🔴 Dates of major cybersecurity conferences in 2026:

- DEF CON Singapore - Apr. 28-30, 2026
- DEF CON 34 - Aug. 6-9, 2026
- Black Hat USA - August 1-6, 2026
- Black Hat Europe - TBA, 2026
- Black Hat Asia - April 21-24, 2026
- Black Hat Middle East & Africa - December 1-3, 2026
- Recon - June 19 to 21 2026
- Offensive Security Conference May 15-16th 2026
- Orangecon - 4 June 2026
- Zer0con - 2 - 3 April, 2026
- Districtcon - January 24-25, 2026
- RE//verse - March 5-7, 2026
- x33fcon - June 11-12 2026

To find out when to CFP, you can check this site or this.

#Conference
#CyberSecurityConference #infosec

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

🔴 As you are aware, yesterday the President of Venezuela, Nicolás Maduro, was captured during an operation and transferred to the United States. During this operation, the Americans used a cyberattack to cut off the power in Caracas.

According to U.S. military officials, initially, Venezuela’s air defense systems were destroyed to allow U.S. special operations forces to enter the country.

As these forces approached Maduro, the U.S. cut off power to parts of Caracas. Trump also mentioned in a press conference that with some of the expertise we have, the lights went out. Although he did not provide further details, sources involved in the operation stated that a cyberattack temporarily cut off power.

#Venezuela #USA

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

🔴 Yesterday, the threat actors known as Scattered Lapsus$ Hunters (SLH) claimed to have breached the cybersecurity company Resecurity and published a series of data including employee information, internal communications, and threat reports to prove their infiltration. For example, they shared communications between Resecurity employees and Pastebin personnel regarding malicious content that was shared on the platform.

The hackers stated that this retaliatory attack was conducted in response to Resecurity’s attempts at social engineering and learning about their operations.

They claimed that Resecurity employees pretended to be buyers during the sale of a financial database from Vietnam, seeking free samples and additional information.

However, a spokesperson for ShinyHunters stated that they were not involved in this hack.

Resecurity has also stated that the hackers did not breach the company’s legitimate infrastructure but instead accessed a honeypot.

A honeypot is a system or account that is deliberately exposed and monitored, designed to deceive attackers, allowing for observation and analysis of the attackers’ activities without risking real data or infrastructure.

On November 21, the DFIR team at Resecurity identified reconnaissance activities on their publicly exposed systems and logged several IP addresses associated with the actor, including those originating from Egypt and Mullvad VPN services.

They subsequently created a honeypot account in an isolated environment populated with synthetic data that closely resembled real-world data to monitor the threat actor’s activities. The threat actor’s activities increased in December, and they began attempting data exfiltration.

Due to proxy connection issues, the hackers used real IP addresses on several occasions, which have been reported to law enforcement.

As the hackers’ activity increased, Resecurity added more fake datasets, leading to further OPSEC failures on the part of the hackers.

In response to this news, the hackers stated that they would soon publish new information.

#ThreatActors #ScatteredLAPSUSHunters #Resecurity #SLH #OPSEC #Honeypot

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

🔴 If you're curious about how secure your digital habits and the tools and platforms you use for communication and web browsing are, and what your status is based on the existing risks, you can use this website.
The value of this website is actually in collecting and categorizing security tips!

https://digital-defense.io/

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

A German hacker named Martha Root deleted a dating website associated with white supremacist groups during the CCC conference.

She infiltrated the site and used her own AI chatbot to extract as much information as possible from the users. Then she downloaded all the profiles. Following that, she uncovered the identity of the site’s owner and ultimately published all the acquired data.

#39C3 #CyberSecurity #Conference

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

🔴 The penetration testing course by Georgia Weidman is available for free on YouTube .

She is the author of the book "Penetration Testing: A Hands-On Introduction to Hacking."

#course

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

🔴 A threat actor known as 1011 has claimed that they were able to steal more than 10 databases containing sensitive information such as Salesforce API keys and Jira tokens by performing a brute-force attack against a NordVPN development server.

NordVPN has denied these claims, stating that the data in question belongs to an isolated test environment and contains only dummy (fake) data. According to the company, this test environment was created as part of an evaluation of a potential vendor they were considering working with. However, since no contract was ever signed, all the data stored in that environment was non-production and not real. Ultimately, NordVPN did not proceed with that vendor and chose to work with a different one.

In 2019, hackers successfully breached the servers of NordVPN and TorGuard, gaining full root access and stealing sensitive information from these VPN providers. In response to that incident, NordVPN launched its bug bounty program.

Source: BleepingComputer

#NordVPN #VPN

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

🔴 Ledger, the manufacturer of hardware wallets, has informed some of its customers that their names and contact information were exposed in a security incident related to Global-e.

If you use a Ledger hardware wallet and made a purchase with Global-e acting as the Merchant of Record, you are affected by this incident. Otherwise, all software and hardware systems of the Ledger platform remain secure.

