zk

🚨 A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.

Today, after a long discussion about best OpSec practices I thought it will be nice to share with the Nostr community, and read what others have to say about it, There are many here in #Nostr that are #privacy advocates and believe they know enough, they use what they believe is a secure OpSec: 1. No corporate social networks, that includes LinkedIn or not sufficient decentralized ones (whatever that means for them). 2. No Messenger Chat app that requires a mobile phone number. 3. Linux of course; so they say; although the majority keep using iOS or Microsoft as their default OS... (I am guessing of course, but I am quite positive it is a good guess ... ). 4. A Pixel 7 or higher rooted with the right OS. 5. A VPN, one of the few that do not log (so they say) and you can pay cash or LN BTC or XMR. Most do this wrong BTW... 6. The right Private DNS, never a corporate one... 7. A private email address, so most will use Proton or Tuta... Odd how there are only few options with no KYC, if it is a niche, the fact that there are no more options is suspect, two companies only... they become a honeypot. 8. They use FOSS as much as possible for all their work and location apps. 9. GPS OFF as a norm. OpSec matters here, most people do this wrong. 10. A nonKYC eSIM with only data, few providers, silentlink being one of the favorites. 11. A powerful router with firewall and Pihole or adguard, plus built in support for VPN (most do this wrong) 12. Self hosted cloud, no commercial cloud never (most don't do this, they rely on the usual privacy oriented, the ones very well known, there are about 3...) Are you paying attention? 13. Their own BTC Node 14. A privacy oriented browser, there are not that many, Mullvad Browser, hardened with extension Firefox (requires work), hardened with extensions Brave. Most use the same extensions, for they are the recommend ones, Have you wondered why they are not built in already in the browsers? 14 Tor Browser for research, specially those that are devs or white hats... (no black or grey hats here, right...) 16. Keeping all your software and OS for all devices up to date, which is recurrent workload, failing to do that could lead to exploits and exposure to cybercrime. And more, but this is a simple summary. Now the best part: All of the above, makes you, in a way, a target, for your digital footprint is of a minority, easy to identify, you are decently informed and therefore you follow the same rules and use the same tools as the rest of a small tribe, a very distinct one, not that hard to identify with the right tools that constantly analyze metadata. Is there a better way? In my opinion, yes. 1. If you keep your current OpSec, study and do it right, most do it wrong and generally due to lack of discipline and endurance of the annoyance of cyber security, which is very inconvenient, end up being not only known targets but vulnerable high end targets. 2. To be part of the large noise made by the clueless normies is the optimal play but that is an OpSec very few will have the discipline, time and knowledge to do correctly. Won't discuss the know how here. Hire a #cybersecurity expert if you want this and don't know how is done. What are your thoughts? #asknostr

🚨 A federal jury awarded plaintiffs suing Google $425 million in damages, holding that by collecting the data of users who had switched off an app activity-tracking feature, the tech giant invaded the privacy of millions. More Google lies caught, but... 425 million dollars and all is well, they will keep doing it for sure. I wonder, How many times will take for true accountability? Problem is, there is not a real incentive for them to stop.

This nostr:nevent1qqsrymmsatlqq9vtuf2lfugs4u3m63whe9vaqs2cnq4vgjuqf33kzvcpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtczyqsmrwxqarmkglj2v69c04pvp5zykm9gt78822adr7mgg7d7ftyjjqcyqqqqqqguyadtu

🚨 Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.

🚨🚨🚨 Must read https://bobdahacker.com/blog/hacked-biggest-chinese-robot-company

This will be interesting... nostr:nevent1qqsvnltxuj4dtwq5h6w9yjyjsek9akv2ucput9huy7kkm72wmcmcmjqpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtczyql0mt4mrkyj867enj084n3mgx22k3239c4708qm045djfp7p5ngzqcyqqqqqqg0gp0h9

🚨 Overnight on Aug. 26 in just over four hours, unidentified attackers compromised more than 1,000 Javascript developers, stealing their GitHub tokens, npm tokens, SSH keys, application secrets, and cryptocurrency wallet files. They pulled that off by infecting a widely popular build system called "Nx" and by infusing their supply chain malware with artificial intelligence (AI)-powered intel-gathering capabilities. https://www.darkreading.com/cyberattacks-data-breaches/1000-devs-lose-secrets-ai-powered-stealer

So from 2027, many programmers will move from Google store to Huawei store, not complicated and bigger market https://news.itsfoss.com/new-android-sideloading-rules/

Lumia's Yoav Magid Discusses Siri & Apple AI Privacy Risks https://www.blackhat.com/us-25/briefings/schedule/index.html?_ga=2.185942305.92694596.1752608221-151668467.1748531774&_gac=1.11871104.1752608221.EAIaIQobChMIpfDOsc6_jgMVljcIBR0KWAL-EAAYASAAEgLMgvD_BwE#applestorm---unmasking-the-privacy-risks-of-apple-intelligence-44712

If you are using FreeVPN Google chrome extension, unistall it, it is spyware, "Chrome verified"... Here the findings: https://www.koi.security/blog/spyvpn-the-vpn-that-secretly-captures-your-screen

### Korea wins world’s top hacking contest for 4th consecutive year https://www.koreatimes.co.kr/business/tech-science/20250811/korea-wins-worlds-top-hacking-contest-for-4th-consecutive-year

https://tuta.com/blog/ai-email-writers-review

https://thehackernews.com/2025/08/researchers-uncover-gpt-5-jailbreak-and.html

https://visit.gitex.com/web/registration-portal/event-detail?eventId=252175&utm_source=tech-target-holdings&utm_medium=mediapartner&utm_campaign=20250723-gitexglobal25-visitors-partner

Russia has blocked access to Speedtest, a popular internet speed testing tool developed by U.S. company Ookla, claiming the service poses a national security threat and could aid cyberattacks. https://therecord.media/russia-bans-speedtest-ookla