Exodus to Drop Monero (XMR) Support by August 2025
Exodus Wallet, a popular self-custody cryptocurrency wallet, has officially announced it will discontinue support for Monero (XMR) on August 10, 2025. After this deadline, users will no longer be able to send, receive, or view XMR balances through Exodus.
What You Need to Know:
https://forum.hashpwn.net/post/607
Spider v0.9.0 released:
Updates:
-url-match flag to filter URLs by keyword
Several small bug fixes
Go bumped to v1.24.3
LockBit Ransomware Group Breached.
For anyone having issues logging into hashpwn or creating a new account due to captcha not working, this issue has been fixed.
Spider v0.8.0
New features include:
"-file" to generate n-grams from local plaintext files
"-timeout" for URL crawling
"-sort" to output n-grams by frequency
CISA Warns: 2021 SonicWall SMA 100 VPN Bug (CVE‑2021‑20035) Now Weaponized for Remote Code Execution
4chan Hit by Major Breach: Alleged Hacker Leaks Source Code, Moderator Identities, and Disrupts Site
ProtectEU threatens End-to-End-Encryption across VPNs, messaging apps, and secure email services.
This is part of a growing global trend where governments push for backdoors under the guise of national security. While aimed at combating crime, these proposals risk eroding digital privacy, weakening cybersecurity, and potentially driving privacy-focused services out of EU jurisdictions altogether.
hashgen v1.1.2 update
In the spirit of keeping hashgen blazingly fast, I published an optimized Base58 package:
https://pkg.go.dev/github.com/cyclone-github/base58
Switching to cyclone/base58 boosted hashgen's Base58 encode/decode performance by 500%.
Key features:
Familiar API, modeled after Go’s stdlib encoding/base64
Pure Go, no external deps
Fast, byte-slice optimized encoding/decoding
More details:
https://forum.hashpwn.net/post/542
What a great Crack the Con #contest put on by #CsP! Congrats to Team #Hashmob for 1st, #Unmuddlers for 2nd, and #UNSHADE for 3rd!
https://crackthecon.com/leaderboard.php
https://forum.hashpwn.net/topic/119/crack-the-con-2025/6
If you're into infosec news, I'm posting daily articles from top sources over on hashpwn. Check it out:
New Release: IPScope v0.2.4
IPScope is a powerful, but easy to use CLI tool for IP lookup and subdomain discovery.
What's new?
Sanity checks for punycode domains, added output file option, json formatted output, small bug fixes.
Installing the official Nvidia CUDA-toolkit on linux distros can be a pain. Here's a script that automates this so you can get back to cracking hashes.
#yescrypt_crack source code v0.2.0; 2025-03-06 uploaded to GitHub.
After seeing yescrypt hashes appear in CMIYC a while back, I started developing a yescrypt cracker in pure Go. Since then, yescrypt has become the default /etc/shadow hash for many popular linux distros such as Debian, Ubuntu, RHEL, Fedora, and Arch (to name a few), but hash cracking support for this algo has been limited to JtR -- until now.
Here's a sneak peek of the yescrypt_cracker POC:
GitHub PR for JetKVM password-auth issue mentioned here: https://infosec.exchange/@cyclone/114051390949658870
Didn't take long to find a vulnerability in my shiny new JetKVM: Password-based SSH auth w/insecure default password.
https://forum.hashpwn.net/post/435
Spoiler:
Issue #1: JetKVM isn't supposed to have password-auth SSH
Issue #2: JetKVM uses an insecure default root password
New GitHub Release:
Solflare Wallet Extractor and Decryptor binaries have been posted on GitHub. #solflare_pwn
