Zeroclick attacks exploit hidden bugs in phones and apps without user action, allowing hackers to gain control. Real-world examples like Stagefright and Pegasus highlight the risks. AI agents exacerbate the issue by automatically processing data, making it crucial to implement strong identity management and security measures to mitigate these vulnerabilities.
A zero-click attack is a cyber threat that requires no action from the victim, allowing attackers to exploit vulnerabilities without any user interaction. This type of attack can compromise devices simply through the receipt of messages or calls.
AI agents are exacerbating the zero-click attack issue by automating responses and actions, making it easier for attackers to exploit hidden bugs without user awareness.
Understanding how zero-click attacks operate is crucial. They rely on the automatic processing of incoming data by devices, which can lead to unauthorised access.
Real-world examples like Stage Fright and Pegasus illustrate the dangers of zero-click attacks. These incidents highlight the vulnerabilities within common messaging systems and apps.
Zero-click attacks have evolved, allowing hackers to gain remote control without any user interaction. The introduction of AI agents adds another layer of vulnerability to this concerning trend.
Pegasus, a notorious spyware, exploits vulnerabilities in communication apps, allowing hackers to access personal data without user engagement. This highlights the dangers of automated processes in technology.
Recent flaws in iMessage have demonstrated that even trusted platforms can be compromised through hidden exploits. This raises awareness about the need for enhanced security measures.
AI agents, while convenient, can inadvertently execute harmful instructions embedded in emails. The Eco Leak attack illustrates how easily sensitive information can be exposed without user awareness.
Software vulnerabilities can be exploited through zero-click attacks, where systems unknowingly open themselves to threats. This highlights the importance of maintaining security and trust in interconnected systems.
Zero-click attacks exploit flaws in software without user interaction, making them particularly dangerous. Understanding how these vulnerabilities function can help users stay vigilant.
Keeping software updated is essential for reducing the risk of zero-click exploits. Most attacks rely on known vulnerabilities that can be patched by companies.
Identity and access management is crucial in defending against zero-click attacks. Controlling who has access to systems can significantly enhance security.
Implementing strong security measures is essential to guard against zero-click and AI-driven attacks. Utilising identity verification and limiting permissions can provide a robust defence against these threats.
Isolating AI systems in sandbox environments can prevent potential attacks from spreading. This strategy helps to protect the main system from external threats effectively.
Using AI firewalls to monitor data inputs and outputs enhances security. These systems act as content filters to detect and prevent prompt injections and data leaks.
Adopting a zero-trust mindset is crucial in today's digital landscape. This approach encourages scepticism towards every message or link until verified as safe.
Almost everyone and everything is documented in today’s digital world. From social media to public records, there are countless examples of records and data freely available. But collecting, piecing together, and analyzing data with any real effectiveness requires special and often complex tools and techniques. The OSINT Framework is designed to help with this challenge. It offers a structured approach to collecting open-source intelligence, offers support and guidance to members of a range of professions, and enables them to rapidly locate reliable data within their fields of focus. These fields are often complex and require advanced software to parse large data sets and search a range of databases, including e.g. social media and other public forums.
Open-Source Intelligence is the practice of collecting, and analyzing data, and information available and legally free on the open web and other public domains. These data and records can be collected from social media, government databases, open forums, and other routes. The information must be. The practice must be within the bounds of the law, and other regulations must not be violated.
Conceptually, OSINT can be used in other various professions. In cybersecurity, OSINT can help track and pinpoint location of malicious actions, and activity. In the fields of journalism, it can help source verification. OSINT also has value to businesses, as it provides insight into market analysis and data on competitor activity.
Rather than being a single piece of software, the OSINT Framework is a properly structured directory of tools, methods, and resources employed in open-source investigations. It sorts different OSINT resources into varying categories, enabling users to choose the appropriate tools for their needs.
Often, the framework is visually represented in the form of a tree, where every branch leads to specialized OSINT tools. This approach increases user-friendliness, even for beginners. Rather than undertaking general purpose internet searches, investigators can use tools in the framework that have undergone targeted categorization and deal with specific tasks like social media accounts, domain information, and image analysis, or email lookups.
The framework increases efficiency. Instead of general purpose searches, which can take considerable time, the framework quickly narrows the search to the relevant tools.
Large amounts of data can be collected from social media platforms such as Facebook, Twitter, Instagram, and LinkedIn. The OSINT Framework assists in analyzing user profiles, posts, connections, and social interaction patterns. This is specifically beneficial in the area of digital investigations and monitoring threats.
OSINT tools allow investigators to look up the registration, hosting, and IP history of a suspicious website. This is instrumental in cybersecurity when tracking harmful websites, identifying phishing domains, and other cases of phishing.
The OSINT Framework helps to determine the risk of compromised accounts through data exposure as well as potential identity theft through email or username checks.
Fact-checking in journalism is made much easier when the tools used to determine the origin of a picture or video through a reverse image search and the examination of video metadata is available.
Investigators can utilize tools provided in the OSINT Framework to examine maps, satellite imagery, and other location based tools or services. This is very beneficial in locating missing persons, tracking crimes, or in disaster response.Benefits for Cybersecurity and Investigations
OSINT Framework remains invaluable for cybersecurity professionals as they identify and track potential cyber attacks, track and monitor hackers, and identify and follow harmful domains. For law enforcement, they can follow leads without resorting to sophisticated and invasive monitoring techniques. Organizations can track and monitor brand health and identify fraudulent activities, which is yet another way to help businesses.
Ethical hackers are other OSINT users, finding system exploits before malicious hackers can. Organizations incorporate additional security measures to deal with the potentially harmful OSINT.
OSINT is accompanied by unique challenges as well.
The users of OSINT can find guidance from the OSINT Framework. From accurate and ethical information gathering in journalism and cybersecurity, OSINT will make accurate and ethical information gathering possible. OSINT, if approached from the right angles, will uncover information of immense value and insights hidden in plain sight.
HackersKing’s mission is to equip people with strategies and the understanding needed to work safely in the online environment. As a reputable provider of information technology and news, we have a commitment to awareness and education in cybersecurity, particularly in the practice of OSINT, to assist people and businesses.
Leaked information today is a norm unlike in the past. A recent observation by Cybernews, Kaspersky, and Forbes state that more than 16 billion accounts comprising emails, usernames, and passwords have been leaked and are spreading on the internet. This is the reason for the existence of the breachdirectory.org. They aid users to discover if their email, password, or even their accounts are part of a public breach. Before proceeding, users must first identify what the leaked information entails, the origins of the data, and what threats it may pose. A breach directory is a lengthy, searchable archive that consolidates emails and passwords from data breaches. Rather than being jumbled across the dark web, the data is stored in an accessible database.
Some parts of a breach directory can contain the following pieces of information:
The quote “breach directory. org search over 16 Billion Public Leaked Records” demonstrates just how large these collections have become.
Recent investigations have found 30 different datasets which total around 16 billion credentials. Here’s how they were collected:
Wider credential leaks have been around for quite some time, but there appears to be more 'weight' to the 16 billion credential exposure:
In case you want to check for accounts that are exposed, you should only rely on for accounts that have not a single trace of hacked passwords.
According to Kaspersky and Forbes professionals, the top five actions you should prioritize are as follows:
Focus on your email, bank, and social media accounts as a priority. Your password should be sufficiently long, unique, and random.
Tools such as Bitwarden, 1Password, and LastPass are capable of creating and saving individual logins.
Make use of app-based 2FA or hardware keys if available.
Infostealers are known to capture logins saved within your browser. Delete these logins and use a password manager.
Passkeys are much safer than traditional passwords as they cannot be leaked. Many platforms now provide ways to log in without a password.
Let’s say you created a shopping account that is linked to the email and password of your main Gmail account. Your shopping site’s database is compromised, and your login details are part of the 16 billion leaked accounts. Hackers are trying to use the same email and password combination on her Gmail account. That is the level of ignorance with credential reuse, which can compromise your online security.
More than a byte of info, the 16 billion records found leaked speak for the negligence of the fundamental rules of cyber security. Breach directories, though handy in determining exposed records, also reveal the magnitude of the issue at hand.
Proactive and responsive steps to any notified breaches are the core of the security we provide at Hackersking. Along with extended tech security insights, we provide immediate actionable measures for account securing to remain a step ahead of the threats.
With Hackersking, you can be certain- Stay secured, Stay aware, Stay informed.
Unlike general-purpose “hacker” distributions that include hundreds of outdated or rarely used tools, BountyOS adopts a curated approach. It is based on the stable Debian 12 foundation, supports both amd64 and arm64 architectures, and ships with tools that work directly in live mode (no mandatory installation required). This makes it suitable for quick triage, portable use, and creating reproducible environments where tool freshness matters.
