#hashpwn — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #hashpwn, aggregated by home.social.
-
FortiBleed: The ongoing Fortinet / FortiGate compromise campaign
Fortinet edge devices are being targeted in a large-scale compromise campaign involving exposed management interfaces, FortiCloud SSO abuse, credential theft, brute forcing, config exports, and suspicious admin account creation.
This should be treated as a compromise-assessment event, not just a normal patch cycle.
Admins should patch FortiOS, review all local admin accounts, rotate credentials and shared secrets, check for config exports, enforce MFA, and restrict management access to trusted IPs or VPN-only access.
Full details:
https://forum.hashpwn.net/post/14105#fortinet #fortigate #fortibleed #fortios #forticloud #cybersecurity #vpn #hashpwn
-
NOCIX is currently experiencing an ongoing service-impacting outage affecting customer-hosted servers, with some users also reporting issues accessing the customer portal.
No official root cause has been confirmed by NOCIX, but Reddit users are stating this is a power outage. This should be treated as unverified until NOCIX publishes an incident notice.
More info:
https://forum.hashpwn.net/post/13533#NOCIX #Hosting #DataCenter #Outage #SysAdmin #InfoSec #hashpwn
-
YellowKey: BitLocker Bypass or Backdoor
YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.
At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.
Read more: https://forum.hashpwn.net/post/13339
#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.
All that is needed is local shell access and a few lines of python.
https://forum.hashpwn.net/post/12727
#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn
-
Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.
All that is needed is local shell access and a few lines of python.
https://forum.hashpwn.net/post/12727
#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn
-
Released: hashgen v1.3.0
New in this version:
* HMAC modes
* PBKDF2 modes
* scrypt support
* additional BLAKE2 modes
* hashcat UTF-16LE modes
* optimized salt RNG on salted hashes
* 95+ supported hash modes -
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Congrats to HashMob for winning Crack the Con 2026!
1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown -
Crack the Con 2026 launched this morning!
https://forum.hashpwn.net/post/11778
#ctc #crackthecon #CypherCon #hashcracking #contest #hashpwn #cybersecurity #infosec
-
Crack the Con 2026 launched this morning!
https://forum.hashpwn.net/post/11778
#ctc #crackthecon #CypherCon #hashcracking #contest #hashpwn #cybersecurity #infosec
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
Update: Solflare “xpass exploit" Details Released
In Feb 2025, I reported an exploit vulnerability in the Solflare Chrome wallet which allowed the wallet vault (solflaredata) to be decrypted without the user's password.
Turns out, this was a backdoor, not a bug.
Today, I am releasing the full details of the xpass exploit, aka the "backdoor master key".
https://forum.hashpwn.net/post/11116
#solflare #crypto #wallet #vulnerability #exploit #backdoor #xpass #cyclone #hashpwn #news #infosec #cybersecurity
-
Update: Solflare “xpass exploit" Details Released
In Feb 2025, I reported an exploit vulnerability in the Solflare Chrome wallet which allowed the wallet vault (solflaredata) to be decrypted without the user's password.
Turns out, this was a backdoor, not a bug.
Today, I am releasing the full details of the xpass exploit, aka the "backdoor master key".
https://forum.hashpwn.net/post/11116
#solflare #crypto #wallet #vulnerability #exploit #backdoor #xpass #cyclone #hashpwn #news #infosec #cybersecurity
-
Cisco Catalyst SD-WAN CVSS 10.0 zero-day (CVE-2026-20127) has been actively exploited, with attackers gaining admin access.
Full technical breakdown: https://forum.hashpwn.net/post/10802
#cisco #sdwan #cvss10 #cve202620127 #exploit #cybersecurity #infosec #news #hashpwn
-
Cisco Catalyst SD-WAN CVSS 10.0 zero-day (CVE-2026-20127) has been actively exploited, with attackers gaining admin access.
Full technical breakdown: https://forum.hashpwn.net/post/10802
#cisco #sdwan #cvss10 #cve202620127 #exploit #cybersecurity #infosec #news #hashpwn
-
New release: guarda_pwn
Tool to decrypt and recover Guarda crypto wallets.
Details: https://forum.hashpwn.net/post/10799
#guarda #wallet #crypto #recovery #seedphrase #infosec #hashpwn
-
New release: guarda_pwn
Tool to decrypt and recover Guarda crypto wallets.
