CIRCLE WITH A DOT

(safedep.io) Compromised art-template npm Package Delivers Coruna iOS Exploit Kit via Supply Chain AttackCritical supply-chain compromise detected in the npm package art-template (4.13.3–4.13.6), delivering the Coruna iOS exploit kit via account takeover. The attack targets iPhone users with a multi-stage payload exploiting CVE-2024-23222 (CVSS 8.8) and 22 other vulnerabilities, leading to native code execution and cryptocurrency wallet theft via PLASMAGRID.In brief - A maintainer account takeover enabled malicious versions of the widely used art-template npm package to inject browser-based payloads. The attack chain delivers the Coruna exploit kit, exploiting iOS vulnerabilities (including CVE-2024-23222) to deploy PLASMAGRID, a cryptocurrency wallet stealer. Active C2 infrastructure and throwaway npm accounts highlight persistent supply chain risks.Technically - Unauthorized modifications to template-web.js in art-template versions 4.13.3–4.13.6 appended code loading external scripts from v3.jiathis[.]com. The attack stages include Baidu Analytics tracking, iPhone-specific iframes, device fingerprinting, and delivery of the Coruna exploit kit (606KB, 14 modules). CVE-2024-23222 (JavaScriptCore type confusion) is exploited via WebAssembly type confusion and JIT heap spraying, bypassing ASLR through dyld shared cache parsing. ARM64 shellcode executes syscalls (ptrace, csops) for native code execution. PLASMAGRID targets wallets like MetaMask, with C2 (l1ewsu3yjkqeroy[.]xyz) fronted by Cloudflare. Throwaway npm accounts (v4v5qc, npmpacketmaintainmember7) and GitHub renames (aui → goofychris) maintained persistence.Source: https://safedep.io/art-template-npm-supply-chain-compromise#Cybersecurity #ThreatIntel

(nattothoughts.com) Insecure-by-Design: How Meari Technology's IoT Infrastructure Exposes Global Surveillance Risks and AI Training AmbitionsMeari Technology’s IoT infrastructure exposes over 1M devices (baby monitors, security cameras) across 118 countries due to systemic architectural flaws enabling unauthorized vendor/third-party access to live/stored feeds. No security boundary exists between backend and user devices.In brief - A Chinese ODM’s insecure-by-design IoT platform risks global surveillance exposure, with delayed remediation and potential AI training data exploitation. Disclosure process revealed hostile vendor response and partial fixes.Technically - Flaws include unauthenticated MQTT brokers, hardcoded credentials, misconfigured P2P relays, and unsecured alert image storage. Researcher documented 12 evidence points confirming vendor access. RunZero disclosed 5 high-risk CVEs post-contentious 2-month CVD process. Systemic design choices, not bugs, enable persistent access.Source: https://www.nattothoughts.com/p/is-this-chinese-company-watching#Cybersecurity #ThreatIntel

The US Cybersecurity and Infrastructure Security Agency (CISA) didn't follow good practices and lefta a github repo open with its digital keys and cloud tokens... For 6 months. https://gizmodo.com/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330#cyberSecurity

️ Clear your calendar, Drupal user: You have a critically urgent patch to install https://www.theregister.com/security/2026/05/19/drupal-warns-admins-to-brace-for-highly-critical-core-patch/5242728#drupal #cybersecurity

@KerryTNews why the heck are they online when they are so poorly protected ? almost like they are asking for it... No I don't condone their actions but any device out on the internet in this state is bad joke ... To have anything of value behind it , especially something of critical importance is incredibly negligent behaviour in my eyes 🫩

Kaushik Shanadi, CTO & Co-Founder of Helmet Security, says enterprises are deploying AI agents into environments they don’t fully understand.️ Prompt injection️ Poisoned MCP servers️ Autonomous action abuse️ Limited logging and traceability“Traditional security was largely built around data exposure. The emerging concern is action exposure.”https://www.technadu.com/enterprise-security-was-built-around-data-loss-while-ai-agent-autonomy-enables-action-abuse/628045/#CyberSecurity #AI #AIAgents #EnterpriseSecurity #PromptInjection #InfoSec

(huntress.com) Demystifying the Ransomware-as-a-Service Ecosystem: Why Branding Alone Fails to Explain Intrusion TradecraftIn brief - The RaaS ecosystem is far more fragmented than ransomware branding suggests. Initial access, persistence, and exfiltration vary widely even within the same ransomware family, driven by affiliates and IABs using diverse TTPs. Defenders must focus on intrusion chains, not just payloads, to mitigate risks effectively.Technically - RaaS operations split roles: operators provide malware/infrastructure, while affiliates execute attacks via exposed RDP, vulnerable edge appliances (e.g., SonicWall VPNs), or rogue RMM tools (ScreenConnect, TeamViewer). Persistence includes hidden accounts or additional RMM installs. Evasion ranges from minimal obfuscation to BYOVD/EDR killers. Exfiltration leverages 7-Zip, MegaSync, RClone, or even finger.exe. Same ransomware (e.g., Qilin, Akira, LockBit) can deploy via disparate chains, complicating attribution. Prioritize monitoring TTPs over payloads for threat hunting.Source: https://www.huntress.com/blog/raas-ecosystem-ransomware-tradecraft#Cybersecurity #ThreatIntel

