π Christmas Supply-Chain Nightmare Trust Wallet Extension Backdoored ππ
Version 2.68 of the Trust Wallet browser extension shipped with a silent backdoor that exfiltrated usersβ mnemonic phrases straight to attacker-controlled servers. No phishing. No fake sites. Just a poisoned update.
b/c the extension auto-updated, the blast radius was massive
On Dec 25, attackers flipped the switch and began draining wallets.
πΈ Tens of millions of dollars gone.
u better go and update the chrome extension π
@AfroSec
Version 2.68 of the Trust Wallet browser extension shipped with a silent backdoor that exfiltrated usersβ mnemonic phrases straight to attacker-controlled servers. No phishing. No fake sites. Just a poisoned update.
b/c the extension auto-updated, the blast radius was massive
On Dec 25, attackers flipped the switch and began draining wallets.
πΈ Tens of millions of dollars gone.
u better go and update the chrome extension π
@AfroSec
π€―4π¨2
Forwarded from xEureka (Eureka)
Lately i was exploring how the low level things work like the os works, low level languages like c and how the high level languages and runtimes like NodeJs,Bun work and the design decisions behind them and I really found this playlist very insight full [Playlist]
YouTube
How does an OS boot? //Source Dive// 001
In this installment of //Source Dive//, we're learning about the xv6 Operating System; Specifically the low-level boot code that gets the CPU in the correct state to run the OS!
=[ π Links π ]=
π RISC-V Docker Image: https://github.com/francisrstokes/rvβ¦
=[ π Links π ]=
π RISC-V Docker Image: https://github.com/francisrstokes/rvβ¦
β€2β‘1π₯1
Forwarded from Buna Byte Cybersecurity
bunabyte.com is liveβ€οΈ.
Weβre building this with the community.
Content, labs, and services are coming soonβstep by step, done right.
@bunabytecs bunabyte.com
Weβre building this with the community.
Content, labs, and services are coming soonβstep by step, done right.
@bunabytecs bunabyte.com
β€5π₯2β‘1
Forwarded from Tilet solution (Nebyat B Ξ)
stop trying to be cool. be nerdy and obsessive about the things you love. enthusiasm will get you farther than indifference
π―13
Forwarded from FloridaπΈ
Iβve been deep diving into n8n for the past 4 months, and honestly itβs become the glue for almost all my AI and data experiments.
For those who haven't come across it yet, n8n is basically a flexible automation tool. itβs a bridge that helps your data move and it lets you connect your favorite apps, AI models, and databases using a visual node based interface. I actually spent some time trying to make Google Cloud Workflows work for my setup too, but i eventually went all in on n8n.
The biggest reason why i chose n8n over Google Cloud Workflows is the pre-built nodes and speed. in n8n, if i want to connect a Telegram bot to OpenAI and then dump the data into a database, i just add the nodes and link them together visually. in Google Cloud Workflows, iβd be writing lines of text based configuration files and manually handling API authentications for every single service. n8n lets me spend more time building the actual "AI logic" and less time fighting with documentation. So use Google Cloud Workflows to coordinate and manage internal Google services (like Bigquery) with high-scale, enterprise-level reliability, and you're comfortable writing code to keep things lightweight.
Use n8n when you want to prototype fast, connect dozens of different SaaS tools, or build complex AI agents without getting stuck in a technical setup
For those who haven't come across it yet, n8n is basically a flexible automation tool. itβs a bridge that helps your data move and it lets you connect your favorite apps, AI models, and databases using a visual node based interface. I actually spent some time trying to make Google Cloud Workflows work for my setup too, but i eventually went all in on n8n.
The biggest reason why i chose n8n over Google Cloud Workflows is the pre-built nodes and speed. in n8n, if i want to connect a Telegram bot to OpenAI and then dump the data into a database, i just add the nodes and link them together visually. in Google Cloud Workflows, iβd be writing lines of text based configuration files and manually handling API authentications for every single service. n8n lets me spend more time building the actual "AI logic" and less time fighting with documentation. So use Google Cloud Workflows to coordinate and manage internal Google services (like Bigquery) with high-scale, enterprise-level reliability, and you're comfortable writing code to keep things lightweight.
Use n8n when you want to prototype fast, connect dozens of different SaaS tools, or build complex AI agents without getting stuck in a technical setup
n8n.io
Discover 8306 Automation Workflows from the n8n's Community
Explore 8306 automated workflow templates from n8n's global community. Simplify your automation tasks with ready-made solutions tailored to your needs.
β€5
YouTube
Live from Pwn2Own Ireland: Qrious Secure vs. Samsung Galaxy
#Pwn2Own
Join us for a live look-in from Pwn2Own Ireland 2025. In this highlight from Day Two, the team from Qrious Secure will be targeting the Samsung Galaxy S25 - Remote in the Mobile Phones category for $50,000 and 5 Master of Pwn Points.
Join us for a live look-in from Pwn2Own Ireland 2025. In this highlight from Day Two, the team from Qrious Secure will be targeting the Samsung Galaxy S25 - Remote in the Mobile Phones category for $50,000 and 5 Master of Pwn Points.
https://www.youtube.com/live/DYjWzgS2JXg?si=vnxW_dVMn90pgvvN
A while back I watched these guys trying to exploit the Samsung Galaxy S25
pretty wild stuff.
They even ended up with a zero-click vuln at the end π₯²
@AfroSec
A while back I watched these guys trying to exploit the Samsung Galaxy S25
pretty wild stuff.
They even ended up with a zero-click vuln at the end π₯²
@AfroSec
π€―2π₯1
π©Έ CRTOM β done.
Started my red team cert path with Red Team Operations Management.
Not about popping shells yet β this oneβs about how real ops are planned, scoped, and run.
Foundations first:
π§ attacker mindset
π engagement flow
π― operational thinking
@AfroSec
Started my red team cert path with Red Team Operations Management.
Not about popping shells yet β this oneβs about how real ops are planned, scoped, and run.
Foundations first:
π§ attacker mindset
π engagement flow
π― operational thinking
@AfroSec
β‘23β€2π2
This media is not supported in your browser
VIEW IN TELEGRAM
can we make it anonymous seriously like by changing the bios chip firmware and stuff like that ?
@AfroSec
@AfroSec
β2π€2
Some people think that when I quit uni I just went dumb, quit life, and rot in bed. Bruh can u relax ?π
every time I open my PC and connect to the internet, Iβm learning
letβs be honest ena malet in uni most of us only read modules for exams and forget them right after,π
In tech ? every hour, every minute, youβre googling, low-key abusing AI lol π
anyways if anyone who think like this please α¨α΅ααα³α½α α°αα α‘π
@AfroSec
every time I open my PC and connect to the internet, Iβm learning
letβs be honest ena malet in uni most of us only read modules for exams and forget them right after,π
In tech ? every hour, every minute, youβre googling, low-key abusing AI lol π
anyways if anyone who think like this please α¨α΅ααα³α½α α°αα α‘π
@AfroSec
π16π€£5π3
The Hacker News
β οΈ Astaroth banking malware is now using WhatsApp as its main delivery channel in Brazil. Researchers report a new Python-based module that steals a victimβs contact list and auto-sends malicious ZIP files, spreading the infection chat to chat. π How theβ¦
astaroth is back ylal
i wrote abt it a yr ago ig
is file less malware like it executes directly in memory
@AfroSec
i wrote abt it a yr ago ig
is file less malware like it executes directly in memory
@AfroSec
π3π₯1