Sam Stepanyan
@securestep9.bsky.social
OWASP London Chapter Leader. #OWASP Global Board Member. OWASP #Nettacker Project Leader. #AppSec Consultant, #CISSP. Follow me on Twitter/X and Mastodon https://twitter.com/securestep9 https://infosec.exchange/@securestep9
#Swiss government urges citizens to ditch #Microsoft365 and other #Cloud providers due to lack of proper E2E encryption citing US Cloud Act requirement to hand over data to US authorities, even if it’s stored in Switzerland:
#DataSecurity
👇
www.techradar.com/pro/security...
#DataSecurity
👇
www.techradar.com/pro/security...
Swiss government urges people to ditch Microsoft 365 and others due to lack of proper encryption
Switzerland is worried about data privacy
www.techradar.com
December 3, 2025 at 8:36 AM
#Swiss government urges citizens to ditch #Microsoft365 and other #Cloud providers due to lack of proper E2E encryption citing US Cloud Act requirement to hand over data to US authorities, even if it’s stored in Switzerland:
#DataSecurity
👇
www.techradar.com/pro/security...
#DataSecurity
👇
www.techradar.com/pro/security...
#Wordpress: 100,000+ WordPress Websites Affected by Remote Code Execution (#RCE) #vulnerability in Advanced Custom Fields Plugin:
👇
www.wordfence.com/blog/2025/12...
👇
www.wordfence.com/blog/2025/12...
December 2, 2025 at 10:40 PM
#Wordpress: 100,000+ WordPress Websites Affected by Remote Code Execution (#RCE) #vulnerability in Advanced Custom Fields Plugin:
👇
www.wordfence.com/blog/2025/12...
👇
www.wordfence.com/blog/2025/12...
#VSCode: 24 malicious VS Code and #OpenVSX extensions are stealing developer credentials - spreading through popular names like Flutter, React, and Tailwind.
Full list of malicious VSCode extensions in the article below:
#SoftwareSupplyChainSecurity
👇
Full list of malicious VSCode extensions in the article below:
#SoftwareSupplyChainSecurity
👇
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
GlassWorm spreads again using 24 fake extensions across Visual Studio Marketplace and Open VSX, hiding Rust implants & Solana-based C2 to target devs.
thehackernews.com
December 2, 2025 at 3:17 PM
#VSCode: 24 malicious VS Code and #OpenVSX extensions are stealing developer credentials - spreading through popular names like Flutter, React, and Tailwind.
Full list of malicious VSCode extensions in the article below:
#SoftwareSupplyChainSecurity
👇
Full list of malicious VSCode extensions in the article below:
#SoftwareSupplyChainSecurity
👇
#npm: Malicious NPM Package eslint-plugin-unicorn-ts-2 Uses Hidden Prompt and Script to Evade #AI Security Tools:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a post-install script.
thehackernews.com
December 2, 2025 at 3:06 PM
#npm: Malicious NPM Package eslint-plugin-unicorn-ts-2 Uses Hidden Prompt and Script to Evade #AI Security Tools:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
#OpenAI API Data Breach: OpenAI has disclosed a #databreach affecting some API customers due to a hack at third-party vendor #Mixpanel.
What was exposed: Names & Emails, Approximate Location, UserID/Org IDs
👇
What was exposed: Names & Emails, Approximate Location, UserID/Org IDs
👇
OpenAI discloses API customer data breach via Mixpanel vendor hack
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel.
www.bleepingcomputer.com
November 27, 2025 at 4:42 PM
#OpenAI API Data Breach: OpenAI has disclosed a #databreach affecting some API customers due to a hack at third-party vendor #Mixpanel.
What was exposed: Names & Emails, Approximate Location, UserID/Org IDs
👇
What was exposed: Names & Emails, Approximate Location, UserID/Org IDs
👇
#Maven: hundreds of packages just got caught running Shai-Hulud v2 - the same malware that hijacked npm two days ago.
It spread through automated rebuilds, infecting devs who never used npm stealing & leaking secrets across thousands of GitHub repos:
👇 thehackernews.com/2025/11/shai...
It spread through automated rebuilds, infecting devs who never used npm stealing & leaking secrets across thousands of GitHub repos:
👇 thehackernews.com/2025/11/shai...
