⚠️ NX Compromised to Steal Wallets and Credentials

｢ That malware steals wallets and API keys (.npmrc, env variables, etc.) and pushes them in that repository in the results.b64 file. Interestingly, the malware checks for the presence of Claude Code CLI or Gemini CLI on the system to offload much of the fingerprintable code to a prompt ｣

https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/

#nx #malware #cybersecurity

Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.

Part 1: https://leftarcode.com/posts/afd-reverse-engineering-part1/

Part 2: https://leftarcode.com/posts/afd-reverse-engineering-part2/

Part 3: https://leftarcode.com/posts/afd-reverse-engineering-part3/

Part 4: https://leftarcode.com/posts/afd-reverse-engineering-part4/

#reverseengineering #windows #cybersecurity #malware

Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.

Part 1: https://leftarcode.com/posts/afd-reverse-engineering-part1/

Part 2: https://leftarcode.com/posts/afd-reverse-engineering-part2/

Part 3: https://leftarcode.com/posts/afd-reverse-engineering-part3/

Part 4: https://leftarcode.com/posts/afd-reverse-engineering-part4/

#reverseengineering #windows #cybersecurity #malware

REMINDER:
everything created by #techbros should be treated as #malware. i would treat the so-called open source version of the not-so Open AI as a classic trojan, wooden horse and otherwise :
https://arstechnica.com/ai/2025/08/openai-releases-its-first-open-source-models-since-2019/

REMINDER:
everything created by #techbros should be treated as #malware. i would treat the so-called open source version of the not-so Open AI as a classic trojan, wooden horse and otherwise :
https://arstechnica.com/ai/2025/08/openai-releases-its-first-open-source-models-since-2019/

AquaSec deckte jetzt eine üble Malware für Linux auf, wobei verseuchte Bilddateien den Angriffsvektor beinhalten: Koske verbreitet sich - aktuell - über präparierte Pandabärbilder, die ein Script in C mit der unangenehmen Payload mitbringen. Offensichtlich half ein LLM bei der Entwicklung der Malware. Schöne, neue KI-Welt.

https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/

#Linux #malware #infosec #koske #ki #ai

AquaSec deckte jetzt eine üble Malware für Linux auf, wobei verseuchte Bilddateien den Angriffsvektor beinhalten: Koske verbreitet sich - aktuell - über präparierte Pandabärbilder, die ein Script in C mit der unangenehmen Payload mitbringen. Offensichtlich half ein LLM bei der Entwicklung der Malware. Schöne, neue KI-Welt.

https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/

#Linux #malware #infosec #koske #ki #ai

🚨 Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/

#gravityforms #supplychainattack #malware #wordpress

Mexiko: Untersuchung wegen mutmaßlicher Schmiergeldzahlung beim Kauf von Pegasus

Beim Kauf der Spionagesoftware Pegasus soll Mexikos Ex-Präsident Enrique Peña Nieto Schmiergeld kassiert haben. Die Staatsanwaltschaft leitet Ermittlungen ein.

https://www.heise.de/news/Mexiko-Untersuchung-wegen-mutmasslicher-Schmiergeldzahlung-beim-Kauf-von-Pegasus-10483500.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Malware#Netzpolitik#Pegasus #news

Mexiko: Untersuchung wegen mutmaßlicher Schmiergeldzahlung beim Kauf von Pegasus

Beim Kauf der Spionagesoftware Pegasus soll Mexikos Ex-Präsident Enrique Peña Nieto Schmiergeld kassiert haben. Die Staatsanwaltschaft leitet Ermittlungen ein.

https://www.heise.de/news/Mexiko-Untersuchung-wegen-mutmasslicher-Schmiergeldzahlung-beim-Kauf-von-Pegasus-10483500.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Malware#Netzpolitik#Pegasus #news

• It too is a shitshow in terms of #security and not really performant to the point that #NSAbook wrote their own cross-compiler to make it go brrr!...

Both #JavaScript & PHP are nuisances and should've been put down like #ActiveX.
Silverlight, #Shockwave and #FlashPlayer long ago!

• And yes, if you haven't seen PHP being used as #shitcoin #miner and #malware you haven't even tried dealing with it.

But you can spare yourself the trauma and stockholming...

• I've made peace with it, just as I've made peace never touching #Windows ever again.

You may call me an "opinionated asshole" from your point of view, but I sincerely wish I was wrong.

• Look where all the absurd complexity got us: #NSAbook, #JavaScript-based #malware that mines #shitcoins and #tracking #cookies.

The real cost doesn't come through to #consoomers except as #ReducedLifecycle due to #bloat.

But then again what do I expect from a coward doing the reply & block - combo, because confronting the fact that people got burned out by shit like PHP would mean admitting mistakes, and we can't have that as a fanboy.

#EOD #thxbye #next

Espionage 🤝 Cybercrime :: TA829 🤝 UNK_GreenSec

Our extensive visibility into the threat landscape has led us to conclude that there is very likely a link between TA829 (a cybercriminal actor also conducting #espionage in line with Russian state interests) & UNK_GreenSec (a #cybercriminal cluster observed deploying #malware and #ransomware).

See our research blog for a technical analysis of the intriguing overlap between the threat actor clusters. https://brnw.ch/21wTN3n