New ransom group blog posts!Group name: dragonforcePost title: VegaInfo: https://cti.fyi/groups/dragonforce.htmlGroup name: pearPost title: Exchange GroupInfo: https://cti.fyi/groups/pear.htmlGroup name: pearPost title: Indian Creek Valley Water AuthorityInfo: https://cti.fyi/groups/pear.htmlGroup name: pearPost title: Fana Jewelry IncInfo: https://cti.fyi/groups/pear.htmlGroup name: pearPost title: Pro Farm Group IncInfo: https://cti.fyi/groups/pear.html#ransomware #cti #threatintelligence #cybersecurity #infosec

1Password and OpenAI partner to provide just-in-time credentials for AI coding agents, reducing the risk of secret leakage in prompts. #Cybersecurity #AI https://deafnews.it/en/article/1password-and-openai-partner-to-provide-just-in-time-credentials-for-ai-agents

CERT-AGID identifies a phishing campaign targeting the Italian Revenue Agency via cloned SPID portals and pre-filled emails to compromise users. https://deafnews.it/en/article/phishing-agenzia-delle-entrate-clone-spid-con-email-precompilata #Cybersecurity

Every single blueteamer in information security at the moment...#infosec #cybersecurity #security

Now is a good time to remind everyone that there has been an open request since 2018 to harden how VS Code extensions are run, and Microsoft has yet to address ithttps://github.com/microsoft/vscode/issues/52116

KI-Ära: Laut Verizon mehr Angriffe über Lücken als mit gestohlenen ZugangsdatenFast 20 Jahre hat man bei Verizon mehr Cyberangriffe mittels gestohlener Zugangsdaten als solche über Sicherheitslücken gezählt. In der KI-Ära ändert sich das.https://www.heise.de/news/KI-Aera-Laut-Verizon-mehr-Angriffe-ueber-Luecken-als-mit-gestohlenen-Zugangsdaten-11299991.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#Cyberangriff #Cybercrime #Cybersecurity #IT #KünstlicheIntelligenz #Security #Sicherheitslücken #news

RE: https://infosec.exchange/@patrickcmiller/116603769388913551Wow, this is a good article that everyone planning #cybersecurity should read: “An attacker who compromises a valid credential doesn’t trigger endpoint detection. An attacker who moves from one cloud service to another using legitimate trust relationships doesn’t trip network alerts. An attacker who creates a new automated credential using the permissions of a compromised account doesn’t set off the configuration scanner.”#ciso #infosec #tools #programmanagement

@kcarruthers #Greenwashing #AI #slop doesn't address the root cause: #Capitalism #greed is focusing classic #AbuseOfPower in applying #ClimateCrisis metrics, from monopolizing #FossilFuels in #DataCenters - multiplying effects are rendering more and more life #extinct Replace #TechBros and #FossilFuels leaders with ethical #RootInfrastructure #scientists.

It is L0pht day, again.In 1998 a group of hackers announced they could take down the internet in 30 mins.Some things have changed since then. But a lot definitely hasn't. Just check e.g Shodan.What HAS changed, is the pace at which we went from vulnerability disclosure, to exploitation in the wild.We went from years, to months, to days, to hours *on average*.I think infosec is going to take on a whole new shape in the next decade. The era of ignoring is past.#CyberSecurity #infosec

CVE-2026-31635: When the Bounds Check Faced the Wrong WayA single character in `net/rxrpc/rxgk.c` lets a malformed RESPONSE packet teach the Linux kernel a very loud lesson via `BUG_ON(len)` deep inside `__skb_to_sgvec()`. The fix flips `<` to `>`. That is the whole story, and that is exactly why it is worth telling.https://www.ehabhussein.com/p/cve-2026-31635-when-the-bounds-check-faced-the-wrong-way#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE202631635

New ransom group blog post!Group name: incransomPost title: NothingInfo: https://cti.fyi/groups/incransom.html#ransomware #cti #threatintelligence #cybersecurity #infosec

@kuketzblogEin Verwaltungsrichter dazu: „Der durch die Ausweiskontrollen und die Videoüberwachung erzeugte Schutz von Leben, Gesundheit und Freiheit sei höher zu gewichten als der niedrigschwellige Eingriff in das Recht auf informationelle Selbstbestimmung“.Die Stimmung auf Facebook ist eindeutig: Das Gericht hat ... richtig entschieden ... „Der Datenschutz verkommt immer mehr zum Täterschutz“, bringt ein Kommentar die verbreitete Haltung auf den Punkt.https://www.merkur.de/verbraucher/geht-um-sicherheit-badegaeste-begruessen-ausweiskontrollen-und-kameras-in-problemfreibaedern-zr-94315961.html

CVE-2026-34473: Unauthenticated Denial of Service in ZTE Routers ZTE routers with 17+ models are affected, impacting 140K+ devic...https://www.reddit.com/r/hacking/comments/1thj9vd/cve202634473_unauthenticated_denial_of_service_in/ hacking: security in practice#CVE #CyberSecurity