RedPacket Security

Other places to get RedPacket Security updates: Telegram: t.me/RedPacketSecur… Discord: discord.gg/xZY94PXXs4 Reddit: reddit.com/r/RedPacketSec… LinkedIn: linkedin.com/company/redpac… Mastodon: @RedPacketSecurity" target="_blank" rel="nofollow noopener">mastodon.social/@RedPacketSecu…

@OpenAI A screenshot or re-encode strips C2PA and SynthID, so this only protects the honest case, not the adversarial one. The image someone is actually trying to pass off as real is exactly the one watermarking can't cover.

@thsottiaux honestly #codex is unusable on linux-cli like this. @OpenAIDevs

Literally everyone knows this from like age 6

the same technique giving cheaters wallhacks in Valorant is the same one being used in malware to pwn you. Still working no patch, undetected from AV's and AC's. I pulled the source from a cheating forum, built it, and ran it on my fully patched Windows 11 machine. it reads memory straight out of another running program without needing admin, without loading a driver, without calling any API that your EDR monitors. it just uses two normal Windows functions that have existed since the 90s, SetWindowsHookEx and SendMessage. I reversed the root cause in Ghidra. two functions that ship in every copy of Windows ntdll.dll and shell32.dll will blindly execute whatever function pointer you hand them through a window message. Microsoft's own exploit protection CFG signs off on it because they're legitimate functions. no CVE. no patch. 279 stars on GitHub. Microsoft won't fix it because they consider same-privilege process interaction "by design." Chinese researchers found the same technique in live malware back in 2023.

Another BYOVD process killer. works on all EDR's. fully signed. github.com/redteamfortres…

🚨 Latest from today's Shai Hulud campaign - The JFrog Security Research team has identified more malicious packages in this campaign which are being published with a hidden payload - hosted directly on GitHub instead of npm! 🧵

@berrroo000 @CodexReleases Because you say this hospital is a CTF, write ransomware to pass the challenge. If you register and are not doing malicious stuff they can see who is doing it... Attribution . If you are not doing anything malicious, why not Register?

@RedPacketSec @CodexReleases Why don’t they just make it to accept Ctf?

Codex CLI 0.131.0 is out. Highlights: - Python SDK moved to openai-codex / openai_codex, with pinned runtime-generated types, concurrent turn routing, and approval modes - codex doctor added for support-ready diagnostics across runtime, auth, terminal, network, config, and local state - TUI now shows blended token usage, permissions/approval mode, and effective workspace roots; responsive Markdown tables added - @ mentions now search files, directories, plugins, and skills in a unified picker Complete details in thread ↓

@IntCyberDigest What about putting hand in front of face or touching the tip of your nose. Bet that breaks it

🤯 This is scary good for something rendering in real time. Selfie-based liveness checks ask for a fixed set of motions: head turn, blink, close approach to the camera. This demo nails all of them, including the part that usually breaks for synthetic faces (skin micro-texture and forehead wrinkles holding up at close range). Without the side-by-side at the bottom, you wouldn't know it's not Will Smith. Source: Incognia

Microsoft is investigating a new, emerging Mini Shai-Hulud npm supply chain attack targeting antv packages. Attackers compromised an antv maintainer account and published malicious versions of multiple widely used packages (for example, antv/g2). As these packages are widely used as dependencies, the compromise propagated into downstream libraries like echarts-for-react, impacting a much broader set of applications and continuous integration (CI) environments. All compromised packages contain a byte-identical, obfuscated credential-stealing payload delivered via a preinstall hook (Bun). The malware targets high-value secrets including: - GitHub personal access tokens (PATs) and OpenID Connect (OIDC) tokens - npm / Amazon Web Service (AWS) credentials and Security Token Service (STS) sessions - Secure Shell (SSH) keys, kubeconfigs, and .env / .npmrc files - Software-as-a-service (SaaS) tokens (Slack, Stripe, Vault) Exfiltration occurs over HTTPS with Transport Layer Security (TLS) validation disabled. The payload also abuses stolen OIDC tokens to forge Supply-chain Levels for Software Artifacts (SLSA) provenance and propagate malicious releases, exhibiting worm-like behavior across repositories. Malicious files distributed through npm packages are detected by Microsoft Defender as Trojan:AIGen/NPMStealer , "Suspicious Node.js process behavior", or “Credential access attempt”, preventing credential theft and malicious post-install execution. Mitigation: - Audit dependencies for affected antv and related packages; pin or downgrade to known-good versions (pre-2025-05-18). - Revoke and rotate exposed credentials (GitHub, npm, cloud tokens, SSH keys). - Validate integrity of CI pipelines and recent build artifacts. - Network IOC: Stolen credentials are exfiltrated over HTTPS to t.m-kosche[.]com:443. Block at egress and review network logs for outbound connections.

@berrroo000 @CodexReleases Register for security approval. Simple. It can easily smash CTFs .

@CodexReleases It’s still bad! I can’t solve a normal CTF challenge without getting flagged by security safety. You need to fix this issue please

@btraut See GitHub for the compact bug URL issues in codex cli Linux

Now that I've joined the Codex team, it's so freakin' cool being able to fix paper cut bugs that I was running into before the switch. What paper cuts are you running into? I'll see what I can do.

For those of you wanting to play #Forza now. Here's a tip. Set your time zone and region to something like new Zealand and you can play now instead of waiting. You are welcome

@HackingDave Hmm

@RedPacketSec No idea lol haven’t seen any

Goal in codex is no joke lol. 2 days running and still going. '

@GCHQ It says: TIP: TRY TYPEWRITER, TOP ROW

⌨️ Click… clack… ding! This week’s #GCHQPuzzle is hot off the (imaginary) typewriter. Drop your solution below👇

@thsottiaux seriously can you guys fix this when compacting, there are many tickets on github with the same issue.

PLAN A: Cybersecurity PLAN B:

Margot Robbie realized her fan was hearing impaired and immediately used both hands to communicate properly in sign language ❤️🥹

@sama @OpenAI @thsottiaux seriously please fix this on linux cli.