Telnyx SDK Hacked: 790K Downloads Affected

Attackers are increasingly targeting developer tooling rather than traditional endpoints. In the Contagious Interview campaign, malicious repositories abuse VS Code tasks to deliver the WeaselStore infostealer/RAT across both Windows and macOS environments. Our latest research breaks down: • The PylangGhost (Python) and GolangGhost (Go) malware chains • How attackers stage payloads using GitHub repositories and Gists • Persistence techniques across scheduled tasks, registry keys, and macOS LaunchAgents • The recent VS Code mitigations designed to reduce automatic task abuse • Detection opportunities defenders can monitor today Developer environments increasingly sit outside traditional security visibility. That makes detection of behaviors like runtime compilation, portable runtimes in temp directories, and suspicious task execution especially important. Full breakdown and mitigation guidance in the blog --> https://lnkd.in/g_SQzB-f

Last Saturday, the Linux kernel visualisation at https://explorar.dev made the rounds here. The point was simple, what containers call "minimal" isn't the kernel. The kernel is everything. Here's the security consequence of that. When you run multiple containers on a host, every one of them makes system calls into the same kernel. The kernel is not partitioned. There is no Container A kernel and Container B kernel. There is one kernel, and everyone is sharing it. What that means in practice: If a kernel vulnerability is exploitable from inside a container, an attacker who compromises that container can use it to compromise every other container on the host. The workloads you thought were isolated (different services, different teams, different customers), are separated by software-level controls that a kernel exploit can walk straight through. This isn't a historical concern. CVE-2019-5736 let a compromised container overwrite the host runc binary. CVE-2022-0847 (Dirty Pipe) gave unprivileged users root on the host, no special capabilities required. CVE-2024-1086, a use-after-free in netfilter that sat in the kernel for over a decade, required nothing beyond the unprivileged user namespaces that container runtimes enable by default. CISA confirmed in 2025 it was being actively used in ransomware campaigns. And if your containers run with CAP_NET_RAW — Docker's default — add CVE-2025-38617 to the list: a race condition in the packet socket subsystem that had been in the kernel since 2005, only patched in kernel 6.16. Eight to nine new kernel CVEs are disclosed every day. You cannot patch fast enough to change the underlying model. The model is the problem. All containers share one kernel. When that kernel has a vulnerability (and it will!) the container boundary provides no protection. In multi-tenant environments, where containers from different organisations, teams, or trust levels share a host, this is a structural problem, not an operational one. The structural answer is to stop sharing the kernel. That's what Edera does. #ContainerSecurity #Linux #Kubernetes #Edera

ClickFix: The New Threat to macOS Security A sophisticated info-stealing malware known as Infinity Stealer is now targeting macOS operating systems, utilizing a Python payload that is disguised as an executable file through the Nuitka compiler, an open-source tool. This malicious attack employs the ClickFix method, where a deceptive fake CAPTCHA resembling Cloudflare's human verification process is presented to deceive unsuspecting users into executing harmful code. According to researchers at Malwarebytes, this marks the first reported macOS campaign that combines ClickFix delivery with a Python-infostealer compiled using Nuitka....

🚀 Looking under the hood of malware: I built a custom Static Malware Analyzer! To turn theory into practice, I developed a Python-based tool designed to perform initial static triage on both Windows (PE) and Linux (ELF) binaries. Here is what it does at a glance: 🔍 Magic Byte Validation: Automatically identifies the file architecture (PE vs. ELF) at the byte level before routing the analysis. 📊 Shannon Entropy Calculation: Measures data randomness globally and per-section to spot packed, compressed, or encrypted payloads. 🚩 Suspicious API Mapping: Parses the Import Address Table (IAT) and .dynsym to flag dangerous functions used for code injection, evasion, or persistence. 🛠️ Tech Stack: Python, pefile, pyelftools. Building this helped me deeply understand how attackers hide their code and how structural metadata analysis can expose them before execution. 📁 Check out the source code on my GitHub here: https://lnkd.in/dcaF9V34 I'd love to hear your thoughts and feedback! 👇 #CyberSecurity #MalwareAnalysis #Python #InfoSec #SOC #ReverseEngineering

Stop fighting the terminal. 🛑 Managing a Linux firewall with SSH and complex commands is slow and risky. We are revolutionizing server security. 🚀 We built #salesforceKlever: A Remote Control (API) for your Linux Firewall. In this tutorial, learn how we used a Python #DevOps architecture to turn a rugged #Cybersecurity task into a simple, automated service. Now, your team can block IPs from a dashboard or automatically trigger defense rules with one click. No root terminal required. 🧑💻 Want to make your infrastructure smarter? Read how we did it. ⬇️ #Python #SoftwareDevelopment #CloudComputing #UFW

 LOL-Exfiltrator--->A Living-Off-the-Land Command Generator Tired of manually looking up LOLBAS and GTFOBins techniques during engagements? I built LOL-Exfiltrator a Python CLI tool that instantly generates both clear and obfuscated LOL commands for Windows and Linux targets. ⚙️ What's inside: → 34 techniques total (15 LOLBAS + 19 GTFOBins) → File download, data exfiltration & persistence → 11 obfuscation methods--> Base64, hex IP, caret insertion, env-var path substitution and more → Simulates AV/EDR evasion in authorized red team engagements 💡 The idea is simple: Blue teams train on noisy attacks. Real adversaries don't make noise they use what's already on the machine. This tool helps you practice exactly that. 🔗 https://lnkd.in/dptPH2FK #RedTeam #OffensiveSecurity #LOLBAS #GTFOBins #PenetrationTesting #EthicalHacking #CyberSecurity #Python

