https://hackingpassion.com/tags/apt/Recent content in APT on HackingPassion.com : root@HackingPassion.com-[~]HugoenSun, 17 May 2026 13:18:03 +0200https://hackingpassion.com/gtig-ai-zero-day/Sun, 17 May 2026 13:18:03 +0200https://hackingpassion.com/gtig-ai-zero-day/<p>Google caught a criminal group that used AI to find a zero-day in a popular web admin tool and had a working exploit ready for a mass attack against thousands of systems. Google has never named the tool. The attack never launched. What gave them away was a <strong>CVSS severity score inside the code for a vulnerability that has never been officially rated. The AI made up a number that does not exist.</strong></p>https://hackingpassion.com/fast16-pre-stuxnet-cyber-sabotage/Sun, 26 Apr 2026 11:49:23 +0200https://hackingpassion.com/fast16-pre-stuxnet-cyber-sabotage/<p>For 21 years, a cyberweapon called <strong>fast16</strong> sat completely undetected. This one did not destroy machines or blow things up. It corrupted the math. Scientists running nuclear and engineering simulations got output that looked completely normal, every number added up, every result made sense, and all of it was deliberately wrong. It surfaced last week. It predates Stuxnet by five years.</p> <p><strong>SentinelOne</strong> researchers <strong>Vitaly Kamluk</strong> and <strong>Juan Andrés Guerrero-Saade</strong> presented the full analysis of fast16 at <strong>Black Hat Asia</strong> last week. Fast16&rsquo;s core binary has a compilation timestamp of <strong>August 30, 2005</strong>. Stuxnet&rsquo;s C&amp;C infrastructure was set up in November that same year.</p>https://hackingpassion.com/notepad-plus-plus-supply-chain-attack/Mon, 02 Feb 2026 17:41:03 +0100https://hackingpassion.com/notepad-plus-plus-supply-chain-attack/<p>Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them clicked update and got spyware instead of a patch. Here is what we now know. 🧐</p> <p>The attackers did not hack Notepad++ itself, they went after the hosting provider instead. On February 2, 2026, developer Don Ho published the full disclosure of what happened. The website notepad-plus-plus.org sat on a shared hosting server, which means it shared space and resources with other customers on the same machine. Once the attackers broke into that server, they could see all the traffic flowing through it and intercept whatever they wanted.</p>https://hackingpassion.com/sap-patch-tuesday-four-critical-vulnerabilities-cve-2026-0501/Tue, 13 Jan 2026 14:03:32 +0100https://hackingpassion.com/sap-patch-tuesday-four-critical-vulnerabilities-cve-2026-0501/<h1 id="sap-just-patched-four-critical-vulnerabilities">SAP just patched four critical vulnerabilities</h1> <p>SAP just patched four critical vulnerabilities. CVSS scores up to 9.9. One lets attackers run code with nothing but a malicious link. 425,000 companies run SAP. Over 85% of Fortune 500. The patches dropped today, January 13, 2026. 🧐</p> <p>SAP Patch Tuesday just landed with seventeen security notes. Four are HotNews - SAP&rsquo;s term for patch immediately or accept the consequences.</p> <p>The most severe vulnerability lets someone with a basic user account run arbitrary SQL queries against the entire financial database.</p>