🚨 Three Windows zero-days released by Nightmare-Eclipse are being used in the wild by threat actors.

BlueHammer (CVE-2026-33825): LPE, Abuses Windows Defender’s signature-update pipeline and VSS to breach protected registry hives, dump SAM hashes/identities, and escalate privileges.

RedSun: LPE to SYSTEM abusing Defender's own cloud remediation to overwrite System32 binaries.

UnDefend: Unprivileged DoS that starves the AV of updates while spoofing healthy EDR telemetry.

‼️ Microsoft Windows domain controllers servers are restarting repeatedly after getting stuck in reboot loops because of recent April patches. 😂

Workaround: IT administrators can reach out to Microsoft Support for business to access a mitigation...

🚨🇦🇪 Dubai Police are confirmed to be "conducting electronic surveillance operations capable of detecting private WhatsApp messages."

It started with a message in a private group chat of airline workers.

Just colleagues talking, the kind of exchange that happens in thousands of workplace WhatsApp threads every single day.

An airline worker in Dubai shared images of a building damaged during the Iranian attacks...

He sent them to people he knew, in a closed conversation he believed was private.

He was wrong.

Dubai Police were watching.

They downloaded the evidence.

They built their case.

Then they lured the man to a meeting.

He showed up.

They arrested him on the spot.

He now sits in custody, facing charges that include publishing information deemed harmful to state interests, which could mean up to two years behind bars.

And then came the detail that should stop everyone reading this cold.

In their own police report, authorities stated plainly that the clip had been detected "through electronic monitoring operations."

Electronic monitoring of a private WhatsApp conversation between coworkers...

Radha Stirling (a human rights activist) put it bluntly: individuals are being tracked, identified, and arrested not for public statements, but for private exchanges between colleagues.

And the questions this raises don't stop at Dubai's borders.

They land squarely at the feet of WhatsApp and every company that promises its users end-to-end encryption capabilities.

Because if a closed chat between colleagues can be intercepted, decoded, and used as the basis for an arrest by an overreaching state, then billions of users worldwide are owed an answer to one very simple question.

How private are private Whatsapp groups and messages really?

Tesla has remotely altered tens of thousands of customer cars without consent, confirming you don't actually OWN your Tesla when you buy one.

They've demonstrated there's one single point of failure: the mothership. Whoever owns that, owns every Tesla on the road.

This past week they pushed config changes that got customers banned from using FSD. Experts confirm the mechanism is simple: an SMS wakes the car up, then software is pushed and installed from the mothership straight to the car's media control unit without user interaction.

This raises the question of how many privacy and data protection laws they broke, and how much data they collect on users, since they had enough to single out owners of third-party devices.

🚨🇺🇸 A week ago, the FBI Director couldn't log into his FBI account, so he panicked and called White House aides convinced he'd been fired. It was a technical glitch.

That's just one scene from The Atlantic's new report on Kash Patel, drawn from 24+ sources, describing heavy drinking, unexplained absences, and colleagues who now view him as a national-security vulnerability.

Trump personally called Patel to express his unhappiness after a video surfaced of him chugging beer with the U.S. Olympic hockey team in Italy.

Officials question whether alcohol played a role in Patel publicly pushing bad info on active cases, including the Charlie Kirk murder investigation.

He still has the job. But senior Trump officials are already discussing replacements, and a former official calls him "rightly paranoid."

https://www.theatlantic.com/politics/2026/04/kash-patel-fbi-director-drinking-absences/686839/

‼️ Meet Devesh aka IDISSEVERYTHING, he used an exploit to gain unauthorized access to a screener company, then downloaded the latest Avatar movie and leaked it.

He was also sentenced in 2016 for breaching NFL's Twitter account. And tweeting with it. From his home IP address 🤡

This research was done by X: foilmanhacks (give him a follow).

Here's a smoking gun: the user IDISSEVERYTHING posted a screenshot of what appears to be his terminal, and the username is... DEVESH.

Not very smart.

An exploit targeting a screener company was flagged to Jason on April 10. The tool was built by IDISSEVERYTHING.

- Screener companies distribute advance film copies to critics and industry professionals, a prime target for pre-release leaks
- The exploit enabled unauthorized access to that pipeline

Every known instance of the handle "IDISSEVERYTHING" traces back to one person: Devesh. He has been distributing the exploit on Discord under "idisseverything," with the account directly tied to "Logendran Devesh."

This is also not the first time Devesh has been a naughty naughty boy.. In 2016 he broke into the NFL's official Twitter account.....

This is what he tweeted back then.... from his home IP address... Devesh is not very smarty smarty, but very naughty naughty.. He got 24 months of probation..

Moral of the story: don't be like Devesh. And hacking is illegal and for nerds as vxunderground would say.