BountyOS ships with a compact but powerful toolset designed for modern bug bounty workflows. Some of the highlighted categories and tools include:
BountyOS provides downloadable ISO images for both supported architectures. It also supports live mode, which allows hunters to boot and run tools instantly without needing installation. For those who prefer a more permanent setup, installers are available to create a persistent environment.
Here are some practical scripts and shortcuts you can use within BountyOS to maximize productivity.
Save as bounty-update.sh:
#!/usr/bin/env bash
set -euo pipefail
echo "[*] Updating system packages..."
sudo apt update && sudo apt full-upgrade -y
echo "[*] Updating Go-based tools..."
if command -v go >/dev/null 2>&1; then
GO111MODULE=on go install github.com/projectdiscovery/httpx/cmd/httpx@latest
GO111MODULE=on go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
GO111MODULE=on go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
fi
echo "[*] Cleanup..."
sudo apt autoremove -y
echo "[*] Update Complete."
Save as bounty-recon.sh:
#!/usr/bin/env bash
# Usage: ./bounty-recon.sh domain.com
TARGET="$1"
mkdir -p recon/$TARGET
echo "[*] Gathering subdomains..."
subfinder -d "$TARGET" -silent | tee recon/$TARGET/subs.txt
echo "[*] Probing live hosts..."
cat recon/$TARGET/subs.txt | httpx -silent -threads 50 -o recon/$TARGET/alive.txt
echo "[*] Running nuclei templates..."
nuclei -l recon/$TARGET/alive.txt -t /path/to/nuclei-templates -silent -o recon/$TARGET/nuclei-results.txt
echo "[*] Collecting wayback URLs..."
cat recon/$TARGET/alive.txt | waybackurls | tee recon/$TARGET/wayback.txt
Add to .bashrc or .zshrc:
alias subf='subfinder -silent'
alias probe='httpx -silent -threads 50'
alias nuc='nuclei -silent'
BountyOS is a streamlined and security-focused operating system built to empower bug bounty hunters with the right set of tools, stability, and live-mode convenience. It helps you move from boot to bounty quickly without unnecessary setup, so you can focus on finding vulnerabilities and reporting them effectively.
If you need more information, guidance, or deeper insights about BountyOS and other bug bounty resources, connect with us at Hackersking - your trusted space for security knowledge and updates.
An investigation of the clickless attack surface for the popular Zoom video conferencing solution revealed two Zero-Day Bugs (previously unknown security vulnerabilities) that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory.
Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues affect both Zoom clients and Media Router (MMR) servers that relay audio and video content between clients on on-premises deployments.
The flaws have since been fixed by Zoom as part of updates released on November 24, 2021.
The goal of a no-click attack is to stealthily take control of the victim’s device without requiring any user interaction, such as clicking on a link.
While exploit features vary depending on the nature of the vulnerability exploited, a key feature of click-free hacks is their ability to leave no trace of malicious activity, making them very difficult to detect.
Two defects identified by Project Zero:
While analyzing real-time transport protocol (RTP) traffic used to deliver audio and video over IP networks, Silvanovich discovered that it was possible to manipulate the contents of a buffer that supports playback of various types of data by sending a malformed chat message that causes the MMR client and server to crash.
Additionally, the lack of a NULL check that is used to detect the end of a string allowed for a memory leak when joining a Zoom meeting through a web browser.
The researcher also attributed the lack of memory corruption to the fact that Zoom did not enable ASLR, i.e., address space layout randomization, a security mechanism designed to increase the difficulty of executing buffer overflow attacks.
“The absence of ASLR in the Zoom MMR process greatly increases the risk that an attacker can compromise it,” Silvanovich said. “ASLR is perhaps the most important defense against memory corruption exploits, and the effectiveness of most other defenses at some level depends on the fact that it is disabled in the vast majority of programs.”
While most videoconferencing systems use open source libraries such as WebRTC or PJSIP to implement multimedia communications, Project Zero has identified Zoom’s use of proprietary formats and protocols, as well as high license fees (nearly $1,500) as barriers to research. in the field of security.
“Closed source software creates unique security challenges, and Zoom can do more to make its platform available to security researchers and others who want to evaluate it,” Silvanovich said. “While Zoom Security helped me access and set up the server software, it’s not clear if support is available for other researchers, and software licensing was still expensive.”
The post Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers Details Google appeared first on OFFICIAL HACKER.
