Aggregator
Boardroom Conversations Shift to Surviving a Breach
Black Nevas
You must login to view this content
AI 时代的白盒审计之我见
xAI Grok CLI Exposed Developer Code Through Automatic Whole-Repository Uploads
According to a reproducible wire-level analysis of version 0.2.93, xAI’s Grok Build CLI allegedly transmitted entire Git repositories, including unread files and commit history, to xAI infrastructure by default. The researcher noted that the behavior also sent the contents of files accessed by the agent, including a test .env file containing simulated credentials, without redaction. […]
The post xAI Grok CLI Exposed Developer Code Through Automatic Whole-Repository Uploads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Microsoft Entra ID gets passkeys default authentication starting September
New phishing kits target Microsoft 365 accounts, evade MFA
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot
哥斯拉流量分析
Attackers Distribute Password Attacks Across Fictional OAuth Apps to Evade SOC Alerts
Attackers are increasingly abusing spoofed OAuth application identifiers to enumerate Microsoft Entra ID accounts, test credentials, and fragment authentication activity across hundreds of thousands or millions of fictional applications. The technique exploits how Entra ID processes the client_id parameter in OAuth authentication requests. Every registered OAuth application is assigned a globally unique application identifier, and […]
The post Attackers Distribute Password Attacks Across Fictional OAuth Apps to Evade SOC Alerts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Один трюк с алгеброй может ускорить все вычисления в мире: от шифрования до искусственного интеллекта
一款伪装成云盘的恶意APP逆向分析
DragonForce
You must login to view this content
DragonForce
You must login to view this content
Cybercriminals Target Turkish Banks With 8,400 Phishing Domains and 6,600 Scam Ads
Cybercriminals are operating an industrial-scale fraud ecosystem targeting Turkey’s financial sector, using more than 8,400 phishing domains, thousands of social media advertisements, fake loan offers, illicit gambling services, and money-mule recruitment to steal credentials. Group-IB’s investigation links these operations into five interconnected schemes targeting dozens of Turkish banking brands. Group-IB recorded more than 6,600 scam […]
The post Cybercriminals Target Turkish Banks With 8,400 Phishing Domains and 6,600 Scam Ads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.