Bill
@sempf.infosec.exchange.ap.brid.gy
📤 101
📥 6
📝 3774
I break software. 🌉 bridged from ⁂
https://infosec.exchange/@Sempf
, follow
@ap.brid.gy
to interact
As it turns out, that Cursor git.exe bug is not in Cursor. It's in VSCode.
https://discourse.ifin.network/t/remember-that-cursor-git-exe-bug-its-in-vscode-too/665
loading . . .
Remember that Cursor git.exe bug? It's in VSCode too
CVSSv3: 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE: None The Cursor Bug is in VSCode Earlier this week, a potential vulnerability was disclosed in Cursor, the AI-enabled development platform that is a fork of VSCode. This vulnerability is a file called git.exe in the root of a repo or any project folder will be automatically executed without user interaction. That was viewed as a potential flaw in the software, but apparently Cursor was told about it in December and has really had no respons...
https://discourse.ifin.network/t/remember-that-cursor-git-exe-bug-its-in-vscode-too/665
about 3 hours ago
0
0
1
Seriously, fuck this week with a honey locust branch.
about 6 hours ago
0
0
0
loading . . .
about 10 hours ago
0
0
0
The wrong people are getting rich.
about 13 hours ago
0
0
0
There is a squirrel up there somewhere that is eating something and dropping the pieces it doesn't like on me.
about 13 hours ago
0
0
0
Oh, I like this one a lot. This has little to do with ML, it's just a stupid bug in the program. https://www.darkreading.com/application-security/cursor-ide-malicious-code-poisoned-repos
#cursor
#poisoning
about 22 hours ago
0
0
0
Hell, I need to dig this up just for testing. I mean, the attackers use our defense tools, amirite? https://securityaffairs.com/195321/hacking/attacker-used-ai-to-build-custom-powershell-recon-malware.html
#powershell
#ad
loading . . .
Attacker Used AI to Build Custom PowerShell Recon Malware
Huntress found an AI-generated PowerShell script used for AD reconnaissance, showing attackers are using AI to create custom, evasive tools.
https://securityaffairs.com/195321/hacking/attacker-used-ai-to-build-custom-powershell-recon-malware.html
about 22 hours ago
1
0
0
Today? Today is a cigar at 9:30am day.
1 day ago
0
0
0
If buying isn't owning then pirating isn't stealing. https://www.eff.org/deeplinks/2026/07/sony-nerfs-videogame-ownership
#sony
#license
loading . . .
Sony Nerfs Videogame Ownership
Playstation’s decision to kill physical game discs is the latest attack on our diminishing rights to access and engage with culture digitally. Rent-seeking corporations and negligent lawmakers share the blame–and they can do better. Gamers are right to sound the alarm, and we must take this moment to fight for digital ownership before it’s too late.
https://www.eff.org/deeplinks/2026/07/sony-nerfs-videogame-ownership
2 days ago
0
1
0
Someone needs to tell the bad guys that A02:2025 applies to them too. They shoulda had a pen test hmmmm? https://thehackernews.com/2026/07/misconfigured-server-reveals-three.html
#cybercrime
#owasp
loading . . .
Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365
An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history. From that one lapse, French security firm Lexfo lifted the operator's entire toolkit and pivoted through it to two more
https://thehackernews.com/2026/07/misconfigured-server-reveals-three.html
2 days ago
0
0
0
Well, shit.
2 days ago
1
0
0
Our own
@sternecker
is gonna show off his agentic management tools he built (I've seen a preview!) at the Cleveland ISC2 this month. Be there. I MIGHT be there, if I am lucky. Dead GOD that is the longest URL evar. What's the limit now? I think it is more than 1024 but still sheesh […]
loading . . .
Original post on infosec.exchange
https://infosec.exchange/@Sempf/116913124975244526
2 days ago
0
0
0
"Lovecraftian" was just added to the OED last month. While I'm honestly shocked it wasn't already there, a large part of me is all "Yeah that tracks."
