Телеграм канал «0lab channel ™»

YouTube Ghost Malware Campaign: Over 3,000 Infected Videos Target Users Check Point Research has uncovered a massive malware distribution operation called the YouTube Ghost Network, featuring over 3,000 malicious videos designed to infect unsuspecting users with dangerous information-stealing malware. This sophisticated cybercriminal network has been operating since at least 2021, with activity tripling in 2025 as threat actors. 7788 increasingly exploit YouTube’s trusted platform to bypass traditional security measures. The YouTube Ghost Network represents a significant evolution in malware distribution tactics, moving beyond conventional email phishing to leverage the inherent trust users place in popular social media platforms. https://telegra.ph/YouTube-Ghost-Malware-Campaign-Over-3000-Infected-Videos-Target-Users-10-29

Patch Now: F5 BIG-IP Code and Undisclosed Flaws Stolen in Long-Term Breach (October 15 & 16, 2025)   On Wednesday, October 15, 2025, network technology and security company F5 disclosed a security incident discovered on August 9, 2025, in which an unspecified nation-state threat actor "maintained long-term, persistent access to, and downloaded files from, certain F5 systems." The period of unauthorized access has not been disclosed. Read more in: - my.f5.com: K000154696: F5 Security Incident - www.sec.gov: Form 8-K | F5, Inc. - www.cisa.gov: ED 26-01: Mitigate Vulnerabilities in F5 Devices by October 22. by SANS.ORG

Virustotal

In this research, we will investigate the exposure of administrative credentials on Brickcom surveillance devices. A few years ago, I published an exploit that exploited the unauthorized access of administrative credentials on Brickcom surveillance systems. Through this article, I aim to raise awareness among users by analyzing private surveillance systems that we often fail to properly verify and the exposure of this type of device, which can violate privacy. This article is intended for educational, prevention, and analysis purposes for private and public surveillance systems, aiming to contribute to the information security research community. Improper access to these credentials poses a critical risk to the privacy, integrity, and availability of surveillance systems, potentially allowing unauthorized control, viewing of images, and network activity. The objective of this article is to describe the discovery and contextualize the impact and risks to private security. Thnks to : Luth1ier

PoC Exploit Released For Nothing Phone Code Execution Vulnerability. https://github.com/R0rt1z2/fenrir https://cybersecuritynews.com/nothing-phone-code-execution-vulnerability/

Detalhes da vulnerabilidade RCE do Google Chrome lançados junto com o código de exploração. https://cybersecuritynews.com/google-chrome-rce-vulnerability/

📱 A vulnerabilidade crítica de zero clique (CVE-2025-55177) no WhatsApp foi aproveitada em operações direcionadas de spyware, em conjunto com uma falha Apple Imagel0 (CVE-2025-43300). Essa combinação permitiu que atores mal-intencionados disseminassem explorações via WhatsApp, resultando em potencial exfiltração de dados do dispositivo Apple do usuário. A sequência de ataque envolveu: 🚫Entrega controlada pelo atacante 🚫Vulnerabilidade de análise de imagem remota/DNG malicioso (Imagel0) (gravação OOB) ➿ Execução remota de código Tudo ocorrendo sem envolvimento do usuário. https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/ https://blog.quarkslab.com/patch-analysis-of-Apple-iOS-CVE-2025-43300.html