Details: https://forum.hashpwn.net/post/10799
#guarda #wallet #crypto #recovery #seedphrase #infosec #hashpwn
-
New release: guarda_pwn
Tool to decrypt and recover Guarda crypto wallets.
Details: https://forum.hashpwn.net/post/10799
#guarda #wallet #crypto #recovery #seedphrase #infosec #hashpwn
-
New release: guarda_pwn
Tool to decrypt and recover Guarda crypto wallets.
Details: https://forum.hashpwn.net/post/10799
#guarda #wallet #crypto #recovery #seedphrase #infosec #hashpwn
-
New release: trustwallet_pwn
Toolset to extract and decrypt Chrome-based extension TrustWallet vaults.
Details: https://forum.hashpwn.net/post/10795
#trustwallet #recovery #seedphrase #infosec #crypto #hashpwn
-
New release: trustwallet_pwn
Toolset to extract and decrypt Chrome-based extension TrustWallet vaults.
Details: https://forum.hashpwn.net/post/10795
#trustwallet #recovery #seedphrase #infosec #crypto #hashpwn
-
New release: trustwallet_pwn
Toolset to extract and decrypt Chrome-based extension TrustWallet vaults.
Details: https://forum.hashpwn.net/post/10795
#trustwallet #recovery #seedphrase #infosec #crypto #hashpwn
-
New release: trustwallet_pwn
Toolset to extract and decrypt Chrome-based extension TrustWallet vaults.
Details: https://forum.hashpwn.net/post/10795
#trustwallet #recovery #seedphrase #infosec #crypto #hashpwn
-
New release: trustwallet_pwn
Toolset to extract and decrypt Chrome-based extension TrustWallet vaults.
Details: https://forum.hashpwn.net/post/10795
#trustwallet #recovery #seedphrase #infosec #crypto #hashpwn
-
Chrome CSS Zero-Day (CVE-2026-2441)
Google has patched a CVSS 8.8 high-severity use-after-free bug in Chrome’s CSS engine that is being exploited in the wild. This also affects all Chrome-based browsers such as Brave, Edge and Opera.
https://forum.hashpwn.net/post/10273
#google #chrome #brave #edge #opera #browser #cybersecurity #css #zeroday #cve20262441 #news #hashpwn
-
Chrome CSS Zero-Day (CVE-2026-2441)
Google has patched a CVSS 8.8 high-severity use-after-free bug in Chrome’s CSS engine that is being exploited in the wild. This also affects all Chrome-based browsers such as Brave, Edge and Opera.
https://forum.hashpwn.net/post/10273
#google #chrome #brave #edge #opera #browser #cybersecurity #css #zeroday #cve20262441 #news #hashpwn
-
For those who lost their Dogecoins due to the defunct Dough Wallet iPhone app, here's a tool to recover your Dogecoin address and private keys.
-
Windows Notepad RCE - CVE-2026-20841
A crafted Markdown link could trigger command execution via protocol handler abuse on Windows 11 Notepad.
-
Ivanti has disclosed two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) which allow RCE, tracked as CVE-2026-1281 and CVE-2026-1340. Both flaws are unauthenticated code injection issues that allow remote attackers to achieve arbitrary code execution on affected EPMM appliances. Active exploitation has been confirmed.
https://forum.hashpwn.net/post/9428
#cybersecurity #zeroday #rce #news #ivanti #cve #epmm #hashpwn
-
New version of hashgen released.
v1.2.2
- added mode: halfmd5 -m 5100
- added mode: morsedecodehttps://forum.hashpwn.net/post/89
#hashgen #md5 #halfmd5 #hashcat #morsecode #morsedecode #hashcracking #hashpwn
-
New version of hashgen released.
v1.2.2
- added mode: halfmd5 -m 5100
- added mode: morsedecodehttps://forum.hashpwn.net/post/89
#hashgen #md5 #halfmd5 #hashcat #morsecode #morsedecode #hashcracking #hashpwn
-
Atomic Wallet users recently noticed their Monero (XMR) balances missing or displaying incorrectly. Atomic Wallet says this is a Monero sync and display issue, not lost funds, and that all XMR remains safe on-chain while a fix is being worked on.
Given Atomic Wallet’s past security incident in 2023, caution is understandable. No theft has been reported, but users are encouraged to verify independently and never share private keys or seed phrases.
https://forum.hashpwn.net/post/8866
#atomic #wallet #crypto #monero #xmr #hashpwn #news #cybersecurity
-
Happy New Year!
