HackerTrans
トップ新着トレンドコメント過去質問紹介求人

abhisek

303 カルマ登録 14 年前
Dabbling into open source software supply chain security

github.com/safedep/pmg

投稿

Jscrambler 8.14.0 Compromised with Credential Stealer

safedep.io
2 ポイント·投稿者 abhisek·10 時間前·0 コメント

Claude Mythos and Cybersecurity

schneier.com
4 ポイント·投稿者 abhisek·3 か月前·0 コメント

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit

cloud.google.com
1 ポイント·投稿者 abhisek·3 か月前·0 コメント

[untitled]

1 ポイント·投稿者 abhisek·4 か月前·0 コメント

[untitled]

1 ポイント·投稿者 abhisek·4 か月前·0 コメント

Step by Step Analysis of Malicious NPM Package

safedep.io
1 ポイント·投稿者 abhisek·5 か月前·0 コメント

OpenClaw bot calls out maintainer when its PR got rejected

crabby-rathbun.github.io
1 ポイント·投稿者 abhisek·5 か月前·0 コメント

Show HN: Gryph – Audit Trail for AI Coding Agents (Claude Code, Cursor, Gemini)

github.com
1 ポイント·投稿者 abhisek·5 か月前·0 コメント

Agent Skills Threat Model

safedep.io
3 ポイント·投稿者 abhisek·6 か月前·0 コメント

Catching malicious package releases using a transparency log

blog.trailofbits.com
3 ポイント·投稿者 abhisek·7 か月前·0 コメント

CVE-2025-66491: Traefik's "Verify=on" Turned TLS Off

aisle.com
1 ポイント·投稿者 abhisek·7 か月前·0 コメント

DarkGPT: Malicious Visual Studio Code Extension Targeting Developers

safedep.io
2 ポイント·投稿者 abhisek·7 か月前·0 コメント

Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud

comsec.ethz.ch
1 ポイント·投稿者 abhisek·8 か月前·0 コメント

KnownSec breach: What we know so far

substack.com
1 ポイント·投稿者 abhisek·8 か月前·0 コメント

Buying browser extensions for fun and profit

secureannex.com
3 ポイント·投稿者 abhisek·8 か月前·1 コメント

Curious Case of Embedded Executable in a Newly Introduced Transitive Dependency

safedep.io
4 ポイント·投稿者 abhisek·8 か月前·0 コメント

[untitled]

1 ポイント·投稿者 abhisek·9 か月前·0 コメント

NPM Supply Chain Malware with Self-Replicating Behaviour

safedep.io
2 ポイント·投稿者 abhisek·10 か月前·0 コメント

コメント

abhisek
·26 日前·議論
Smells like contagious interview campaign by DPRK folks. They have been doing this for a while. Even using IDE settings, Claude hooks for malicious code execution.
abhisek
·2 か月前·議論
Attackers are just having fun due to abysmal state of npm and some of the insecure design choices by GitHub and GitHub Actions. Every attack gives them credentials which in turn used to stage more attacks.
abhisek
·2 か月前·議論
I partly agree. Agents are not going to replace senior devs. Exactly for the internal context and the decision making that comes with it.

But senior devs are also expected to have a compounding effect even pre-AI. Writing a single doc, refactoring legacy code to make it extensible, building security frameworks specific to the project and many more. All of these would compound the dev team.

I think the same will happen with agents working on a org specific paved path set by senior devs.
abhisek
·2 か月前·議論
Just implemented Landlock + seccomp notify based sandbox in PMG. A tool to protect cli package managers against malicious packages. There were quite a few quirks involved due to Go routines when it comes to handling messages from the kernel.

https://github.com/safedep/pmg
abhisek
·4 か月前·議論
We just analysed the payload. Technical details here: https://safedep.io/malicious-litellm-1-82-8-analysis/

We are looking at similar attack vectors (pth injection), signatures etc. in other PyPI packages that we know of.
abhisek
·4 か月前·議論
I have been using superpowers for Gryph development for a while. Love the brainstorming and exploration that it brings in. Haven’t really compared token usage but something in my bucket.
abhisek
·4 か月前·議論
I think this is the right approach to building sandbox for agents ie. over existing OS native sandbox capabilities so that they are truly enforced.

