H
Hacking on the Jiophone - From getting a rootshell to running Doom
A few days ago, I found an old Jiophone. At first, it appeared to be a simple, locked down KaiOS device. But after a day of tinkering around with it, I found myself running doom on it.
Binary Ruins (sivaplaysmc.github.io)
Short summary: https://hackerworkspace.com/article/hacking-on-the-jiophone-from-getting-a-rootshell-to-running-doom
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.
BleepingComputer (www.bleepingcomputer.com)
Short summary: https://hackerworkspace.com/article/new-infinity-stealer-malware-grabs-macos-data-via-clickfix-lures
Scientists Discover Giant ‘Cavity’ Beyond Earth That Isn’t Supposed to Exist
Earth’s magnetic field has created a huge void of galactic cosmic rays in space, which could help protect astronauts from radiation exposure.
404 Media (www.404media.co)
Short summary: https://hackerworkspace.com/article/scientists-discover-giant-cavity-beyond-earth-that-isnt-supposed-to-exist
Disabling Security Features in a Locked BIOS - MDSec
Overview This post explores how modifying a Dell UEFI firmware image at the flash level can fundamentally undermine platform security without leaving visible traces in the firmware interface. By directly...
MDSec (www.mdsec.co.uk)
Short summary: https://hackerworkspace.com/article/disabling-security-features-in-a-locked-bios-mdsec
Compromised telnyx on PyPI: WAV Steganography and Credential Theft
Analysis of malicious telnyx 4.87.1 and 4.87.2 on PyPI — a package with over 1 million monthly downloads: injected code uses WAV audio steganography to deliver payloads that steal credentials and establish persistence. Attributed to TeamPCP.
SafeDep - Real-time Open Source Software Supply Chain Security (safedep.io)
Short summary: https://hackerworkspace.com/article/compromised-telnyx-on-pypi-wav-steganography-and-credential-theft
Break LLM Workflows with Claude's Refusal Magic String - Hacking The Cloud
How Anthropic's refusal test string can be abused to stop streaming responses and create sticky failures.
(hackingthe.cloud)
Short summary: https://hackerworkspace.com/article/break-llm-workflows-with-claude-s-refusal-magic-string-hacking-the-cloud
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Short summary: https://hackerworkspace.com/article/ta446-deploys-leaked-darksword-ios-exploit-kit-in-targeted-spear-phishing-campaign
Fake VS Code alerts on GitHub spread malware to developers
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware.
BleepingComputer (www.bleepingcomputer.com)
Short summary: https://hackerworkspace.com/article/fake-vs-code-alerts-on-github-spread-malware-to-developers
Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data
Iranian hacking group Handala claims to have leaked personal emails and documents belonging to FBI Director Kash Patel. The FBI confirmed the targeting but maintains the breach involves "historical" personal data rather than classified government systems.
CyberScoop (cyberscoop.com)
Short summary: https://hackerworkspace.com/article/iranian-hackers-handala-claim-to-compromise-fbi-director-kash-patels-personal-data
@kkarhan Files of that size are typically crafted to exceed EDR/antivirus scan-size limits, causing the engine to bypass inspection altogether.
FBI links Signal phishing attacks to Russian intelligence services
Short summary: https://hackerworkspace.com/article/fbi-links-signal-phishing-attacks-to-russian-intelligence-services
How agentic AI is rewriting the rules for logistics providers | Google Cloud Blog
https://cloud.google.com/transform/how-agentic-ai-is-rewriting-the-rules-for-logistics-providers
Short summary: https://hackerworkspace.com/article/how-agentic-ai-is-rewriting-the-rules-for-logistics-providers-google-cloud-blog
RAXE-2026-040: Claude Code Workspace Trust Dialog Bypass via Repository Settings (CVE-2026-33068) | RAXE Labs
FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps
https://cyberscoop.com/fbi-cisa-issue-psa-on-russian-intelligence-campaign-to-target-messaging-apps/
Short summary: https://hackerworkspace.com/article/fbi-cisa-issue-psa-on-russian-intelligence-campaign-to-target-messaging-apps
I'm your worst nightmare
I'm very sorry to be stopping you from what you're doing, but Joe is back!
Accidental Engineer: Building My First Hardware Tool the Hard Way
https://bishopfox.com/blog/accidental-engineer-building-my-first-hardware-tool-the-hard-way
Short summary: https://hackerworkspace.com/article/accidental-engineer-building-my-first-hardware-tool-the-hard-way
Betterleaks, a new open-source secrets scanner to replace Gitleaks
Short summary: https://hackerworkspace.com/article/betterleaks-a-new-open-source-secrets-scanner-to-replace-gitleaks
How Hackers Practice: Building Your Own Vulnerable AD Environment with Vulnerable-AD 2026
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
(www.youtube.com)
Build your own AI Malware Analysis Lab with Remnux
