FortiBleed: The ongoing Fortinet / FortiGate compromise campaign

Fortinet edge devices are being targeted in a large-scale compromise campaign involving exposed management interfaces, FortiCloud SSO abuse, credential theft, brute forcing, config exports, and suspicious admin account creation.

This should be treated as a compromise-assessment event, not just a normal patch cycle.

Admins should patch FortiOS, review all local admin accounts, rotate credentials and shared secrets, check for config exports, enforce MFA, and restrict management access to trusted IPs or VPN-only access.

Full details:
https://forum.hashpwn.net/post/14105

#fortinet #fortigate #fortibleed #fortios #forticloud #cybersecurity #vpn #hashpwn

NOCIX is currently experiencing an ongoing service-impacting outage affecting customer-hosted servers, with some users also reporting issues accessing the customer portal.

No official root cause has been confirmed by NOCIX, but Reddit users are stating this is a power outage. This should be treated as unverified until NOCIX publishes an incident notice.

More info:
https://forum.hashpwn.net/post/13533

#NOCIX #Hosting #DataCenter #Outage #SysAdmin #InfoSec #hashpwn

YellowKey: BitLocker Bypass or Backdoor

YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.

At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.

Read more: https://forum.hashpwn.net/post/13339

#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn

Spider v1.0.0 released.

Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.

URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.

But, Spider does not stop at web crawling...

File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.

More info:
https://forum.hashpwn.net/post/52

#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking

Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.

All that is needed is local shell access and a few lines of python.

https://forum.hashpwn.net/post/12727

#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn

MD6 - The Failed SHA-3 Hash You Likely Never Heard Of

While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.

After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.

MD6 - Pure Go port
https://github.com/cyclone-github/md6

hashgen v1.3.1 - MD6 support
https://github.com/cyclone-github/hashgen

#md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port

Released: hashgen v1.3.0

New in this version:

* HMAC modes
* PBKDF2 modes
* scrypt support
* additional BLAKE2 modes
* hashcat UTF-16LE modes
* optimized salt RNG on salted hashes
* 95+ supported hash modes

https://forum.hashpwn.net/post/89

#hashgen #hashgenerator #hashcracking #hashpwn #golang

Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.

Full write-up: https://forum.hashpwn.net/post/12014

#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn