Иллюзия [без] опасности на Profit Security Day
14 ноября в Алматы пройдет Profit Security Day (след. пятница).
Key-аспекты:
- наблюдение за тем, каково понимание нынешнего представителя ИБ о реалиях и возможностях нападающей стороны
- как это представление коррелируется с реалиями суровой действительности
- возможность пообщаться с интересными людьми
Интересно послушать мнение на тему - [Без] опасного использования ИИ.
До начала осталось 10 дней. Все детали здесь:
- https://profitday.kz/security
14 ноября в Алматы пройдет Profit Security Day (след. пятница).
Key-аспекты:
- наблюдение за тем, каково понимание нынешнего представителя ИБ о реалиях и возможностях нападающей стороны
- как это представление коррелируется с реалиями суровой действительности
- возможность пообщаться с интересными людьми
Интересно послушать мнение на тему - [Без] опасного использования ИИ.
До начала осталось 10 дней. Все детали здесь:
- https://profitday.kz/security
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
High-Level Attack Idea - AI Kill Chain + Demo
https://embracethered.com/blog/posts/2025/claude-abusing-network-access-and-anthropic-api-for-data-exfiltration/
Please open Telegram to view this post
VIEW IN TELEGRAM
Embrace The Red
Claude Pirate: Abusing Anthropic's File API For Data Exfiltration
Claude's Code Interpreter recently got network access, and the default allow-list enables an interesting novel exploit chain that allows an adversary to exfiltrate large amounts of data by uploading files via the Anthropic API to their own account.
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
Microsoft News
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications.…
Evading Elastic Security: Linux Rootkit Detection Bypass
https://matheuzsecurity.github.io/hacking/bypassing-elastic/
https://matheuzsecurity.github.io/hacking/bypassing-elastic/
0xMatheuZ
Evading Elastic Security: Linux Rootkit Detection Bypass
Bypassing YARA rules and behavioral detection through symbol randomization, module fragmentation, XOR encoding, and ICMP reverse shell staging
Whisper Leak: A novel side-channel attack on remote language models
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
Microsoft News
Whisper Leak: A novel side-channel attack on remote language models
Understand the risks of encrypted AI traffic exposure and explore practical steps users and cloud providers can take to stay secure. Learn more.
Logitech Data Breach — What We Know As 0-Day Hack Attack Confirmed
https://www.forbes.com/sites/daveywinder/2025/11/15/logitech-data-breach---what-we-know-as-0-day-hack-attack-confirmed/
https://www.forbes.com/sites/daveywinder/2025/11/15/logitech-data-breach---what-we-know-as-0-day-hack-attack-confirmed/
Forbes
Logitech Data Breach — What We Know As 0-Day Hack Attack Confirmed
As Logitech confirms breach, here’s what you need to know about the Clop gang hack attack — customers and consumers likely impacted by data theft.
New Banking Trojan Distributed Through WhatsApp
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spiderlabs-ids-new-banking-trojan-distributed-through-whatsapp/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spiderlabs-ids-new-banking-trojan-distributed-through-whatsapp/
Levelblue
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp
SpiderLabs has recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
www.oligo.security
Critical Vulnerabilities in FluentBit | Oligo Security
A new chain of 5 critical vulnerabilities within Fluent Bit allows attackers to compromise cloud infrastructure
Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps
https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps
https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps
Socket
Malicious Chrome Extension Injects Hidden SOL Fees Into Sola...
Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees ...
Critical Security Vulnerability in React Server Components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
react.dev
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
www.aikido.dev
Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks
AI-driven GitHub Actions expose new prompt-injection supply chain vulnerabilities.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
CYFIRMA
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases - CYFIRMA
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious...
Windows Stealers: How Modern Infostealers Harvest Credentials
https://deceptiq.com/blog/windows-stealers-technical-analysis
https://deceptiq.com/blog/windows-stealers-technical-analysis
Deceptiq
Windows Stealers: Technical Analysis of Credential Harvesting | DeceptIQ
How Windows infostealers harvest credentials. Technical deep dive into DPAPI decryption, browser data theft, and anti-analysis techniques.
December 2025 Security Updates
This release consists of the following 57 Microsoft CVEs:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
This release consists of the following 57 Microsoft CVEs:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains
https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/
https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/
SentinelOne
CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains
Deep dive into CyberVolk’s new VolkLocker ransomware-as-a-service, its major design flaw, and what it signals for cyber defenders.
Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users
https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users
https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users
www.koi.ai
Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users
Discover how GhostPoster used a malicious PNG icon to infect 50,000 Firefox users and the risks behind seemingly harmless downloads.
Nezha: The Monitoring Tool That’s Also a Perfect RAT
https://www.ontinue.com/resource/nezha-the-monitoring-tool-thats-also-a-perfect-rat/
https://www.ontinue.com/resource/nezha-the-monitoring-tool-thats-also-a-perfect-rat/
Ontinue
Nezha: The Monitoring Tool That's Also a Perfect RAT
Research from Ontinue reveals how Nezha, a legitimate open-source monitoring tool, is being abused by attackers as a stealthy post-exploitation RAT.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Time Nist Gov Incorrect Time
The affected servers are:
https://groups.google.com/a/list.nist.gov/g/internet-time-service/c/o0dDDcr1a8I
The affected servers are:
time-a-b.nist.gov
time-b-b.nist.gov
time-c-b.nist.gov
time-d-b.nist.gov
time-e-b.nist.gov
ntp-b.nist.gov (authenticated NTP)https://groups.google.com/a/list.nist.gov/g/internet-time-service/c/o0dDDcr1a8I
Bluetooth Headphone Jacking: Full Disclosure of Airoha RACE Vulnerabilities
https://insinuator.net/2025/12/bluetooth-headphone-jacking-full-disclosure-of-airoha-race-vulnerabilities/
https://insinuator.net/2025/12/bluetooth-headphone-jacking-full-disclosure-of-airoha-race-vulnerabilities/