2-CCMP-PSK encrypted WiFi networks, bypassing client isolation.
Try:
github.com/Pulse-Securi...
Read:
pulsesecurity.co.nz/articles/byp...
Enables direct communication with clients on open (unencrypted) and WPA2-CCMP-PSK encrypted WiFi networks, bypassing client isolation.
Try:
github.com/Pulse-Securi...
Read:
pulsesecurity.co.nz/articles/byp...
November 9, 2025 at 6:45 PM
🛠️ WiFi Client Isolation Bypass
Enables direct communication with clients on open (unencrypted) and WPA2-CCMP-PSK encrypted WiFi networks, bypassing client isolation.
Try:
github.com/Pulse-Securi...
Read:
pulsesecurity.co.nz/articles/byp...
Enables direct communication with clients on open (unencrypted) and WPA2-CCMP-PSK encrypted WiFi networks, bypassing client isolation.
Try:
github.com/Pulse-Securi...
Read:
pulsesecurity.co.nz/articles/byp...
🛠️ PEAS Exploitation Toolkit - Access Microsoft Exchange via ActiveSync and dump emails
Offensive library and CLI for running commands on ActiveSync servers.
Try: github.com/glynx/peas
Offensive library and CLI for running commands on ActiveSync servers.
Try: github.com/glynx/peas
November 9, 2025 at 5:13 PM
🛠️ PEAS Exploitation Toolkit - Access Microsoft Exchange via ActiveSync and dump emails
Offensive library and CLI for running commands on ActiveSync servers.
Try: github.com/glynx/peas
Offensive library and CLI for running commands on ActiveSync servers.
Try: github.com/glynx/peas
📚 Bypass AMSI in 2025
Modern techniques for neutralizing Microsoft's AMSI while staying invisible to EDR systems.
www.r-tec.net/r-tec-blog-b...
Modern techniques for neutralizing Microsoft's AMSI while staying invisible to EDR systems.
www.r-tec.net/r-tec-blog-b...
November 9, 2025 at 12:14 AM
📚 Bypass AMSI in 2025
Modern techniques for neutralizing Microsoft's AMSI while staying invisible to EDR systems.
www.r-tec.net/r-tec-blog-b...
Modern techniques for neutralizing Microsoft's AMSI while staying invisible to EDR systems.
www.r-tec.net/r-tec-blog-b...
📚 Bypass EDR by Leveraging Raw Disk Reads
This blog details how to connect with a default Windows driver or vulnerable driver to bypass Endpoint Detection and Response Tools (EDR), file locks, and access controls, to directly read sensitive files.
medium.com/workday-engi...
This blog details how to connect with a default Windows driver or vulnerable driver to bypass Endpoint Detection and Response Tools (EDR), file locks, and access controls, to directly read sensitive files.
medium.com/workday-engi...
November 8, 2025 at 9:26 PM
📚 Bypass EDR by Leveraging Raw Disk Reads
This blog details how to connect with a default Windows driver or vulnerable driver to bypass Endpoint Detection and Response Tools (EDR), file locks, and access controls, to directly read sensitive files.
medium.com/workday-engi...
This blog details how to connect with a default Windows driver or vulnerable driver to bypass Endpoint Detection and Response Tools (EDR), file locks, and access controls, to directly read sensitive files.
medium.com/workday-engi...
🖥️ HijackLibs
Project for tracking publicly disclosed DLL Hijacking opportunities. Comprehensive vulnerability database.
Go to github.com/wietze/Hijac... or hijacklibs.net
Project for tracking publicly disclosed DLL Hijacking opportunities. Comprehensive vulnerability database.
Go to github.com/wietze/Hijac... or hijacklibs.net
November 8, 2025 at 3:31 AM
🖥️ HijackLibs
Project for tracking publicly disclosed DLL Hijacking opportunities. Comprehensive vulnerability database.
Go to github.com/wietze/Hijac... or hijacklibs.net
Project for tracking publicly disclosed DLL Hijacking opportunities. Comprehensive vulnerability database.
Go to github.com/wietze/Hijac... or hijacklibs.net
‼️ The world's first trillionaire initiated a move that killed over half a million people, mostly children.
November 8, 2025 at 2:37 AM
‼️ The world's first trillionaire initiated a move that killed over half a million people, mostly children.
❗️XPENG's IRON robot crossed the uncanny valley, leading some to believe it was a human in a suit. They cut it open before an audience and allowed journalists to inspect it.
November 7, 2025 at 11:39 PM
❗️XPENG's IRON robot crossed the uncanny valley, leading some to believe it was a human in a suit. They cut it open before an audience and allowed journalists to inspect it.
‼️🇰🇵 Another North Korean hacker using AI to alter his face caught while trying to infiltrate Bitso.
Meet "Sebastian," a software engineer from Colombia who can't speak Spanish. Strange, right?
Meet "Sebastian," a software engineer from Colombia who can't speak Spanish. Strange, right?
November 7, 2025 at 11:39 PM
‼️🇰🇵 Another North Korean hacker using AI to alter his face caught while trying to infiltrate Bitso.
Meet "Sebastian," a software engineer from Colombia who can't speak Spanish. Strange, right?
Meet "Sebastian," a software engineer from Colombia who can't speak Spanish. Strange, right?
🛠️ HikvisionExploiter
HikvisionExploiter is a powerful and automated exploitation toolkit targeting unauthenticated endpoints on Hikvision IP cameras, particularly those running firmware version 3.1.3.150324.
github.com/HexBuddy/Hik...
