Infosec.Pub

4,844 readers
113 users here now

To support infosec.pub, please consider donating through one of the following services:

Paypal: jerry@infosec.exchange

Ko-Fi: https://ko-fi.com/infosecexchange

Patreon: https://www.patreon.com/infosecexchange

founded 2 years ago
ADMINS
jerry
shellsharks
modbot
listing: all - local
76
2
threat-modeling-mcp-server: A Model Context Protocol (MCP) server for comprehensive threat modeling with automatic code validation. (github.com)
submitted 2 days ago by digicat to c/blueteamsec
0 comments fedilink
77
82
Spotify lawsuit tries to kick Anna's Archive off the web, without much success (arstechnica.com)
submitted 5 days ago by lemmydev2 to c/pulse_of_truth
4 comments fedilink
 
 

Even with court orders, music firms struggle to eliminate notorious shadow library.

78
4
Forensic Implications of Localized AI: Artifact Analysis of Ollama, LM Studio, and llama.cpp (arxiv.org)
submitted 3 days ago by digicat to c/blueteamsec
1 comments fedilink
79
22
Iranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email account (www.reuters.com)
submitted 4 days ago by Innerworld@lemmy.world to c/cybersecurity
1 comments fedilink
80
3
K000156741: BIG-IP APM vulnerability CVE-2025-53521 - from Oct - previously a DoS with CVSS scores of 7.5 (CVSS v3.1) and 8.7 (CVSS v4.0) - re-categorized to an RCE with CVSS scores of 9.8 and 9.3 (my.f5.com)
submitted 3 days ago by digicat to c/blueteamsec
0 comments fedilink
81
46
Supreme Court Agrees With EFF: ISPs Don't Have To Be Copyright Enforcers (www.eff.org)
submitted 5 days ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

If your ISP can be liable for huge amounts of money for not terminating your access to the internet because of accusations that you—or someone in your household or college network—has committed copyright infringement, that is dangerous. We live in a world where high speed internet access is a necessity for participation in everyday life. That’s why liability for ISPs for their customers’ actions should not be expanded. Last fall, EFF filed an amicus brief urging the U.S. Supreme Court to reject an expansive theory of secondary copyright liability that threatened to impose massive damages on internet service providers and other technology companies simply for offering widely used services. Yesterday, the Court agreed. In Cox v. Sony, the Court reversed a Fourth Circuit decision that had upheld a billion-dollar verdict against internet provider Cox Communications. Writing for the majority, Justice Thomas explained that contributory liability is limited to two situations: when a defendant actively induces infringement, or when it provides a product or service that it knows is tailored for infringement. This framework closely tracks the approach EFF urged in our amicus brief. As we explained, courts should look to patent law for guidance in defining the boundaries of secondary copyright liability. Patent law recognizes liability where a defendant actively induces infringement, or distributes a product knowing that it lacks substantial non-infringing uses. The[...]

82
3
Inside Keitaro Abuse Part 2: One Platform, Many Threats (www.infoblox.com)
submitted 3 days ago by digicat to c/blueteamsec
0 comments fedilink
83
6
San Gabriel Valley sees early surge of tiny black flies that bite human eyes (abc7.com)
submitted 3 days ago* (last edited 3 days ago) by undefined@lemmy.hogru.ch to c/los_angeles
0 comments fedilink
 
 

Crossposted from https://europe.pub/post/10821717

84
9
We Are At War (thehackernews.com)
submitted 4 days ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it.  Introduction: One tech power to rule them all is a thing of the past  The relative safety, peace and prosperity that much of the world has enjoyed since 1945 was not accidental. It emerged from the ashes

85
1
Piratage de LiteLLM : Un "cheval de Troie" dans les outils d'IA des entreprises - ZDNET (www.zdnet.fr)
submitted 2 days ago by decio to c/cyberveille
0 comments fedilink
 
 

Une attaque sophistiquée par empoisonnement de la supply chain a frappé LiteLLM, un SDK populaire pour l'interopérabilité des modèles d'IA. En seulement 46 minutes, les versions malveillantes ont été téléchargées près de 47 000 fois, compromettant des milliers d'environnements de développement et de pipelines CI/CD.

86
1
Commission responds to cyber-attack on its Europa web platform (ec.europa.eu)
submitted 2 days ago by digicat to c/blueteamsec
0 comments fedilink
87
1
La Commission européenne a été piratée, 350 Go de données volées à Bruxelles (www.lesnumeriques.com)
submitted 2 days ago by decio to c/cyberveille
0 comments fedilink
 
 

La Commission européenne a confirmé une cyberattaque sur son infrastructure cloud hébergée chez AWS (Amazon Web Services). Le pirate aurait dérobé plus de 350 Go de données avant que la faille ne soit comblée. On parle de bases de données, de fichiers internes et d'informations sur les employés de Bruxelles. L'attaque a visé le compte AWS qui héberge les sites Europa.eu.

