Author

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

219

Articles

Likes

Views

Comments

Latest from Black & White Path

100 recent articles max

Black & White Path

Apr 28, 2026 · Information Security

Hackers Exploit React2Shell via Telegram Bot, Breaching Over 900 Companies

A publicly exposed server revealed a large‑scale automated attack in which threat actors used the Bissa scanner tool, AI‑assisted code, and hard‑coded Telegram bots to exploit the React2Shell (CVE‑2025‑55182) vulnerability, stealing credentials from more than 900 enterprises and reporting each success in real time.

AutomationBissa scannerCVE-2025-55182

0 likes · 7 min read

Hackers Exploit React2Shell via Telegram Bot, Breaching Over 900 Companies

Black & White Path

Apr 28, 2026 · Artificial Intelligence

Getting Started with ESP-Claw: Zero‑Code IoT on ESP32

This guide walks through using ESP‑Claw to build a no‑code IoT solution on an ESP32‑S3‑N16R8 board, covering firmware download, flashing, Wi‑Fi and model configuration, IM channel setup, a soil‑moisture demo, and a comparison with traditional coding approaches.

AIESP-ClawESP32

0 likes · 3 min read

Getting Started with ESP-Claw: Zero‑Code IoT on ESP32

Black & White Path

Apr 28, 2026 · Industry Insights

Beijing Engineer Sentenced to 5 Years for Deleting 89 TB of AI Training Data

In September 2024, a Beijing algorithm engineer illegally accessed his company's server cluster, executed a notorious delete command that erased over 89 TB of AI training data and 3D model assets, causing system paralysis and more than 200,000 yuan in losses, and was sentenced to five years and ten months in prison for destroying a computer information system.

AIcomputer crimedata deletion

0 likes · 4 min read

Beijing Engineer Sentenced to 5 Years for Deleting 89 TB of AI Training Data

Black & White Path

Apr 27, 2026 · Information Security

How I Exploited Multiple Vulnerabilities in a University System

This article details a step‑by‑step penetration test on a university’s web platform, covering XSS file uploads, JWT tampering for arbitrary login, massive personal data leakage, SQL injection payloads, and the exposure of several AK/SK secrets, all with concrete screenshots and commands.

JWTPenetration TestingSQL Injection

0 likes · 5 min read

How I Exploited Multiple Vulnerabilities in a University System

Black & White Path

Apr 27, 2026 · Information Security

Self‑Built QPU Stack Claims to Factor RSA‑1024: What the Analysis Shows

Renowned cryptographer Jean‑Philippe Aumasson posted a self‑built QPU stack that allegedly factors RSA‑1024, but a detailed technical review reveals the code relies on classic algorithms, the video is merely an animation, and the claim serves as a warning for organizations still using RSA‑1024.

QPUQuantum ComputingRSA-1024

0 likes · 10 min read

Self‑Built QPU Stack Claims to Factor RSA‑1024: What the Analysis Shows

Black & White Path

Apr 27, 2026 · Information Security

Why AI Coding Tools Leak Data by Default: Lessons from Recent High‑Profile Breaches

Recent data‑leak incidents at AI coding platforms such as Lovable, Vercel, and Anthropic reveal that insecure default settings, supply‑chain compromises, and inadequate threat modeling expose user code and chat logs, prompting experts to warn about the trade‑off between usability and security.

AI programmingAnthropicLovable

0 likes · 7 min read

Black & White Path

Apr 27, 2026 · Information Security

A Threat Actor Sells a ‘100% FUD’ PDF Exploit Builder – Inside the Claims and Pricing

A cyber‑crime forum user known as TheStrain is offering a PDF exploit construction tool that claims 100% FUD, unlimited builds, and compatibility with all Adobe Acrobat Reader and Foxit Reader versions, with license prices ranging from $300 to $1,500.

Adobe AcrobatFUDFoxit Reader

0 likes · 2 min read

A Threat Actor Sells a ‘100% FUD’ PDF Exploit Builder – Inside the Claims and Pricing

Black & White Path

Apr 26, 2026 · Information Security

How a PowerShell Pastebin Steganography Trojan Hijacks Telegram Sessions

The article dissects a recent attack where a PowerShell script hidden in a Pastebin post uses character‑level steganography to retrieve a C2 address, extracts Telegram Desktop's tdata files, compresses them, and exfiltrates the data via a hard‑coded Telegram Bot API, while employing hidden execution, fileless memory loading, environment detection, and self‑destruct on virtual machines.

FilelessInformation SecurityMalware

0 likes · 4 min read

How a PowerShell Pastebin Steganography Trojan Hijacks Telegram Sessions

Black & White Path

Apr 25, 2026 · Information Security

How I Bypassed a WAF with SQL Injection: A Step‑by‑Step Walkthrough

The article details a hands‑on investigation of a web application firewall that strips SQL keywords, shows how order‑by and CASE‑WHEN payloads can be used to probe column limits, construct blind injection strings, and ultimately achieve data extraction despite multiple filtering layers.

CASE WHEN payloadInformation SecuritySQL Injection

0 likes · 7 min read

How I Bypassed a WAF with SQL Injection: A Step‑by‑Step Walkthrough

Black & White Path

Apr 25, 2026 · Information Security

Analyzing an AI‑Developed C2 Remote‑Access Trojan Framework

The article details an AI‑crafted C2 remote‑access trojan framework hosted at 101.32.128[.]36:8443, describing its Go implant, Python listener, PowerShell stager, custom 443‑based encryption, Telegram bot exfiltration, the payload delivery chain via paste.rs and GitHub Gist, and provides sample hashes for the binaries.

C2GoPowerShell

0 likes · 2 min read

Analyzing an AI‑Developed C2 Remote‑Access Trojan Framework