CramHacks Chronicles #95: Weekly Cybersecurity Newsletter!

Hello, and Happy Monday!

Straight to the point: Writing this newsletter takes up a tremendous amount of my time, and it’s taking away from other exciting projects. That said, I’m emotionally attached after almost two years of publishing weekly content, and so I’ll be moving to one newsletter every two weeks. Just to free up some bandwidth.

This ofc may change in the future, especially as I’m really excited about the projects I’ve been tinkering on and I want to share the excitement with you all!

Admittedly, this is in part due to hacker summer camp. I loved learning and discussing about so many projects, but there are ideas that seemingly no one else is investigating, and I want to know what the outcome would be! Which implies that I’ll have to do it myself 😄.

Newsletter

Dependabot version updates now support vcpkg
Receive automatic dependency updates for vcpkg and keep C/C++ dependencies up-to-date. Note: this is for version updates and not specifically security updates.

Preventing ZIP parser confusion attacks on Python package installers
PyPI is implementing new restrictions to prevent ZIP parser confusion attacks on package installers, specifically rejecting ZIP archives that exploit vulnerabilities in the ZIP format.

👋 uv security advisory: ZIP payload obfuscation

DALEQ: An Open-Source Tool for Assessing Java Binary Equivalence
Detailed research paper & GitHub Repo.

👋 I haven’t read this yet, but I wanted to share it because there’s clearly a growing interest in verifying reproducible builds. 👀 Really hope the industry progresses down this path!

AgentFlayer: When a Jira Ticket Can Steal Your Secrets
Marina Simakov demos how running cursor in auto-run mode and prompting it to help with handling a Jira ticket can lead to compromise.

BAXBENCH: Can LLMs Generate Correct and Secure Backends?
A new evaluation benchmark featuring 392 tasks has been developed to assess the effectiveness of large language models (LLMs) in generating secure production-quality, self-contained backend application modules. The best performing model, OpenAI o1, achieved 62% on code correctness, and around half of the correct programs contained vulnerabilities exploited by the researchers.

👋 This paper is worth a read, I’ve only skimmed it but I’ll definitely be circling back.

GitHub Copilot: putting Copilot into YOLO mode via prompt injection
wunderwuzzi23 blogs about CVE-2025-53773 where a prompt injection planted in content (e.g., source code file, web page, GitHub issue) to enter VS code into “YOLO” mode by setting “chat.tools.autoApprove”: true, in the ~/.vscode/settings.json file.

👋 Ironically, I was looking into these types of attacks this weekend. We’ve given AI the ability to create, change, and delete files. What risks are there in allowing this? Assuming there are restrictions to actions outside of the platform (or IDE), are there elements (or settings) inside the platform that can be manipulated for lateral movement? I think we’ll find many more cases like this moving forward.

GitHound: A BloodHound OpenGraph collector for GitHub
Jared Atkinson, CTO of SpectreOps, has open-sourced GitHound, a BloodHound OpenGraph collector for GitHub, designed to map your organization’s structure and permissions into a navigable attack‑path graph.

👋 I’ve not used this myself, but I’m surprised it hasn’t been met with more excitement. There’s a lot of opportunity here to gain insights into an organization’s structure, permissions, and potential attack paths on GitHub. It’s also a great example of how BloodHound can be used to detect attack paths in SaaS platforms as a whole.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.