🪶Chilcano @Chilcano

As predicted, they’re hitting rust crates now. It’s not perfect or prod-ready yet but sanctum helps to mitigate this: github.com/postrv/sanctum…

Aikido Security @AikidoSecurity

2 days ago

We detected a supply-chain compromise in onering 1.4.1, a Rust crate on crates.io with 18,000+ downloads. The latest version uses a malicious build.rs script to quietly exfiltrate git data and source code from your latest commit on every build,

4 21 87 33K 18

This is the kind of Linux bug attackers love. > Not remote > Not flashy > Easy to miss But once they already have a small foothold, it can turn that access into full control of the host. CVE-2026-23111 now has public exploit details. Patch + reboot: thehackernews.com/2026/06/one-ch…

The reason is quite hilarious 😂😂. Microsoft put $50 billion into Anthropic. FIFTY billion dollars. they are a Project Glasswing partner. Fable 5 runs inside Azure. Microsoft sells Claude to its own enterprise customers through Microsoft 365 and GitHub Copilot. and they won't let their own employees use it. here's why. under Anthropic's new Mythos-class data retention policy, every prompt you type and every response you get is stored for 30 days. automatically. no opt out. if their safety classifiers flag anything in your session, anything, they keep it for up to two years. you don't get told when that happens, what was flagged or who can see it. Microsoft employees paste confidential contracts into these things. customer data. internal roadmaps. acquisition strategies. legal documents. source code. all of it sitting on Anthropic's servers for 30 days minimum. flagged sessions for two years. so the company that invested $50 billion looked at that policy and told its staff: actually hold on. other Claude models still work internally. under Zero Data Retention rules. the normal ones are fine. just not the most powerful one they helped fund. and one more thing. the Pentagon listed Anthropic as a supply chain risk in March and banned defense contractors from using its products. Microsoft funds Anthropic. sells Anthropic's models. runs them on Azure. helped build the most powerful one. won't let employees use it. the Pentagon won't let defense contractors near it. the safeguard that makes Fable 5 safe enough to release publicly is the same safeguard that lets Anthropic keep your data for two years. the guardrail is a data retention policy. but you can use it. it's in your browser right now. 🌚 have fun.

Polymarket @Polymarket

a day ago

JUST IN: Microsoft has reportedly restricted employee use of Claude Fable 5 over concerns that confidential data could be retained by Anthropic.

127 248 3K 1.3M 284

🏝️ OASIS — AI-Powered Code Security Auditing with Ollama Scan codebases for security vulnerabilities using local LLMs through Ollama. OASIS combines multi-model analysis, LangGraph orchestration, vulnerability validation, rich reporting, and an interactive web dashboard—all while keeping your source code on your own infrastructure. 🔗 github.com/psyray/oasis #CyberSecurity #AppSec #CodeReview #DevSecOps #Ollama #LLM #SecureCoding #OpenSource #SecurityAudit #AI

If you use @browserling for cross-browser testing, you can also add a lightweight security testing layer with OWASP PTK. Watch the demo.

We have detected that the popular package `onering` on crates.io has been compromised with an information stealer that runs on build, which sends a git diff to a Sentry endpoint without authorization: github.com/cenotelie/oner… This is quite novel.

⚡ Microsoft is adding a 2-hour delay before VS Code extensions auto-update. The wait gives maintainers more time to catch bad or compromised releases before they spread further. Read details: thehackernews.com/2026/06/vs-cod…

.@trailofbits holds the world record for breaking elliptic curve crypto with the fewest quantum qubits. Woooo 🤘

Trail of Bits @trailofbits

6 days ago

We beat Google's quantum circuit again, and we didn't have to forge a proof this time. Today we're releasing trailmix, a toolkit for quantum "kickmix" circuits. It includes 5 new circuits we built for elliptic curve addition, the hardest part of Shor's algorithm.

12 25 114 21K 32

yv1ing/z3r0: A controlled multi-agent workbench for authorized security assessment, code auditing, internal review, and controlled research. github.com/yv1ing/Z3r0

Whisper Leak — Exposing Side-Channel Information Leakage in Streaming LLM Conversations 🤖💀 Whisper Leak is a security research toolkit that demonstrates how encrypted, streaming conversations with Large Language Models can leak prompt information through packet sizes and timing patterns, even without decrypting TLS traffic. Key Features: • Capture and analyze encrypted LLM traffic • Build datasets from real chatbot sessions • Train CNN, LSTM, BERT, and LightGBM classifiers • Benchmark multiple LLM providers and configurations • Perform live or PCAP-based inference • Evaluate side-channel leakage risks at scale • End-to-end workflow for collection, training, and testing Supported across major LLMs including GPT, Claude, Gemini, DeepSeek, Grok, Qwen, Llama, Mistral, and more. 🔗 github.com/yo-yo-yo-jbo/w… #CyberSecurity #AIsecurity #LLM #ThreatResearch #OpenSource