Hashpwn wrapped up our first full year in 2025 and had a lot of fun along the way.
A big thank you to everyone who has been part of the community, and to our staff who helped turn an idea into a reality.
Here's to 2026!
-
hashpwn-2025 wordlist is available for download and now includes all founds submitted to forum.hashpwn.net from Oct 2024 - Dec 2025.
-
The hashpwn 12 Days of Christmas Challenge Walkthrough and Submission Results have been posted!
Walkthrough:
https://forum.hashpwn.net/post/8042Challenge Submission Results:
https://forum.hashpwn.net/post/8043Also, Grand Prize winner #_cin posted a summary of his experience:
https://forum.hashpwn.net/post/8041#hashpwn #christmas #challenge #puzzle #results #walkthrough
-
The hashpwn 12 Days of Christmas Challenge Walkthrough and Submission Results have been posted!
Walkthrough:
https://forum.hashpwn.net/post/8042Challenge Submission Results:
https://forum.hashpwn.net/post/8043Also, Grand Prize winner #_cin posted a summary of his experience:
https://forum.hashpwn.net/post/8041#hashpwn #christmas #challenge #puzzle #results #walkthrough
-
A special thanks to our sponsors this year which made the prizes possible. Participates won over $700 worth of prizes in 13 different puzzles!
• Hashpwn.net
Hashpwn is an ethical hash cracking forum that offers moderated discussion, shared research, custom tools, all in a friendly and professional community.
Sponsored: Daily Prizes, Grand Prize• Lethologica.nl
Lethologica specializes in ethical crypto wallet recovery using advanced password research, digital forensics, and high-performance compute.
Sponsored: Daily Prizes, Grand Prize• Hashes.com
Hashes.com is a site dedicated to hash recovery with hash lookups, an escrow service, and an API to tie it all together.
Sponsored: Grand Prize• Hashmob.net
HashMob is a collaborative password research platform focused on hash recovery, analysis, and statistics. It provides shared hashlists, wordlists, tools, optimized rules, and APIs that help researchers and penetration testers improve real-world password security.
Sponsored: 3-month Diamond Patreon Vouchers to hashmob.net, Daily Prizes, Grand Prize• Hashcracky.com
Hashcracky hosts gamified hash cracking events where participants crack hashes, earn loot, and compete on live leaderboards. It blends competitive fun with real cracking skills through themed, time-limited challenges.
Sponsored: Vouchers for 35k Gold and loot at hashcracky.com#hashpwn #lethologica #hashescom #hashmob #hashcracky #hashcracking #challenge #puzzle #christmas
-
A special thanks to our sponsors this year which made the prizes possible. Participates won over $700 worth of prizes in 13 different puzzles!
• Hashpwn.net
Hashpwn is an ethical hash cracking forum that offers moderated discussion, shared research, custom tools, all in a friendly and professional community.
`Sponsored`: Daily Prizes, Grand Prize• Lethologica.nl
Lethologica specializes in ethical crypto wallet recovery using advanced password research, digital forensics, and high-performance compute.
`Sponsored`: Daily Prizes, Grand Prize• Hashes.com
Hashes.com is a site dedicated to hash recovery with hash lookups, an escrow service, and an API to tie it all together.
`Sponsored`: Grand Prize• Hashmob.net
HashMob is a collaborative password research platform focused on hash recovery, analysis, and statistics. It provides shared hashlists, wordlists, tools, optimized rules, and APIs that help researchers and penetration testers improve real-world password security.
`Sponsored`: 3-month Diamond Patreon Vouchers to hashmob.net, Daily Prizes, Grand Prize• Hashcracky.com
Hashcracky hosts gamified hash cracking events where participants crack hashes, earn loot, and compete on live leaderboards. It blends competitive fun with real cracking skills through themed, time-limited challenges.
`Sponsored`: Vouchers for 35k Gold and loot at hashcracky.com#hashpwn #lethologica #hashescom #hashmob #hashcracky #challenge #puzzle #christmas
-
🎄 Merry Christmas Eve! 🎅
The easy part of the Challenge is coming to an end, and everyone should find the upcoming Challenges a bit more complex to solve. Don't let that discourage you from continuing though as there's still more prizes to be won.