Security

cross-posted from: https://lemmy.bestiver.se/post/919467

Comments

cross-posted from: https://lemmy.bestiver.se/post/919244

Comments

A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developer’s machine — GitHub personal access tokens, AWS API keys, Azure service principals and more — are exfiltrated, and the adversary is inside the cloud environment within minutes.

ECDSA is like a digital bouncer. It uses wild curves to prove u signed the txn without actually showing your password. If the math vibes, the money moves. But don't lose that key or you're cooked. The curve stays undefeated.

I stumbled upon this video and it's mostly about using AI to fight against scammers and hackers that use AI themselves.

Hidden inside Romania is a real cyber-crime-fighting team almost no one knows about: the Draco team. These are elite malware analysts, forensics experts, and penetration testers who volunteer to hunt down cybercriminals. In this video, we go behind the scenes with Bitdefender to uncover how the Draco team helped dismantle massive ransomware groups like GandCrab and REvil, saving victims over $1 billion. We also talk about deepfakes, voice-cloning scams, and multi-platform attack chains in the next era of cybercrime.

Publication croisée depuis https://programming.dev/post/41331208

"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.

The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming.. This suggests it may be the same attacker behind the "Shai-Hulud" attack observed in September 2025.

And now, over 27,000 GitHub repositories were infected."

Other source with list of compromised package available

Publication croisée depuis https://programming.dev/post/41331208

"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.

The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming.. This suggests it may be the same attacker behind the "Shai-Hulud" attack observed in September 2025.

And now, over 27,000 GitHub repositories were infected."

Other source with list of compromised package available

A good overview of their tests and findings surrounding Flock cameras. Goes through some approaches on manipulating and monitoring the cameras themselves, but also the hosted Flock platform, police, shared data, and politics.