HackingPassion.comCybersecurity
30 posts
The Windows Snipping Tool can hand your Windows password hash to an attacker through a single click on a crafted link, and what the victim sees is the familiar …
Windows Defender, the built-in antivirus running on every Windows machine, has a zero-day exploit with full source code sitting on GitHub. No patch, no CVE, and …
Hackers are hijacking NGINX web servers and rerouting live traffic through their own infrastructure. No malware installed, no vulnerability exploited. Just a …
32 years. That is how long it took Microsoft to disable NTLM, the protocol that handles Windows login authentication. A broken system linked to $10 billion in …
eScan antivirus got hacked. Again. Same company, same update infrastructure exploited, two years apart. This time: hundreds of machines infected in a 2-hour …
Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them …
175,000 AI servers wide open to the internet. 130 countries. Attackers are selling access to other people’s hardware at a 50% discount, and using it for …
An AI just found 12 zero-day vulnerabilities in OpenSSL. All 12. In a single release. One of those bugs is older than OpenSSL itself, sitting in the code since …
Microsoft Office zero-day actively exploited. Every version from 2016 to 365, including LTSC 2021 and 2024, over 400 million users. Attackers bypass all the …
Linux running inside a PDF. An actual working operating system with a terminal where you can type commands. Open a PDF in Chrome. Wait 30 seconds. You now have …
One developer just built 88,000 lines of advanced malware in six days using AI. A single person with an AI coding assistant created a framework sophisticated …
A 52-year-old tape just revealed a buffer overflow that looks exactly like the bugs we’re still finding today. 😏 In July 2025, someone found a magnetic …
100,000 servers. One HTTP header change. Full admin access. No password required. They call it “Ni8mare.” CVSS 10.0. The patch existed for 7 weeks. …
Notion AI steals data before the user clicks OK. 100 million users. 4 million paying customers. Amazon. Nike. Uber. Pixar. More than half of Fortune 500 …
Two Chrome extensions. 900,000 users. Every ChatGPT and DeepSeek conversation stolen. Sent to attacker servers every 30 minutes. Google gave one of them a …
$5 buys two months of complete access to someone’s computer. Keylogging, webcam, passwords, files. The malware is called DCRat. The delivery method: a …
€7.68 billion budget. 3,000 staff. A brand new Cyber Security Operations Centre opened. A hacker spent 7 days inside their systems downloading 200GB of data. …
A botnet just fired 1.7 billion DDoS commands in 72 hours. Attack capacity: nearly 30 Terabits per second. 2 million Android TV boxes sitting in living rooms …
A 16-year-old built an AI that mass-hunts memory bugs. It found 6 vulnerabilities in FFmpeg in December. One was a heap buffer overflow in the EXIF parser. The …
Your headphones just became a backdoor to your phone. No pairing. No popup. Just Bluetooth range. 70 million chips. Sony. Bose. Marshall. JBL. A debug protocol …
RondoDox added React2Shell to its arsenal. 90,000+ servers. 56 vulnerabilities. 30+ vendors. They call it the “exploit-shotgun” approach. Fire …
The crypto library behind Discord, WordPress, and Zcash just got its first CVE. After 13 years. 😏 libsodium. You’ve probably never heard of it. But …
WIRED magazine got hacked. 2.3 million subscriber records leaked. And this is just the beginning. 😏 A hacker called “Lovely” dumped the database on …
You log into your game. Suddenly, you got $13.3 million in your account. 🥳 You didn’t earn it. Neither did 30 million other players. December 27, 2025. …
You trust your database to keep your data safe. MongoDB just proved it doesn’t. 87,000 servers are leaking memory to anyone who asks. 😏 December 2025. …
You buy a firewall to protect your network. In one month, two different authentication bypasses are being actively exploited. One is five years old. One is …
Attackers are targeting security researchers through GitHub. You downloaded a proof-of-concept exploit from GitHub. Professional README. Detailed instructions. …
Apple’s security team reviewed this app. Approved it. But now it steals your passwords, crypto wallets, and Telegram account. 😳 Hundreds of Macs infected …
56,000 downloads. 6 months online. A WhatsApp library on npm was stealing credentials, messages, and contacts. Nobody noticed. 🤔 The package is called …
Before we delve into this critical topic, let me emphasize the gravity of DNS settings in the realm of ethical hacking. Whether you’re a seasoned …