Телеграм канал «0lab channel ™»

Android mobile malware campaigns are converging on the same playbook. Wonderland in Uzbekistan, plus Cellik, Frogblight, and NexusRoute elsewhere, all use fake legit apps, droppers, and phishing to steal OTPs, bank data, and accounts. This marks a shift to scalable, MaaS-style fraud, not isolated scams. 🔗 Read details here → https://thehackernews.com/2025/12/android-malware-operations-merge.html

Microsoft Patches MSMQ Flaw That Affects IIS Web Servers Microsoft has released an out-of-band security update to address a significant vulnerability in Message Queuing (MSMQ) functionality that impacts Windows 10 systems running IIS web servers and enterprise environments. The flaw, discovered and documented in the December 9, 2025 update (KB5071546), affects Windows 10 version 22H2 and version 21H2. The Vulnerability The MSMQ bug causes severe operational disruptions, particularly in clustered MSMQ environments experiencing high loads. Organizations affected by this vulnerability have reported multiple critical symptoms including inactive message queues, insufficient resource errors, and applications unable to write to message queues. Veja mais aqui 🙋‍♂ Share and support us 🦊

Cisco AsyncOS 0-Day Allows Remote Execution of System Commands Cisco Talos has uncovered an active campaign exploiting a zero-day vulnerability in Cisco AsyncOS Software, affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The security flaw enables attackers to execute system-level commands remotely and deploy sophisticated backdoors on compromised systems. The threat actor behind this campaign, tracked as UAT-9686, is assessed with moderate confidence to be a Chinese-nexus advanced persistent threat group. Cisco became aware of the malicious activity on December 10, 2025, though evidence suggests attacks have been ongoing since at least late November 2025. Attack Methodology UAT-9686 deploys a custom persistence mechanism called “AquaShell,” a lightweight Python backdoor embedded into existing files within Python-based web servers algorithm combined with Base64 decoding before executing commands on the compromised appliance. Source : https://gbhackers.com/cisco-asyncos-0-day/

■■■■□ Notepad++ Vulnerability Let Attackers Hijack Network Traffic to Install Malware via Updates. https://cybersecuritynews.com/notepad-vulnerability-exploited/

⚠️ Hackers are still hitting Middle East governments. A group called WIRTE (Ashen Lepus) is expanding to Oman and Morocco with new malware named AshTag. It hides in fake political PDFs — open one, and it steals your files. 🔗 Read ↓ https://thehackernews.com/2025/12/wirte-leverages-ashenloader-sideloading.html

[New] React just found more bugs hiding in its last big patch. 🧩 CVE-2025-55184 & CVE-2025-67779 — can crash servers with one request. 🧩 CVE-2025-55183 — can leak source code from React Server Components. 👀 All discovered while testing the earlier CVE-2025-55182 fix. Update to versions 19.0.3, 19.1.4, or 19.2.3 now. 🔗 Read: https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html

📱 React2Shell Ultimate - CVE-2025-66478 Scanner. https://github.com/hackersatyamrastogi/react2shell-ultimate