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
Shai-Hulud v2 breached npm and Maven, impacting 28,000+ repos and leaking 11,858 secrets.
thehackernews.com
November 26, 2025 at 7:16 PM
#Maven: hundreds of packages just got caught running Shai-Hulud v2 - the same malware that hijacked npm two days ago.
It spread through automated rebuilds, infecting devs who never used npm stealing & leaking secrets across thousands of GitHub repos:
👇 thehackernews.com/2025/11/shai...
It spread through automated rebuilds, infecting devs who never used npm stealing & leaking secrets across thousands of GitHub repos:
👇 thehackernews.com/2025/11/shai...
Reposted by Sam Stepanyan
You all should be starring this repo and following up on every npm security best practice: github.com/lirantal/npm...
GitHub - lirantal/npm-security-best-practices: Collection of npm package manager Security Best Practices
Collection of npm package manager Security Best Practices - lirantal/npm-security-best-practices
github.com
November 25, 2025 at 1:42 PM
You all should be starring this repo and following up on every npm security best practice: github.com/lirantal/npm...
Reposted by Sam Stepanyan
If you couldn't make it to German @owasp Day 2025 in person, you can watch the live stream here: media.ccc.de #owasp_god25
home
- media.ccc.de
Video Streaming Portal des Chaos Computer Clubs
media.ccc.de
November 26, 2025 at 8:53 AM
If you couldn't make it to German @owasp Day 2025 in person, you can watch the live stream here: media.ccc.de #owasp_god25
Over 80,000 files with #passwords and keys from governments, banks, and tech firms were found online pasted into public code tools like #JSONFormatter and #CodeBeautify.
Cybercriminals are already scraping and using the data.
And yes - it’s still live!
👇 thehackernews.com/2025/11/year...
Cybercriminals are already scraping and using the data.
And yes - it’s still live!
👇 thehackernews.com/2025/11/year...
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
Researchers uncovered 5GB of leaked credentials from JSONFormatter and CodeBeautify, exposing sensitive data across critical sectors.
thehackernews.com
November 25, 2025 at 11:52 PM
Over 80,000 files with #passwords and keys from governments, banks, and tech firms were found online pasted into public code tools like #JSONFormatter and #CodeBeautify.
Cybercriminals are already scraping and using the data.
And yes - it’s still live!
👇 thehackernews.com/2025/11/year...
Cybercriminals are already scraping and using the data.
And yes - it’s still live!
👇 thehackernews.com/2025/11/year...
#NPM: Second Shai-Hulud Infection Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Security vendors warn Sha1-Hulud has hijacked 25,000+ GitHub repos via npm packages, stealing cloud credentials or wiping dev home directories.
thehackernews.com
November 24, 2025 at 5:30 PM
#NPM: Second Shai-Hulud Infection Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
Reposted by Sam Stepanyan
The next OWASP London Chapter in-person Meetup will take place on December 5th, 2025, kindly hosted by @tessl_io.
Raffle prizes sponsored by @semgrep.com & Root.io
Talks from @shehackspurple and @SonyaMoisset
Register to attend this event here:
👇
www.meetup.com/owasp-london...
Raffle prizes sponsored by @semgrep.com & Root.io
Talks from @shehackspurple and @SonyaMoisset
Register to attend this event here:
👇
www.meetup.com/owasp-london...
OWASP London Chapter Meetup [IN-PERSON], Fri, Dec 5, 2025, 6:00 PM | Meetup
**This event is kindly hosted by Tessl.**
**Raffle prizes are kindly sponsored by Semgrep and Root.**
**There is limited seating available for in-person attendees. Regist
www.meetup.com
November 23, 2025 at 9:23 PM
The next OWASP London Chapter in-person Meetup will take place on December 5th, 2025, kindly hosted by @tessl_io.
Raffle prizes sponsored by @semgrep.com & Root.io
Talks from @shehackspurple and @SonyaMoisset
Register to attend this event here:
👇
www.meetup.com/owasp-london...
Raffle prizes sponsored by @semgrep.com & Root.io
Talks from @shehackspurple and @SonyaMoisset
Register to attend this event here:
👇
www.meetup.com/owasp-london...
