With AI Nothing Is Safe – PSW #905

Paul Asadoorian

1. Linux Process Injection via Seccomp Notify

   Awesome technique: "The technique exploits seccomp user notifications (Linux 5.0+) to perform parent-to-child process injection, similar in effect to LD_PRELOAD but without setting environment variables. The injector (parent) uses seccomp to intercept system calls (e.g., openat) made by the child and can redirect them to load a malicious shared library instead of the intended one." - There are so many places to hide in Linux, in addition to so many ways to get around security controls. There is a real need for great EDR in Linux, but I feel as though we don't have it yet, instead we get a wide variety of security and monitoring tools that don't work with every Linux kernel version and distrobution.

2. The Handheld Linux Platform Kit Is “Capable of Practically Anything,” Its Creators Promise

   Really cool device, and a great story of engineers that just wanted to do something cool and practical like take Linux with them in a small form factor: "That something is the Linux Platform Kit, a device that its creators say is "capable of practically anything." The heart of the build is STMicro's STM32MP157, a system-on-chip combining two Arm Cortex-A7 application-class cores running at up to 800MHz with a Cortex-M4 microcontroller core running at up to 209MHz, plus a 3D-capable graphics processor."

3. Salt Typhoon pair attended Cisco cyber school, expert claims

   When threat actors take training from Cisco and apply that to campaigns like Salt Typhoon. I'm not certain we could build early warnings based on this, but it is interesting.

4. Breach of 120 000 IP cameras in South Korea: security tips

   Larger IoT companies, such as Ring and a few others, either really push hard for MFA or make it a requirement. I believe to really address this issue we need MFA on all of these devices.

   • Core technical weaknesses - Common weaknesses include unchanged default credentials and unpatched, outdated firmware, often because updates must be installed manually and vendors may abandon security support quickly
   • Details of the South Korea breach - Investigators linked four suspects to the compromise of roughly 120,000 cameras installed in private homes and commercial venues such as karaoke rooms, pilates studios, and a gynecology clinic. One suspect hacked about 63,000 cameras and sold 545 explicit videos, while another compromised around 70,000 cameras and sold 648 videos, together earning the equivalent of tens of thousands of US dollars.
5. A modern tale of blinkenlights – Quarkslab’s blog

   Cheap devices usually mean they skimp on security and features: "Researchers extracted the firmware from a €12 JieLi-based smartwatch without the official programmer, using a clever out-of-bounds read on the display pipeline and very cheap hardware. The authors bought several ultra-cheap smartwatches whose “health” features turned out to be fake, then identified a JieLi SoC with DP/DM test pads hinting at USB-based flashing. They explored the official Android app, discovered BLE connectivity, and confirmed that normal OTA firmware updates were not exposed through that app."

6. Operation PCPcat: Hunting a Next.js Credential Stealer That’s Already Compromised 59K Servers

   React2Shell is crazy: "A threat campaign called 'PCPcat' is silently harvesting credentials from Next.js deployments at scale. Through active honeypot reconnaissance, I breached their C2 API and exposed their operational metrics: 59,128 confirmed server compromises, a 64.6% success rate, and a blueprint for exploiting the entire global infrastructure. This is what industrial-scale credential theft looks like, and how to detect it." Looks like the C2 was put together fast: "The primary C2 server at 67.217.57.240 exposes multiple unauthenticated HTTP endpoints: /domains for distributing batches of 2,000 IPs, /result for credential exfiltration, /stats for real-time campaign metrics, and /health for liveness checks. The /stats endpoint currently leaks detailed operational data (scanned_count, results_collected, batch_size, mode), giving defenders visibility into campaign scale and trajectory but also confirming the industrial-level volume of stolen credentials per day."

7. Building an Open-Source AI-Powered Auto-Exploiter with a 1.7B Parameter Model: No Paid APIs Required

   Cool idea, need to get some local models going and test this and create some of my own: "The author chains a small open-source LLM with tools like nmap, searchsploit, netcat, and Python exploit runners to autonomously scan a target, discover services, match exploits, and (optionally) execute them, all without paid APIs or cloud usage. Everything runs locally via Ollama and LangChain/LangGraph, keeping cost at zero and data on‑prem."

