7-Zip Code Execution Flaws, ShinyHunters Dumps 7-Eleven Data, and Windows Hit by Post-Patch Zero-Day Blitz
TLDR: New 7-Zip vulnerabilities allow attackers to execute arbitrary code through malicious archive files, putting millions of installations at risk.
ShinyHunters made good on its extortion threat and leaked a 9.4GB archive of 7-Eleven franchisee data after the company refused to negotiate.
Windows users are facing a fresh wave of zero-day exploits in the wake of the latest Patch Tuesday, with attackers moving faster than defenders.
Full stories below…
Got something worth sharing?
PWN is a community for hackers and security enthusiasts.
We feature the best posts in this newsletter and we’re looking for news stories, writeups, tools, tutorials, discussion threads, and questions that spark real conversation.
We are accepting submissions for: News stories; Tutorials/write-ups; Tools you built or found useful; Discussion threads; or Questions that spark good conversation.
» Create a post, and you could be featured in the next email!
Our community is growing fast, with 935,000 views a month, 33,000 members, and 200+ new people joining daily. Create a post and you could be featured.
New 7-Zip Vulnerabilities Allow Attackers to Compromise Systems
Newly disclosed 7-Zip flaws let attackers seize control of systems through booby-trapped archive files.
Researchers identified multiple issues in the widely used file archiver that allow arbitrary code execution when a user opens a specially crafted archive. Given 7-Zip’s massive install base across consumer and enterprise machines, the exposure is significant.
The 7-Zip team has shipped patches addressing the flaws, and users are urged to update immediately. Anyone running an older build remains open to takeover, data theft, and follow-on malware deployment.
ShinyHunters Dumps 9.4GB of 7-Eleven Franchisee Data
ShinyHunters followed through on its extortion threat and leaked a 9.4GB archive of 7-Eleven franchisee records.
The group released the dump after 7-Eleven’s security team declined to negotiate. The archive contains internal franchise documents and personal information tied to roughly 185,300 individuals, including names, addresses, emails, and dates of birth.
ShinyHunters has been hammering Salesforce instances across major brands and claims to have stolen around 600,000 records from 7-Eleven before listing the data for sale on Russian hacking forums.
Windows Hit by Post-Patch Tuesday Zero-Day Blitz
Windows is being battered by a wave of fresh zero-day exploits in the days following the latest Patch Tuesday.
Threat actors wasted no time targeting unpatched flaws across the Windows ecosystem, with security teams scrambling to triage active exploitation and identify exposed assets.
The blitz shows how quickly attackers weaponize newly disclosed vulnerability details, often before organizations finish rolling out the official fixes. Defenders are being told to prioritize emergency patching cycles and tighten monitoring on endpoints.
Join PWN on Reddit
PWN is where security people go to stay ahead.
Breach reports, exploits, vendor advisories, and the kind of conversations that make you better at your job, all in one feed.
We’re 32,000+ hackers and cybersecurity enthusiasts strong, with 935,000 monthly views and 200+ new members every day.
You’ll be in the same threads as journalists from Wired Magazine, Electronic Frontier Foundation, 404 Media, Fast Company, and The Guardian breaking the stories firsthand, plus security teams from vendors like Proton, Intigriti, and Hudson Rock sharing research and answering questions directly.
Why join:
Know what’s hitting before it hits you. Get the breach reports, exploits, and vendor advisories early so you can act before they become your problem.
Get sharper, not just busier. Skip the noise and learn from people actually doing the work, on the AI exploits, new defenses, and techniques that move your skills forward.
Make the career move you’ve been planning. Whether it’s your first paycheck in security or your jump from IT into offensive work, you’ll find members who’ve made it and are happy to help you do the same.
Be the person at work who already knows. Walk into Monday meetings ahead of the ransomware incidents and zero-days landing on your team’s radar, and earn the trust that comes with it.
Find your people. Trade ideas with hackers and pros who’ll actually answer your questions, in a community that stays high quality because the bots and noise get cleaned up.