Team46 and TaxOff: two sides of the same coin
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/team46-and-taxoff-two-sides-of-the-same-coin
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/team46-and-taxoff-two-sides-of-the-same-coin
ptsecurity.com
PT ESC Threat Intelligence
In this blog you can find information about current attacks by hacker groups worldwide, analysis of their tools, incident reports, threat actors' TTPs, indicators of compromise, and detection names in our products.
Awesome ChatGPT Prompts
This repo includes ChatGPT prompt curation to use ChatGPT and other LLM tools better.
https://github.com/f/awesome-chatgpt-prompts
This repo includes ChatGPT prompt curation to use ChatGPT and other LLM tools better.
https://github.com/f/awesome-chatgpt-prompts
GitHub
GitHub - f/awesome-chatgpt-prompts: Share, discover, and collect prompts from the community. Free and open source — self-host for…
Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy. - f/awesome-chatgpt-prompts
Local Privilege Escalation via chroot option
An attacker can leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file:
https://www.sudo.ws/security/advisories/chroot_bug/
- https://access.redhat.com/security/cve/CVE-2025-32463
An attacker can leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file:
https://www.sudo.ws/security/advisories/chroot_bug/
- https://access.redhat.com/security/cve/CVE-2025-32463
Sudo
Local Privilege Escalation via chroot option
An attacker can leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.
Sudo versions affected: Sudo versions 1.9.14 to 1.9.17 inclusive are affected.
CVE ID: This vulnerability has been assigned…
Sudo versions affected: Sudo versions 1.9.14 to 1.9.17 inclusive are affected.
CVE ID: This vulnerability has been assigned…
Forwarded from Yevgeniy Goncharov
📢 Open SysConf’25 зовёт спикеров!
Есть чем поделиться? Пора выйти на сцену.
📍 4 октября 2025 — день, когда на одной сцене снова соберутся те, кто делает, думает и двигает.
А ты - продолжаешь откладывать? Всё ждёшь "подходящего момента"?
Вот он. Это твой шанс выступить и рассказать миру, что ты понял, построил, сломал или переосмыслил за этот год.
Мы ждём твой доклад, если ты хочешь рассказать о:
- технологиях и коде
- инфраструктуре и хаках
- безопасности, мониторинге, Dev(Sec/App)Ops, ML, IaC, sysadmin'стве и тех/хак ресерчах и наработках
- человеческом факторе, ошибках, росте и том, как не сгореть по дороге
Подать заявку просто: 👉 https://sysconf.io/2025
Твои знания могут стать триггером для чьего-то роста.
Ты с нами? Тогда Welcome! ✌️
Есть чем поделиться? Пора выйти на сцену.
📍 4 октября 2025 — день, когда на одной сцене снова соберутся те, кто делает, думает и двигает.
А ты - продолжаешь откладывать? Всё ждёшь "подходящего момента"?
Вот он. Это твой шанс выступить и рассказать миру, что ты понял, построил, сломал или переосмыслил за этот год.
Мы ждём твой доклад, если ты хочешь рассказать о:
- технологиях и коде
- инфраструктуре и хаках
- безопасности, мониторинге, Dev(Sec/App)Ops, ML, IaC, sysadmin'стве и тех/хак ресерчах и наработках
- человеческом факторе, ошибках, росте и том, как не сгореть по дороге
Подать заявку просто: 👉 https://sysconf.io/2025
Твои знания могут стать триггером для чьего-то роста.
Ты с нами? Тогда Welcome! ✌️
Code highlighting with Cursor AI for $500,000
Attacks that leverage malicious open-source packages are becoming a major and growing threat...
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908
Attacks that leverage malicious open-source packages are becoming a major and growing threat...
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908
Securelist
The Solidity Language open-source package was used in a $500,000 crypto heist
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.
Golden dMSA: What Is dMSA Authentication Bypass?
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
Semperis
Golden dMSA: What Is dMSA Authentication Bypass? | Semperis Research
The Golden dMSA attack enables attackers to bypass authentication and generate passwords for managed service accounts in AD. Understand the risks.
MaaS operation leverages GitHub public repositories
https://blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/
https://blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/
Cisco Talos Blog
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses.
WhoFi: Deep Person Re-Identification via Wi-Fi Channel Signal Encoding
Person Re-Identification (Re-ID) plays a central role in surveillance systems, aiming to determine whether two representations belong to the same individual across different times or locations. Traditional Re-ID systems typically rely on visual data such as images or videos, comparing a probe (the input to be identified) against a set of stored gallery samples by learning discriminative biometric features. Most commonly, these features are based on appearance cues such as clothing texture, color, and body shape...:
https://arxiv.org/html/2507.12869v1
Person Re-Identification (Re-ID) plays a central role in surveillance systems, aiming to determine whether two representations belong to the same individual across different times or locations. Traditional Re-ID systems typically rely on visual data such as images or videos, comparing a probe (the input to be identified) against a set of stored gallery samples by learning discriminative biometric features. Most commonly, these features are based on appearance cues such as clothing texture, color, and body shape...:
https://arxiv.org/html/2507.12869v1
Scale Up, Risk Up: DRP Data Reveals Increase in Attack Surface
https://reliaquest.com/blog/threat-research-reveals-increase-in-vulnerabilities-external-exposures/
https://reliaquest.com/blog/threat-research-reveals-increase-in-vulnerabilities-external-exposures/
ReliaQuest
Scale Up, Risk Up: DRP Data Reveals Increase in Attack Surface
Learn how exposed credentials, access keys, and typo-squatting are opening doors for attackers. Explore strategies to reduce your attack surface.
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
https://securelist.com/toolshell-explained/117045/
https://securelist.com/toolshell-explained/117045/
Securelist
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.
Exploiting zero days in abandoned hardware
https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/
https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/
The Trail of Bits Blog
Exploiting zero days in abandoned hardware
We successfully exploited two discontinued network devices at DistrictCon’s inaugural Junkyard competition in February, winning runner-up for Most Innovative Exploitation Technique. Our exploit chains demonstrate why end-of-life hardware poses persistent…
PyPi Incident Report: Phishing Attack
- 4 user accounts were successfully phished
- 2 API Tokens were generated by the attackers
- 2 releases of the num2words project were uploaded by the attacker
https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/
- 4 user accounts were successfully phished
- 2 API Tokens were generated by the attackers
- 2 releases of the num2words project were uploaded by the attacker
https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/
blog.pypi.org
PyPI Phishing Attack: Incident Report - The Python Package Index Blog
Follow-up on the recent phishing attack targeting PyPI users.
Arch Infected AUR packages - firefox, zen-browser, chrome
Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
https://linuxiac.com/arch-aur-under-fire-once-more-as-malware-resurfaces/
Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
https://linuxiac.com/arch-aur-under-fire-once-more-as-malware-resurfaces/
Linuxiac
Arch AUR Under Fire Once More as Malware Resurfaces
Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
Mozilla. Warning: Phishing campaign detected
Developers under attack:
https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
Developers under attack:
https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
NIST_Ransomware_Risk_Management .pdf
557.1 KB
NIST Ransomware Risk Management
How Much Energy Does ChatGPT Use Per Prompt? A Look at Its Hidden Environmental Costs
⚠️ One GPT request can require 2 to 5 liters of water... Think about it for a moment.
https://dev.to/nilanth/how-much-energy-does-chatgpt-use-per-prompt-a-look-at-its-hidden-environmental-costs-2j3a
https://dev.to/nilanth/how-much-energy-does-chatgpt-use-per-prompt-a-look-at-its-hidden-environmental-costs-2j3a
Please open Telegram to view this post
VIEW IN TELEGRAM
DEV Community
How Much Energy Does ChatGPT Use Per Prompt? A Look at Its Hidden Environmental Costs
ChatGPT has become a popular tool for generating human-like responses to a wide range of prompts, but...
Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments