Interesting Git repos of the week:

Detection:

* https://github.com/EvilBytecode/NoMoreStealers - blocks information stealing malware
* https://github.com/FoxIO-LLC/ja4 - fingerprint the TLS
* https://github.com/facebookexperimental/reverie - intercept all the syscalls from userland
* https://github.com/cilium/tetragon - Tetragon uses eBPF so you don't have to

Bugs:

* https://github.com/xairy/kernel-exploits - bunch of Linux kernel PoCs

Exploitation:

* https://github.com/magisterquis/srsocwamof - cloak of invisibility for .so files
* https://github.com/braindead-sec/ssh-grabber - steal creds, move laterally
* https://github.com/bohops/COM-to-the-Darkside - attacking COM
* https://github.com/magisterquis/wtrtdtmlb - Linux CTF
* https://github.com/mempodippy/vlany - mmm, root kit
* https://github.com/invariantlabs-ai/mcp-injection-experiments - experiments in making non-deterministic models behave

Data:

* https://github.com/sarwarbeing-ai/Agentic_Design_Patterns - design patterns for agentic systems

Nerd:

* https://github.com/LaurieWired/Quine - how about a nice quine?

#secuity, #code, #research

Und mal wieder ein Patchday außer der Reihe, da Radis mit dem CVE-2025-49844 den Highscore 10 von 10 geknackt hat.

https://redis.io/blog/security-advisory-cve-2025-49844/

#redis #cve #patchday #secuity #updates #cve202549844

Amazon Warns 220 Million Customers Of Prime Account Attacks

Scammers are sending fake emails claiming your Amazon Prime subscription will automatically renew at an unexpected price.

#amazon #amazonprime #scam #sammers #secuity #cybersecurity #infosec #hackers #hacking

https://www.forbes.com/sites/daveywinder/2025/07/17/amazon-warns-220-million-customers-of-prime-account-attacks/

While I dont like the Idea of big corporate social media and tech. If you have it make it as secure as you can.

An easy but often overlooked privacy check: review the third-party apps connected to your accounts.

Old or unused apps can still access your data. It's a good habit to audit and remove anything you no longer use or trust.

Start here:

Google: https://myaccount.google.com/permissions
Facebook: https://www.facebook.com/settings?tab=applications
Microsoft: https://account.live.com/consent/Manage
Apple: https://appleid.apple.com/

Stay sharp. Small steps make a big difference.

#Privacy #secuity

Lazy saturday means: more responsible disclosures. The process is now streamlined on my side: a table with bucketnames, status (usually open...), date of first report, date fixed, content and examples is emailed to #aws #secuity

Status at the moment: 26 Buckets reported, out of them are 25 are open. Those buckets contain jucy data as names, birthdays, passports, passwords, resumes, medical data, github token.

It will be very interesting to see the average time to close a bucket for #aws. With n=1 it is 893 days. I hope the n will increase and the number will decrease.

Syft v1.13.0 released 🎉

Some "enriching" features and fixes in this one! 🥳

https://github.com/anchore/syft/releases/tag/v1.13.0
#sbom #secuity

https://ipes-food.org/report/food-from-somewhere/

#resilence #food #secuity

@_L1vY_ @falcennial Thanks for the #secuity heads-up about AI becoming turned on by default in #Zoom.

There’s a lot of switches to turn Off to disable AI Companion. If Zoom keeps reminding me that it thinks it’s more than a video-calling tool I’ll not renew my subscription and use something free instead.

I'm #switching to #gnu to get away from all the #corporate #spyware on my #ibm #compatible

Fuck #microsoft and #msdos

#floss #foss #secuity #protectedmode #hurd #gnu