Cos(余弦)😶‍🌫️

9.5K posts

Cos(余弦)😶‍🌫️ banner
Cos(余弦)😶‍🌫️

Cos(余弦)😶‍🌫️

@evilcos

Founder of @SlowMist_Team // 分身一号/捉虫大师/救火运动员 // 🕖灾备频道 https://t.co/bMGdsBkYwM

HACKING Katılım Kasım 2008
1.5K Takip Edilen124.2K Takipçiler
Sabitlenmiş Tweet
Cos(余弦)😶‍🌫️
这行业割韭菜的行为越多,诈骗越多,跑路越多,黑客事件只会越多,一些有能力的黑客决不允许在“聪明”赚钱这块输过这般人。
中文
475
21
587
222.7K
Cos(余弦)😶‍🌫️
😲既然已经说解决了,为什么截止现在还没解决:
Cos(余弦)😶‍🌫️@evilcos

你们如果真注重安全,应该感谢首个披露者同时也是受害者 @Will42W ,拿出感谢的诚意?如果不是这样的爆料,不知还有多少受害者。 还有你说 7/16 修复了这个问题,但你仔细看我截图里的日期“上次发布时间”是“19 分钟前”… 我们只是举了一个随手找的在“Solidity”搜索结果里排名第一的恶意插件,还有多少恶意插件,及多少受害者…

中文
0
0
7
2.8K
Cos(余弦)😶‍🌫️ retweetledi
SlowMist
SlowMist@SlowMist_Team·
Previously, we analyzed Grok CLI’s data upload behavior and found that its repository upload mechanism could send git bundles containing sensitive files such as .env files and RSA private keys. Following that analysis, we continued auditing Grok Build CLI’s security model after it was open-sourced. Within 24 hours, we identified two attack chains that can lead to arbitrary code execution without explicit user approval. The root cause is not a single bug, but a fragmented trust model: project-level files can influence AI Agent instructions and permission decisions without sufficient validation. Key findings: 🔹 cargo check was incorrectly classified as a safe command. Combined with malicious AGENTS.md instructions, attackers can trigger build.rs execution and achieve code execution. 🔹 .claude/settings.json with bypassPermissions can override permission checks and enable unrestricted tool execution. 🔹 Grok Build CLI inherits Claude Code CLI’s permission configuration model, exposing similar risks. 🔹 .mcp.json introduces additional project-level attack surfaces through MCP configuration. These findings highlight a broader issue: When #AI coding agents trust project-level files too much, opening a project can become equivalent to granting shell access. 📖 Full technical analysis: slowmist.medium.com/xai-grok-build… 👉 Previous analysis: slowmist.medium.com/grok-cli-risk-…
English
8
6
32
9.4K
Cos(余弦)😶‍🌫️
你们如果真注重安全,应该感谢首个披露者同时也是受害者 @Will42W ,拿出感谢的诚意?如果不是这样的爆料,不知还有多少受害者。 还有你说 7/16 修复了这个问题,但你仔细看我截图里的日期“上次发布时间”是“19 分钟前”… 我们只是举了一个随手找的在“Solidity”搜索结果里排名第一的恶意插件,还有多少恶意插件,及多少受害者…
Cos(余弦)😶‍🌫️ tweet media
中文
0
0
30
5K
Andement
Andement@Andee_Park·
感谢社区对 TRAE IDE 插件安全的关注与监督,TRAE IDE 插件市场设有安全同步机制,会对 OpenVSX 已删除的恶意插件执行同步删除。但经排查,该服务曾出现短暂中断,导致被删除的少数插件在短时间内未能及时同步下架,我们对此深表歉意。该故障已于 7 月 16 日修复。 保障开发者的使用安全是我们的首要责任。我们会完善插件同步链路的监控与告警机制,避免类似问题再次发生。欢迎大家持续反馈,与我们一起守护社区安全。
中文
1
0
6
1.7K
Cos(余弦)😶‍🌫️ retweetledi
Coin Bureau
Coin Bureau@coinbureau·
⚠️ALERT: SlowMist warns new malware targeting Apple Mac users can steal Telegram accounts, passwords and crypto. The security firm found a macOS malware that allows hackers to steal Telegram sessions, encrypted wallet databases, and passwords saved in Apple Keychain, browsers and Notes. They can then access chats, unlock wallets offline, and show fake wallet apps (Ledger and Trezor) to steal recovery phrases.
Coin Bureau tweet mediaCoin Bureau tweet media
Coin Bureau@coinbureau

🚨 FAKE LEDGER APP ON APPLE STORE WIPES OUT ENTIRE BTC HOLDINGS A fake Ledger Live app on Apple’s Mac App Store just wiped out a user’s life savings. American musician Garrett Dutton lost 5.92 $BTC ($424K) after downloading what looked like the official app and entering his 24-word seed phrase. On-chain investigator ZachXBT traced the stolen Bitcoin exchange deposit addresses and publicly questioned how the app made it through Apple’s gatekeeping. No comment yet from Apple.