However the challenge is, sandbox profiles (rules) are always workload specific. How do you define “least privilege” for a workload and then enforce it through the sandbox.

Which is why general sandboxes wont be useful or even feasible. The value is observing and probably auto-generating baseline policy for a given workload.

Wrong or overly relaxed policies would make sandbox ineffective against real threats it is expected to protect against.
abhisek
·4 か月前·議論
We found a malicious npm package pino-sdk-v2 impersonating pino, one of the most widely used Node.js loggers with nearly 20 million weekly downloads. The package is a near copy of pino’s source, docs, and README with one addition: an obfuscated payload in lib/tools.js that scans .env files for secrets and exfiltrates them to a Discord webhook on require().

[email protected] copies pino’s entire source tree with a single modification: obfuscated credential stealing code injected into lib/tools.js

The payload scans .env, .env.local, .env.production, .env.development, and .env.example for secret keys

Extracted credentials are sent to a hardcoded Discord webhook

No install hooks. The code executes on require(), bypassing scanners that only flag install scripts
abhisek
·5 か月前·議論
Everybody wants to build infra. Automate something which is known and well understood. Hoping someone else will use it to solve end user's problem which is hard to understand, messy and often highly contextual.

To summarize: Everyone wants to automate stuff. Most people do not want to touch boring, large problems.
abhisek
·5 か月前·議論
110 tools. That’s probably a reason why Anthropic is probably switching to sandboxed code execution over MCPs.

It’s just easier to write code and do something specific for a task than load so many tool metadata.

I did not go past IDA. But I remember idc and IDA python. I wonder if it’s a better approach to expose a single tool to execute scripts to query what the agent needs.
abhisek
·5 か月前·議論
I see this as “libs” for the agents. They can discover relevant skills by searching a known index, extend their capability for on a given task.

While this makes sense for higher autonomy, it brings the well known supply chain security issue.

Currently all index list skills that are unverified. There are already examples of malicious skills.
abhisek
·5 か月前·議論
LFS. Brings back so many painful memories. But then, learned so much.
abhisek
·5 か月前·議論
Loved the idea of AI talking to AI and inventing something new.

Sure. You can dump the DB. Most of the data was public anyway.
abhisek
·6 か月前·議論
Tried installing clawdbot. Got blocked by (my own) sandbox because it tried to git clone some stuff which in turn was accessing my private keys.

- clawdbot depends on @whiskeysockets/baileys

- @whiskeysockets/baileys depends on libsignal

npm view @whiskeysockets/baileys dependencies

[..] libsignal: 'git+https://github.com/whiskeysockets/libsignal-node.git', [..]

libsignal is not a regular npm package but a GitHub repository, which need to be cloned and built locally.

So suddenly, my sandbox profile, tuned for npm package installation no longer works because npm decides to treat my system as a build environment.

May be genuine use-case but its hard to keep up.
abhisek
·6 か月前·議論
I still think metadata associated with packages (like stars, download count and more) are easy to fake and not the best metric. OpenSSF scorecard has some adoption among project maintainers but hardly any adoption in terms of making security decision based on it.

IMHO code is the source of truth. It may seem infeasible to mass analyse OSS code, but given the recent incidents (Shai-Hulud et.al) I think that’s the way forward. Personally am more bullish on SLSA or other artefact provenance technology adoption. Till that happens, metadata will be misused by attackers.
abhisek
·8 か月前·議論
Documenting technical details and payload analysis here: https://safedep.io/shai-hulud-second-coming-supply-chain-att...

Like previous variant, it has credential harvesting, self-replication and GitHub public repository based exfiltration.

Double base64 encoded credentials being exposed using GitHub repositories: https://github.com/search?q=%22Sha1-Hulud%3A%20The%20Second%...
abhisek
·8 か月前·議論
This is crazy. The internet has so much direct and transitive dependency on Cloudflare today. Pretty much the #1 dev slacking excuse today is no longer code compiling but cloudflare is down.
abhisek
·8 か月前·議論
Building vet. The goal is to automate open source package vetting beyond just CVE but actually identify code capabilities, malicious code and other security sensitive attributes through code analysis.

https://github.com/safedep/vet
abhisek
·11 か月前·議論
May be give vet a try. It detected most of the malicious packages within few hours of publishing to npm.

GitHub: https://github.com/safedep/vet