FreedomHack

10/15/2025

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Two CVSS 10.0 flaws in Red Lion Sixnet RTUs allow unauthenticated root code ex*****on.

10/15/2025

แฮกเกอร์ชาวจีนใช้ประโยชน์จากเซิร์ฟเวอร์ ArcGIS เป็น Backdoor มานานกว่าหนึ่งปี

https://thehackernews.com/2025/10/chinese-hackers-exploit-arcgis-server.html

https://reliaquest.com/blog/threat-spotlight-inside-flax-typhoons-arcgis-compromise/

10/15/2025

Two Chinese malwares, PlugX and Bookworm, believed to be from the Lotus Panda hacking group, have been found targeting telecommunications systems in several Asian countries, including Thailand.

10/15/2025

𝐓𝐨𝐩 𝟐𝟏 𝐃𝐚𝐫𝐤 𝐖𝐞𝐛 𝐑𝐞𝐬𝐨𝐮𝐫𝐜𝐞𝐬 𝐟𝐨𝐫 𝐎𝐒𝐈𝐍𝐓 𝐏𝐫𝐨𝐟𝐞𝐬𝐬𝐢𝐨𝐧𝐚𝐥𝐬
The dark web is a golden source for cybersecurity intelligence.

For OSINT (Open-Source Intelligence) professionals, these tools help track threats, verify breaches, and investigate hidden activities.

🕵️Search Engines (Ahmia, Tor66, Haystack, Torch, Onion Engine)
They allow you to index .onion sites to make dark web content searchable.
🔸 Useful for discovering hidden forums, marketplaces, and underground services.

💾 Leak and Breach Databases (DeHashed, HaveIBeenPwned, Library of Leaks)
They identify compromised emails, credentials and databases.
🔸 They help assess exposure risks for organizations and individuals.

🌐 Link Directories (Tor . link, Hidden Wiki, Onion . live, Darkweb Daily)
Curated collections of active .onion links.
🔸 Save time when browsing the dark web, where URLs are constantly changing.
⚔️ Threat Intelligence Tools (DeepDark CTI, LeakOSINT, Universal SearchBot, Telemetry)
They monitor cybercriminal conversations and leaked data.
🔸 They provide valuable context for threat hunting and investigations.

🧰 Utility Tools (PGP Tool, TOR2Web, TorCraw l. py)
🔹 They verify PGP signatures on hacker forums.
🔹 They allow access to . onion sites without using Tor.
🔹 They automate the collection and analysis of pages for research.

Thank you Priscila Maldonado for sharing.

10/14/2025

Next.js Security Testing Guide for Bug Hunters and Pentesters

Learn how to assess Next.js apps for SSRF, XSS, CSTI, SSTI, CSRF, cache issues, and data leaks. Practical tips, checks, and tools for bug bounty and pentesting.

10/14/2025

Harvard investigating breach linked to Oracle zero-day(CVE-2025-61882) exploit

https://www.bleepingcomputer.com/news/security/harvard-investigating-breach-linked-to-oracle-zero-day-exploit/

10/14/2025

10/14/2025

Spain dismantles “GXC Team” cybercrime syndicate, arrests leader

Spanish Guardia Civil have dismantled the "GXC Team" cybercrime syndicate and arrested its alleged leader, a 25-year-old Brazilian known as "GoogleXcoder."

10/14/2025

Google has released an Android TV version of its AI Gemini for select smart TVs. If you can't remember the name of a show you'd like to watch, you can now tell it the details of the show and analyze it.

10/14/2025

New attack technique discovered by Chinese hackers "Fezbox" hides malicious code in QR codes that can be used to open backdoors on victims' devices.

10/14/2025

𝗦𝗵𝗼𝗱𝗮𝗻 𝗖𝗵𝗲𝗮𝘁 𝗦𝗵𝗲𝗲𝘁 — 𝗔 𝗠𝘂𝘀𝘁-𝗛𝗮𝘃𝗲 𝗳𝗼𝗿 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗿𝗼𝘀 🧠🔍

If Google indexes websites, Shodan indexes the Internet of Things — servers, webcams, routers, industrial control systems, and more.

For security researchers, pentesters, and defenders, Shodan is a powerful tool to:
1️⃣ Map your attack surface
2️⃣ Identify exposed assets
3️⃣ Discover misconfigurations
4️⃣ Track vulnerable services in real time

📌 This Shodan Cheat Sheet breaks down powerful search filters by:
🌍 Physical Location (Country, City, Geo Coordinates)
🧠 Operating Systems & Products (OS, Version, Organization)
🧠 IP & Subnets (Hostname, Ports, ASN)
🛠 Web Apps (Technologies, SSL/TLS, Expired Certificates)
📅 Other Filters (Date, Screenshots, Limited Access)

⚠️ Important Reminder: Always use Shodan and similar tools ethically and legally — only on assets you own or are authorized to test.

🔔 Follow e-Learn Cyber Security for more cybersecurity tips!

10/14/2025

Networking, Linux, Windows, and a bit of Programming.
This is your foundation. Without it, cybersecurity concepts won’t make sense.

📍 Step 2: Explore the world of security
Learn about Web Security, System Security, Network Security, Cryptography, and Cybersecurity Fundamentals.
Then dive deeper into areas like VAPT, Incident Response, Digital Forensics, and Cloud Security.

📍 Step 3: Play and practice
This is where learning gets fun!
Platforms like TryHackMe, HackTheBox, PortSwigger Academy, OverTheWire, VulnHub, and LetsDefend are your playgrounds.
Each challenge you solve teaches you real-world skills.

📍 Step 4: Find your direction
You can become a Security Analyst, SOC Technician, Pe*******on Tester, Threat Intelligence Analyst, or even a Cloud Security Associate ☁️
Each path has its own tools, techniques, and challenges.

📍 Step 5: Prepare for your career
Start building projects, upload your reports to GitHub, and prepare at least three pentest reports.
Add certifications like CompTIA Security+, CEH, or OSCP.
And don’t forget to network on LinkedIn — it opens doors you didn’t even know existed. 🤝

🔥 My advice? Start small, stay consistent, and document everything you learn.
Cybersecurity isn’t just about hacking—it’s about protecting, analyzing, and defending. 💪
So if you’re someone who’s confused, just like I was—this roadmap is your compass.
Let’s build the next generation of ethical hackers and defenders together. 💣