appsec.fyi · Sources

cryptobriefing.com

5 curated AppSec resources from cryptobriefing.com across 3 topics on appsec.fyi.

cryptobriefing.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-17.

Date Added Resource Excerpt
2026-07-17 2026Microsoft's MDASH AI beats Anthropic's Mythos in bug detection finds 16 new Windows flawsRCELibrary for AI-driven vulnerability detection, MDASH, developed by Microsoft's Autonomous Code Security team, surpasses Anthropic's Mythos and OpenAI's GPT-5.5 on the CyberGym benchmark with an 88.45% score. This multi-agent system, comprising over 100 specialized AI agents, discovered 16 new Windows vulnerabilities, including four critical remote code execution flaws in components like the kernel and IKEv2 service. These vulnerabilities were addressed in the May 2026 Patch Tuesday update. MDASH is slated for a limited private enterprise preview in June 2026.
2026-07-15 2026Unpatched Cursor vulnerability exposes users to code execution riskRCEWriteup on critical remote code execution (RCE) vulnerabilities affecting the AI-powered code editor Cursor. These flaws, including CVE-2026-22708, CVE-2026-26268, and the high-severity DuneSlide vulnerabilities (CVE-2026-50548, CVE-2026-50549), primarily stem from prompt injection attacks and exploit weaknesses in sandbox protections. While most issues were patched, the article highlights broader security concerns around AI development tools and stresses the importance of patching Cursor promptly, auditing AI-generated code, and implementing defense-in-depth measures.
2026-07-10 2026Hackers attempt to backdoor Injective npm package to steal wallet keysSupply ChainLibrary providing security analysis of Injective Labs' TypeScript SDK, detailing a supply chain attack where malicious code was pushed to npm, specifically version 1.20.21. Attackers aimed to steal crypto wallet keys and mnemonics by hooking wallet creation functions, exfiltrating data to an obfuscated endpoint. The attack compromised 18 packages before being reversed, affecting ~50,000 weekly downloads and 87 dependent packages. Developers are advised to upgrade to version 1.20.23 and treat any processed credentials as compromised.
2026-05-26 2026Starlette vulnerability exposes millions of AI agents to hackersPythonLibrary for Python's Starlette framework addresses critical vulnerabilities including CVE-2024-47874 and CVE-2025-62727, which impact AI agents and crypto tools. These flaws enabled denial-of-service attacks through improper handling of large multipart form data and crafted Range headers, respectively. Patched versions are 0.40.0 and 0.49.1, though widespread adoption across thousands of downstream projects may lag, leaving AI-driven trading bots and DeFi automation tools exposed to memory poisoning and unauthorized transactions.
2026-05-21 2026TeamPCP breaches GitHub accessing 3800 internal code repositoriesSupply ChainWriteup of TeamPCP's software supply-chain attack on GitHub, detailing how a malicious VS Code extension granted access to 3,800 internal code repositories. The stolen source code includes components for GitHub Actions, Copilot, and CodeQL. Attackers are attempting to sell this data for at least $50,000, posing significant risks to the crypto industry due to its reliance on GitHub for development and deployment infrastructure.