88
1
Pourquoi le futur Claude inquiète déjà Anthropic (www.01net.com)
submitted 2 days ago* (last edited 2 days ago) by decio to c/cyberveille
0 comments fedilink
 
 

Anthropic a mis au point une nouvelle version surpuissante de Claude. Cette nouvelle itération, considérée le modèle « de loin le plus puissant » jamais entraîné par la start-up, suscite même les inquiétudes d’Anthropic. Selon l’entreprise, Mythos pose des « risques de cybersécurité significatifs ».

Ce jeudi 26 mars 2026, Anthropic a commis une petite erreur sur son blog. À cause d’une « erreur humaine » de configuration sur le CMS de la start-up, une large quantité de brouillons et documents internes ont été mis en ligne par le biais d’une URL publique non sécurisée. Sans surprise, de nombreux curieux se sont mis à fouiller dans les documents mis en ligne par mégarde par Anthropic.

Deux chercheurs en cybersécurité, à savoir Roy Paz de LayerX Security et Alexandre Pauwels de l’université de Cambridge, découvrent ces documents publics et les envoient au magazine Fortune. Informée par Fortune, Anthropic coupe ensuite l’accès aux documents. La start-up reconnaît « un problème avec un outil CMS externe » et confirme qu’il s’agit de « premières versions de contenus envisagés pour publication ».

89
2
Exploring cross-domain & cross-forest RBCD (www.synacktiv.com)
submitted 3 days ago by digicat to c/blueteamsec
0 comments fedilink
90
2
ligolo-iwa: A Ligolo-ng JavaScript agent working inside Chrome/Edge by leveraging Isolated Web Applications - Advanced network tunneling through browser isolation. Bypass EDR detection etc. (github.com)
submitted 3 days ago by digicat to c/blueteamsec
0 comments fedilink
91
151
Meta loses trial after arguing child exploitation was “inevitable” on its apps (arstechnica.com)
submitted 6 days ago by lemmydev2 to c/pulse_of_truth
15 comments fedilink
 
 

Meta plans to appeal as it faces down two other child safety trials.

92
2
EtherRAT & SYS_INFO Module: C2 on Ethereum (EtherHiding), Target Selection, CDN-Like Beacons (www.esentire.com)
submitted 3 days ago by digicat to c/blueteamsec
0 comments fedilink
93
12
The telnyx packages on PyPI have been compromised (lwn.net)
submitted 4 days ago* (last edited 4 days ago) by cm0002@europe.pub to c/cybersecurity
0 comments fedilink
 
 

The SafeDep blog reports that compromised versions of the telnyx package have been found in the PyPI repository:

Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 million downloads per month (~30,000/day), making this a high-impact supply chain compromise. The payload downloads a second-stage binary hidden inside WAV audio files from a remote server, then either drops a persistent executable on Windows or harvests credentials on Linux/macOS.

94
2
Policy-Guided Threat Hunting: An LLM enabled Framework with Splunk SOC Triage (arxiv.org)
submitted 3 days ago by digicat to c/blueteamsec
0 comments fedilink
95
5
European Commission’s Data Stolen in Hack on AWS Account (www.bloomberg.com)
submitted 4 days ago by digicat to c/blueteamsec
1 comments fedilink
96
17
Police Used Flock to Give a Man a Traffic Ticket (www.404media.co)
submitted 5 days ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

“CAPTURED ON FLOCK CAMERA 31 MM 1 HOLDING PHONE IN LEFT HAND.” 

97
1
efiguard-detected: the dumbest way to detect efiguard (github.com)
submitted 3 days ago by digicat to c/blueteamsec
0 comments fedilink
98
5
Telnyx PyPI package compromised (telnyx.com)
submitted 4 days ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

Comments

99
3
I wrote a book (www.youtube.com)
submitted 3 days ago by rss@ibbit.at to c/cardano
0 comments fedilink
 
 

From Charles Hoskinson via this RSS feed

100
8
A Communal History of Metroidvania Video Games — Lost In Cult (www.lostincult.co.uk)
submitted 4 days ago by Klanky@sopuli.xyz to c/metroidvanias
4 comments fedilink
 
 

Below the Root mentioned. Haven't thought about that since I was a kid playing it on my Grandfather's Amiga in the early 90s...

view more: ‹ prev next ›