It's almost impressive to see how stupid #Putin Derangement Syndrome has rendered some #libs.

This would be a shortcut to #WWIII & the deaths of a whole lot of Americans at bases anywhere #Russia can hit them, to say nothing of the fact #Trump helped arm our #proxy army in #Ukraine in his first term.

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub's Expanding Arsenal

EncryptHub, an emerging threat group, has launched a campaign combining social engineering with exploitation of CVE-2025-26633 to deliver malicious payloads. The attackers impersonate IT support staff, use remote desktop sessions, and execute PowerShell commands to deploy malware. The campaign abuses the Brave Support platform to host payloads and employs new tools like SilentCrystal and a SOCKS5 proxy backdoor. EncryptHub also created a fake video call platform, RivaTalk, to distribute malware. The group's tactics include using AES-encrypted commands, generating fake browser traffic, and exploiting system vulnerabilities. This adaptive adversary highlights the need for layered defense strategies, ongoing threat intelligence, and user awareness training to mitigate risks.

Pulse ID: 689e4e005893bc49a76dc3e5
Pulse Link: https://otx.alienvault.com/pulse/689e4e005893bc49a76dc3e5
Pulse Author: AlienVault
Created: 2025-08-14 20:58:40

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Coordinated Brute Force Campaign Targets Fortinet SSL VPN

A significant spike in brute-force traffic targeting Fortinet SSL VPNs was observed on August 3, with over 780 unique IPs triggering the Fortinet SSL VPN Bruteforcer tag. The activity was deliberate and precise, focusing on FortiOS. Two distinct waves of attacks were identified: a long-running set of brute-force activity and a sudden burst beginning August 5. The second wave shifted from targeting FortiOS to FortiManager - FGFM profile. Historical data revealed a potential residential origin or proxy use. The analysis suggests evolving attack patterns and potential reuse of tooling. Research indicates that such spikes often precede new vulnerability disclosures within six weeks. Defenders are advised to use GreyNoise to search for and block malicious IPs associated with this campaign.

Pulse ID: 689cc45a7e90faee364f64cf
Pulse Link: https://otx.alienvault.com/pulse/689cc45a7e90faee364f64cf
Pulse Author: AlienVault
Created: 2025-08-13 16:59:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

A New Threat Actor Targeting Geopolitical Hotbeds

Bitdefender Labs has uncovered a new threat actor group named Curly COMrades, operating since mid-2024 to support Russian interests. The group targets critical organizations in countries experiencing geopolitical shifts, focusing on judicial and government bodies in Georgia and an energy distribution company in Moldova. Their primary objective is to maintain long-term network access and steal credentials. The attackers use proxy tools like Resocks, SSH, and Stunnel to establish multiple entry points, and deploy a new backdoor called MucorAgent. They also utilize compromised legitimate websites as traffic relays to complicate detection. The group's tactics include credential theft, lateral movement, and data exfiltration, employing both custom and open-source tools.

Pulse ID: 689b565c2e425682d6ad72ef
Pulse Link: https://otx.alienvault.com/pulse/689b565c2e425682d6ad72ef
Pulse Author: AlienVault
Created: 2025-08-12 14:57:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

https://blog.gslin.org/archives/2025/08/12/12561/%e7%94%a8-e-mail-%e6%88%96%e6%98%af%e7%b0%a1%e8%a8%8a%e5%af%84%e9%80%81%e5%85%ad%e7%a2%bc%e6%95%b8%e5%ad%97%e7%95%b6%e4%bd%9c%e7%99%bb%e5%85%a5%e5%af%86%e7%a2%bc%e7%9a%84%e5%95%8f%e9%a1%8c/

用 E-mail 或是簡訊寄送六碼數字當作登入密碼的問題

[Перевод] Собираем собственный сервис-меш

В этой статье автор рассказывает о том, как самостоятельно построить сервис-меш с помощью современных инструментов и Open Source-решений. Материал будет полезен разработчикам и инженерам, интересующимся внутренним устройством сервис-мешей, их преимуществами, а также возможностями настройки и кастомизации под собственные нужды.

https://habr.com/ru/companies/flant/articles/923410/

Архитектура сервера: статические residential-прокси и reverse-proxy

Архитектура Сервера — это не только набор серверов и сервисов, это контракт о том, как компоненты взаимодействуют и кто за что отвечает. В сетевой части этот контракт делится на две очевидные зоны ответственности: ingress (входящий трафик) и egress (исходящий). Reverse-proxy (NGINX/Envoy/Traefik и им подобные) — стандартный элемент ingress-слоя: TLS-терминация, кеш, балансировка и фильтрация трафика. На уровне egress мы часто используем прокси-слой, который формирует «внешний вид» наших исходящих соединений; среди опций для egress ключевую роль играют статические residential-прокси — IP от реальных провайдеров, закреплённые за сессией на время операции.

https://habr.com/ru/articles/935710/

Critical #Squid #Proxy Vulnerability Enables Remote Code Execution

https://cyberpress.org/critical-squid-proxy-vulnerability/

UK proxy traffic surges as users consider VPN alternatives amid Online Safety Act – Source: go.theregister.com https://ciso2ciso.com/uk-proxy-traffic-surges-as-users-consider-vpn-alternatives-amid-online-safety-act-source-go-theregister-com/ #rssfeedpostgeneratorecho #TheRegisterSecurity #CyberSecurityNews #TheRegister #proxy

A brutally-simple proxy for #ActivityPub that lets you circumvent instance blocks by masquerading as another domain name. All it does is replace all hostnames in the text proxied through, and for signed POST requests, it swaps the public keys and re-signs the requests

#LetterOfTheWeek
Forum: As Asean turns 58, don’t write it off just yet
"Imagine a #SoutheastAsia without #Asean. A conflict like the one between Thailand & Cambodia could easily have escalated into a full-blown #proxy #war, with the US & China rushing in to “mediate” while advancing their own interests.. Still there’s room for serious improvement. Asean must respond faster to #crises, strengthen preventive #diplomacy, & empower its rotating chair to act more decisively"
https://www.straitstimes.com/opinion/forum/forum-as-asean-turns-58-dont-write-it-off-just-yet

New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer

Unit 42 researchers have identified a shift in the delivery method and obfuscation techniques used for distributing DarkCloud Stealer. The new infection chain, observed since April 2025, involves ConfuserEx obfuscation and a final payload written in Visual Basic 6. The attack begins with phishing emails containing compressed archives (TAR, RAR, or 7Z) that include JavaScript or Windows Script files. These files download and execute a PowerShell script, which then drops an executable protected by ConfuserEx. The final payload is a VB6 executable injected into a legitimate process using RunPE techniques. The malware employs various obfuscation methods, including anti-tampering, symbol renaming, and proxy call methods, to complicate analysis and evade detection.

Pulse ID: 6895174a78ee95e9d1394374
Pulse Link: https://otx.alienvault.com/pulse/6895174a78ee95e9d1394374
Pulse Author: AlienVault
Created: 2025-08-07 21:14:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Контракт с одним адресом на все EVM-блокчейны: как работает Safe Singleton Factory

Когда мне понадобилось задеплоить один и тот же контракт в разные EVM-сети с одинаковым адресом — оказалось, что всё не так просто. Даже если всё заранее посчитать и подготовить, любой лишний nonce может всё сломать. В этой статье я разбираю, как вообще формируется адрес контракта при деплое (при использовании CREATE и CREATE2), зачем появился Deterministic Deployment Proxy, и почему Safe в итоге сделали свою версию — Safe Singleton Factory. Расскажу, как ей воспользоваться через Remix, Foundry и Hardhat, на что стоит обратить внимание (например, при работе с байткодом), и какие грабли могут ждать при попытке всё упростить.

https://habr.com/ru/articles/934426/

81 #Proxy Hosts avec 1 seul certificat Let's #Encrypt #DNS Challenge

Thanks to @s3phy again for helping me understand another area where IPv6 is broken in Linux desktop networking configuration tools: connecting to a SSH server to create a SOCKS proxy using the NetworkManager SSH plugin. That thing only checks if the gateway address is a valid IPv4 address

I reported the issue here: https://github.com/danfruehauf/NetworkManager-ssh/issues/130

VLESS+Reality-и-Multi-hop-Архитектура-VPN-цепочки-для-нового-поколения-блокировок_Хабр.

#proxy #vless #reality #multi_hop

Рабочая и относительно устойчивая схема на базе VLESS+Reality и Multi‑hop.

В данным момент у статьи ГЕО-блокировка на территории Российской Федерации

VLESS_Reality_Multi_hop_Arch.7z (4.3 MB)
Истекает: четверг, 4 сентября 2025 г., 13:36

https://upload.disroot.org/r/5qaQw2Xy#mfG19sTKJ+TqnnbsbiTDZggaW5vnKAJ2TT+6WnvR74g=