8. The Hitch-hacker’s Guide to the Galaxy’s Edge: 2025 in Cyber Stats

   This is a really neat way to present some data we've collected, especially for fans of Hitchhiker's guide to the galaxy, we even have our own towels that say "Don't Panic!". One chilling stat: firmware is getting larger and incorporating more software and libaries, expanding the attack surface.

9. hackerschoice/thc-tips-tricks-hacks-cheat-sheet: Smallest SSH Backdoor

   Love this technique! Rather than adding entries to the authorized_key file, it creates a configuration that also creates an authorized key, but hides it in the SSH config. Its more difficult to find and blends in, also survives reboots.

10. The danger of internet exposed RDP – PwnDefend

    This reminds me it would be awesome to scan the Internet and tell people when they are doing stupid things, like exposing RDP to the Internet. There are probably people doing this, and I would love to support their efforts. I've seen this so many times, especially with network edge devices and BMCs.

11. mediatek? more like media-REKT, amirite.

    These are not the high severity bugs you were looking for: "And then they hit me with an absolute banger: they claimed that, actually, their “default design” doesn’t consider the existence of unprivileged users, and all users are considered to be privileged, therefore privileges are always required and the CVSS is reduced to medium." - Vendors can really twist the concept of privelege to their advantage if we are not persistent.

12. Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure

    Attackers will go after the low hanging fruit: "Primary targets include enterprise routers, VPN concentrators, remote access gateways, network management appliances, collaboration platforms, and cloud-hosted project management systems. The campaign often goes after cloud-hosted network appliances (for example on AWS EC2) where misconfiguration exposes management interfaces, enabling persistent interactive access and data collection." - Question is, what will we do about it?

13. Texas sues TV makers for taking screenshots of what people watch

    "Texas is suing five major smart TV makers for allegedly spying on users’ viewing habits and selling the data without proper consent. The suits focus on TVs’ Automated Content Recognition (ACR) features that capture on-screen content and link it to user profiles. Texas Attorney General Ken Paxton filed lawsuits against Sony, Samsung, LG, Hisense, and TCL, claiming their smart TVs secretly capture screenshots of what people watch using ACR technology. The complaints say these TVs can take images of the display every 500 milliseconds, log viewing behavior in real time, and transmit this data back to company servers without clear user knowledge or consent." - The current state of smart TVs is awful.

Jeff Man

1. Cyberattack disrupts Venezuelan oil giant PDVSA’s operations

   This cyberattack comes amid escalating tensions between Venezuela and the United States. Last week, U.S. authorities seized a sanctioned oil tanker with Venezuelan crude, the first such seizure since the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned PDVSA in January 2019.

2. National Security Strategy of the United States of America

   My money is on that this piece of crap was written by ChatGPT.

3. Switching to Offense: US Makes Cyber Strategy Changes

   I believe there is no such thing as "offensive security". Shifting defense/national security strategies to include such activities might be warranted in this day and age, but these actions used to be called acts of war. Whatever the terminology, these are turbulent times.

4. Senior official at Indo-Pacific Command is set to be Trump’s pick to lead Cyber Command, NSA

   I know people that know the LTG and they are excited at his being nominated. He's former SOF so he's okay in my book on that account alone. This article begs the question of whether the person that will assume leadership of NSA and the US Cyber Command should have deep experience in cybersecurity/cyber operations or not. My first thought is that I can't imagine that all the past DIRNSA's had the requisite knowledge of signals intelligence et. al. and nobody questioned their appointments.

5. SoundCloud Confirms Data Breach After Hackers Exfiltrate User Account Data

   SoundCloud has disclosed a significant security incident involving unauthorized access to user account data, confirming that threat actors successfully exfiltrated email addresses and profile information from approximately 20% of its user base. Question: do your listening habits constitute PPI or PII?

