Attacks & Vulnerabilities |
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer (2 minute read)
Checkmarx Zero identified and removed a malicious VSCode extension, "prettier-vscode-plus," within 4 hours of publication, limiting the impact to 6 downloads and 3 installs before removal. The brandjacking attack deployed Anivia Stealer (likely rebranded ZeroTrace, sold as MaaS for €120/month) using fileless execution from memory and sandbox evasion techniques to steal Windows credentials, data, and WhatsApp chats. Security teams should implement extension vetting controls and monitor developer tool installations, as supply chain attacks targeting IDEs increasingly aim to compromise source code and credentials. |
US banks scramble to assess data theft after hackers breach financial tech firm (3 minute read)
Major US banks and financial firms are investigating data stolen in a cyberattack targeting SitusAMC, a New York firm that serves hundreds of lenders. The breach involved theft of corporate, legal, and accounting records, but no malware was deployed. The full scope and impact remain under review. The FBI and affected banks are working to safeguard customer information and determine how many consumers may be affected. |
Update Firefox to Patch CVE-2025-13016 Vulnerability Affecting 180 Million Users (2 minute read)
A critical memory vulnerability in Firefox's WebAssembly (Wasm) engine, tracked as CVE-2025-13016, exposed 180 million users to remote code execution risks for six months. The flaw involved a stack buffer overflow within the Garbage Collection mechanism caused by an incorrect memory pointer calculation, allowing attackers to hijack program flow via malicious webpages. Security professionals should ensure all instances of Firefox are updated to version 145 or ESR 140.5 immediately to mitigate this high-severity risk. |
|
Public Report: Google Private AI Compute Review (1 minute read)
NCC Group conducted a comprehensive security review of Google's Private AI Compute system across two phases (April-September), investing 100 person-days with 10 consultants to assess the cloud-based AI system designed to extend mobile device capabilities while maintaining local privacy guarantees. The review covered architecture assessment, cryptographic implementations, IP-blinding relay security, Outbound RPC Enforcement configuration, and frontend server source code analysis. Security teams working on privacy-preserving cloud AI architectures should examine the full downloadable report for insights on attestation mechanisms, secure enclaves, cryptographic protocols, and privacy-preserving infrastructure design patterns. |
How to replicate the Claude Code attack with Promptfoo (16 minute read)
State actors weaponized Claude Code through jailbreaking (roleplay as security researchers + task decomposition) rather than traditional exploits, achieving 82% success rates in installing keyloggers, reverse shells with systemd/.bashrc persistence, LD_PRELOAD hooks, and exfiltrating SSH/API keys. The "lethal trifecta" vulnerability arises when agents have access to private data, exposure to untrusted content, and external communication ability. Traditional security tools fail because jailbreak traffic appears legitimate and the attack vector is semantic, not technical. Security teams must implement deterministic access controls, use red team testing tools like Promptfoo before deployment, and recognize that context-blind guardrails and helpful-by-default bias create fundamental vulnerabilities requiring semantic security defenses beyond traditional WAF/IDS/AV solutions. |
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) (14 minute read)
Organizations and individuals have been carelessly exposing sensitive passwords, credentials, keys, and private data by pasting them into public online code formatting tools like JSONFormatter and CodeBeautify. These tools often let users save and share formatted data through predictable URLs, leaving credentials easily discoverable and accessible to anyone, including attackers. Thousands of secrets belonging to major sectors such as government, banking, healthcare, and critical infrastructure have been discovered. Never trust random online tools with any sensitive information, as this habit creates far-reaching security risks and exposure. |
|
Santamon (GitHub Repo)
Santamon is an experimental macOS detection sidecar for Santa that evaluates Endpoint Security telemetry locally using CEL rules. It forwards only matched detections to a backend while keeping raw telemetry on-device. Santamon leverages Santa's existing ESF sensor capabilities, avoiding Apple entitlement requirements. It adds three detection rule types: simple matching, time-window correlation, and baseline (first-seen) tracking with optional process tree enrichment. |
BLT (GitHub Repo)
OWASP BLT (Bug Logging Tool) is an open-source platform that democratizes bug bounties and security research. Built by the community for the community, BLT makes it easy for security researchers, developers, and organizations to collaborate on finding and fixing security vulnerabilities. |
Ray Security (Product Launch)
Ray Security offers real-time, AI-driven data protection for enterprises. Its platform learns and monitors data usage, applying dynamic security controls to active data, detecting unusual behavior, and automatically responding to threats without impeding operations. |
|
JPMorgan, Citi, Morgan Stanley assess fallout from SitusAMC data breach (3 minute read)
SitusAMC, a mortgage data processor serving major banks including JPMorgan, Citi, and Morgan Stanley, suffered a data exfiltration attack discovered on November 12 that exposed corporate data and potentially customer PII, including SSNs, financial details, and employment records from loan applications. The attack used no ransomware, focusing purely on data theft. It was contained through credential resets, by disabling remote access, and by updating the firewall. Financial institutions must strengthen third-party risk management programs with written oversight policies per new SEC Regulation S-P amendments, as vendor breaches now account for 30% of financial sector incidents (up 15% YoY). |
Google Antigravity Exfiltrates Data (4 minute read)
Google Antigravity is vulnerable to indirect prompt injection attacks where poisoned content manipulates the AI into bypassing .gitignore restrictions to steal sensitive credentials from .env files. The data is exfiltrated via a browser subagent directed to a malicious URL, exploiting default settings that allow autonomous command execution and whitelist dangerous domains. Security professionals should mitigate this risk by reviewing "Agent-assisted development" permissions and strictly monitoring AI agent access to sensitive files and external network traffic. |
WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation (3 minute read)
WormGPT 4 and KawaiiGPT are new "dark LLMs" that empower less-skilled cybercriminals by automating phishing, malware creation, and reconnaissance without ethical guardrails. WormGPT 4 is a paid service that offers malware generation capabilities. KawaiiGPT is a free, open-source tool that facilitates social engineering and lateral movement scripts. Security professionals should view these tools as a new baseline for digital risk and prepare for a democratized threat landscape where advanced attack capabilities are accessible to anyone with an internet connection. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| Want to advertise in TLDR? š° If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? š¼ Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
| |
VHAVENDA I.T SOLUTIONS
0 Comments
VHAVENDA IT SOLUTIONS AND SERVICES WOULD LIKE TO HEAR FROM YOUš«µš¼š«µš¼š«µš¼š«µš¼