Is your Mac spying on you? Not trying to be dramatic — but most engineers I know have never actually checked. I wrote a Python script that audits your macOS system for common security vulnerabilities and spyware indicators in under a minute. No third-party dependencies, no install required. What it scans: 🔒 SIP, Gatekeeper, FileVault, Firewall status 🎙️ TCC privacy permissions — camera, mic, screen recording, input monitoring (keylogger check) 📡 Active network connections and listening ports 🕵️ Suspicious processes by keyword (spy, keylog, vnc, anydesk…) 📂 LaunchAgents & LaunchDaemons — flags non-Apple persistence entries 🔑 SSH, authorized_keys, Apple Remote Desktop 🌐 DNS hijacking indicators 🧩 Browser extensions inventory 📋 MDM profiles and DEP enrollment Run it as a regular user for a quick scan, or with sudo for full TCC, firewall, and sudoers depth. python3 mac_security_audit.py Full script on GitHub Gist 👇 https://lnkd.in/gDU7eBEV Feel free to fork, extend, or use it on your team's machines. PRs welcome. #macOS #Security #Python #DevTools #CyberSecurity #Engineering

🔒 Project Spotlight: MetaWipe — Complete Privacy & Metadata Removal Tool Privacy matters. Every file we share can contain hidden metadata that reveals more than we intend. To address this, I built MetaWipe, a professional-grade tool designed to remove all digital metadata footprints from files. MetaWipe helps ensure that when files are shared, only the content remains — not the hidden data behind it. 🛡️ What MetaWipe Does Removes embedded metadata from files to protect privacy Helps prevent accidental exposure of device, location, or author information Designed for privacy-conscious users, journalists, researchers, and anyone who values digital anonymity ⚙️ Key Highlights Works across Windows, Linux, and macOS Built primarily with Python (72.2%) Includes Shell and Batch scripts for cross-platform usability Clean and efficient command-line workflow MIT Licensed and fully open source Building this project was a great exploration into digital privacy, file metadata structures, and cross-platform tooling. 💻 GitHub Repository: https://lnkd.in/g2etcFZv Contributions, feedback, and ideas are always welcome! #Python #CyberSecurity #Privacy #OpenSource #SecurityTools #DigitalPrivacy #GitHub

🚀 Excited to share my latest project — Ultimate WiFi Pentesting Tool v6.0! 📡 I built this open-source network security auditing tool from scratch using Python — no external libraries, just pure built-ins. ✅ What it can do: 🔍 Scan all 65,535 ports on your network 🛡️ Detect ARP spoofing & MITM attacks 🤖 AI-powered threat analysis with a security score 📡 Scan nearby WiFi networks & identify open/vulnerable ones ⚡ Real-time internet speed test & packet loss tester 💻 MAC address vendor lookup & device fingerprinting ���� Live network dashboard with upload/download stats 🔑 WiFi password recovery (your saved passwords only) 🦷 Bluetooth device scanner 📄 Full report export to file 🆕 New in v6.0: → Internet Speed Test → Nearby WiFi Network Scanner → Packet Loss Tester → Animated UI with live progress bars → Full Windows, Linux & macOS support ⚠️ Built strictly for ETHICAL use — only test networks you own or have permission to test. This project helped me level up my skills in: → Network programming with Python sockets → Multithreading & concurrent port scanning → ARP protocol & MITM detection → Cross-platform CLI tool development 🔗 Check it out on GitHub 👇 https://lnkd.in/gRyBRrzd If you found this useful, a ⭐ on GitHub means a lot! #CyberSecurity #EthicalHacking #Python #NetworkSecurity #OpenSource #PenTesting #InfoSec #Networking #Programming #GitHub #CyberSec #BlueTeam #RedTeam #StudentDeveloper #100DaysOfCode

🚀 Project Launch: Shaheer-Eye v1.0.0 | HTTP Stress Testing Tool I am excited to share my latest cybersecurity project: Shaheer-Eye, a high-concurrency Layer 7 stress-testing tool developed for security researchers and web developers. As the member of Cypher Core, I designed this tool to help analysts evaluate server resilience and test the effectiveness of Web Application Firewalls (WAF) against high-volume request patterns. Key Technical Features: ⚡ Multi-Threaded Engine: Simulated high-speed concurrent traffic. 🔗 Socket Exhaustion: Implemented Keep-Alive persistence to test server connection limits. 🧩 Cache Bypassing: Dynamic query randomization to force real-time server processing. 🐧 Cross-Platform: Fully optimized for Kali Linux and Windows environments. This project was a great way to dive deeper into Python socket programming and network protocols. You can check out the full source code and documentation on my GitHub below! 📂 GitHub Repository: https://lnkd.in/dhi_uBHa Disclaimer: This tool is intended for educational and authorized testing purposes only. Unauthorized use is strictly prohibited. #CyberSecurity #EthicalHacking #Python #CypherCore #PenetrationTesting #InfoSec #KaliLinux #SecurityAnalyst #HyderabadTech