#AWS launched Agentic AI Security Scoping Matrix – a framework designed to help organizations securely deploy autonomous AI systems:
#AISecurity
👇
#AISecurity
👇
The Agentic AI Security Scoping Matrix: A framework for securing autonomous AI systems | Amazon Web Services
As generative AI became mainstream, Amazon Web Services (AWS) launched the Generative AI Security Scoping Matrix to help organizations understand and address the unique security challenges of foundation model (FM)-based applications. This framework has been adopted not only by AWS customers across the globe, but also widely referenced by organizations such as OWASP, CoSAI, and […]
aws.amazon.com
November 23, 2025 at 11:42 AM
#AWS launched Agentic AI Security Scoping Matrix – a framework designed to help organizations securely deploy autonomous AI systems:
#AISecurity
👇
#AISecurity
👇
#WhatsApp: Largest data leak in history - the entire directory of 3.5bln of WhatsApp users was available online unprotected for retrieval.
Austrian researchers were able to download all phone numbers, profile pictures & data including public keys:
👇
www.heise.de/en/news/3-5-...
Austrian researchers were able to download all phone numbers, profile pictures & data including public keys:
👇
www.heise.de/en/news/3-5-...
3.5 Billion Accounts: Complete WhatsApp Directory Retrieved and Evaluated
Vienna researchers retrieved all WhatsApp numbers. The 3.5 billion profiles represent the largest data leak in history—and it's worse than you might think.
www.heise.de
November 19, 2025 at 4:40 PM
#WhatsApp: Largest data leak in history - the entire directory of 3.5bln of WhatsApp users was available online unprotected for retrieval.
Austrian researchers were able to download all phone numbers, profile pictures & data including public keys:
👇
www.heise.de/en/news/3-5-...
Austrian researchers were able to download all phone numbers, profile pictures & data including public keys:
👇
www.heise.de/en/news/3-5-...
#GitHub: Downdetector and social media platforms are currently filled with reports about a GitHub outage, and the official GitHub Status portal has confirmed the problem:
#GitHubDown
👇
#GitHubDown
👇
GitHub is down right now, it's not just you
Hope you didn't need to work today.
www.howtogeek.com
November 18, 2025 at 9:43 PM
#GitHub: Downdetector and social media platforms are currently filled with reports about a GitHub outage, and the official GitHub Status portal has confirmed the problem:
#GitHubDown
👇
#GitHubDown
👇
#Fortinet: Critical vulnerability in Fortinet FortiWeb (CVE-2025-64446), is under active exploitation - CISA adds it to KEV catalog:
Critical vulnerability in Fortinet FortiWeb is under exploitation
The company faces criticism as multiple researchers claim a silent patch was issued weeks before official guidance was released.
www.cybersecuritydive.com
November 18, 2025 at 12:55 PM
#Fortinet: Critical vulnerability in Fortinet FortiWeb (CVE-2025-64446), is under active exploitation - CISA adds it to KEV catalog:
#NPM: Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack Exposing Major Security Gaps:
👇
👇
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
A mysterious npm worm published 46K fake packages in a two-year spam campaign, exposing major security gaps.
thehackernews.com
November 13, 2025 at 12:40 PM
#NPM: Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack Exposing Major Security Gaps:
👇
👇
#Linux: Rust-based sudo-rs Affected By Multiple Security Vulnerabilities - Impacting #Ubuntu 25.10 including partial password exposure (CVE-2025-64170) and incorrect User ID in timestamps. Patches for both issues have been released:
👇
www.phoronix.com/news/sudo-rs...
👇
www.phoronix.com/news/sudo-rs...
sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10
The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky
www.phoronix.com
November 13, 2025 at 8:30 AM
#Linux: Rust-based sudo-rs Affected By Multiple Security Vulnerabilities - Impacting #Ubuntu 25.10 including partial password exposure (CVE-2025-64170) and incorrect User ID in timestamps. Patches for both issues have been released:
👇
www.phoronix.com/news/sudo-rs...
👇
www.phoronix.com/news/sudo-rs...
#NPM: Malicious NPM Package @acitons/artifact With 206K+ Downloads Stole GitHub Tokens:
👇
hackread.com/fake-npm-pac...
👇
hackread.com/fake-npm-pac...
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
November 11, 2025 at 12:09 PM
#NPM: Malicious NPM Package @acitons/artifact With 206K+ Downloads Stole GitHub Tokens:
👇
hackread.com/fake-npm-pac...
👇
hackread.com/fake-npm-pac...
Many thanks to everyone who attended my OWASP #Nettacker talk at the #OWASP Global AppSec 2025 Conference in Washington, DC.
👉https://github.com/OWASP/Nettacker
👉https://github.com/OWASP/Nettacker
November 11, 2025 at 10:27 AM
Many thanks to everyone who attended my OWASP #Nettacker talk at the #OWASP Global AppSec 2025 Conference in Washington, DC.
👉https://github.com/OWASP/Nettacker
👉https://github.com/OWASP/Nettacker
#SAP: Patches 3 Critical Vulnerabilities (CVSS 10.0) Including RCE / Code Injection and Hardcoded Credentials affecting SQL Anywhere Monitor (Non-GUI), SAP NetWeaver AS Java, and SAP Solution Manager:(CVE-2025-42890, CVE-2025-42944, CVE-2025-42887):
👇
securityonline.info/sap-november...
👇
securityonline.info/sap-november...
SAP November 2025 Patch Day Fixes 3 Critical Flaws (CVSS 10) — Including Code Injection and Insecure Key Management
SAP released its Patch Day update fixing 18 flaws, including two Critical (CVSS 10.0) vulnerabilities: RMI-P4 RCE and Hard-Coded Credentials in SQL Anywhere Monitor, risking unauthenticated takeover.
securityonline.info
November 11, 2025 at 8:41 AM
#SAP: Patches 3 Critical Vulnerabilities (CVSS 10.0) Including RCE / Code Injection and Hardcoded Credentials affecting SQL Anywhere Monitor (Non-GUI), SAP NetWeaver AS Java, and SAP Solution Manager:(CVE-2025-42890, CVE-2025-42944, CVE-2025-42887):
👇
securityonline.info/sap-november...
👇
securityonline.info/sap-november...
#NPM:Popular JavaScript library expr-eval is vulnerable to RCE #vulnerability CVE-2025-1273. Impacted software developers are advised to migrate immediately to expr-eval-fork v3.0.0 and republish their libraries:
#SoftwareSupplyChainSecurity
👇
www.bleepingcomputer.com/news/securit...
#SoftwareSupplyChainSecurity
👇
www.bleepingcomputer.com/news/securit...
Popular JavaScript library expr-eval vulnerable to RCE flaw
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input.
www.bleepingcomputer.com
November 10, 2025 at 7:47 PM
#NPM:Popular JavaScript library expr-eval is vulnerable to RCE #vulnerability CVE-2025-1273. Impacted software developers are advised to migrate immediately to expr-eval-fork v3.0.0 and republish their libraries:
#SoftwareSupplyChainSecurity
👇
www.bleepingcomputer.com/news/securit...
#SoftwareSupplyChainSecurity
👇
www.bleepingcomputer.com/news/securit...
#AI: HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage: unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms:
#AISecurity
www.tenable.com/blog...
#AISecurity
www.tenable.com/blog...
November 9, 2025 at 10:21 PM
#AI: HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage: unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms:
#AISecurity
www.tenable.com/blog...
#AISecurity
www.tenable.com/blog...
#Kubernetes: Newly disclosed #vulnerabilities in the #runC container runtime used in #Docker & Kubernetes (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) could be exploited to bypass isolation restrictions & get access to the host system (escape):
#k8s
👇
www.bleepingcomputer.com/news/securit...
#k8s
👇
www.bleepingcomputer.com/news/securit...
Dangerous runC flaws could allow hackers to escape Docker containers
Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system.
www.bleepingcomputer.com
November 9, 2025 at 5:29 PM
#Kubernetes: Newly disclosed #vulnerabilities in the #runC container runtime used in #Docker & Kubernetes (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) could be exploited to bypass isolation restrictions & get access to the host system (escape):
#k8s
👇
www.bleepingcomputer.com/news/securit...
#k8s
👇
www.bleepingcomputer.com/news/securit...
#Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):
www.endorlabs.com/learn/critic...
www.endorlabs.com/learn/critic...
Critical SQL Injection Vulnerability in Django (CVE-2025-64459) | Blog | Endor Labs
Critical SQL Injection Vulnerability in Django (CVE-2025-64459). Learn what happened, root cause, impact, and how to mitigate.
www.endorlabs.com
November 6, 2025 at 5:10 PM
#Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):
www.endorlabs.com/learn/critic...
www.endorlabs.com/learn/critic...