Code highlighting with Cursor AI for $500,000
Attacks that leverage malicious open-source packages are becoming a major and growing threat...
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908
Attacks that leverage malicious open-source packages are becoming a major and growing threat...
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908
Securelist
The Solidity Language open-source package was used in a $500,000 crypto heist
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.
Golden dMSA: What Is dMSA Authentication Bypass?
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
Semperis
Golden dMSA: What Is dMSA Authentication Bypass? | Semperis Research
The Golden dMSA attack enables attackers to bypass authentication and generate passwords for managed service accounts in AD. Understand the risks.
MaaS operation leverages GitHub public repositories
https://blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/
https://blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/
Cisco Talos Blog
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses.
WhoFi: Deep Person Re-Identification via Wi-Fi Channel Signal Encoding
Person Re-Identification (Re-ID) plays a central role in surveillance systems, aiming to determine whether two representations belong to the same individual across different times or locations. Traditional Re-ID systems typically rely on visual data such as images or videos, comparing a probe (the input to be identified) against a set of stored gallery samples by learning discriminative biometric features. Most commonly, these features are based on appearance cues such as clothing texture, color, and body shape...:
https://arxiv.org/html/2507.12869v1
Person Re-Identification (Re-ID) plays a central role in surveillance systems, aiming to determine whether two representations belong to the same individual across different times or locations. Traditional Re-ID systems typically rely on visual data such as images or videos, comparing a probe (the input to be identified) against a set of stored gallery samples by learning discriminative biometric features. Most commonly, these features are based on appearance cues such as clothing texture, color, and body shape...:
https://arxiv.org/html/2507.12869v1
Scale Up, Risk Up: DRP Data Reveals Increase in Attack Surface
https://reliaquest.com/blog/threat-research-reveals-increase-in-vulnerabilities-external-exposures/
https://reliaquest.com/blog/threat-research-reveals-increase-in-vulnerabilities-external-exposures/
ReliaQuest
Scale Up, Risk Up: DRP Data Reveals Increase in Attack Surface
Learn how exposed credentials, access keys, and typo-squatting are opening doors for attackers. Explore strategies to reduce your attack surface.
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
https://securelist.com/toolshell-explained/117045/
https://securelist.com/toolshell-explained/117045/
Securelist
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.
Exploiting zero days in abandoned hardware
https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/
https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/
The Trail of Bits Blog
Exploiting zero days in abandoned hardware
We successfully exploited two discontinued network devices at DistrictCon’s inaugural Junkyard competition in February, winning runner-up for Most Innovative Exploitation Technique. Our exploit chains demonstrate why end-of-life hardware poses persistent…
PyPi Incident Report: Phishing Attack
- 4 user accounts were successfully phished
- 2 API Tokens were generated by the attackers
- 2 releases of the num2words project were uploaded by the attacker
https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/
- 4 user accounts were successfully phished
- 2 API Tokens were generated by the attackers
- 2 releases of the num2words project were uploaded by the attacker
https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/
blog.pypi.org
PyPI Phishing Attack: Incident Report - The Python Package Index Blog
Follow-up on the recent phishing attack targeting PyPI users.
Arch Infected AUR packages - firefox, zen-browser, chrome
Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
https://linuxiac.com/arch-aur-under-fire-once-more-as-malware-resurfaces/
Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
https://linuxiac.com/arch-aur-under-fire-once-more-as-malware-resurfaces/
Linuxiac
Arch AUR Under Fire Once More as Malware Resurfaces
Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
Mozilla. Warning: Phishing campaign detected
Developers under attack:
https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
Developers under attack:
https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
NIST_Ransomware_Risk_Management .pdf
557.1 KB
NIST Ransomware Risk Management
How Much Energy Does ChatGPT Use Per Prompt? A Look at Its Hidden Environmental Costs
⚠️ One GPT request can require 2 to 5 liters of water... Think about it for a moment.
https://dev.to/nilanth/how-much-energy-does-chatgpt-use-per-prompt-a-look-at-its-hidden-environmental-costs-2j3a
https://dev.to/nilanth/how-much-energy-does-chatgpt-use-per-prompt-a-look-at-its-hidden-environmental-costs-2j3a
Please open Telegram to view this post
VIEW IN TELEGRAM
DEV Community
How Much Energy Does ChatGPT Use Per Prompt? A Look at Its Hidden Environmental Costs
ChatGPT has become a popular tool for generating human-like responses to a wide range of prompts, but...
Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments
Microsoft Teams Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
https://kb.cert.org/vuls/id/767506
https://kb.cert.org/vuls/id/767506
kb.cert.org
CERT/CC Vulnerability Note VU#767506
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
Linux_Server_Administration_guide.pdf
1.2 MB
Master Linux Server Administration