Cos(余弦)😶🌫️
9.5K posts

Cos(余弦)😶🌫️
@evilcos
Founder of @SlowMist_Team // 分身一号/捉虫大师/救火运动员 // 🕖灾备频道 https://t.co/bMGdsBkYwM
HACKING Katılım Kasım 2008
1.5K Takip Edilen124.2K Takipçiler
Sabitlenmiş Tweet
Cos(余弦)😶🌫️ retweetledi

Previously, we analyzed Grok CLI’s data upload behavior and found that its repository upload mechanism could send git bundles containing sensitive files such as .env files and RSA private keys.
Following that analysis, we continued auditing Grok Build CLI’s security model after it was open-sourced.
Within 24 hours, we identified two attack chains that can lead to arbitrary code execution without explicit user approval.
The root cause is not a single bug, but a fragmented trust model: project-level files can influence AI Agent instructions and permission decisions without sufficient validation.
Key findings:
🔹 cargo check was incorrectly classified as a safe command. Combined with malicious AGENTS.md instructions, attackers can trigger build.rs execution and achieve code execution.
🔹 .claude/settings.json with bypassPermissions can override permission checks and enable unrestricted tool execution.
🔹 Grok Build CLI inherits Claude Code CLI’s permission configuration model, exposing similar risks.
🔹 .mcp.json introduces additional project-level attack surfaces through MCP configuration.
These findings highlight a broader issue:
When #AI coding agents trust project-level files too much, opening a project can become equivalent to granting shell access.
📖 Full technical analysis:
slowmist.medium.com/xai-grok-build…
👉 Previous analysis:
slowmist.medium.com/grok-cli-risk-…
English

你们如果真注重安全,应该感谢首个披露者同时也是受害者 @Will42W ,拿出感谢的诚意?如果不是这样的爆料,不知还有多少受害者。
还有你说 7/16 修复了这个问题,但你仔细看我截图里的日期“上次发布时间”是“19 分钟前”…
我们只是举了一个随手找的在“Solidity”搜索结果里排名第一的恶意插件,还有多少恶意插件,及多少受害者…

中文

针对 Grok Build CLI 及 Claude Code CLI 投毒攻击细节分析:
mp.weixin.qq.com/s/_6Y0nHo21OxH…
中文

Cos(余弦)😶🌫️ retweetledi

⚠️ALERT: SlowMist warns new malware targeting Apple Mac users can steal Telegram accounts, passwords and crypto.
The security firm found a macOS malware that allows hackers to steal Telegram sessions, encrypted wallet databases, and passwords saved in Apple Keychain, browsers and Notes.
They can then access chats, unlock wallets offline, and show fake wallet apps (Ledger and Trezor) to steal recovery phrases.


Coin Bureau@coinbureau
🚨 FAKE LEDGER APP ON APPLE STORE WIPES OUT ENTIRE BTC HOLDINGS A fake Ledger Live app on Apple’s Mac App Store just wiped out a user’s life savings. American musician Garrett Dutton lost 5.92 $BTC ($424K) after downloading what looked like the official app and entering his 24-word seed phrase. On-chain investigator ZachXBT traced the stolen Bitcoin exchange deposit addresses and publicly questioned how the app made it through Apple’s gatekeeping. No comment yet from Apple.
English

其实我以前观点和 @zachxbt 一样,因为当年 Ledger 如日中天。但这几年由于 @OneKeyHQ @KeystoneWallet 的发展,历史上我们安全审计反馈了不少问题,他们都很重视,包括用户交互安全(尤其是“所见即所签”)这方面,让我对硬件钱包有了质的改观。
所以如果让我推荐,我个人会推荐这两款硬件钱包,至于搭配软件钱包,我推荐在 iPhone 上搭配 Rabby/OKX Wallet/OneKey App 等。
还有其他有意思的组合,之前我分享过,这里不冗余介绍了😁
核心,一看私钥/助记词生成的随机数是否靠谱,如果还支持 Passphrase,那加分项,支持 SSS 备份,继续加分;二看用户交互安全是否做好,尤其“所见即所签”这方面的解析工作。
其他不多说了,细节见真章。

中文
Cos(余弦)😶🌫️ retweetledi

🚨SlowMist TI Alert🚨
💸 @Ostium Loss: ~11,862,445 USDC
🔍 Root Cause: An authorized oracle signer was used to submit malicious price reports through a registered forwarder. The attacker provided validly signed but manipulated oracle data, which was accepted by the oracle verification mechanism. By repeatedly opening and closing trades with artificially favorable prices, the attacker generated artificial profits and drained funds from the OstiumVault.
📌 Attacker Address: 0xd1794196f0fc99c7f27970e661597d77d9a85869
📌 Victim Address: 0x20d419a8e12c45f88fda7c5760bb6923cee27f98 (vault)
📌 Vulnerable Contract: 0x0aebc4094b60ea4e21e937e80dafdd58c07c5ebb (OstiumPrivatePriceUpKeep impl) & 0xd456939e54f68ef9b0be62abb2ec4a37397cb814 (OstiumVerifier)
Impact: The attacker exploited compromised oracle privileges to submit manipulated price reports and execute repeated profitable trades, draining ~11.86M USDC from the vault.
Powered by SlowMist.AI
Tx: arbiscan.io/tx/0x359f8c05b…
English