Nullsec-S1 — Security-Focused AI Model for Auditing AI-Generated Applications 🤖💀 Nullsec-S1 is an open-source security model built specifically to audit AI-generated apps, AI agents, MCP tools, Web3 workflows, and vibecoded software. Unlike general-purpose LLMs, Nullsec-S1 produces structured JSON security audits containing findings, severity, exploit scenarios, remediation guidance, secure patches, and deterministic safety decisions. Key Highlights: • Built on Qwen2.5-Coder-7B-Instruct using PEFT/QLoRA • Covers 16 security categories including SSRF, SQLi, XSS, Prompt Injection, MCP Tool Abuse, Command Injection, and Web3 risks • Deterministic Security Alignment & Safety Layers • MCP support for Cursor and Claude Desktop • CLI, API, FastAPI server, and CI integration • 1,741 curated security training examples • 111-case security benchmark focused on AI-generated software Benchmark Results: 🥇 Nullsec-S1 — F1: 0.9245 | False-Safe Rate: 0.0% 🥈 GPT-5.3 Codex — F1: 0.7252 🥉 Claude Opus 4.8 — F1: 0.6550 The project focuses on structured, reproducible security verdicts rather than free-form security commentary. 🔗 github.com/trynullsec/nul… #CyberSecurity #AISecurity #AppSec #MCP #OpenSource

Microsoft discovered that Anthropic's Claude Code GitHub Action is vulnerable to prompt injection attacks via issues and Pull Requests microsoft.com/en-us/security…

I saw the Gemma 4 announcement two days ago, found some time tonight. Built a small CLI around it. Gemma 4 12B can describe images, and it's just an 8GB model you can self-host, which means you can wire it into small utility tools without paying for a vision API. I used it to generate alt text & blog outlines from whiteboard photos Works well enough to be useful :D

🤩How we contain Claude across products🤩 anthropic.com/engineering/ho… @AnthropicAI just published what may be the best practical security article I've read on securing AI assistants. Covers: → Prompt injection → User phishing → Data exfiltration → MCP/tool risks → Sandbox escapes → VM isolation → Agent permissions → Multi-agent trust issues

Someone hid a self-replicating worm inside 37 npm packages. Written in Rust. Hidden behind an eBPF kernel rootkit. Talking to its operator over Tor. It steals 86 environment variables. AWS keys. GCP keys. Vault secrets. Kubernetes tokens. Your Anthropic API key. Your OpenAI key. Your Exodus wallet seed phrase. Then it uses your own npm credentials to republish itself into your packages. So your code infects the next developer. Who infects the next one. The commits were backdated up to 13 years. The commit author name was “claude.” The malware named itself after the AI to hide in plain sight. The attacker also left their own wallet recovery phrase in the debug data. Nobody is having a good day. Check your preinstall hooks.

Aikido Security @AikidoSecurity

a week ago

⚠️ New "IronWorm" supply-chain attack: 30+ npm packages from @ asteroiddao shipped a malicious Rust binary firing on preinstall. It sweeps 86 env vars + 20 credential files (AWS, GCP, Vault, npm, plus AI keys like Anthropic & OpenAI), hits Exodus wallets, hides behind an eBPF

48 186 818 609K 440

That’s why the human element is always considered the weakest link in cybersecurity.

Cybersecurity is a broken industry. We rely on products that were designed to be sold, not used. And the incentives are completely screwed up. I made this video about all of the ways things are bad, how we accidentally make it worse, and why new technology won't fix it.

⚠️ Poisoned #WhatsApp, Slack, or SMS notifications could hijack Google Gemini on Android. No malicious app needed. A single alert could make #Gemini fake messages, trigger actions, join Zoom calls, or poison memory. Read details: thehackernews.com/2026/06/whatsa…

Every time a major company tells users to run "curl url | bash" to install thier tool, it irresponsibly normalizes a dangerous security anti-pattern. You should be promoting secure behavior by default, not the other way round:

Sensurround @ShamashAran

a week ago

Can we PLEASE for the love of all that his holy STOP NORMALIZING THIS INSTALL METHOD

398 282 7K 586K 469

Prechained.com just got a major upgrade. For anyone who doesn't know what Prechained is: It's a free, open-source cryptographic archive of the software supply chain. Every package version we capture gets SHA-384 fingerprinted and permanently archived to GitHub — before any attack is disclosed, before any takedown, before any security researcher publishes a finding. The receipt already exists. That's the point. What's new: → Real-time npm monitoring. New packages published to npm are monitored in real time, Not a curated list — the entire feed. → Live Threat Feed. Automatic detection of fingerprint mutations, new install hooks, publisher changes, and size spikes. Every finding links to verifiable before/after receipts. → Incident Registry. Community-submitted and auto-detected incidents in one place. Submit a package. Get a cryptographic receipt. → 8 ecosystems. npm, PyPI, Cargo, RubyGems, NuGet, Maven, Packagist, GitHub. Free. No login. No account. AGPL-3.0. prechained.com #SupplyChainSecurity #npm #CyberSecurity #infosec #SoftwareSupplyChain #OpenSource #SBOM #DevSecOps #PackageSecurity #CyberThreats #CMMC #OSS cc @OpenSSF @socketdotdev @SwiftOnSecurity @Ransom_DB