Es gab mal wieder ein Problem mit einem npm Paket dessen maintainer gehackt wurde. Das Paket hat dann direkt angefangen einen Trojaner zu Persistieren.

Axion heißt das Paket soweit ich informiert bin (aktuell).

Hat da jemand Informationen zu und/oder zahlen?
Auch das wie ist hier extrem interessant aktuell.
Danke.

#npm #infosec #malware #hacked

In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: blog.rice.is/post/doom-over-dn…

repo: github.com/resumex/doom-over-d…

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

💀 How to Execute a DNS Cache Poisoning Attack: Between Entropy and Post-Quantum

In this article we bring the phenomenon of the DNS Poisoning Attack into the laboratory, controlling the variables, reducing entropy, analyzing the behavior of the resolver; all to understand quantitatively why the modern countermeasures of randomization, 0x20 encoding, DNSSEC have drastically raised the computational cost of the attack.

🔗 Link 👉 8bitsecurity.com/posts/how-to-…
#cybersecurity #infosec

How to Execute a DNS Cache Poisoning Attack: Between Entropy and Post-Quantum

8Bit Security - Cybersecurity tips, insights, tools, and resources to protect your digital world.

^{8Bit Security}

The correct way to run a headline for this story. The reg does not disappoint

#uspol #routers #surveillance #privacy #nationalsecurity #cybersecurity #infosec #cisco #theregister

#GiftArticle

#TSA Tipped Off #ICE Agents Before Arrests at #SanFrancisco #Airport

Transportation Security Administration officials told ICE that a mother & daughter under a detention order had planned to fly domestically, federal documents show.

#law #entrapment #immigration #Trump #privacy #InfoSec #DueProcess
nytimes.com/2026/03/24/us/tsa-…

Supply-chain attack on litellm

"At 10:52 UTC on March 24, 2026, litellm version 1.82.8 was published to PyPI. The release contains a malicious .pth file (litellm_init.pth) that executes automatically on every Python process startup when litellm is installed in the environment."

futuresearch.ai/blog/litellm-p…

#genai #llms #litellm #infosec #python

Supply Chain Attack in litellm 1.82.8 on PyPI

litellm version 1.82.8 on PyPI contains a malicious .pth file that harvests SSH keys, cloud credentials, and secrets on every Python startup, then attempts lateral movement across Kubernetes clusters.

^{Callum McMahon (FutureSearch)}

Addressing the #LiteLLM supply chain incident:

All #SakuraSky managed production environments are unaffected by the v1.82.7/8 compromise.

Our infrastructure is a "Zero-Value Target." Using #OIDC and Just-in-Time key injection, we ensure that even if a library is breached, it finds an "empty room"- no static keys or .env files to steal.

We’re also accelerating our Sentinel framework for deeper AI agent governance.

Details: sakurasky.com/blog/security-ad…

#InfoSec #AI #SupplyChainSecurity #DevSecOps

Supply Chain Attack Targets litellm Library to Steal Cloud Credentials and Hijack Kubernetes Clusters

TeamPCP compromised the litellm Python library to distribute malicious versions (1.82.7 and 1.82.8) that harvest cloud credentials, SSH keys, and Kubernetes secrets. The attack uses a persistent backdoor and lateral movement toolkit to compromise entire clusters and steals data to attacker-controlled infrastructure.

**If you use litellm in any project, check immediately whether you have version 1.82.7 or 1.82.8 installed. If so, isolate the affected systems, revert to a clean version, and rotate every credential on those machines (SSH keys, cloud tokens, API keys, database passwords, crypto wallets, all of it). Because this attack can spread through other tools that depend on litellm, also audit your broader Python environments and CI/CD pipelines for these versions, remove any persistence files (sysmon.py, sysmon.service), and check Kubernetes clusters for unauthorized pods.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai…

🐛 NEW SECURITY CONTENT 🐛

💻 macOS Tahoe 26.4 - 77 bugs fixed
support.apple.com/en-us/126794
💻 macOS Sequoia 15.7.5 - 60 bugs fixed
support.apple.com/en-us/126795
💻 macOS Sonoma 14.8.5 - 54 bugs fixed
support.apple.com/en-us/126796
📱 iOS and iPadOS 26.4 - 38 bugs fixed
support.apple.com/en-us/126792
🥽 visionOS 26.4 - 29 bugs fixed
support.apple.com/en-us/126799
📱 iOS and iPadOS 18.7.7 - 25 bugs fixed
support.apple.com/en-us/126793
⌚ watchOS 26.4 - 22 bugs fixed
support.apple.com/en-us/126798
📺 tvOS 26.4 - 17 bugs fixed
support.apple.com/en-us/126797
⌚ watchOS 8.8.2 - no CVE entries
⌚ watchOS 5.3.10 - no CVE entries

#apple #cybersecurity #infosec #security #ios

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

Is this the first time a major service has removed end-to-end encryption instead of adding it? Why Instagram?

#instagram #socialmedia #privacy #infosec #technology #enshittification

"We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare."

techdirt.com/2026/02/25/hacker…

#Discord #AgeVerification #Infosec

Hackers Expose The Massive Surveillance Stack Hiding Inside Your “Age Verification” Check

We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitiv…

^Techdirt

All information som samlas in riskerar att läcka, det är bättre att sluta använda en tjänst än att lämna ifrån sig personlig information.

omni.se/kanslig-information-la…

#infosec #sverige #hacking

Uppgifter: Stor dataläcka från statligt it-system

Hackare uppges ha läckt stora mängder känslig information från ett statligt it-system på darknet, rapporterar Expressen och DN.

^{Alice Hermansson (Omni)}

🆕 New event added:

📌 BSidesAdelaide
📅 Jul 27-28, 2026
📍 Adelaide (SA) 🇦🇺
🔗 bsidesadelaide.com.au

#infosec #cybersecurity #conference #Bsidesadelaide #Australia

BSides Adelaide | Join the Cybersecurity Community

Discover BSides Adelaide 2026, a premier cybersecurity event in South Australia on July 27-28, 2026, focused on collaboration, education, and networking. Join us!

^{BSides Adelaide}

🚀 I've just opened 2 new roles in my department at the Open Home Foundation to work full-time on #HomeAssistant!

🖥️ Frontend Engineer
🔐 Security Engineer

Fully remote. Full-time. #OpenSource every day.

Best job in the world. Working on open source for a non-profit, building the biggest smart home platform on the planet. It changed my life; your chance to change yours.

Boosts appreciated! 🙏

🔗 openhomefoundation.org/jobs

#SmartHome #Hiring #RemoteWork #FOSS #InfoSec
openhomefoundation.org/jobs

Open Home Foundation Jobs

^{www.openhomefoundation.org}

There are scam notifications about "monetization" on here going around.

👉 Don't fall for them.
👉 Don't click the link.
👉 Report and block on sight.

There is no monetization scheme on mastodon.social, nor any other fedi instance I know of.

Stay safe!

#Fediverse #InfoSec

Motorola announces a partnership with GrapheneOS Foundation
motorolanews.com/motorola-thre…

> Motorola and the GrapheneOS Foundation will work to strengthen smartphone security and collaborate on future devices engineered with GrapheneOS compatibility.

This could be a gamechanger. Congratulations to @GrapheneOS, fingers crossed this works out well!

#InfoSec #GrapheneOS

Motorola News | Motorola's new partnership with GrapheneOS

Motorola announces three new B2B solutions at MWC 2026, including GrapheneOS partnership, Moto Analytics and more.

^{marreroc (Motorola's Official Global Blog)}