3 days ago
0
0
0
Bluejays are assholes. I thought starlings were bad, but sheesh. Way to lower the bar guys.
4 days ago
0
0
0
Oh, ima gonna barf. https://www.schneier.com/blog/archives/2026/07/ai-surveillance-and-social-progress.html
#surveillance
#ai
#🤮
loading . . .
https://www.schneier.com/blog/archives/2026/07/ai-surveillance-and-social-progress.html
5 days ago
1
1
1
It's utterly mind blowing how folks are coming up with new ways to exploit the code sharing community. This is why we can't have nice things. https://www.securityweek.com/network-of-200-github-repositories-used-for-malware-infection/
#foss
#malware
loading . . .
Network of 200 GitHub Repositories Used for Malware Infection
https://event.on24.com/wcc/r/5388881/B7E0CF554D97F3EFC49BC41DC217FA39?partnerref=awidget
5 days ago
0
0
2
Alrite people. How the hell is everyone? Back to work for me tomorrow.
7 days ago
0
0
0
This is strange. Out of the blue. Never used Chat GPT but do have an account with Open ai, so that makes sense sorta. But this is like ... apropos of nothing? Very weird.
7 days ago
1
0
0
France is taking over the world with robots.
https://youtu.be/7dpLB9NoY1A
7 days ago
0
0
0
This is what I was wondering about with all of there kernel flaws - when would someone jump the hypervisor. I'm guessing "now."
https://www.securityweek.com/linux-kernel-vulnerability-allows-vm-escape-on-intel-and-amd-systems/
loading . . .
Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems
https://event.on24.com/wcc/r/5388881/B7E0CF554D97F3EFC49BC41DC217FA39?partnerref=awidget
8 days ago
0
0
0
I need a right click menu item that has a "tell me what this tiny emoji thing is" in my browser. Think AI can do that for me? /s Well, /s for the AI part. I really do need that menu item.
9 days ago
0
1
0
That's an odd way to make word choice decisions, Guardian.
10 days ago
0
0
0
That was a hell of a game and I know nothing about soccer.
#worldcup
10 days ago
0
0
0
Over under on how long it will take King Charles to call FIFA?
10 days ago
0
0
0
So, football fans, what do you think of Trump stepping in to get that red card reversed?
10 days ago
1
0
0
Hey,
@zackwhittaker
saw the video from
@alice_watson
in the newsletter and had a similar experience with a firearm lock (!!).
https://youtu.be/FsO1IliIf00?si=WJZTx12upbf2A-Zc
10 days ago
1
0
0
Happy 250th everyone. Let's eat.
11 days ago
0
0
1
Hey, lookie here! Only 71F this morning at 0630! Dew point of 69F too, that's pretty good right? 😬
12 days ago
0
0
0
Hey-o, Northern Buckeyes. Hang on from that weather. Man, I just looked at the radar, and you're getting slammed.
12 days ago
0
0
0
Fun nature moment at the Sempf Compound. Me: "Oh wow, that pretty butterfly just landed on our umbrella." Sparrow. "Yup."
12 days ago
0
0
0
TIL AOL News still exists.
12 days ago
0
0
0
I am on a website that unironically recreated the `marquee` tag in CSS, except it runs backwards. You have to remember the end of the sentence by the time it gets to the beginning of the sentence, which is very funny. I am not certain what their goal was there.
12 days ago
0
0
0
Today's harvest.
#gardening
12 days ago
1
0
0
Hey looky, the orb weavers are out! Who's ready for Halloween?
13 days ago
0
1
0
Yeah, this is pretty much my experience. Even with a jailbroken (or abliteratuonated or whatever the kids call it) model I just use it to see if I miss anything. Now code review? Different story. Super good at code review […]
loading . . .
