Hasty Briefsbeta

All tags

#cybersecurity

651 stories total

Bilingual

AI found 12 vulnerabilities in OpenSSL
3 months ago
- AISLE's autonomous analyzer discovered all 12 CVEs in OpenSSL's January 2026 release.
- OpenSSL is a highly scrutinized cryptographic library, making vulnerability discovery rare.
- The vulnerabilities included high, moderate, and low severity issues, some dating back decades.
- AISLE's analyzer also provided fixes for 5 of the 12 CVEs.
- Six additional bugs were caught and fixed before they could be released.
- Autonomous AI-driven analysis can cover more code paths and edge cases than manual review.
- The OpenSSL team collaborated closely with AISLE for validation and patch development.
- This discovery highlights the potential of AI in securing critical software foundations.
Rust at Scale: An Added Layer of Security for WhatsApp
3 months ago
- WhatsApp has introduced a new security layer built with Rust to defend against malware threats.
- Rust is proven production-ready at a global scale, having been distributed to billions of devices.
- WhatsApp's default end-to-end encryption secures over 3 billion users daily.
- Media files can hide sophisticated malware, prompting the use of Rust for memory safety.
- The 2015 Android 'Stagefright' vulnerability highlighted the need for better media file protections.
- WhatsApp developed a Rust version of its media handling library, reducing code lines and improving performance.
- Rust is now deployed across Android, iOS, Mac, Web, and Wearables for WhatsApp users.
- Additional checks under 'Kaleidoscope' protect against non-conformant files and masquerading file types.
- WhatsApp reports CVEs to help users update quickly and stay protected.
- The majority of high-severity vulnerabilities stem from memory safety issues in C/C++.
- WhatsApp invests in minimizing attack surfaces, securing C/C++ code, and adopting memory-safe languages like Rust.
- Security teams at WhatsApp and Meta are promoting Rust adoption for high-impact security enhancements.
Trump's acting cybersecurity chief uploaded sensitive government docs to ChatGPT
3 months ago
- Acting CISA head Madhu Gottumukkala uploaded sensitive documents marked 'for official use only' to ChatGPT.
- Gottumukkala triggered security warnings designed to prevent unauthorized disclosure of government files.
- He was granted an exception to use ChatGPT while other employees were prohibited.
- DHS officials assessed potential harm to government security from the uploads.
- Uploading internal documents to a public AI model risks exposing sensitive information.
- Gottumukkala previously served as South Dakota's CIO under Governor Kristi Noem.
- He reportedly failed a counterintelligence polygraph after joining CISA, leading to classified access suspensions for six staff.
US cyber defense chief accidentally uploaded secret government info to ChatGPT
3 months ago
- Acting CISA director Madhu Gottumukkala accidentally uploaded sensitive information to ChatGPT.
- The uploaded documents triggered internal cybersecurity warnings designed to prevent data leaks.
- Gottumukkala had special permission to use ChatGPT, unlike most DHS staff who use approved tools like DHSChat.
- The leaked information was marked 'for official use only' and could impact privacy or national programs.
- There is concern that the data could be accessed by ChatGPT's 700 million users.
- Experts warn that using public AI tools risks data retention, breaches, or misuse in responses.
- DHS investigated the incident, which could lead to disciplinary actions, including clearance revocation.
US cybersecurity chief leaked sensitive government files to ChatGPT: Report
3 months ago
- Acting head of US cybersecurity agency uploaded sensitive files to public ChatGPT.
- Documents marked 'For Official Use Only' were involved in the upload.
- Gottumukkala had special access to ChatGPT, which is blocked for other DHS staff.
- Cybersecurity monitoring flagged the uploads, triggering a damage assessment.
- Public ChatGPT shares inputs with OpenAI, raising data security concerns.
- CISA stated Gottumukkala's use was 'short-term and limited' with DHS controls.
- Gottumukkala previously failed a counterintelligence polygraph test.
- Incident occurs amid Trump administration's push for AI adoption in federal agencies.
- Trump signed an executive order to limit state-level AI regulation.
- Pentagon announced an 'AI-first' strategy for military use of AI.
Potentially Critical RCE Vulnerability in OpenSSL
3 months ago
- New OpenSSL vulnerability CVE-2025-15467 disclosed, a stack overflow issue potentially leading to remote code execution (RCE).
- Vulnerability rated as 'high' severity by OpenSSL, may be assessed as 'Critical' by NVD.
- Affected OpenSSL versions: 3.6, 3.5, 3.4, 3.3, 3.0; versions 1.1.1 and 1.0.2 are not affected.
- FIPS modules in affected versions are not impacted as the CMS implementation is outside the FIPS boundary.
