Forwarded from Yevgeniy Goncharov
🚀 Open SysConf'25 → Старт через неделю! Трансляции быть!
4 Октября уже на след. неделе! Готовность и настрой присуствуют, при наличии хорошего Интернета в локации, будет трансляция с вероятностю 90%+!
Доклады, предварительная очередность:
- Мониторинг, как в нем не утонуть.
- Использование MCP и LLM для анализа вредоносного ПО.
- Как запустить два AI-стартапа за месяц и не сойти с ума.
- "Вопрос со звёздочкой" с собеседований: разбор и подходы.
- История о MacOS malware: от "безопасной по умолчанию" до реальных угроз криптографии и ядра.
- Архитектура ПО для сисадминов: монолит, микросервисы, C4, принципы и стили.
- Цепочки DNS на примере малвари под macOS
Встречаемся через неделю!
Все детали здесь: https://sysconf.io/2025
4 Октября уже на след. неделе! Готовность и настрой присуствуют, при наличии хорошего Интернета в локации, будет трансляция с вероятностю 90%+!
Доклады, предварительная очередность:
- Мониторинг, как в нем не утонуть.
- Использование MCP и LLM для анализа вредоносного ПО.
- Как запустить два AI-стартапа за месяц и не сойти с ума.
- "Вопрос со звёздочкой" с собеседований: разбор и подходы.
- История о MacOS malware: от "безопасной по умолчанию" до реальных угроз криптографии и ядра.
- Архитектура ПО для сисадминов: монолит, микросервисы, C4, принципы и стили.
- Цепочки DNS на примере малвари под macOS
Встречаемся через неделю!
Все детали здесь: https://sysconf.io/2025
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
The God Mode Vulnerability That Should Kill “Trust Microsoft” Forever
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
Tide Foundation
The God Mode Vulnerability That Should Kill "Trust Microsoft"
How CVE-2025-55241 exposed a catastrophic flaw affecting every Microsoft tenant worldwide, and why authorityless security is the only path forward.
Phishing attacks with new domains likely to continue
Unfortunately the string of phishing attacks using domain-confusion and legitimate-looking emails continues.
In short, there's a new phishing campaign targeting PyPI users occurring right now..:
https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/
Unfortunately the string of phishing attacks using domain-confusion and legitimate-looking emails continues.
In short, there's a new phishing campaign targeting PyPI users occurring right now..:
https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/
blog.pypi.org
Phishing attacks with new domains likely to continue - The Python Package Index Blog
A new phishing campaign targeting PyPI users using similar tactics to previous campaigns.
The Trifecta: How Three New Gemini Vulnerabilities in Cloud Assist, Search Model, and Browsing Allowed Private Data Exfiltration
https://www.tenable.com/blog/the-trifecta-how-three-new-gemini-vulnerabilities-in-cloud-assist-search-model-and-browsing
https://www.tenable.com/blog/the-trifecta-how-three-new-gemini-vulnerabilities-in-cloud-assist-search-model-and-browsing
Tenable®
The Trifecta: How Three New Gemini Vulnerabilities in Cloud Assist, Search Model, and Browsing Allowed Private Data Exfiltration
Tenable Research discovered three vulnerabilities (now remediated) within Google’s Gemini AI assistant suite, which we dubbed the Gemini Trifecta. These vulnerabilities exposed users to severe privacy risks. They made Gemini vulnerable to: search-injection…
Начнется 24 октября. Пройдет в Farabi Hub.
DevOpsDays — ежегодный обмен опытом, обсуждение актуальных практик и инноваций в мире IT. Организаторы обещают мероприятие чертовски привлекательным.
— Доклады от топовых экспертов
— 800 участников офлайн и еще 2000+ онлайн
— Инсайды с рынка DevOps
— Нетворкинг с комьюнити
— Мерч и подарки от партнеров
Все детали здесь: https://devopsdays.kz/
Please open Telegram to view this post
VIEW IN TELEGRAM
Shuyal Stealer: Advanced Infostealer Targeting 19 Browsers
https://www.pointwild.com/threat-intelligence/shuyal-stealer-advanced-infostealer-targeting-19-browsers
https://www.pointwild.com/threat-intelligence/shuyal-stealer-advanced-infostealer-targeting-19-browsers
Point Wild
Shuyal Stealer: Advanced Infostealer Targeting 19 Browsers | Point Wild
Introduction: Infection Flowchart: Technical Analysis: MD5: 9523086ab1c3ab505f3dfd170672af1e SHA-256: 8bbeafcc91a43936ae8a91de31795842cd93d2d8be3f72ce5c6ed27a08cdc092 Compiler: 64 bit C++ compiler executable file How Does Shuyal Stealer Stay Persistent?:…
Another Critical RCE Discovered in a Popular MCP Server
https://www.imperva.com/blog/another-critical-rce-discovered-in-a-popular-mcp-server/
https://www.imperva.com/blog/another-critical-rce-discovered-in-a-popular-mcp-server/
Blog
Another Critical RCE Discovered in a Popular MCP Server | Imperva
Artificial Intelligence development is moving faster than secure coding practices, and attackers are taking notice. Imperva Threat Research recently uncovered and disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2025-53967) in the Framelink…
Cache smuggling: When a picture isn’t a thousand words
https://expel.com/blog/cache-smuggling-when-a-picture-isnt-a-thousand-words/
https://expel.com/blog/cache-smuggling-when-a-picture-isnt-a-thousand-words/
Expel
Cache smuggling: When a picture isn’t a thousand words
We recently observed an innovative campaign using the ClickFix attack tactic for cache smuggling. Here's what you need to know.
Last chance to update Windows 10…
https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281
https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281
Microsoft
Windows 10 support has ended on October 14, 2025 - Microsoft Support
Windows 10 support ends on October 14, 2025. Upgrade to Windows 11 now to ensure continued security and feature updates. Learn more about the transition.
F5 Hacked. Mass companies can be under attack potentially..
https://www.bloomberg.com/news/articles/2025-10-16/potentially-catastrophic-breach-of-cyber-firm-blamed-on-china
F5-Big IP source code leaks:
https://my.f5.com/manage/s/article/K000154696
https://www.bloomberg.com/news/articles/2025-10-16/potentially-catastrophic-breach-of-cyber-firm-blamed-on-china
F5-Big IP source code leaks:
https://my.f5.com/manage/s/article/K000154696
Bloomberg.com
Potentially ‘Catastrophic’ Breach of Cyber Firm Blamed on China
A potentially “catastrophic” breach of a major US-based cybersecurity provider has been blamed on state-backed hackers from China, according to people familiar with the matter.
Malware being hosted on
https://lists.ubuntu.com/archives/xubuntu-devel/2025-October/012209.html
xubuntu.orghttps://lists.ubuntu.com/archives/xubuntu-devel/2025-October/012209.html
ToolShell Used to Compromise Telecoms Company in Middle East
ToolShell was patched by Microsoft in July 2025, but by the time it was patched it had already been exploited in the wild as a zero-day vulnerability. ToolShell affects on-premise SharePoint servers and gives an attacker unauthenticated access to vulnerable servers, allowing them to remotely execute code and access all content and file systems..
https://www.security.com/blog-post/toolshell-china-zingdoor
ToolShell was patched by Microsoft in July 2025, but by the time it was patched it had already been exploited in the wild as a zero-day vulnerability. ToolShell affects on-premise SharePoint servers and gives an attacker unauthenticated access to vulnerable servers, allowing them to remotely execute code and access all content and file systems..
https://www.security.com/blog-post/toolshell-china-zingdoor
Security
ToolShell Used to Compromise Telecoms Company in Middle East
China-based threat actors also compromised networks of government agencies in countries in Africa and South America.
Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs
GhostCall attack heavily targets the macOS devices of executives at tech companies and in the venture capital sector by directly approaching targets via platforms like Telegram, and inviting potential victims to investment-related meetings linked to Zoom-like phishing websites:
https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/
GhostCall attack heavily targets the macOS devices of executives at tech companies and in the venture capital sector by directly approaching targets via platforms like Telegram, and inviting potential victims to investment-related meetings linked to Zoom-like phishing websites:
https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/
Securelist
BlueNoroff's latest campaigns: GhostCall and GhostHire
Kaspersky GReAT experts dive deep into the BlueNoroff APT's GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.
“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT
https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser/
https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser/
LayerX
“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions…
LayerX discovered the first vulnerability impacting OpenAI’s new ChatGPT Atlas browser, allowing bad actors to inject malicious instructions into ChatGPT’s “memory” and execute remote code. This exploit can allow attackers to infect systems with malicious…
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
ThreatFabric
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
ThreatFabric has uncovered Herodotus, a new mobile malware family that aims to disrupt how fraud is done and tries to act human.
Иллюзия [без] опасности на Profit Security Day
14 ноября в Алматы пройдет Profit Security Day (след. пятница).
Key-аспекты:
- наблюдение за тем, каково понимание нынешнего представителя ИБ о реалиях и возможностях нападающей стороны
- как это представление коррелируется с реалиями суровой действительности
- возможность пообщаться с интересными людьми
Интересно послушать мнение на тему - [Без] опасного использования ИИ.
До начала осталось 10 дней. Все детали здесь:
- https://profitday.kz/security
14 ноября в Алматы пройдет Profit Security Day (след. пятница).
Key-аспекты:
- наблюдение за тем, каково понимание нынешнего представителя ИБ о реалиях и возможностях нападающей стороны
- как это представление коррелируется с реалиями суровой действительности
- возможность пообщаться с интересными людьми
Интересно послушать мнение на тему - [Без] опасного использования ИИ.
До начала осталось 10 дней. Все детали здесь:
- https://profitday.kz/security
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
High-Level Attack Idea - AI Kill Chain + Demo
https://embracethered.com/blog/posts/2025/claude-abusing-network-access-and-anthropic-api-for-data-exfiltration/
Please open Telegram to view this post
VIEW IN TELEGRAM
Embrace The Red
Claude Pirate: Abusing Anthropic's File API For Data Exfiltration
Claude's Code Interpreter recently got network access, and the default allow-list enables an interesting novel exploit chain that allows an adversary to exfiltrate large amounts of data by uploading files via the Anthropic API to their own account.
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
Microsoft News
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications.…
Evading Elastic Security: Linux Rootkit Detection Bypass
https://matheuzsecurity.github.io/hacking/bypassing-elastic/
https://matheuzsecurity.github.io/hacking/bypassing-elastic/
0xMatheuZ
Evading Elastic Security: Linux Rootkit Detection Bypass
Bypassing YARA rules and behavioral detection through string obfuscation, module fragmentation, XOR encoding, and ICMP reverse shell staging