FortiBleed: The ongoing Fortinet / FortiGate compromise campaign

Fortinet edge devices are being targeted in a large-scale compromise campaign involving exposed management interfaces, FortiCloud SSO abuse, credential theft, brute forcing, config exports, and suspicious admin account creation.

This should be treated as a compromise-assessment event, not just a normal patch cycle.

Admins should patch FortiOS, review all local admin accounts, rotate credentials and shared secrets, check for config exports, enforce MFA, and restrict management access to trusted IPs or VPN-only access.

Full details:
https://forum.hashpwn.net/post/14105

#fortinet #fortigate #fortibleed #fortios #forticloud #cybersecurity #vpn #hashpwn

NOCIX is currently experiencing an ongoing service-impacting outage affecting customer-hosted servers, with some users also reporting issues accessing the customer portal.

No official root cause has been confirmed by NOCIX, but Reddit users are stating this is a power outage. This should be treated as unverified until NOCIX publishes an incident notice.

More info:
https://forum.hashpwn.net/post/13533

#NOCIX #Hosting #DataCenter #Outage #SysAdmin #InfoSec #hashpwn

YellowKey: BitLocker Bypass or Backdoor

YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.

At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.

Read more: https://forum.hashpwn.net/post/13339

#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn

Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.

All that is needed is local shell access and a few lines of python.

https://forum.hashpwn.net/post/12727

#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn

Released: hashgen v1.3.0

New in this version:

* HMAC modes
* PBKDF2 modes
* scrypt support
* additional BLAKE2 modes
* hashcat UTF-16LE modes
* optimized salt RNG on salted hashes
* 95+ supported hash modes

https://forum.hashpwn.net/post/89

#hashgen #hashgenerator #hashcracking #hashpwn #golang

Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.

Full write-up: https://forum.hashpwn.net/post/12014

#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn

Congrats to HashMob for winning Crack the Con 2026!

1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown

https://forum.hashpwn.net/post/11819

#crackthecon #ctc #cyphercon #hashcat #hashpwn

Crack the Con 2026 launched this morning!

https://forum.hashpwn.net/post/11778

#ctc #crackthecon #CypherCon #hashcracking #contest #hashpwn #cybersecurity #infosec

CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

Details:
https://forum.hashpwn.net/post/11119

GitHub repo:
https://github.com/Cynosureprime/hashpipe

#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

Update: Solflare “xpass exploit" Details Released

In Feb 2025, I reported an exploit vulnerability in the Solflare Chrome wallet which allowed the wallet vault (solflaredata) to be decrypted without the user's password.

Turns out, this was a backdoor, not a bug.

Today, I am releasing the full details of the xpass exploit, aka the "backdoor master key".

https://forum.hashpwn.net/post/11116

#solflare #crypto #wallet #vulnerability #exploit #backdoor #xpass #cyclone #hashpwn #news #infosec #cybersecurity