Mozilla. Warning: Phishing campaign detected
Developers under attack:
https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
Developers under attack:
https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
NIST_Ransomware_Risk_Management .pdf
557.1 KB
NIST Ransomware Risk Management
How Much Energy Does ChatGPT Use Per Prompt? A Look at Its Hidden Environmental Costs
⚠️ One GPT request can require 2 to 5 liters of water... Think about it for a moment.
https://dev.to/nilanth/how-much-energy-does-chatgpt-use-per-prompt-a-look-at-its-hidden-environmental-costs-2j3a
https://dev.to/nilanth/how-much-energy-does-chatgpt-use-per-prompt-a-look-at-its-hidden-environmental-costs-2j3a
Please open Telegram to view this post
VIEW IN TELEGRAM
DEV Community
How Much Energy Does ChatGPT Use Per Prompt? A Look at Its Hidden Environmental Costs
ChatGPT has become a popular tool for generating human-like responses to a wide range of prompts, but...
Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments
Microsoft Teams Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
https://kb.cert.org/vuls/id/767506
https://kb.cert.org/vuls/id/767506
kb.cert.org
CERT/CC Vulnerability Note VU#767506
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
Linux_Server_Administration_guide.pdf
1.2 MB
Master Linux Server Administration
QuirkyLoader - A new malware loader delivering infostealers and RATs
https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader
https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader
Ibm
IBM X-Force Threat Analysis: QuirkyLoader - A new malware loader delivering infostealers and RATs | IBM
Watch out! There’s a new malware loader spreading additional infection to already compromised systems. Read more about QuirkyLoader and what IBM X-Force has learned about it.
Unmasking the DPRK-linked GitHub C2 Espionage Campaign
https://www.trellix.com/blogs/research/dprk-linked-github-c2-espionage-campaign/
https://www.trellix.com/blogs/research/dprk-linked-github-c2-espionage-campaign/
Trellix
The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign
The Trellix Advanced Research Center uncovered a sophisticated espionage operation targeting diplomatic missions across several regions in South Korea during early 2025.
Android Document Readers and Deception: Tracking the Latest Updates to Anatsa
Anatsa malware (a.k.a. TeaBot) that attacks Android devices and targets financial applications. Anatsa, first discovered in 2020, is capable of stealing credentials, monitoring keystrokes, and facilitating fraudulent transactions..:
https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa
Anatsa malware (a.k.a. TeaBot) that attacks Android devices and targets financial applications. Anatsa, first discovered in 2020, is capable of stealing credentials, monitoring keystrokes, and facilitating fraudulent transactions..:
https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa
Zscaler
Anatsa’s Latest Updates | ThreatLabz
This analysis explores the latest updates to the Anatsa Android malware family.
SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen
Most people turn to a VPN for one reason: privacy. And with its verified badge, featured placement, and 100k+ installs, FreeVPN.One looked like a safe choice. But once it’s in your browser, it’s not working to keep you safe, it’s continuously watching you..:
https://www.koi.security/blog/spyvpn-the-vpn-that-secretly-captures-your-screen
Most people turn to a VPN for one reason: privacy. And with its verified badge, featured placement, and 100k+ installs, FreeVPN.One looked like a safe choice. But once it’s in your browser, it’s not working to keep you safe, it’s continuously watching you..:
https://www.koi.security/blog/spyvpn-the-vpn-that-secretly-captures-your-screen
www.koi.ai
SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen | Koi Blog
Proxyware Malware Being Distributed on YouTube Video Download Site
Evil YouTube downloaders:
https://asec.ahnlab.com/en/89787/
Evil YouTube downloaders:
https://asec.ahnlab.com/en/89787/
ASEC
Proxyware Malware Being Distributed on YouTube Video Download Site - 2 - ASEC
Proxyware Malware Being Distributed on YouTube Video Download Site - 2 ASEC
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems
...Git CLI on macOS and Linux, issue the command git --version and check to see if the returned version is not on v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, or v2.50.1..:
https://securitylabs.datadoghq.com/articles/git-arbitrary-file-write/
Fixes for Exploited Git Vulnerabilities
https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
...Git CLI on macOS and Linux, issue the command git --version and check to see if the returned version is not on v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, or v2.50.1..:
https://securitylabs.datadoghq.com/articles/git-arbitrary-file-write/
Fixes for Exploited Git Vulnerabilities
https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
Datadoghq
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems
Learn more about the emerging vulnerability affecting Git.
ShadowCaptcha
ClickFix technique and fake Google/Cloudflare CAPTCHA pages..
https://www.gov.il/en/pages/shadowcaptch-campaign
ClickFix technique and fake Google/Cloudflare CAPTCHA pages..
https://www.gov.il/en/pages/shadowcaptch-campaign
APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery
https://cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery
https://cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery
Cloudsek
Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Deliver | CloudSEK
Pakistan-linked APT36 (Transparent Tribe) launched a new cyber-espionage campaign targeting Indian government and defense entities. Active in August 2025, the group used phishing ZIP files containing malicious Linux “.desktop” shortcuts that downloaded payloads…