Original post on infosec.exchange
https://infosec.exchange/@Sempf/116848268591194190
14 days ago
0
0
1
At least El Reg uses true words in a line with a dot. Prompt injection cannot totally be remediated. https://www.theregister.com/ai-and-ml/2026/06/30/security-researchers-tricked-llms-into-giving-them-cocaine-recipes-by-abusing-role-models-for-prompt-injection/5264115
#llm
#promptinjection
14 days ago
0
0
0
Ok, this is a really slick attack. A lot can go wrong with machine learning code, but this is a known problem. This is why we don't call command line executables in web apps. https://securityaffairs.com/194546/ai/guardfall-flaw-hits-10-of-11-popular-open-source-ai-agents.html
#bash
#shellinjection
loading . . .
GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents
GuardFall affects 10 of 11 open-source AI agents, letting attackers bypass command filters through a shell injection weakness.
https://securityaffairs.com/194546/ai/guardfall-flaw-hits-10-of-11-popular-open-source-ai-agents.html
14 days ago
1
1
1
Well, at least they can't blame the refs.
14 days ago
0
0
0
Soccer people:was that really a red card penalty? And power play for THE REST OF THE GAME? That's unreasonable. I know it's the rule but sheesh.
14 days ago
2
0
0
Well, at least he got the president right.
14 days ago
0
1
0
Okay, people, I like temperature. I like cold temperatures sometimes. I like hot temperatures sometimes. I like middle temperatures sometimes. I'm a big believer in living someplace with four seasons. That said, it is *hot* outside, like way too hot! It's okay on the deck in the shade with the […]
loading . . .
Original post on infosec.exchange
https://infosec.exchange/@Sempf/116846362582612642
14 days ago
2
0
0
I see the EU has ended their version of de minimis, which is designed to prevent the purchase of cheap goods tariff-free in small batches from China. I understand the perspective. China is an economic force. There is no question, but I fail to understand the benefit of taxing the daylights out […]
loading . . .
Original post on infosec.exchange
https://infosec.exchange/@Sempf/116844833994203590
15 days ago
1
0
0
I see the feds realized that we were gonna print t-shirts. Good news.
https://www.linkedin.com/posts/kmoussouris_anthropic-fable5-ai-share-7477877859441647617-HEv8/?rcm=ACoAAAAwoYsBluV471sHfpI8eAP-IPq24Tg3n0k
loading . . .
#anthropic #fable5 #ai | Katie Moussouris
Good news. The export controls are lifted. Defenders will regain access to #Anthropic #Fable5 & we can resume our work with the latest #AI models available
https://www.linkedin.com/posts/kmoussouris_anthropic-fable5-ai-share-7477877859441647617-HEv8/?rcm=ACoAAAAwoYsBluV471sHfpI8eAP-IPq24Tg3n0k
15 days ago
0
0
0
I love the whole "America's Workforce Academy powered by Meta", basically saying, "Hey, if you're a knowledge worker, you're screwed, so you better go learn how to fit pipes."
15 days ago
0
0
0
RE:
https://infosec.exchange/@josephcox/116839241594162107
404 is doing God's own work here. I need to send this to EVERYONE I know under 30 and over 70.
loading . . .
https://infosec.exchange/users/josephcox/statuses/116839241594162107
16 days ago
0
0
1
If buying isn't owning, then pirating isn't stealing.
https://arstechnica.com/gadgets/2026/06/sony-erases-digital-content-from-libraries-were-reminded-we-dont-own-what-we-buy/
loading . . .
https://arstechnica.com/gadgets/2026/06/sony-erases-digital-content-from-libraries-were-reminded-we-dont-own-what-we-buy/
16 days ago
0
1
2
Am I becoming Canadian?
https://youtu.be/ZU0_az0oxC4?si=bhx_0RQpL4mZ-l2u
16 days ago
0
0
0
It is so humid in the 614 that it smells like a swimming pool in my front yard. We don't have a swimming pool. Nobody around here has a swimming pool.
16 days ago
1
1
0
OK, Mistral, that's about enough of THAT.
16 days ago
0
0
0
Anyone played with GLM-5.2 yet?
17 days ago
0
0
1
Load more
feeds!
log in