
osint
The Rust-Powered Subdomain Enumerator That Combines Speed, Stealth, and Precision
Voyage is a subdomain enumeration tool written in Rust that merges active and passive scanning to maximize discovery with minimal noise.
osint
Voyage is a subdomain enumeration tool written in Rust that merges active and passive scanning to maximize discovery with minimal noise.
Windows Vulnerabilities
Microsoft credited a cybercriminal known as EncryptHub—responsible for over 618 breaches—for responsibly disclosing two Windows vulnerabilities.
Mark of the Web bypass
A flaw in WinRAR versions prior to 7.11 allows attackers to bypass Windows' Mark of the Web (MotW) security checks using symlinks, enabling silent execution of malicious code. This vector, CVE-2025-31334, reflects a broader pattern of systemic failure in Microsoft’s layered security model.
AI cybersecurity
Google’s launch of Sec-Gemini v1 signals a push toward AI-dominated cybersecurity, but beneath the PR polish lies a deeper power grab cloaked in benevolence.
Akira ransomware
A security researcher reverse-engineered the Akira ransomware's encryption scheme by exploiting timestamp-based key generation and brute-forcing with GPU clusters. His $1,200 solution...
DarkWebDaily.Live
DarkWebDaily.Live has been listed as a darknet investigation resource by OSINTME, a trusted open-source intelligence platform maintained by cybersecurity professional Maciej Makowski.
Oracle
India's National Computer Emergency Response Team (NCERT) has issued a cyber alert regarding an alleged Oracle Cloud breach involving over six million federated login credentials. While Oracle denies the incident, dark web evidence and ongoing phishing attacks suggest otherwise.
Open Source
Thunderbird is quietly launching a suite of open-source services Thundermail, Appointment, Send, and Assist designed to replicate the integration of Gmail and Office365 without the surveillance or vendor lock-in.
VPN
A fifth of the most popular iOS VPN apps are quietly controlled by Chinese companies, including one blacklisted by the U.S. military. The deception runs deep, routed through shell firms and foreign registrations to obscure links to Beijing.
Cryptocurrency
Another day, another so-called "secure" blockchain project gets gutted. This time, it’s UPCX—a self-proclaimed financial service platform running on its own blockchain.
triada malware
Over 2,600 Android devices were infected by a preloaded version of the Triada malware in March 2025. The malware, embedded during manufacturing of counterfeit smartphones, grants full remote access, enabling crypto theft, social media hijacking, and botnet control.
github
GitHub quietly dropped a bomb: 39 million secrets were leaked on their platform in 2024 alone. API tokens, credentials, private keys exposed and weaponized in minutes by threat actors.