cR0w@cR0w@infosec.exchange
Go hack more LLM shit.
https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-p6vw-w3p8-4g72
cR0w@cR0w@infosec.exchange
cR0w@cR0w@infosec.exchange
cR0w@cR0w@infosec.exchange
Hey @chillybot@infosec.exchange Qilin listed Lodi, NJ police department.
#ransomware
cR0w@cR0w@infosec.exchange
That's a new one to me.login_username=00E0A6-111&login_password=00E0A6-111
#belkin
cR0w@cR0w@infosec.exchange
Fuck this unnamed EDR.
EDR: Suspicious file modification detected. Anti-Ransomware Protection enabled.
Me: What's the file that was modified?
EDR: IDK.
Me: What process modified it?
EDR: IDK.
Me: How was it modified?
EDR: IDK.
Me: Who was the user logged on at the time?
EDR: IDK.
Me: Did you prevent the file modification?
EDR: No, just reporting it. But here's the hostname.
cR0w@cR0w@infosec.exchange
Go hack more AI shit.
https://github.com/EDMPL/Vulnerability-Research/blob/main/CVE-2025-45146/README.md
cR0w@cR0w@infosec.exchange
How is this something that needs to be tested? This should be the simple default. What in the cursed-timeline fuck?
https://infosec.exchange/@BleepingComputer/115011004502887004
cR0w@cR0w@infosec.exchange
Prompt injection bores me in general because it's like convincing a child to do something they shouldn't do. But if you are going to do it anyway, DNS exfil is a fun way to go about exploiting it.
cc: @neurovagrant@masto.deoan.org
https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/
cR0w@cR0w@infosec.exchange
Remember the PrivEsc via dMSAs blog by Akamai a few months ago? Unit42 has a new one adding on to it with their observations.
https://unit42.paloaltonetworks.com/badsuccessor-attack-vector/
cR0w@cR0w@infosec.exchange
I kind of love the timelessness of SVGs as an attack vector because it's such an unnecessary attack surface.
https://www.seqrite.com/blog/unmasking-the-svg-threat-how-hackers-use-vector-graphics-for-phishing-attacks/
cR0w@cR0w@infosec.exchange
Go hack more LLM shit.
https://embracethered.com/blog/posts/2025/openhands-remote-code-execution-zombai/