- Exploitation involves sending a crafted CMS AuthEnvelopedData message with malicious AEAD parameters.
- Vulnerable APIs and tools include CMS_Decrypt, openssl cms, and openssl smime.
- Successful code execution demonstrated by JFrog Security Research team, though real-world exploitation may require bypassing mitigations like ASLR and DEP.
- Recommended upgrades provided for affected versions to mitigate the vulnerability.
- Vulnerability occurs due to unchecked IV size in CMS AuthEnvelopedData structure, leading to stack overflow before authentication.
- Organizations advised to patch immediately and review systems processing S/MIME or PKCS#7 content.
Disrupting the largest residential proxy network
3 months ago
- Google and partners disrupted the IPIDEA proxy network, one of the largest residential proxy networks globally.
- Actions included legal domain takedowns, sharing intelligence on malicious SDKs, and protecting Android users via Google Play Protect.
- Residential proxies enable bad actors to mask malicious activities by routing traffic through consumer devices, posing risks to users and network security.
- IPIDEA's network was linked to multiple botnets and used by over 550 threat groups, including state-sponsored actors.
- Proxy networks often deceive users by embedding SDKs in apps or offering 'monetization' schemes without clear consent.
- Google identified and took down related proxy/VPN brands and SDKs controlled by IPIDEA actors.
- A two-tier C2 infrastructure was used to manage proxy nodes, with overlaps across different SDKs.
- Consumers are urged to avoid apps promising payment for 'unused bandwidth' and to use official app stores.
- Industry collaboration and policy reforms are needed to address the risks of residential proxy networks.
U.S. Cybersecurity Chief Uploaded Classified Files to ChatGPT
3 months ago
- Madhu Gottumukkala, acting head of CISA, uploaded classified documents to ChatGPT, triggering security alerts.
- The documents were marked 'for official use only,' raising concerns about data security.
- Gottumukkala had special authorization to use ChatGPT, but it was 'short-term and limited.'
- Experts warn that sensitive data fed into public AI models could be exposed or misused.
- This incident follows Gottumukkala's prior controversy, including failing a counterintelligence polygraph test.
- DHS is investigating potential national security harm and reviewing protocols to prevent future breaches.
- The case has sparked calls for stricter AI usage guidelines for government personnel handling classified data.
Kimwolf Botnet Lurking in Corporate, Govt. Networks
3 months ago
- Kimwolf, a new IoT botnet, has infected over 2 million devices, forcing them into DDoS attacks and relaying malicious traffic.
- The botnet spreads by exploiting residential proxy services, particularly targeting IPIDEA, a Chinese proxy service.
- Kimwolf mainly infects unofficial Android TV streaming boxes, which often come with pre-installed proxy software and lack security.
- Despite its focus on residential proxies, Kimwolf has been found in corporate and government networks, including the U.S. Department of Defense.
- Security firms like Infoblox and Synthient have reported significant infections in various sectors, including education, healthcare, and finance.
- Proxy services like IPIDEA have taken steps to block Kimwolf, but millions of devices remain infected.
- Experts warn that a single proxy infection can lead to larger network compromises, highlighting the need for better security measures.
Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site
3 months ago
- Moltbook is a social media site for AI agents, dubbed the 'front page of the agent internet.'
- A misconfiguration exposed API keys in an open database, allowing anyone to control AI agents on Moltbook.
- Hacker Jameson O'Reilly discovered the flaw and demonstrated its severity, including the ability to take over any agent.
- Moltbook uses Supabase, an open-source database, which left sensitive data unprotected due to missing Row Level Security (RLS).
- O'Reilly warned Moltbook's creator, Matt Schlicht, but the issue remained unaddressed until after public exposure.
- The vulnerability could have allowed malicious actors to impersonate influential figures like OpenAI's Andrej Karpathy.
- Moltbook has gained attention, with some speculating about AI singularity, though skepticism is advised.
- The incident highlights a 'ship fast, secure later' mentality in tech, risking significant data exposure.
1-Click RCE to steal your Moltbot data and keys
3 months ago
- OpenClaw, an open-source AI personal assistant, is popular but found to have a critical vulnerability.
- A 1-Click Remote Code Execution (RCE) exploit was discovered, allowing attackers to take control via a malicious webpage.
- The vulnerability involves a logic flaw where the system accepts and persists a gatewayUrl from URL parameters without proper validation.
- Attackers can exploit this to steal authentication tokens and gain unauthorized access to personal data and system controls.
- Cross-Site WebSocket Hijacking (CSWSH) was used to bypass network restrictions and interact with localhost services.
- Safety features like exec-approvals.json can be disabled via API calls using stolen tokens, allowing unrestricted command execution.
- The OpenClaw team has patched the vulnerability in versions after v2026.1.24-1, advising users to upgrade and rotate tokens.
- depthfirst offers tools to detect such logic flaws early in the development process.
Match, Hinge, OkCupid, and Panera Bread breached by ransomware group
3 months ago
- ShinyHunters ransomware group stole 10 million records from Match Group and 14 million from Panera Bread.
- Match Group (Tinder, OkCupid, Hinge) confirmed a cyber incident; PII and tracking data may be compromised.
- Panera Bread confirmed a breach involving contact information but no login or financial data was accessed.
- ShinyHunters exploits SSO platforms and voice-cloning techniques, leading to multiple breaches.
- Dating app breaches can have personal impacts like doxxing, stigma, or extortion risks.
- Panera Bread breach risks include phishing due to exposed contact details.
- Steps to protect after a breach: check company advice, change passwords, enable 2FA, watch for impersonators.
- Avoid storing card details online to reduce breach risks.
- Use identity monitoring to detect if personal data is traded illegally.
- Malwarebytes' Digital Footprint scan can check for exposed private information.
Notepad++ hijacked by state-sponsored actors
3 months ago
- Notepad++ was hijacked by state-sponsored hackers, likely from China, targeting update traffic.
- The attack involved infrastructure-level compromise at the hosting provider level, not Notepad++ code vulnerabilities.
- Attackers selectively redirected traffic to malicious servers from June to December 2025.
- Hosting provider took action by transferring clients to a new server and rotating credentials.
- Remediation was completed by December 2, 2025, blocking further attacker activity.
- Notepad++ enhanced security with certificate and signature verification for updates.
- The Notepad++ website was migrated to a new hosting provider with stronger security practices.
MaliciousCorgi: AI Extensions send your code to China
3 months ago
- AI coding assistants are widely used but some contain malicious spyware.
- MaliciousCorgi campaign involves two VS Code extensions with 1.5 million combined installs.
- Extensions function as AI assistants but also secretly harvest files and user data.
- Three hidden data collection channels: real-time file monitoring, mass file harvesting, and user profiling.
- Extensions send entire file contents, edits, and workspace data to servers in China without consent.
- Server-controlled backdoor can trigger mass file exfiltration without user interaction.
- User profiling includes tracking behavior, identity, and company information via analytics SDKs.
- Risk includes exposure of API keys, credentials, proprietary code, and business logic.
- Extensions remain in the marketplace despite their malicious functionality.
- Koi offers solutions to analyze and block malicious extensions while maintaining productivity.
From magic to malware: How OpenClaw's agent skills become an attack surface
3 months ago
- OpenClaw's agent skills can be dangerous due to their access to files, tools, browsers, and long-term memory.
- Skills in OpenClaw are markdown files that can include malicious commands disguised as setup instructions.
- The Model Context Protocol (MCP) does not guarantee safety as skills can bypass it with direct shell commands or bundled scripts.
- A top-downloaded 'Twitter' skill was found to deliver macOS infostealing malware through seemingly normal prerequisite links.
- Hundreds of OpenClaw skills were involved in distributing malware, showing a deliberate strategy to exploit skill registries.
- Agent skill registries are a new supply chain attack vector, where markdown files act as executable intent.
- Recommendations include not using OpenClaw on company devices, rotating compromised credentials, and treating skill registries like app stores with abuse potential.
- Agent frameworks should default-deny shell execution, sandbox access to sensitive data, and implement specific, revocable permissions.
- A trust layer is needed for agent ecosystems, with provenance for skills, mediated execution, and real-time auditing of permissions.
Notepad++ supply chain attack breakdown
3 months ago
- Notepad++ update infrastructure was compromised from June to September 2025, with attackers retaining access until December 2025.
- Attackers used multiple execution chains and payloads, rotating C2 server addresses, downloaders, and final payloads.
- Targets included individuals in Vietnam, El Salvador, and Australia, a government organization in the Philippines, a financial organization in El Salvador, and an IT service provider in Vietnam.
- Three distinct infection chains were observed, each with unique characteristics and payloads.
- Chain #1 involved a malicious NSIS installer that collected system information and deployed a Cobalt Strike Beacon via a ProShow software exploit.
- Chain #2 used a Lua script to deploy a Metasploit downloader, which then delivered a Cobalt Strike Beacon.
- Chain #3 involved DLL sideloading to deploy a custom Chrysalis backdoor, with similarities to previous Cobalt Strike payloads.
- Attackers frequently changed URLs and payloads to evade detection, with updates distributed from various domains.
- Detection methods include checking for NSIS installers, unusual DNS resolutions, and specific malicious shell commands.
- Indicators of compromise (IoCs) include malicious URLs, file hashes, and paths used in the attack.
Notepad++ Update Infra compromised for 6 months
3 months ago
- Notepad++ infrastructure was compromised for six months by suspected China-state hackers.
- Attackers selectively delivered backdoored versions of the app to targeted users.
- The attack began in June and involved intercepting and redirecting update traffic.
- A custom backdoor named 'Chrysalis' was used, described as sophisticated and feature-rich.
- Attackers maintained access to internal services until December, despite partial remediation in September.
- Older versions of Notepad++ had insufficient update verification controls, which were exploited.
Beg Bounties
3 months ago
- CloudPets exposed a MongoDB instance and S3 bucket with no authentication, leading to a data breach involving children's voice recordings.
- Companies often ignore data breach disclosures due to fear of scams or digital protection rackets.
- Beg bounty hunters exploit minor security issues to demand money, often without real vulnerabilities.
- Troy Hunt shares his experience with beg bounty attempts, emphasizing transparency and ethical disclosure.
- Public shaming of beg bounty hunters is advocated to deter their practices and protect companies.
- The security.txt standard is sometimes abused by beg bounty hunters, creating noise for genuine reports.
Neocities founder stuck in chatbot hell after Bing blocked 1.5M sites
3 months ago
- Bing started blocking approximately 1.5 million independent websites hosted on Neocities.
- Neocities, founded in 2013, preserves the 1990s Internet spirit by allowing free, personalized website creation.
- Neocities founder Kyle Drake noticed Bing blocking Neocities sites, initially resolved but re-blocked in January.
- Bing redirected users to a copycat site, raising security concerns about phishing.
- Bing traffic to Neocities dropped from 500,000 daily visitors to zero, prompting urgent reports via Bing webmaster tools.
CISA gives federal agencies one year to rip out end-of-life devices
3 months ago
- CISA mandates federal agencies to remove end-of-life devices within 12 months due to exploitation risks.
- Unsupported devices, including routers, firewalls, and IoT edge devices, are vulnerable to cyberattacks.
- Agencies must inventory end-of-life devices within three months and decommission them within a year.
- CISA will assist agencies and track compliance but won't publicly disclose the list of end-of-life devices.
- Nation-state actors, including from China and Russia, frequently target edge devices to infiltrate networks.
- Edge devices are attractive targets due to their network reach and integration with identity management systems.

first prev27next

About|Login

#cybersecurity

AI found 12 vulnerabilities in OpenSSL

Rust at Scale: An Added Layer of Security for WhatsApp

Trump's acting cybersecurity chief uploaded sensitive government docs to ChatGPT

US cyber defense chief accidentally uploaded secret government info to ChatGPT

US cybersecurity chief leaked sensitive government files to ChatGPT: Report

Potentially Critical RCE Vulnerability in OpenSSL

Disrupting the largest residential proxy network

U.S. Cybersecurity Chief Uploaded Classified Files to ChatGPT

Kimwolf Botnet Lurking in Corporate, Govt. Networks

Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site

1-Click RCE to steal your Moltbot data and keys

Match, Hinge, OkCupid, and Panera Bread breached by ransomware group

Notepad++ hijacked by state-sponsored actors

MaliciousCorgi: AI Extensions send your code to China

From magic to malware: How OpenClaw's agent skills become an attack surface

Notepad++ supply chain attack breakdown

Notepad++ Update Infra compromised for 6 months

Beg Bounties

Neocities founder stuck in chatbot hell after Bing blocked 1.5M sites

CISA gives federal agencies one year to rip out end-of-life devices