Security Boulevard

Invisible Threats: Source Code Exfiltration in Google Antigravity

Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source codeBy hiding malicious instructions ...

New finding: ChatGPT sources 83% of its carousel products from Google Shopping via shopping query fan-outs

A new study reveals what data sources ChatGPTs product carousels prefer to use. Here’s how we analyzed shopping query fan-outs and what we found.
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
GitHub

Non-blocking chunked Base64 encoding

Base64 in Node.js is already crazy fast. Breaking the work up into chunks and adding async logic adds overhead. If you aren't dealing with large files it will probably be more efficient to just block ...
GitHub

python-lz4

This package provides python bindings for the LZ4 compression library. The production ready bindings provided in this package cover the frame format, and the block format specifications. The frame ...