osint
The Rust-Powered Subdomain Enumerator That Combines Speed, Stealth, and Precision
Voyage is a subdomain enumeration tool written in Rust that merges active and passive scanning to maximize discovery with minimal noise.
Latest
Windows Vulnerabilities
Microsoft Publicly Credits Hacker Behind 618+ Attacks—EncryptHub Exposed as Dual-Use Operator
Microsoft credited a cybercriminal known as EncryptHub—responsible for over 618 breaches—for responsibly disclosing two Windows vulnerabilities.
Mark of the Web bypass
WinRAR Exploit Lets Malware Bypass Windows Security Without Warning
A flaw in WinRAR versions prior to 7.11 allows attackers to bypass Windows' Mark of the Web (MotW) security checks using symlinks, enabling silent execution of malicious code. This vector, CVE-2025-31334, reflects a broader pattern of systemic failure in Microsoft’s layered security model.
AI cybersecurity
Google’s Sec-Gemini v1: AI for Cybersecurity or Just More Centralized Control?
Google’s launch of Sec-Gemini v1 signals a push toward AI-dominated cybersecurity, but beneath the PR polish lies a deeper power grab cloaked in benevolence.
Akira ransomware
How a Researcher Cracked Akira Ransomware Using GPU Brute Force
A security researcher reverse-engineered the Akira ransomware's encryption scheme by exploiting timestamp-based key generation and brute-forcing with GPU clusters. His $1,200 solution...
DarkWebDaily.Live
DarkWebDaily.Live Featured on OSINTME: A Notable Recognition
DarkWebDaily.Live has been listed as a darknet investigation resource by OSINTME, a trusted open-source intelligence platform maintained by cybersecurity professional Maciej Makowski.
Oracle
Oracle Cloud Breach Sparks NCERT Warning: Six Million SSO Credentials Allegedly Compromised
India's National Computer Emergency Response Team (NCERT) has issued a cyber alert regarding an alleged Oracle Cloud breach involving over six million federated login credentials. While Oracle denies the incident, dark web evidence and ongoing phishing attacks suggest otherwise.
Open Source
Thunderbird Pro and Thundermail: Building an Open-Source Alternative to Google and Microsoft Lock-In
Thunderbird is quietly launching a suite of open-source services Thundermail, Appointment, Send, and Assist designed to replicate the integration of Gmail and Office365 without the surveillance or vendor lock-in.
VPN
Chinese-Controlled VPNs: The Trojan Horse in Your Pocket
A fifth of the most popular iOS VPN apps are quietly controlled by Chinese companies, including one blacklisted by the U.S. military. The deception runs deep, routed through shell firms and foreign registrations to obscure links to Beijing.
Cryptocurrency
$70M Ripped from UPCX: Another Audited Crypto Project Falls Flat
Another day, another so-called "secure" blockchain project gets gutted. This time, it’s UPCX—a self-proclaimed financial service platform running on its own blockchain.
triada malware
Triada Malware Preloaded on Counterfeit Androids Hijacks 2,600+ Devices for Crypto Theft and Espionage
Over 2,600 Android devices were infected by a preloaded version of the Triada malware in March 2025. The malware, embedded during manufacturing of counterfeit smartphones, grants full remote access, enabling crypto theft, social media hijacking, and botnet control.
github
39 Million Secrets Leaked on GitHub in 2024: Here’s What They’re Doing About It
GitHub quietly dropped a bomb: 39 million secrets were leaked on their platform in 2024 alone. API tokens, credentials, private keys exposed and weaponized in minutes by threat actors.