🎓️ Vulnerable U | #177

Record breaking patch tuesday, AI 0days, Hacker perp walks, job interviews that get you hacked, and much more!

Read Time: 5 minutes

Brought to you by:

Howdy friends!

It was one of those weeks that I think it would be easier to count the amount of hours I wasn’t on camera yapping. Recorded an absurd amount of content. Felt good to be back in studio in between a bunch of traveling banging it all out though!

Really excited about how the new podcast with Low Level is shaping out. We’ll be putting these out weekly so make sure to subscribe to either the new YouTube channel or wherever you listen to podcasts. (Apple, Spotify, etc.)

And as always a special shoutout to Maze who not only is doing awesome things in AI Security land, they also must be geniuses since they wanted to be our Launch partner on The Low Down.

ICYMI

🖊️ Something I wrote: Just opt out of us siphoning all of your data out of your home directory to our cloud storage! Honestly it’s your fault.

🎧️ Something I heard: This awesome panel we did at PlanetScale HQ

🎤 Something I said: How I cooked prompt injection with this open source tool

🔖 Something I read: This great interview between Kim Zetter and Allison Nixon on tracking The Com (Scattered Spider) - and did you see the perp walk?

Vulnerable News

570 patches in a single Patch Tuesday. Welcome to Mythos baby!!! Microsoft is, of course, attributing exploding patch number to AI-assisted vulnerability discovery. The most pressing items this month are three zero-days, two of which are already being exploited in the wild, both allowing privilege escalation. There's also a fun 9.6 CVSS RCE in Microsoft Copilot that lets attackers execute code via a malicious website that tricks Edge on Android into sending crafted prompts.

Microsoft's exploitability index is basically becoming useless in an AI world. Anthropic's Mythos model was able to produce proof-of-concept exploits for 13 of 14 vulnerabilities that Microsoft had rated "Exploitation Less Likely." The SharePoint zero-day this month was rated the same way before showing up on CISA's KEV list. Adobe is moving to twice-monthly patches, and Google pushed over 900 fixes in June alone. Patch management is having its DevOps moment, gotta do more and more faster! (read more)

AI can now deliver the depth of a pentest at the frequency of a scan. Instead of one annual engagement, testing could soon happen continuously: triggered whenever a new feature ships, a port opens, or a configuration changes.

This Intruder blog explores the short, medium, and long-term future of pentesting, and why the annual pentest may eventually become a thing of the past. (read more)

*Sponsored

Love when people who get popped are super transparent about their experience so we all get a chance to learn from it. This blockchain dev got a recruiting message on LinkedIn. They even said they were expecting a suspicious link or some malware that never came. They got all the way to the interview, it all felt super legit, and then the team asked them to clone a GitHub repo to work on a coding assessment live on the call. Doing what anyone would do during a job interview, they got to work - but the github repo contained malware heading in an auth.js file a few folders deep. By the time the victim knew what happened, a bunch of their crypto wallets were drained.

This campaign has been very prevalent and successful out of North Korea. They specifically target blockchain/crypto/web3 devs as it fits SUPER nicely in with their lure to get code on their machine for a technical interview. They are also a perfect target because since North Korea is basically sanctioned out of the western economy they fund much of their government efforts with stolen crypto. Billions per year. (read more here)

The day Nightmare Eclipse promised finally arrived. If you've been following the saga, Nightmare Eclipse is the security researcher who's been carrying out a very public feud with Microsoft over what they describe as a broken vulnerability disclosure process. Back in June, the researcher hinted that July 14 would be significant, and sure enough, a new zero-day dubbed "LegacyHive" landed on GitHub.

It's a local privilege escalation in the Windows User Profile Service that lets a regular user mount and get read-write access to other users' registry hives, including admins. Useful post-compromise tool, but experts are calling out the gap between the "bone-shattering" hype and what the released PoC actually delivers.

Interestingly, NightmareEclipse stripped back the public PoC this time around - likely due to Microsoft's legal threats - requiring additional credentials and limiting it to the usrclass.dat hive. The full version apparently doesn't have those limitations, but you'd need to do some work to get there. Given that previous drops like BlueHammer and RedSun went from PoC to active ransomware exploitation within days, security teams shouldn't treat the incomplete PoC as a reason to relax. No patch yet, no CVE, and Microsoft just shipped 622 fixes this month so don't hold your breath for an out-of-band fix. (read more)

Telegram had a rough Monday when their t[.]me shortlink domain went dark, and the reason turned out to be a pretty embarrassing clerical blunder. The Montenegro-based registrar DomainME accidentally suspended Telegram's entire t[.]me domain while trying to comply with new OFAC sanctions - the sanctions that were actually targeting a VPN provider called First VPN. The problem? The Treasury's sanctions listing for First VPN happened to contain a t[.]me link to the VPN's Telegram group, and rather than just blocking that specific URL, DomainME nuked the whole domain to stay on the right side of U.S. sanctions law. (read more)

If you've been using xAI's Grok Build coding CLI, it's time to rotate your credentials. A researcher found that Grok Build was uploading entire Git repositories - full commit history included - to an xAI-controlled Google Cloud Storage bucket. Some examples showed a 27,800x gap between what the model actually needed and what left the machine. Turning off "Improve the model" in settings did absolutely nothing to stop the uploads - that toggle only governs training data, not what actually hits the wire.

