International Cyber Digest

🛠️ Al-Khaser

A PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.

Try: github.com/ayoubfaouzi/...

Age verification raises concerns due to risks, as seen in the Discord breach. Source: www.esafety.gov.au/newsroom/med...

❗ Australia is banning social media for those under 16, enforcing age verification on platforms like Facebook, Instagram, Snapchat, Threads, TikTok, X, YouTube, Kick, and Reddit starting next month. Non-compliant platforms face fines up to $49.5 million.

Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office In June, 2025, Shubs Shah and I discovered a vulnerability in the online poker website ClubWPT Gold which would have allowed an attacker to fully access the core back office application that is used…

This breach risked exposure of sensitive information like driver's licenses, passport numbers, IP addresses, transactions, and game history.

Read: samcurry.net/hacking-club....

📚 Hacking the World Poker Tour

A vulnerability in the online poker site ClubWPT Gold could have allowed attackers complete access to its core administrative application.

🚨 Threat actor Cyber Toufan released more details on the breach of Israeli defense contractor MAYA.

🚨Peter Williams, 39, an Australian, pleaded guilty today in U.S. District Court to selling his employer’s trade secrets to a Russian cyber-tools broker.

Goldberg and two other insiders ran ransomware operations since 2023 while employed at cybersecurity firms. After an FBI visit, Goldberg confessed. He now faces up to 50 years in prison.

‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware.

📚 Next.js PoC (CVE-2025-57822)

Exploring an edge-case where Next.js middleware header handling opens a subtle attack surface.

Read: blog.rootsys.at/posts/nextjs...

🛠️ MoneyPrinterTurbo

Generate short AI videos with one click using large language models. Automated creativity!

github.com/harry0703/Mo...

This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later.

Read:
community.ui.com/releases/Sec...

🚨 Vulnerability in Ubiquiti's UniFi Access Application CVSS 10 - Critical

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication.

‼️ Employees at DigitalMint, a company known for assisting cyberattack victims, were discovered carrying out their own hacks—ultimately profiting more than $1 million.

Source:
chicago.suntimes.com/the-watchdog...

‼️ What the actual...?

https://www[.]whitehouse[.]gov/mysafespace/

⁉️ Microsoft confirms “Update and Shut Down” was actually restarting Windows 11.

If you've noticed Windows 11's “Update and Shut Down” restarting your PC instead of shutting it down, you're not alone.

The fix will roll out with this month's Patch Tuesday on November 11.

“You should check if there's a backdoor.”

Chinese President Xi Jinping joked on Saturday with South Korean President Lee Jae Myung about the security of Xiaomi smartphones as they exchanged gifts after the Asia-Pacific Economic Cooperation (APEC) Summit in South Korea.

❗️ Now, to stop your profile from being used for Microsoft-wide ad targeting, go to:
www.linkedin.com/mypreference...

🚨 LinkedIn gives you until Monday, November 3, 2025, to stop AI from training on your profile.

To disable it, visit: www.linkedin.com/mypreference...

OSINT reveals his dating site nickname is "wooolff," seeking women aged 18-21. He'll struggle to find matches where he's headed.

🚨 Conti ransomware gang member extradited to the USA

The FBI and the Irish arrested and extradited Ukrainian Oleksii Oleksiyovych Lytvynenko for conspiring to deploy Conti ransomware, targeting over 1,000 victims worldwide and extorting at least $150 million.

📚 AD Domain-Join Owning PoC

Compromising the Active Directory through domain-join account attacks in 2025.

Read: www.shelltrail.com/research/act...

📚 Ghosts in the Machine

ASCII smuggling across LLMs.

ASCII Smuggling is a technique rooted in the abuse of the Unicode standard, specifically utilizing invisible control characters to embed hidden instructions within a seemingly benign string of text.

Read it: www.firetail.ai/blog/ghosts-...

📚 OpenSSH ProxyCommand Exploit (CVE-2025-61984)

PoC of bash newline attack via SSH ProxyCommand.

Read it: dgl.cx/2025/10/bash...

📚 Unity Runtime RCE (CVE-2025-59489)

Write up and PoC Arbitrary code execution in Unity runtime.

Read: flatt.tech/research/pos...

📚 Windows Heap Exploitation

Deep dive into Windows heap exploitation techniques.

Read: mrt4ntr4.github.io/Windows-Heap...

📚 Exploit development for vulnerabilities in Windows over MS-RPC

Guided walkthrough on developing exploits for Windows over MS-RPC. Learn advanced techniques!

Read: www.incendium.rocks/posts/Exploi...

The 4TB time bomb: when EY's cloud went public (and what it taught us) How Neo Security discovered a 4TB SQL Server backup from Ernst & Young publicly exposed on Azure. A deep dive into cloud misconfigurations and why responsible disclosure matters.

Yeah, thanks, but no thanks.

If you’re still interested: the find is interesting, but it lacks evidence to actually confirm the leak:

www.neosecurity.nl/blog/ey-data...

The 4TB time bomb: when EY's cloud went public (and what it taught us) How Neo Security discovered a 4TB SQL Server backup from Ernst & Young publicly exposed on Azure. A deep dive into cloud misconfigurations and why responsible disclosure matters.

“He once traced an entire ransomware incident back to a single web.config file that leaked a connection string. That was 8 kilobytes. This was four terabytes.”

and

“One of our hackers wasn’t running a broad, noisy scan. No. Instead, he was doing focused, low-level tooling work…”

Test