The Global-e platform is responsible for services such as checkout and payment processing, order fulfillment, localization, tax and duty calculations, and regulatory compliance for multiple online stores and brands, including Bang & Olufsen, adidas, Disney, Givenchy, Hugo Boss, Ralph Lauren, Michael Kors, Netflix, and M&S.

Global-e has stated that it is currently directly notifying all potentially affected individuals and relevant regulators, and has emphasized that no payment information or account credentials were compromised in this incident.

Users are advised to remain vigilant against potential phishing and social engineering attacks that may attempt to exploit this breach.

Source: BleepingComputer

#wallet #cryptocurrency

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

🔴 I previously introduced Google’s Dark Web service, which searches for data published on the dark web and alerts you if your information is included. (Although this service is being shut down.)

This morning, I received an alert that my email and Twitter username are included in a leak titled "Cryptocurrency Twitter Follower Data." I couldn’t find any details about this data by searching on Google.

The concerning point is that if this data becomes public (which it might have), individuals can link my email to my Twitter and vice versa, opening new doors for OSINT (Open Source Intelligence).

On the other hand, the data is specifically related to cryptocurrencies, so I could also become a phishing target (email, etc.).

Furthermore, many of us, a few years ago, engaged in hamster-like activities to gain more tokens, posting about cryptocurrency on Twitter or following projects, and thus we might be on this list as well.

In summary, be careful.

#Leak #Twitter #Cryptocurrency

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

🔴 Critical Vulnerability in n8n:

A critical vulnerability with the identifier CVE-2026-21858 and a score of 10 has been reported and fixed in n8n, also known as Ni8mare.

The vulnerability allows an attacker to access files on the underlying server by executing certain form-based workflows. A vulnerable workflow may grant access to an unauthenticated remote attacker, potentially leading to the exposure of sensitive information stored on the system and creating opportunities for further compromises depending on the deployment and usage of the workflows.

Vulnerable Versions: 1.65.0 and earlier.

Fixed Versions: 1.121.0 and later (version 1.121.0 was released in November).

Over the last two weeks, n8n has fixed a total of four critical vulnerabilities related to this issue:

- CVE-2025-68613: Allows an authenticated attacker to achieve RCE.
- CVE-2025-68668 or N8scape: Grants an authenticated user with permission to create or modify workflows the ability to execute arbitrary commands on the host system running n8n.
- CVE-2026-21877: Allows an authenticated attacker to execute untrusted code via the n8n service and gain full control of the instance.

#SecurityVulnerability #n8n #cve #Ni8mare

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)

🔴 From January 11 to 14, the first National Week of Information Technology Security will be held in Tehran under the slogan “Digital Security, the Infrastructure of National Trust.”

The specialized sessions conducted in panel format are as follows:

- January 11: Information Security in the Banking Network
- January 11: The Role of Universities in the Development of Security Technology
- January 12: New Cyber Threats in the Era of Artificial Intelligence
- January 12: Data Governance and Security Requirements
- January 13: Development of the Domestic Cybersecurity Industry
- January 13: Information Security in Industrial Networks

Workshops:

- January 11 - 9 AM - 12 PM - Workshop on Security in Industrial Networks (AFTA Center)
- January 12 - 8:30 AM - 10 AM - Asset Management, Risk Management, and Data Leakage (RejaIT Company)
- January 12 - 10:30 AM - 12 PM - Attack Simulation (BAS): Assessing the Effectiveness of Cyber Threat Detection in the Security Operations Center

On January 23 and 24, an exhibition will also take place, which is open to the public. This exhibition will feature the participation of 40 private sector companies active in producing local cybersecurity products and providing security services.

For more information, you can visit the event website.

In other news from AFTA, Dr. Noroozadeh, the head of AFTA’s Strategic Center, has stated:

- Training, attracting, retaining, and maintaining cybersecurity specialists are significant concerns for agencies, organizations, and the private sector.

- A plan has been submitted by the AFTA Development Headquarters to the Administrative and Recruitment Affairs Organization to exempt the allocation and determination of cybersecurity specialists’ salaries from the regulations of public service law. This aims to align the salaries of cybersecurity personnel in the public sector closer to those in the private sector by providing financial incentives.

- Poor configuration, human negligence, and violation of cybersecurity policies are major reasons for cyber incidents, necessitating legal action against managers who fail to act despite the regulations and directives from the AFTA Strategic Management Center.

- To free ourselves from the cyber dominance of adversaries, it is essential to increase the use of domestically produced cybersecurity products and replace foreign products.

- Establishing and launching National Threat Intelligence Centers (CTI), Threat Detection and Response (MDR), and Information Sharing and Analysis Centers (ISAC) are among the future plans and projects of the AFTA Center. / Source

#Iran #AFTA

🆔 @onhex_en
🌍 ONHEXGROUP (Official Links)