hashpwn

Terms of Service & Privacy Policy Effective Date: Aug 31, 2025 Welcome to hashpwn.net (“we,” “our,” or “us”). By accessing or using hashpwn.net or any of its subdomains (collectively, the “Services”), you agree to comply with and be bound by these Terms of Service. This includes, but is not limited to, the forum and any Services we may provide under the hashpwn.net domain. If you do not agree, please discontinue use of the Services. 1. Eligibility You must be at least 18 years old to register for or use any hashpwn.net Services. By using our Services, you represent that you meet this requirement. 2. User Conduct When using any hashpwn.net Service, you agree not to: Post, share, or request personally identifiable information (PII). Share, request, or distribute illegally obtained data (e.g., combo lists, stolen data, etc). Engage in hate speech, harassment, or unlawful activities. Attempt to compromise, disrupt, or misuse any Service we provide. Our Services are intended for ethical cybersecurity research, discussion, and learning. Illegal activity is strictly prohibited. 3. User Content You retain ownership of any content you post, upload, or submit to hashpwn.net Services. By submitting content, you grant hashpwn.net a non-exclusive, worldwide license to store, display, and distribute your content as necessary to operate and provide the Services. Requests for deletion of publicly posted content will be honored, except in rare cases where retention is required for legal, security, moderation, or administrative reasons (e.g., evidence of abuse). Account deletion and personal data removal requests will always be honored. 4. Privacy & Data Collection We respect your privacy. We collect basic technical information such as IP address, cookies, browser type, and usage analytics. We use this information only for site functionality, security, and moderation. We may log usage data to maintain service quality. We do not sell, rent, or share your information with third parties for advertising or marketing purposes. Users may request removal of their personal data. 5. Disclaimer of Warranties All Services provided by hashpwn.net are offered “as is” and without warranties of any kind, whether express or implied. We do not guarantee uptime, availability, or error-free operation for any Service. Use of hashpwn.net Services is at your own risk. 6. Limitation of Liability To the fullest extent permitted by law, hashpwn.net, its owners, administrators, moderators, and affiliates are not liable for any damages arising from use of our Services, including but not limited to loss of data, downtime, security issues, or service interruptions. 7. Termination We reserve the right to suspend, restrict, or terminate accounts or access to any hashpwn.net Service at our discretion for violations of these Terms or other reasons deemed necessary to protect the community and infrastructure. 8. Changes to the Terms We may update these Terms at any time. Changes will be posted on this page with a new effective date. Continued use of our Services after updates are posted constitutes acceptance of the revised Terms. 9. Contact For questions, concerns, or requests, please contact: @cyclone (Admin/Owner)

-m 2600 2641814_left.zip 31575_found.txt

Fortinet: FortiWeb Actively Exploited (again) [image: 1763653560091-7d7c2820-93bb-49dc-987e-db05cdd138da-image.png] Fortinet has issued an alert for CVE-2025-58034, a command injection bug in FortiWeb (CVSS 6.7) that is being weaponized. The flaw is an OS command injection issue in FortiWeb’s HTTP and CLI handling that allows arbitrary code execution, but only after an attacker has authenticated by some other method. Patches are available for all affected branches: • 8.0.0 to 8.0.1 → update to 8.0.2 • 7.6.0 to 7.6.5 → update to 7.6.6 • 7.4.0 to 7.4.10 → update to 7.4.11 • 7.2.0 to 7.2.11 → update to 7.2.12 • 7.0.0 to 7.0.11 → update to 7.0.12 Reported by Trend Micro’s Jason McFadyen, the flaw is already under active exploitation, prompting CISA to add it to the Known Exploited Vulnerabilities catalog with a federal patch deadline of November 25, 2025. Exploit chain activity: The situation escalates when paired with CVE-2025-64446, an authentication bypass silently patched by Fortinet in 8.0.2. According to Orange Cyberdefense and Rapid7, attackers are chaining the two bugs: bypassing authentication via CVE-2025-64446, then leveraging CVE-2025-58034 for command execution. This converts an authenticated-only issue into full unauthenticated RCE against unpatched appliances. Industry concern: Security teams have raised concerns about Fortinet’s decision to patch these flaws before publishing advisories. Analysts note that silent patching provides attackers with a window of advantage and leaves defenders unaware of what they're exposed to until exploitation is already underway. Action required: Apply the fixed releases immediately and audit FortiWeb instances for suspicious authenticated activity or anomalous command execution attempts, especially if systems were running vulnerable versions prior to Fortinet’s disclosure. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-58034 https://thehackernews.com/2025/11/fortinet-warns-of-new-fortiweb-cve-2025.html

New version released. https://github.com/cyclone-github/hashes.com-escrow-tool/releases/tag/v1.1.2 v1.1.2; 2025-11-21 fixed redundant new line logic added http timeouts Full Changelog: https://github.com/cyclone-github/hashes.com-escrow-tool/compare/v1.1.1...v1.1.2

Escrow ID# 80682 • Algorithm: MD5, -m 0 • Total hashes: 1 • Price per hash: $5.0390 • Escrow URL: https://hashes.com/en/escrow/item/?id=80682 • Download hashes: 80682_0.zip

Due to the global Cloudflare outage today, all hashpwn front-end web services were either partially, or fully, unavailable from 11/18/2025 11:57 UTC - 11/18/2025 14:35 UTC with an Internal Server Error 500 status from Cloudflare. As soon as Cloudflare mitigated the issue on their side, all hashpwn front-end web services became available. More info about Cloudflare's outage: https://forum.hashpwn.net/post/6195 https://www.businessinsider.com/cloudflare-outage-internet-down-x-open-ai-2025-11 https://www.cloudflarestatus.com [image: 1763481333855-d87b4a38-06cc-4776-a408-42241232f99e-image.png]