This is some really smart digging: realizing that Claude Code does not require user interaction for certain bash commands, they discovered that DNS lookups were specifically allowlisted, clearing a trivial path for well-known DNS exfiltration methods.

So when I say “all these implementations are ignoring years and decades of lessons learned the hard way” it’s not hyperbole. Anthropic 100% cleared the path for DNS exfil here.

h/t to @cR0w - thank you!

#infosec #genai

https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/

Trump quietly shutters the only federal agency that investigates industrial chemical explosions.

Hazardous chemical accidents happen in the U.S. about every other day. Who will investigate them now? #ClimateChange #ClimateCrisis #GlobalWarming

https://grist.org/energy/trump-quietly-shutters-the-only-federal-agency-that-investigates-industrial-chemical-explosions/

In May, I published a deep dive on a Pakistani firm that had just been charged w/ shipping fentanyl analogs to the US and was behind a sprawling empire of scam ghostwriting, app and logo design companies that were spending millions on Google ads to promote their scam businesses.

https://krebsonsecurity.com/2025/05/pakistani-firm-shipped-fentanyl-analogs-scams-to-us/

The story received a decent amount of attention, but it almost immediately dropped off Google search entirely. Searching for the headline brought only links to other sites covering my report. This persisted for almost two weeks and I never got a satisfactory answer from Google about why the story dropped from search.

Just read a story at Ars Technica about how a tech CEO who was trying to quash reporting about his alleged misdeeds used a feature in Google known as Refresh Outdated Content to trick Google into deindexing the unflattering stories about him. The method he reportedly used was working until last month. Makes me wonder how widely known this bug was.

https://arstechnica.com/gadgets/2025/07/google-tool-misused-to-scrub-tech-ceos-shady-past-from-search

https://infosec.exchange/@briankrebs/114512527951494345

For those who haven't seen it yet. The line of reasoning for the conclusion is similar to the argument that there is no safe way to code in C—an argument I've made.

But I will say that the prevalence of proxies like Cloudflare are part of why this flaw is so impactful.

https://portswigger.net/research/http1-must-die

Who wants Malicord/NovaStealer source?

Have at it, chooms: https://github.com/MYnva/sub

#ThreatIntel #ThreatIntelligence

Regarding that Bitwarden MCP server. It's supposed to be local-only, but it still would require direct access to the vault. I can't imagine a scenario in which I'd trust a model to have that kind of access to my secrets.

Also, y'know, normal build-it-fast, secure-it-later nonsense. Enjoy this command injection sink: https://github.com/bitwarden/mcp-server/blob/fbe1bee13b9e4c5a27932f99f12db0c5b77f7ee1/src/index.ts#L785