6. Auto Parts Giant Confirms Data Breach Expoising Thousands of Users

   The company, LKQ Corporation, confirmed that an external system breach exposed customer personal information, including names and other identifiable data.

7. Car Dashboards at Risk as Hackers Remotely Seize Control Through Built-In Modems

   Vulnerable Modems...LOL.

Sam Bowne

1. A Developer Accidentally Found CSAM in AI Data. Google Banned Him For It

   He was training an AI to detect nudity, using a popular dataset called Nudenet, which was cited or used by more than 250 academic works and distributed via an academic file sharing site. He found CSAM in it, and reported it, but the result was that Google cancelled his account. Google refused to reinstate it until the press became involved. One lesson is to use a throwaway account for dangerous activities.

2. It’s 2 AM. Do You Know Which AIs Your MCP Server Is Talking To?

   Model Context Protocol (MCP) allows LLMs to talk to data sources, APIs, and pretty much anything else you can think of. But it doesn't implement any authorization by default. They found roughly 1000 exposed MCP servers without any authorization, allowing anyone to use them. Their functions included managing Kubernetes clusters, sending WhatsApp messages, and good old RCE.

3. Social Media Is Absolutely Nuking Children’s Brains, New Research Finds

   The researchers followed 8,324 children aged nine to ten years old in the US for four years. The children self-reported how much time they spent on social media, watching TV, or playing video games. Their parents also assessed their ability to pay attention and any signs of hyperactivity. There was a clear link between social media use and an attention deficit, raising the possibility that the constant sensory assault by online services like TikTok and Snapchat could be robbing kids of the ability to focus. That’s in contrast to TV or video game use, which showed no clear association with symptoms of ADHD.

4. Tourists to US would have to reveal five years of social media activity under new Trump plan

   The mandatory new disclosures would apply to the 42 countries whose nationals are currently permitted to enter the US without a visa, including longtime US allies Britain, France, Australia, Germany and Japan. it would also require any telephone numbers used by visitors over the same period, and any email addresses used in the last decade, as well as face, fingerprint, DNA and iris biometrics. It would also ask for the names, addresses, birthdates and birthplaces of family members, including children. The notice gives members of the public two months to comment.

5. Anthropic Exec Forces AI Chatbot on Gay Discord Community, Members Flee

   Users voted to restrict Anthropic's Claude to its own channel, but Jason Clinton, Anthropic’s Deputy Chief Information Security Officer (CISO) and a moderator in the Discord, overrode them. The Discord that was once vibrant is now a ghost town. “We’re bringing a new kind of sentience into existence,” Anthropic's Jason Clinton said after launching the bot. “We have published research showing that the models have started growing neuron clusters that are highly similar to humans and that they experience something like anxiety and fear. The moral status might be something like the moral status of, say, a goldfish, but they do indeed have latent wants and desires,” Clinton said.

6. Texas sues 5 smart TV manufacturers over data collection practices

   Texas is suing five major television manufacturers for using automated content recognition (ACR) technology that records what consumers watch and for allegedly deceiving customers about the practice.

7. Browser extensions with 8 million users collect extended AI conversations

   The eight extensions remained available in both Google’s and Microsoft’s extension stores as of late Tuesday night. Seven of them carry “Featured” badges, which are endorsements meant to signal that the companies have determined the extensions meet their quality standards. But they all inject code into popular AI chat webpages, including ChatGPT, Claude, and Gemini, which capture all data sent to the AI and send it to the extension maker--Urban VPN. The terms of service say this is intentional, to provide protection.

8. Hack Reveals the a16z-Backed Phone Farm Flooding TikTok With AI Influencers

   A hacker gained control of a 1,100 mobile phone farm powering covert, AI-generated ads on TikTok. The farm uses 200 TikTok accounts to advertise supplements and other products. The company, Doublespeed, plans to launch its advertising services on Instagram, Reddit, and X.