CharlotteOS - Catten
catten is an operating system kernel developed as a key component of the CharlotteOS project but it is designed to be flexible enough that we hope it can also find use in many other places.

So we have a kernel built in rust, I heard that Ubuntu are willing to do the same. Seems there are no more buffer over flows 👀

What do you see about this share us in comments 👇

Source code https://github.com/charlotte-os/Catten

@reverseengineer101

Balancer Protocol (web3 Ethereum DeFi Protocol) got hacked due to a bug in their code allows attackers to steal +70M $ or 110M $ (as some news says) which is the biggest breach in the world till now

▲In my point of view (or a security researcher point of view), code reviewing -by security experts not for regular code bugs but for vulnerabilities- isn't a critical step to take nowadays not just a routine also internal pentesting -not for one time- is another crucial step to do

ⓘ The obvious classification of this vulnerability is A01:2021-Broken Access Control which is already categorized in OWASP top 10 as a growing issue

reference from CoinDesk: https://www.coindesk.com/markets/2025/11/03/balancer-hit-by-apparent-exploit-as-usd70m-in-crypto-moves-to-new-wallets

@reverseengineer101

DockMon

A comprehensive Docker container monitoring and management platform with real-time monitoring, intelligent auto-restart, multi-channel alerting, and complete event logging.


https://github.com/darthnorse/dockmon/

Tiktok android application RCE Vulnerability (local)

I know it's old but it worth to read and investigate

Explanation:
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6

Orgininal report:
https://hackerone.com/reports/1065500

@reverseengineer101

LANDFALL: New Android commercial-grade spyware targeted Samsung Galaxy devices via a WhatsApp zero-click exploit in image parsing (CVE-2025-21042)
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/

OWASP TOP 10
The new release 2025

If you don't know what is owasp top 10 then let's explain it, owasp is a foundation aims to help security researchers and companies/organizations to secure their products also to help devs to write a secure code to avoid vulnerable codes. Owasp also provides with some learning materials as the challenges we solved before here for android also they have a vulnerable web app called juice shop to learn web vulnerabilities. The owasp top 10 is a list published by owasp.org every few years about the most found vulnerabilities by security researchers during that period

https://owasp.org/Top10/2025/0x00_2025-Introduction/

Learn reverse engineering for beginners

https://v3nn00m.github.io/

Androguard for android applications analysis for vulnerabilities and more

https://github.com/androguard/androguard

Many news here in Egypt about a cyber criminal called Abanoub Nady who was providing with Phishing-as-a-Service (PhaaS)
He did over 240 phishing domains for Microsoft only

The funny part, people are saying he is mostly the person who was sending phishing emails with the domain (rnicrosoft.com) "r + n"

Official Microsoft risk management article: https://www.microsoft.com/en-us/security/security-insider/risk-management/egypt-based-cybercriminal-suppliers-websites-seized

Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088

Run full-fledged Linux Distros right on your Android device without rooting.

Official website: https://andronix.app/

Github: https://github.com/AndronixApp

Google play: https://play.google.com/store/apps/details?id=studio.com.techriz.andronix

Cyber news

TCM Security is running an AI chat bot hacking CTF on
https://ctf.tcmsecurity.com/

The winners are getting 50% discount of the certificates there

Happy hacking
It's easy to solve by the way, I already did it

@reverseengineer101

Cloudflare Turnsite is down so if your website or the website you regularly visit isn't working it's not your problem

Official source from cloudflare: https://www.cloudflarestatus.com/

Well, it should be like this instead of Google's cloud

Gooey

Turn (almost) any Python command line program into a full GUI application with one line

What is it?

Gooey converts your Console Applications into end-user-friendly GUI applications. It lets you focus on building robust, configurable programs in a familiar way, all without having to worry about how it will be presented to and interacted with by your average user.

https://github.com/chriskiehl/Gooey/

Yesterday

The new Egyptian Nuclear Project

Built Egyptians and Russians on an Egyptian land

🇷🇺🇪🇬🇷🇺🇪🇬

New video uploaded !

Intigriti's month (Nov 2025) challenge full walk through

Watch on YouTube
https://youtu.be/ZNYxws_LtWs

Read the write-up on Medium
https://medium.com/@mohamedabozaid961/intigritis-1125-challenge-walk-through-3e3c391f7699

The pdf version is in comments below 👇

@reverseengineer101