HikvisionExploiter is a powerful and automated exploitation toolkit targeting unauthenticated endpoints on Hikvision IP cameras, particularly those running firmware version 3.1.3.150324.
github.com/HexBuddy/Hik...
November 7, 2025 at 4:18 AM
🛠️ HikvisionExploiter
HikvisionExploiter is a powerful and automated exploitation toolkit targeting unauthenticated endpoints on Hikvision IP cameras, particularly those running firmware version 3.1.3.150324.
github.com/HexBuddy/Hik...
HikvisionExploiter is a powerful and automated exploitation toolkit targeting unauthenticated endpoints on Hikvision IP cameras, particularly those running firmware version 3.1.3.150324.
github.com/HexBuddy/Hik...
Amazing footage of someone actually doing his job.
November 7, 2025 at 3:15 AM
Amazing footage of someone actually doing his job.
❗ The developer of the @NeoFreeBird app, which reverses X's Twitter branding and unlocks premium features for free, was invited by an X engineer to join X.
November 6, 2025 at 10:22 PM
❗ The developer of the @NeoFreeBird app, which reverses X's Twitter branding and unlocks premium features for free, was invited by an X engineer to join X.
🚨 Another notable alleged victim of cl0p ransomware group is Logitech.
November 6, 2025 at 6:55 PM
🚨 Another notable alleged victim of cl0p ransomware group is Logitech.
🚨 Cl0p ransomware group has listed The Washington Post as a victim.
November 6, 2025 at 6:49 PM
🚨 Cl0p ransomware group has listed The Washington Post as a victim.
🛠️ Al-Khaser
A PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
Try: github.com/ayoubfaouzi/...
A PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
Try: github.com/ayoubfaouzi/...
November 6, 2025 at 5:00 AM
🛠️ Al-Khaser
A PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
Try: github.com/ayoubfaouzi/...
A PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
Try: github.com/ayoubfaouzi/...
❗ Australia is banning social media for those under 16, enforcing age verification on platforms like Facebook, Instagram, Snapchat, Threads, TikTok, X, YouTube, Kick, and Reddit starting next month. Non-compliant platforms face fines up to $49.5 million.
November 6, 2025 at 3:45 AM
❗ Australia is banning social media for those under 16, enforcing age verification on platforms like Facebook, Instagram, Snapchat, Threads, TikTok, X, YouTube, Kick, and Reddit starting next month. Non-compliant platforms face fines up to $49.5 million.
📚 Hacking the World Poker Tour
A vulnerability in the online poker site ClubWPT Gold could have allowed attackers complete access to its core administrative application.
A vulnerability in the online poker site ClubWPT Gold could have allowed attackers complete access to its core administrative application.
November 5, 2025 at 3:30 AM
📚 Hacking the World Poker Tour
A vulnerability in the online poker site ClubWPT Gold could have allowed attackers complete access to its core administrative application.
A vulnerability in the online poker site ClubWPT Gold could have allowed attackers complete access to its core administrative application.
🚨 Threat actor Cyber Toufan released more details on the breach of Israeli defense contractor MAYA.
November 5, 2025 at 2:17 AM
🚨 Threat actor Cyber Toufan released more details on the breach of Israeli defense contractor MAYA.
🚨Peter Williams, 39, an Australian, pleaded guilty today in U.S. District Court to selling his employer’s trade secrets to a Russian cyber-tools broker.
November 5, 2025 at 12:21 AM
🚨Peter Williams, 39, an Australian, pleaded guilty today in U.S. District Court to selling his employer’s trade secrets to a Russian cyber-tools broker.
‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware.
November 4, 2025 at 10:54 PM
‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware.
📚 Next.js PoC (CVE-2025-57822)
Exploring an edge-case where Next.js middleware header handling opens a subtle attack surface.
Read: blog.rootsys.at/posts/nextjs...
Exploring an edge-case where Next.js middleware header handling opens a subtle attack surface.
Read: blog.rootsys.at/posts/nextjs...
November 4, 2025 at 4:19 AM
📚 Next.js PoC (CVE-2025-57822)
Exploring an edge-case where Next.js middleware header handling opens a subtle attack surface.
Read: blog.rootsys.at/posts/nextjs...
Exploring an edge-case where Next.js middleware header handling opens a subtle attack surface.
Read: blog.rootsys.at/posts/nextjs...
🛠️ MoneyPrinterTurbo
Generate short AI videos with one click using large language models. Automated creativity!
github.com/harry0703/Mo...
Generate short AI videos with one click using large language models. Automated creativity!
github.com/harry0703/Mo...
November 4, 2025 at 2:37 AM
🛠️ MoneyPrinterTurbo
Generate short AI videos with one click using large language models. Automated creativity!
github.com/harry0703/Mo...
Generate short AI videos with one click using large language models. Automated creativity!
github.com/harry0703/Mo...
🚨 Vulnerability in Ubiquiti's UniFi Access Application CVSS 10 - Critical
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication.
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication.
November 3, 2025 at 11:33 PM
🚨 Vulnerability in Ubiquiti's UniFi Access Application CVSS 10 - Critical
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication.
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication.
‼️ Employees at DigitalMint, a company known for assisting cyberattack victims, were discovered carrying out their own hacks—ultimately profiting more than $1 million.
Source:
chicago.suntimes.com/the-watchdog...
Source:
chicago.suntimes.com/the-watchdog...
November 3, 2025 at 11:06 PM
‼️ Employees at DigitalMint, a company known for assisting cyberattack victims, were discovered carrying out their own hacks—ultimately profiting more than $1 million.
Source:
chicago.suntimes.com/the-watchdog...
Source:
chicago.suntimes.com/the-watchdog...