This New Apple Safari Browser bug introduced in the implementation of the IndexedDB API in Apple Safari 15 could be used by a malicious website to track a user’s online activity in a web browser and, worse, even reveal their identity.
The vulnerability, dubbed IndexedDB Leaks, was discovered by anti-fraud software company FingerprintJS, which reported the issue to the iPhone manufacturer on November 28, 2021.
IndexedDB is a low-level JavaScript application programming interface (API) provided by web browsers for managing a NoSQL database with structured data objects such as files and blobs.
“Like most web storage solutions, IndexedDB follows a single-origin policy,” Mozilla notes in its API documentation. “So while you can access data stored in the same domain, you can’t access data in different domains.”
The same-origin is a fundamental security mechanism that ensures that resources retrieved from different origins, i.e. scheme (protocol), host (domain), and port number combinations of URLs, are isolated from each other. This means that “http[:]//example[.]com/” and “https[:]//example[.]com/” do not have the same origin, because they use different schemes.
By limiting how a script loaded from one origin can interact with a resource from another origin, the idea is to isolate potentially malicious scripts and reduce potential attack vectors by preventing a malicious website from running arbitrary JavaScript code to read data, such as, from another domain. , email service.
But this does not apply to how Safari handles the IndexedDB API in Safari on iOS, iPadOS, and macOS.
“In Safari 15 on macOS and all browsers on iOS and iPadOS 15, the IndexedDB API violates the same-origin policy,” said Martin Badjanik in his post. “Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session.”
This privacy breach implies that it allows websites to know what other websites a user is visiting in different tabs or windows, not to mention accurately identifying users in Google services such as YouTube and Google Calendar, as these websites sites create IndexedDB databases. which include authenticated files. Google user ID, which is an internal identifier that uniquely identifies a single Google account.
“Not only does this mean that untrusted or malicious websites can learn the identity of a user, but it also allows multiple separate accounts used by the same user to be linked,” Bajanik said.
To make matters worse, the leak also affects Safari 15’s private browsing mode if the user visits multiple different websites from the same tab in the browser window. We’ve reached out to Apple for additional comments and will update the story if we hear.
“This is a huge mistake,” Google Chrome advocate Jake Archibald tweeted. “On OSX, Safari users can (temporarily) switch to a different browser to prevent their data from being leaked from one source to another. iOS users don’t have that choice because Apple is banning other browser engines.”
The post This New Apple Safari Browser Bug Allows Cross-Site User Tracking appeared first on OFFICIAL HACKER.
A Russian court fined Google nearly $ 100 million for allegedly “systematically refusing the company to remove prohibited content” after finding it guilty of repeated violations of Russian law.
The Tagansky District Court ordered Google to pay an administrative fine of about 7.2 billion rubles (roughly $ 98.4 million) or about 8% of the search giant’s annual revenue in Russia.
“In the case of an administrative offense under Part 5 of Article 13.41 of the Administrative Offenses Code, <…> LLC“ Google ”was found guilty … A punishment was imposed in the form of an administrative fine in the amount of 7,221,916,235 rubles,” Tagansky said. District court at the press service.
Google has 10 days to appeal the sanction. The company told The Verge that it “will examine the court documents when they become available and then decide on the next course of action.”
In addition to Google, on Friday, the court also fined Facebook (now Meta) nearly 2 billion rubles ($ 27.2 million) for repeatedly failing to remove content deemed illegal. The court said Google and Meta could face additional revenue-based penalties if they didn’t remove the equipment.
Over the past year, Russia has intensified its efforts to control the content available on the Internet. Earlier, Russian courts imposed lower fines on Google, Facebook and Twitter.
“This is the first time a Russian court has imposed fines that are part of the annual revenues of these companies in Russia,” said Roskomnadzor, Russia’s state communications watchdog, in a statement.
The regulator said Google and Meta “ignored several requests” to remove content that incites religious hatred and promotes the views of “extremist and terrorist organizations” and encourages dangerous behaviour by minors, including. He also accused them of not providing content related to drugs, weapons and explosives.
The agency said Facebook did not remove all of the content that Moscow wanted to remove: 1,043 items are still on Facebook and 973 items on Instagram, and Google was unable to remove 2,600 of those items. He warned that they could face additional revenue-based penalties if they do not remove prohibited content.
The post Google Faces Fine of $100 Million in Russia Over Failure To Delete Content appeared first on OFFICIAL HACKER.
Login