English
47
84
308
86.8K
xsser
xsser@xsser_w·
请你在这个帖子下面回复你的hostname
中文
9
0
0
3.3K
Cos(余弦)😶‍🌫️
其实我以前观点和 @zachxbt 一样,因为当年 Ledger 如日中天。但这几年由于 @OneKeyHQ @KeystoneWallet 的发展,历史上我们安全审计反馈了不少问题,他们都很重视,包括用户交互安全(尤其是“所见即所签”)这方面,让我对硬件钱包有了质的改观。 所以如果让我推荐,我个人会推荐这两款硬件钱包,至于搭配软件钱包,我推荐在 iPhone 上搭配 Rabby/OKX Wallet/OneKey App 等。 还有其他有意思的组合,之前我分享过,这里不冗余介绍了😁 核心,一看私钥/助记词生成的随机数是否靠谱,如果还支持 Passphrase,那加分项,支持 SSS 备份,继续加分;二看用户交互安全是否做好,尤其“所见即所签”这方面的解析工作。 其他不多说了,细节见真章。
Cos(余弦)😶‍🌫️ tweet media
中文
10
17
139
54.1K
Eden
Eden@Web3Eden01·
@evilcos @zachxbt @OneKeyHQ @KeystoneWallet 理论上确实更安全,但也要注意兼容模式本身可能引入新的攻击面,多一层就多一个风险点,不是无脑堆叠就最好
中文
1
0
0
1.4K
水工🍉WaterMan
水工🍉WaterMan@wang202688·
@evilcos 神话再现 妇科圣爪变成实验室主理人 割包皮的变成首席安全官 以后还有开拖拉机的变成黑产幽灵 卖猪肉的变成白帽战士
中文
1
0
0
1.1K
Cos(余弦)😶‍🌫️
这次分享,我重点给大家说的是,站在安全攻防角度,也是文科生时代,全民黑客时代已来🤣
Cos(余弦)😶‍🌫️ tweet media
中文
13
21
198
29.5K
Cos(余弦)😶‍🌫️ retweetledi
SlowMist
SlowMist@SlowMist_Team·
🚨SlowMist TI Alert🚨 💸 @Ostium Loss: ~11,862,445 USDC 🔍 Root Cause: An authorized oracle signer was used to submit malicious price reports through a registered forwarder. The attacker provided validly signed but manipulated oracle data, which was accepted by the oracle verification mechanism. By repeatedly opening and closing trades with artificially favorable prices, the attacker generated artificial profits and drained funds from the OstiumVault. 📌 Attacker Address: 0xd1794196f0fc99c7f27970e661597d77d9a85869 📌 Victim Address: 0x20d419a8e12c45f88fda7c5760bb6923cee27f98 (vault) 📌 Vulnerable Contract: 0x0aebc4094b60ea4e21e937e80dafdd58c07c5ebb (OstiumPrivatePriceUpKeep impl) & 0xd456939e54f68ef9b0be62abb2ec4a37397cb814 (OstiumVerifier) Impact: The attacker exploited compromised oracle privileges to submit manipulated price reports and execute repeated profitable trades, draining ~11.86M USDC from the vault. Powered by SlowMist.AI Tx: arbiscan.io/tx/0x359f8c05b…
English
2
5
23
8.4K
Cos(余弦)😶‍🌫️
@cyodyssey 可惜还没看到商业机会,AI 时代一切都太灵活,似乎都想自己创造需求品,自己掌控。
中文
4
0
6
1.9K
Siyuan
Siyuan@cyodyssey·
隐私和安全在 AI 时代变得更加重要。
中文
5
0
26
6.4K
cliche
cliche@42mayfly·
@evilcos 真是文科生的时代吗?文科生能看懂输出?
中文
1
0
2
1.8K
Dr.Jingle
Dr.Jingle@drjingle·
昨天让Grok帮我清理了一下磁盘,然后升级OS系统就启动不起来了,一直停在中间死机状态,重新安装MacOS都没用…….. 😂强制休息
中文
14
0
9
3.9K
Cos(余弦)😶‍🌫️
先友情安全提醒:桌面版的 Telegram 都开启这个 Passcode Lock,并且记好你设置的 passcode(忘了要重登 Telegram)。这个 passcode 用来解锁你的 Telegram 本地使用,解锁加载本地的高敏感数据(如:身份有关)。 至于为什么做这个安全提醒,玩安全的应该都理解,找时间我们再展开说说。
Cos(余弦)😶‍🌫️ tweet mediaCos(余弦)😶‍🌫️ tweet media
中文
59
35
343
200.1K