PureLogs: Delivery via PawsRunner Steganography

Attackers are concealing .NET infostealers within seemingly innocuous images to evade detection. A phishing campaign uses TXZ archive attachments with invoice-themed lures to initiate infection. The embedded JavaScript leverages environment variables to hide malicious commands, launching PowerShell to decode and decrypt payloads. PawsRunner, a steganography loader, extracts encrypted data from PNG images containing cat photos. This loader evolved from simple PE downloads to sophisticated steganographic extraction with fallback mechanisms. The final payload, PureLogs version 5.0.0, is a comprehensive infostealer from the Pure family that harvests credentials from browsers, cryptocurrency wallets, password managers, communication apps, and other applications. It employs extensive async/await patterns and communicates with command and control infrastructure via HTTPS using multiple endpoints to exfiltrate encrypted and compressed stolen data.

Pulse ID: 6a0f272cd9c82db936e6a249
Pulse Link: https://otx.alienvault.com/pulse/6a0f272cd9c82db936e6a249
Pulse Author: AlienVault
Created: 2026-05-21 15:39:24

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #Browser #CyberSecurity #Endpoint #HTTP #HTTPS #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #Password #Phishing #PowerShell #RAT #SMS #Steganography #Word #bot #cryptocurrency #AlienVault

PixHub.social

https://friendica.opensocial.space/display/8ffdf77c-226a-0dc4-a523-520361035257

Zur Instanz: https://pixhub.social

#Fediverse #ActivityPub #Dezentralisierung #OpenWeb #SocialMedia #Web3 #Internet #DigitaleSouveränität #OpenSource #Protokolle #WebStandards #APIs #JSON #HTTP #SoftwareArchitektur #Mastodon #Pixelfed #PeerTube #Lemmy #Funkwhale #WriteFreely #Datenschutz #Digitalisierung #Netzpolitik #AlternativeSocialMedia #Community #Bloggen #TechBlog #DigitalTrends #Internetkultur

The HTTP 'Link' response header can be a way of letting you create small-net type HTML (as a document) without CSS — while letting you add style using CSS, and even change it (without editing the HTML file).

Ex:

Link: <https://example.com/styles.css>; rel=preload; as=style, <https://example.com/styles.css>; rel=stylesheet

#html #http #smallNet #smallWeb #smolNet #smolWeb

I've been a big fan of kean/Get and kean/Pulse by @a_grebenyuk.

I switched from Alamofire + file-based logging to Get + Pulse back in 2023, and since then I've used them in almost every app I build.

Over time I started wanting clearer separation between transport, request building, decoding and other things.

That led me to build RequestResponse.

https://avgx.github.io/blog/http-request-response-package/

https://github.com/avgx/RequestResponse

#swiftlang #iosdev #swift #networking #http

The 8-bit Web Server

https://fed.brid.gy/r/https://hackaday.com/2026/05/19/the-8-bit-web-server/

Авторизация в Go без боли: как Casbin заменяет километры if-проверок

Пока в приложении две роли и три проверки, авторизация умещается в if user.Role == "admin". Но стоит добавить пару ресурсов, ролей и исключений — и условные проверки начинают расползаться по хендлерам, дублироваться и жить своей жизнью. В этой статье разберём, как навести порядок с помощью Casbin: вынесем правила доступа из кода в конфиг, пройдём путь от простого ACL до RBAC с иерархией ролей, соберём HTTP-сервер на Go с авторизационной middleware и обсудим грабли, на которые легко наступить по дороге.

https://habr.com/ru/companies/first/articles/1036046/

#go #casbin #rbac #авторизация #middleware #http #acl #access_control