Brief

last 24h

[2/2] 222 sources

Multi-source AI news clustered, deduplicated, and scored 0–100 across authority, cluster strength, headline signal, and time decay.

RESEARCH · Lobsters — AI tag English(EN) · 2d · [3 sources]

A Network Allow-List Won't Stop Exfiltration

A security vulnerability exists in sandboxing environments that rely solely on network allow-lists for protection. Untrusted code, including AI-generated scripts, can exfiltrate sensitive data like AWS credentials or SSH keys by encoding them within DNS requests or sending them to seemingly legitimate, allowed analytics endpoints. This bypasses network-level policies because the data travels through authorized channels. To address this, an L7 egress proxy with data-loss prevention is proposed, which intercepts all outbound connections, terminates TLS, inspects traffic, and can flag or block suspicious data patterns. AI

IMPACT Highlights a critical security gap for AI-generated code and untrusted dependencies running in sandboxed environments.
- Zapier
- LiteLLM
- Shai-Hulud
- PostHog
- ENS Domains
TOOL · Replit blog English(EN) · 8mo

How Replit is Protecting You From the "Shai-Hulud" Worm

A severe JavaScript supply chain attack, dubbed "Shai-Hulud," has compromised numerous npm packages, including @ctrl/tinycolor, which has over 2 million weekly downloads. This worm-like malware automatically harvests developer credentials like GitHub and npm tokens by executing malicious scripts during package installation. Replit has implemented measures to protect its users by blocking the malware's exfiltration endpoint and enhancing its Security Scanner with malicious file detection and AI-powered remediation. AI

IMPACT Replit's AI agent can now automatically remediate security issues, simplifying developer workflows and enhancing platform security.

Brief

A Network Allow-List Won't Stop Exfiltration

How Replit is Protecting You From the "Shai-Hulud" Worm