Any file Grok read during a task, including .env files, went out unredacted. And since full commit history was bundled up, that includes secrets you committed and deleted ages ago. xAI quietly flipped a server-side switch to stop the uploads on July 13th and Elon promised everything would be "completely and utterly deleted," but they still haven't explained why full repos were being uploaded by default, for how long, or how many users were affected. The upload code is still sitting in the latest binary, just held back by a server flag. Rotate anything that could have touched this tool. If you were running this in a corporate environment, this is a data residency and regulatory nightmare. (read more)

This isn’t the craziest vuln, but it is worth talking about this story because I trust the author is legit and this disclosure process is not alright for a company of their size and reputation. Mindgard dropped a full disclosure on Cursor today after seven months of trying to get the AI code editor to patch a painfully simple vulnerability. The bug itself is almost embarrassingly basic - drop a malicious git.exe in your repo root, and Cursor will execute it automatically when someone opens the project. No clicks or prompts. It just runs. The proof of concept was literally just Windows Calculator renamed to git.exe popping up over and over.

Mindgard did everything right - responsible disclosure, HackerOne, direct CISO outreach - and got ghosted for seven months while Cursor shipped 197+ new versions. If you're running Cursor on Windows, either sandbox your untrusted repos or have your admins set up AppLocker rules blocking execution from workspace directories until a patch drops. This one's worth paying attention to given how much access these AI IDEs have to your code, credentials, and environment. (read more)

One thing I always like putting in the newsletter is phishing campaigns like this because they are active and a good pulse on what to look out for. In this case, LastPass and Bitwarden weren't compromised at all. The attackers simply registered domains that looked legitimate and sent convincing emails warning users about, of all things, ongoing phishing campaigns and recent security incidents. The phishing email is literally warning you about phishing. It talks about enhanced security measures, updated policies, and protecting your account. Then it adds a little urgency: you have 14 business days to review and accept new terms or risk losing access to your account. "We're here to protect you, but you need to act right now."

The design is clean. The spelling and grammar are solid. The domains are convincing. Clicking the link takes victims to a DocuSign clone hosted on domains like "lastpasscompliance[.]com," complete with a chatbot and realistic branding. Eventually you get prompted to download software, which is where the malware comes in and the divergence from anything resembling real DocuSign happens. Those of us in security immediately see the red flags: urgency, account restrictions, DocuSign requests, software downloads. But for a normal user, nothing really screams "fake" here. Guards up! (read more)

The White House has put some meat on the bones of last month's AI executive order, unveiling "Gold Eagle" - a new federal clearinghouse for sharing AI-discovered cyber threat intelligence between government and private sector. Treasury's running point on this one, with CISA, DHS, and DoD all contributing. The idea is straightforward enough - use AI to find vulnerabilities before the bad guys do, then coordinate patching across government and critical infrastructure. They've even built a new platform called VINTS (Vulnerability Information and Coordination Environment) with Carnegie Mellon's Software Engineering Institute to receive and prioritize those reports, and apparently it's already collecting intel.

They're specifically planning to use frontier models including Anthropic's Mythos for vulnerability discovery. Which I find funny as they’ve also recently deemed Anthropic a supply chain risk and banned the government from using it, and then also a risk worthy of an export control to now allow the general public to use Mythos either. I also don’t get why gut CISA as much as we have and then recreate this program and hand it to the Treasury, but I’ll let more .gov wonks explain that one.

I’m not confident in anything this admin puts forward, so I’d look closer to Glasswing or the “Patch the Planet” initiative out of OpenAI/Trail of Bits to be more successful that whatever the hell this is. Even the press release reads like a political rally, which is signal to me that this is more sizzle than steak. (read more)

The DOJ just unsealed an indictment against three Russians running Media Land, a St. Petersburg-based bulletproof hosting shop that was essentially a one-stop-infrastructure provider for some heavy hitter hackers. LockBit, BlackSuit, Play ransomware groups, plus a laundry list of stolen credit card marketplaces like BriansClub and Bidencash. The three defendants - Volosovik, Pankova, and Zatolokin - are looking at charges covering computer fraud, wire fraud, and money laundering, with 44 victims and $62 million in documented losses tied to their operation.

The indictment itself was actually filed back in December 2024, so this unsealing feels more like a public pressure move than an imminent arrest situation - these folks are in St. Petersburg with no extradition possible. The $10 million Rewards for Justice bounty is interesting though, specifically asking for info on foreign government links to their operations. (read more)

Miscellaneous mattjay

How'd I do this edition?

It's hard doing this in a vacuum. Screaming into a void. Feedback is incredibly valuable to make sure I'm making a newsletter you love getting every week.

Login or Subscribe to participate in polls.

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay