heige

Anthropic Cowork looks great, but it’s Claude Max + macOS only for now. AiPy has been doing "AI works on your computer" ("Vibe Working") for ~1 year — free + Windows/macOS/Linux. EN: aipy.app | ZH: aipyaipy.com | CLI: github.com/knownsec/aipya… @AiPyapp

分享个来自 @80vul 做的图，方便大体了解昨天这起经典的 AI Agent 被提示词注入导致被被盗币事件。 不过几个细节这里补充优化下： 1. 所谓 Grok 钱包（被盗钱包），其实和 Grok 官方无关，可以认为本质属于 @bankrbot 为 X 号 @grok 生成的钱包，私钥权限在 Bankr 依赖的三方钱包服务那。BaseScan 也纠正了标记（Grok -> Bankr 1）basescan.org/address/0xb105… 2. 被盗钱包的 Bankr Club 会员确实被开通了，但不是直接给个 NFT 就开通，应该是中心化机制，所以这部分链上没证据，但是有来自 Bankr 的开通确认：x.com/bankrbot/statu… 3. 提示词注入最点睛之笔是借 @grok 之力来打了 @bankrbot ，被盗 tx basescan.org/tx/0x6fc7eb7da… 案例很经典，所以细节更需严谨对待。至于是不是剧本，没法完全说不是。Grok 确实被借力且被太多人乱扣了被盗大帽子，但事件主角并不是 Grok…

This is a very detailed analysis. My previous analysis approached the issue from the vulnerability itself, rather than patch diffing. In my view, “prototype pollution” was only an exploitation Tips the real root cause still lies inside ANFancyAlertImpl. x.com/80vul/status/2…

Our talk at #BHASIA @BlackHatEvents 2026 has successfully concluded. It's been a great pleasure to explore Ghost Bits together with my co-author @1ue1166323 and present this research on stage. Also, thanks to all the friends who provided help for our briefing: @chun_springX

Cast Attack: A New Threat Posed by Ghost Bits in Java i.blackhat.com/Asia-26/Presen… very interesting research

ChatGPT prompt：“根据你对我的认知 给我生成一个“你认识的我”的 图片 ” 看起来是gpt-image-2？

估计是说的：global.reindeer() 里的 Object.prototype.__defineGetter__("swConn", () => { return ob; }); 这个点吧，这个点确实也算是官方说的原型链污染，只是在漏洞角度 这个算是利用的一个tips了 人口还是在ANFancyAlertImpl

@willJ_LSG 我这个点是肯定存在的 至于官方说的原型链的问题 我没有看到 ，不过RCE的链是缺失的 final_js 没找到

@80vul 应该不在这里吧，在一处原型链污染。

CVE-2026-34621 Root cause: ANFancyAlertImpl() buttons parameter injection for(var i in buttons) { ... desc[bid] = eval("(function(dialog) { dialog.end('" + bid + "'); })");} ... app.beginPriv(); var result = app.execDialog(desc); app.endPriv(); return result;

codecolor.ist/grapefruit/ Friday night product launch is not a good idea, but here is v1.0.0 release npm i -g igf Prebuilt single execuatbles are also available on GitHub release page. Please give a 🌟 if you like this tool, maybe I can beg for some free coding tokens with it

u need aipy 😚 EN: aipy.app | ZH: aipyaipy.com | CLI: github.com/knownsec/aipya…

Capture Coruna samples using Zoomeye and AiPy mp.weixin.qq.com/s/mKcJJIKRpZX1… （Chinese） AiPy + Gemini 3, It directly restored the obfuscated JavaScript in one go and identified all dynamically loaded JavaScript modules.

Using Windows Paint to draw a small car is a classic test in the AiPy benchmark suite. It is a very interesting test case: OpenClaw + Gemini failed the test completely (neither managed to draw it), while AiPy + Gemini performed very well. aipy.app

Unmasking SilverFox’s New Trends: Decoding Evasion Tactics, Domain Impersonation, and Mass-Generated Fake Software paper.seebug.org/3472/ by Knownsec 404 Advanced Threat Intelligence Team

🚨 Don't let AI Skills become your "Insider Threat"! Recent monitoring by Knownsec has identified 1,200+ active malicious Skills, fueling 63% of data-layer attacks and 31% of execution-layer threats. As traditional defenses fail in the AI era, we are proud to launch TrustTools—the secure, trusted distribution platform for AI Skills. We’re here to guard your AI Agent supply chain with rigorous admission standards! 🔗Link: trusttools.seebug.ai 📖 Deep Dive: Read our full analysis on the AI Agent supply chain security: x.com/zoomeye_team/s… #Openclaw #Skills #CyberSecurity #TrustTools

And there is a "traditional" sequel to this AI-native smartphone research: we just achieved a full Android kernel exploit, gaining root on the Doubao Phone with CVE-2026-21385 😎⚡️

"If you use Windows, I assume you must be working with the NSA." - The first joke of 2026

🚨 ZoomEye Alert: Iran’s Cyberspace enters "Wartime Mode" Following military actions on Feb 28, ZoomEye monitored a catastrophic, nationwide collapse in Iran’s public IP presence. 📊 The Data Snapshot: 🔹 Pre-strike: ~348k active IPs 🔹 Post-strike: ~14.5k active IPs 📉 Survival Rate: ~4.16% 🌐 Verdict: This is a synchronized, state-level contraction. From Tehran to Isfahan, the network has shifted into a highly restricted Wartime Operating Mode. 🔍 Investigate Further: Combine filters (e.g., country="IR", app, service) for your own personalized impact assessments. 🔗 zoomeye.ai #Iran #Cybersecurity #ZoomEye #OSINT #OperationRoaringLion

[455899538][reward: $1000] Bypass #443948855 - Allows Arbitrary Code Execution via "Copy as cURL (cmd)" in DevTools crbug.com/455899538