Scale Up, Risk Up: DRP Data Reveals Increase in Attack Surface
https://reliaquest.com/blog/threat-research-reveals-increase-in-vulnerabilities-external-exposures/
https://reliaquest.com/blog/threat-research-reveals-increase-in-vulnerabilities-external-exposures/
ReliaQuest
Scale Up, Risk Up: DRP Data Reveals Increase in Attack Surface
Learn how exposed credentials, access keys, and typo-squatting are opening doors for attackers. Explore strategies to reduce your attack surface.
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
https://securelist.com/toolshell-explained/117045/
https://securelist.com/toolshell-explained/117045/
Securelist
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.
Exploiting zero days in abandoned hardware
https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/
https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/
The Trail of Bits Blog
Exploiting zero days in abandoned hardware
We successfully exploited two discontinued network devices at DistrictCon’s inaugural Junkyard competition in February, winning runner-up for Most Innovative Exploitation Technique. Our exploit chains demonstrate why end-of-life hardware poses persistent…
PyPi Incident Report: Phishing Attack
- 4 user accounts were successfully phished
- 2 API Tokens were generated by the attackers
- 2 releases of the num2words project were uploaded by the attacker
https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/
- 4 user accounts were successfully phished
- 2 API Tokens were generated by the attackers
- 2 releases of the num2words project were uploaded by the attacker
https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/
blog.pypi.org
PyPI Phishing Attack: Incident Report - The Python Package Index Blog
Follow-up on the recent phishing attack targeting PyPI users.
Arch Infected AUR packages - firefox, zen-browser, chrome
Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
https://linuxiac.com/arch-aur-under-fire-once-more-as-malware-resurfaces/
Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
https://linuxiac.com/arch-aur-under-fire-once-more-as-malware-resurfaces/
Linuxiac
Arch AUR Under Fire Once More as Malware Resurfaces
Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
Mozilla. Warning: Phishing campaign detected
Developers under attack:
https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
Developers under attack:
https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
NIST_Ransomware_Risk_Management .pdf
557.1 KB
NIST Ransomware Risk Management
How Much Energy Does ChatGPT Use Per Prompt? A Look at Its Hidden Environmental Costs
⚠️ One GPT request can require 2 to 5 liters of water... Think about it for a moment.
https://dev.to/nilanth/how-much-energy-does-chatgpt-use-per-prompt-a-look-at-its-hidden-environmental-costs-2j3a
https://dev.to/nilanth/how-much-energy-does-chatgpt-use-per-prompt-a-look-at-its-hidden-environmental-costs-2j3a
Please open Telegram to view this post
VIEW IN TELEGRAM
DEV Community
How Much Energy Does ChatGPT Use Per Prompt? A Look at Its Hidden Environmental Costs
ChatGPT has become a popular tool for generating human-like responses to a wide range of prompts, but...
Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments
Microsoft Teams Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
https://kb.cert.org/vuls/id/767506
https://kb.cert.org/vuls/id/767506
kb.cert.org
CERT/CC Vulnerability Note VU#767506
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
Linux_Server_Administration_guide.pdf
1.2 MB
Master Linux Server Administration
QuirkyLoader - A new malware loader delivering infostealers and RATs
https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader
https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader
Ibm
IBM X-Force Threat Analysis: QuirkyLoader - A new malware loader delivering infostealers and RATs | IBM
Watch out! There’s a new malware loader spreading additional infection to already compromised systems. Read more about QuirkyLoader and what IBM X-Force has learned about it.
Unmasking the DPRK-linked GitHub C2 Espionage Campaign
https://www.trellix.com/blogs/research/dprk-linked-github-c2-espionage-campaign/
https://www.trellix.com/blogs/research/dprk-linked-github-c2-espionage-campaign/
Trellix
The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign
The Trellix Advanced Research Center uncovered a sophisticated espionage operation targeting diplomatic missions across several regions in South Korea during early 2025.
Android Document Readers and Deception: Tracking the Latest Updates to Anatsa
Anatsa malware (a.k.a. TeaBot) that attacks Android devices and targets financial applications. Anatsa, first discovered in 2020, is capable of stealing credentials, monitoring keystrokes, and facilitating fraudulent transactions..:
https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa
Anatsa malware (a.k.a. TeaBot) that attacks Android devices and targets financial applications. Anatsa, first discovered in 2020, is capable of stealing credentials, monitoring keystrokes, and facilitating fraudulent transactions..:
https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa
Zscaler
Anatsa’s Latest Updates | ThreatLabz
This analysis explores the latest updates to the Anatsa Android malware family.