Infosec.Pub

From Input Output via this RSS feed

From Input Output via this RSS feed

Armstrong’s claim that AI code should be “reviewed and understood" didn't allay fears that Coinbase is being held together by “vibe-coding.” The post Coinbase thinks vibe-coding 50% of its platform is a good idea appeared first on Protos.

Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability (CVE-2025-24204) that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue stems from Apple mistakenly granting the /usr/bin/gcore utility the com.apple.system-task-ports.read entitlement in macOS 15.0 (Sequoia). Apple removed the entitlement in macOS 15.3. Koh M. Nakagawa speaking at Nullcon Berlin 2025 This entitlement gave gcore the ability to read the memory of any process on the … More → The post macOS vulnerability allowed Keychain and iOS app decryption without a password appeared first on Help Net Security.

VirusTotal Code Insight keeps adding new file formats. This time, we’re looking at two vector-based formats from very different eras: SWF and SVG. Curiously, right after we rolled out this update in production, one of the very first submitted files gave us a perfect, and unexpected, example of Code Insight in action: it uncovered an undetected malware campaign using SVG files that impersonated the Colombian justice system.

Audio version of this post, created with NotebookLM Deep Dive

Your browser does not support the audio element.

SWF: a blast from the past Flash is dead, Adobe killed it in 2020 and browsers stopped supporting it shortly after. But surprisingly, SWF files still show up on VirusTotal. Whether it’s old malware resurging, retro hunting, or long-tail campaigns, they haven’t disappeared completely.

In fact, VirusTotal received 47,812 unique SWF files in the last 30 days that had never been seen before, and 466 of them were flagged as malicious by at least one antivirus engine.

SWF files are binary and compiled. That means Code Insight needs to:

Unpack and decompress the container (often zlib or LZMA)
Parse the internal tag structure
Extract embedded scripts, either ActionScript 2 (AVM1) or ActionScript 3 (AVM2 bytecode + decompiling/disassembling)

Once we lift those scripts into something closer to pseudocode or readable disassembly, the LLM steps in to summarize what the file is doing and why it might be[...]

A sophisticated phishing operation has been running undetected for over three years across Google Cloud and Cloudflare infrastructure, impersonating major corporations including defense contractor Lockheed Martin. The campaign, which utilized advanced cloaking techniques and compromised expired domains, demonstrates a concerning failure in detection capabilities by two of the internet’s largest service providers. The operation began […] The post Phishing Campaign Went Undetected for Over 3 Years on Google Cloud and Cloudflare appeared first on Cyber Security News.

In the first half of 2025, there were 8,062,971 DDoS attacks worldwide, with EMEA taking the brunt at 3.2 million attacks, according to Netscout. Peak attacks reached speeds of 3.12 Tbps and 1.5 Gpps. These attacks have moved beyond simple disruption tools and are now precision instruments of geopolitical influence. They can target critical infrastructure at the most sensitive moments. Geopolitical events drive global DDoS trends Major political events triggered significant spikes in attacks. During … More → The post DDoS attacks serve as instruments of political influence and disruption appeared first on Help Net Security.

From Charles Hoskinson via this RSS feed

From Charles Hoskinson via this RSS feed

The three certificates were issued in May but only came to light Wednesday.

A new specimen of “infostealer” malware offers a disturbing feature: It monitors a target's browser for NSFW content, then takes simultaneous screenshots and webcam photos of the victim.

From Input Output via this RSS feed

From Input Output via this RSS feed

From Input Output via this RSS feed

cross-posted from: https://lemmy.sdf.org/post/41602217

https://archive.ph/KYOew