Attacks & Vulnerabilities
|
Fake Claude Website Distributes PlugX RAT (2 minute read)
A threat actor set up a typosquatted Anthropic domain serving a trojanized MSI installer that silently deploys PlugX alongside the legitimate Claude application via DLL sideloading via a signed G DATA binary (NOVUpdate.exe), and beacons to C2 infrastructure on Alibaba Cloud. The VBScript dropper persists in the startup folder and self-deletes to minimize forensic artifacts, while error suppression prevents victim-visible alerts during deployment. Block unsigned DLL loads from startup directories, hunt for NOVUpdate.exe spawning network connections, and enforce application allowlisting to prevent trojanized AI tool installers from executing.
|
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads (2 minute read)
Unknown threat actors breached cpuid.com for roughly 19 hours (April 9–10) via a compromised side API, replacing CPU-Z and HWMonitor download URLs with links to malicious sites serving trojanized installers that bundled CRYPTBASE.dll for DLL sideloading. The malicious DLL performed anti-sandbox checks before deploying STX RAT, an HVNC-capable infostealer supporting in-memory EXE/DLL/PowerShell/shellcode execution and reverse-proxy tunneling, using C2 infrastructure reused from a prior trojanized FileZilla campaign. Kaspersky identified 150+ victims across Brazil, Russia, and China.
|
Basic-Fit hit by hack affecting members across multiple countries, including 200,000 in the Netherlands (2 minute read)
Basic-Fit detected unauthorized access to its club check-in system, which logs member visits across seven European countries. Attackers accessed personal and membership data, including names, contact details, dates of birth, and bank account numbers, but not passwords or ID documents. Around 200,000 Dutch members are affected, and the regulator has been notified, raising the risk of SEPA direct debit fraud and targeted phishing.
|
|
Remediation at Scale: What High-Performing AppSec Teams Do Differently (2 minute read)
Semgrep analyzed anonymized SAST and SCA remediation data from 400+ organizations across 50,000+ repositories, finding that top-performing teams achieve 2.4x higher SAST and 3.3x higher SCA fix rates than peers, with PR-stage detection driving 9x faster Mean Time To Recovery (MTTR) than findings caught in full scans. Authentication and cryptographic failures show the widest performance gaps between leaders and the field, and findings older than 90 days rarely resolve through normal workflow. Prioritize blocking rules at PR review, enable SCA reachability analysis, and triage authentication/crypto findings before the 90-day threshold. The full benchmark data is available as a PDF linked on the page.
|
A Cryptography Engineer's Perspective on Quantum Computing Timelines (12 minute read)
Cryptography engineer Filippo Valsorda updated his post-quantum stance after two papers targeting different quantum architectures: a Google paper reducing the qubit count to break 256-bit elliptic curves on superconducting hardware, and an Oratomic paper showing ECC-256 falls with as few as 10,000 physical qubits on neutral-atom non-local connectivity. With Google's Heather Adkins and Sophie Schmieg placing the CRQC deadline at 2029, Valsorda argues the risk now mandates immediate ML-KEM and ML-DSA-44 deployment over hybrid schemes, with any non-PQ key exchange treated as a potential active compromise. TEEs (Intel SGX, AMD SEV-SNP) are flagged as especially exposed, given no known PQ root-of-trust migration path, while file-encryption deployments face store-now-decrypt-later risk requiring urgent PQ recipient rollout.
|
|
Little Snitch for Linux (Product Launch)
Objective Development launched a Linux port of the popular macOS egress firewall, using an eBPF kernel program to intercept outgoing connections and surface per-process traffic visibility via a local web UI with blocklist and custom rule support. The tool targets privacy monitoring over adversarial hardening as eBPF's storage and complexity constraints mean packet-to-process attribution under heavy traffic relies on heuristics, and hostname-to-IP mapping lacks the deep packet inspection accuracy of the macOS version. The eBPF program and web UI are GPL-2.0 with source on GitHub. The daemon is proprietary but free to use, and requires kernel 6.12–6.19.0 with BTF support.
|
Mesh Security (Product Launch)
Mesh Security offers a CSMA execution layer that sits above existing security tools, unifying context and control across business units and environments and coordinating automated, system-level actions to close exposure without replacing current products.
|
Meet Vespasian. It Sees What Static Analysis Can't (11 minute read)
Vespasian is an open-source API endpoint discovery tool that captures live HTTP traffic via headless browser or existing Burp Suite, HAR, and mitmproxy captures, then generates structured specifications: OpenAPI 3.0 for REST, GraphQL SDL, and WSDL for SOAP. Its two-stage pipeline separates capture from generation, with confidence-scored heuristics for API type classification, path normalization with parameterized deduplication, and a tiered GraphQL introspection strategy that includes WAF bypass fallbacks. Vespasian integrates directly with Praetorian's Hadrian for automated BOLA/BFLA testing, forming a complete discover-then-test pipeline with no manual spec creation required.
|
|
Hungary officials used weak passwords exposed in breach dump (2 minute read)
Bellingcat linked nearly 800 Hungarian government email-password pairs to public breach data, including about 120 defense-related accounts, some tied to a 2023 NATO eLearning breach. Officials reused weak passwords like “FrankLampard,” “123456aA,” and “linkedinlinkedin” across third-party services. Stealer logs from recent months suggest several government machines now sit in attacker telemetry.
|
Hacker stole £700,000 from UK energy company by redirecting payment (1 minute read)
A hacker diverted a £700,000 payment from Zephyr Energy's US subsidiary into a fraudulent bank account by interfering with a contractor payment process, likely via business email compromise tactics such as altering bank and routing details in invoicing workflows. Zephyr reports the incident as contained, says operations continue, and is adding extra security layers while trying to claw back the funds through involved banks.
|
Addressing GitHub's Recent Availability Issues (7 minute read)
Between February and March, GitHub experienced several major incidents that dropped the company below its availability standards. GitHub's CTO broke down three of the major incidents, one involving a database becoming overloaded and two involving failover solutions that were insufficient or didn't function properly. Moving forward, GitHub is taking on several efforts to increase the platform's stability as well as increasing its scalability by migrating to Azure and decoupling critical components.
|
|
Love TLDR? Tell your friends and get rewards! |
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
| Track your referrals here. |
|
|
|
0 Comments