Attacks & Vulnerabilities |
Security advisory for Cargo (1 minute read)
CVE-2026-33056 in the third-party tar crate allows a malicious Rust package to modify permissions on arbitrary filesystem directories when Cargo extracts it during a build. crates.io blocked exploitation on March 13 and confirmed no published crates were exploiting this vulnerability. Users on alternative registries remain exposed until they upgrade to Rust 1.94.1, which is scheduled for release on March 26. |
Oracle Pushes Emergency Fix for Critical Identity Manager RCE Flaw (2 minute read)
Oracle has released an out-of-band security update to fix a critical, unauthenticated remote code execution (RCE) vulnerability in Identity Manager and Web Services Manager. The company has declined to comment on whether it has received reports of exploitation, but warns that exploitation requires low complexity and urges all users to apply relevant patches. |
VoidStealer Malware Steals Chrome Master Key via Debugger Trick (2 minute read)
Researchers from antivirus company Gen Digital have uncovered an infostealer that uses a novel approach to bypass Chrome's Application Bound Encryption and steal the master key used to decrypt sensitive browser data. The new approach involves using hardware breakpoints to extract the master key directly from memory. The researchers noted that the approach may be an adaptation of the ElevationKatz open-source project. |
|
How to Know If the Trivy Supply Chain Attack Hit You (4 minute read)
A supply chain attack against Aqua's Trivy scanners on March 19 deployed C2 servers and encrypted exfiltration instead of the plaintext repo-dumping seen in earlier campaigns like Shai-Hulud, making IOC detection significantly harder. Responders should audit egress traffic across developer machines, GitHub Actions logs, and staging/production environments for connections to attacker-controlled domains, then scope and rotate all exposed secrets using a universal deny-before-reissue approach to prevent token-refresh abuse. Hardening guidance includes pinning GitHub Actions to commit SHAs, enforcing a one-week package version cooldown, disabling pre- and post-install scripts, and adopting CADR runtime tooling instead of hash-based scanning after the fact. |
CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran (7 minute read)
TeamPCP has a new payload that wipes Kubernetes clusters instead of just stealing credentials. It uses the same ICP canister C2 as CanisterWorm. On detection, it checks the timezone and locale: Iranian systems get a privileged DaemonSet named kamikaze that deletes everything on every node and force-reboots. Non-Iranian clusters get the CanisterWorm backdoor registered as a systemd service disguised as PostgreSQL tooling, while bare-metal Iranian hosts get rm -rf /. A third variant drops Kubernetes entirely and spreads via SSH key theft and unauthenticated exploitation of the Docker API across local /24 subnets. |
DarkSword and the LLM Question: What Every Outlet Mentioned but Nobody Wrote About (24 minute read)
Lookout, Google GTIG, and iVerify disclosed DarkSword, a JavaScript-based iOS exploit kit chaining six CVEs, including three zero-days, to fully compromise iPhones running iOS 18.4 through 18.7, affecting up to 270 million devices. Three operator groups used it: UNC6353 (Russia, targeting Ukraine), UNC6748 (targeting Saudi Arabia), and PARS Defense (Turkey). Lookout alone flagged indicators of LLM-assisted code in at least parts of the implant, emoji markers, verbose comments, and zero obfuscation. GTIG and iVerify saw the same code characteristics but drew no AI inference. The real signal: a secondary market for professional-grade exploit kits lets operators with no mobile-exploit experience deploy zero-day chains, possibly using LLMs to customize what they can't build themselves. |
|
agent-password (GitHub Repo)
A local macOS password manager built for agentic workflows, storing secrets in a SQLite vault encrypted with XChaCha20-Poly1305 with the vault key protected by the macOS login keychain and unlocked via Touch ID. Agents discover secrets solely from metadata and submit named requests with a stated reason, with the human approving all or a granular subset before plaintext is exposed in the shared session. |
innerwarden (GitHub Repo)
innerwarden is a Rust-based autonomous security agent for Linux and macOS that runs six eBPF kernel programs covering execve/connect/openat tracepoints, a commit_creds kprobe for real-time privilege escalation detection, an LSM hook blocking execution from /tmp and /dev/shm, and XDP wire-speed IP blocking at 10M+ packets per second. Nineteen stateful detectors cover SSH brute-force, C2 beaconing via coefficient-of-variation analysis, container escapes, and suspicious process trees (T1059, T1068, T1611, and more), with optional confidence-scored AI triage across twelve providers and a collaborative mesh network that auto-propagates blocks across peers using Ed25519-signed signals. |
Surf AI (Product Launch)
Surf AI is an agent-based security operations platform that connects business context with fragmented data sources by building a context graph of assets and permissions. It then prioritizes risks by business impact, and coordinates remediation via goal-driven workflows with human oversight. |
|
LLVM Adventures: Fuzzing Apache Modules (7 minute read)
apatchy is an in-process fuzzing framework for Apache HTTPD built on LibFuzzer, ASan/UBSan, and SanCov that bypasses the network stack entirely by injecting raw bytes directly into Apache's bucket brigade input filter chain. Structure-aware harnesses using protobuf definitions drive fuzzing for mod_session_crypto, mod_rewrite, mod_proxy_uwsgi, multipart form-data, and generic HTTP, while a custom LLVM bitcode introspector walks the full call graph and overlays coverage data in an interactive React UI. A one-day reproduction system driven by bug.toml manifests automates Apache version selection, sanitizer configuration, and crash replay for known CVEs. |
555 MCP Servers Have Toxic Data Flows. Here's What We Found (9 minute read)
AgentSeal scanned 5,125 MCP servers and identified "toxic data flows" in 555 of them, where individually benign tool pairs combine into exploitable chains such as credential-reading tools paired with webhook exfiltration sinks, with 84.7% of findings rated critical or high severity. The MCPTox benchmark (arXiv:2508.14925) validated the real-world risk, finding that o1-mini followed prompt-injected instructions embedded in tool outputs 72.8% of the time, with more capable models proving more susceptible. Defenders should audit installed servers for private-data-to-public-sink tool pairs, apply least privilege, separate read and write servers, and treat servers with 50+ tools with elevated caution, given the quadratic growth in possible attack-path combinations. |
Google Adds 'Advanced Flow' for Safe APK Sideloading on Android (2 minute read)
Google has announced a new mechanism in Android to allow power users to install APKs from unverified developers in a more secure manner. The new flow will involve users enabling Developer Mode, then confirm they are not being coached by threat actors, then restart the phone and reauthenticate, and finally wait a day and confirm the modifications are legitimate. Google introduced this as a compromise between usability and security after backlash from an announcement of plans to remove sideloading of unverified apps. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
|
| |
0 Comments