미성

준공 37년이 지나 노후화된 서울의 은평구 미성아파트가 최고 40층 규모의 대규모 단지로 다시 세워진다고 . 서울시는 지난12일 제3 차 도시정비 사업 회의를하고 , 불광ㅇ248번지 일대의 재건축사업을 정비계획을 가결하다 . https://www.google.com/search?q=%EC%A4%80%EA%B3%B5+37%EB%85%84%EC%9D%B4+%EC%A7%80%EB%82%98+%EB%85%B8%ED%9B%84%ED%99%94%EB%90%9C+%EC%84%9C%EC%9A%B8%EC%9D%98+%EC%9D%80%ED%8F%89%EA%B5%AC+%EB%AF%B8%EC%84%B1%EC%95%84%ED%8C%8C%ED%8A%B8%EA%B0%80+%EC%B5%9C%EA%B3%A0+40%EC%B8%B5+%EA%B7%9C%EB%AA%A8%EC%9D%98+%EB%8C%80%EA%B7%9C%EB%AA%A8+%EB%8B%A8%EC%A7%80%EB%A1%9C+%EB%8B%A4%EC%8B%9C+%EC%84%B8%EC%9B%8C%EC%A7%84%EB%8B%A4%EA%B3%A0+.+%EC%84%9C%EC%9A%B8%EC%8B%9C%EB%8A%94+%EC%A7%80%EB%82%9C12%EC%9D%BC+%EC%A0%9C3+%EC%B0%A8+%EB%8F%84%EC%8B%9C%EC%A0%95%EB%B9%84+%EC%82%AC%EC%97%85+%ED%9A%8C%EC%9D%98%EB%A5%BC%ED%95%98%EA%B3%A0+%2C+%EB%B6%88%EA%B4%91%E3%85%87248%EB%B2%88%EC%A7%80+%EC%9D%BC%EB%8C%80%EC%9D%98+%EC%9E%AC%EA%B1%B4%EC%B6%95%EC%82%AC%EC%97%85%EC%9D%84+%EC%A0%95%EB%B9%84%EA%B3%84%ED%9A%8D%EC%9D%84+%EA%B0%80%EA%B2%B0%ED%95%98%EB%8B%A4+.&sourceid=chrome&ie=UTF-8 전체 1700세대의 대단지로 탄생하다 .

slide

 <!DOCTYPE html>

<title>My Example</title>

<!-- Bootstrap CSS -->

<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">

<div class="container-fluid">

<!-- Carousel container -->

<div id="my-pics" class="carousel slide" data-ride="carousel" style="width:300px;margin:auto;">

<!-- Indicators -->

<ol class="carousel-indicators">

<li data-target="#my-pics" data-slide-to="0" class="active"></li>

<li data-target="#my-pics" data-slide-to="1"></li>

<li data-target="#my-pics" data-slide-to="2"></li>

</ol>

<!-- Content -->

<div class="carousel-inner" role="listbox">

<!-- Slide 1 -->

<div class="item active">

<img src="/pix/samples/16l.jpg" alt="Sunset over beach">

</div>

<!-- Slide 2 -->

<div class="item">

<img src="/pix/samples/4l.jpg" alt="Rob Roy Glacier">

</div>

<!-- Slide 3 -->

<div class="item">

<img src="/pix/samples/15l.jpg" alt="Longtail boats at Phi Phi">

/////////////////////////////////////

////////////test////////////////////////

밀웨어

///////////////////// from 이메일 2016 -03-28

다운로드

/

https://www.youtube.com/playlist?list=PLlb3q7unEBfOoV4xBR73kjKnuhBUP5s8T

👩👋👈👺👻👽👿💑💁🌳🌾🍈🍒🍉🍓🍝🍧🍦🍯/////////////////////////////////////////////////////////////////////////////////////////////////////

 https://www.youtube.com/watch?v=f-XizWQzLDs - 생전처음ㄴ댓글 달아보다 

//////////////////////////////////////////oh-shit/- ///////////////////////////////////////////////////

shit

나무위키

https://namu.wiki › shit

2026. 2. 25. — 대표적인 영어 욕설이며 fuck과 함께 영어권 욕설 중 대표적인 욕설이다. 본래는 똥 혹은 변을 보다의 뜻으로 주로 쓰였으나 이후로는 더 많은 의미를 ...///////'shit'의 번역

명사

---

똥

shit, dung, ordure///////////////////////////////////////////////////you are shit ////////////

오늘받은 메일인데 위험한 밀웨어라고 하네요 구글본사에서요 그러네요 - 그래서 여러분들이 참고하라고 여기에다 복사해서 보여드립니다 - 저는 그저 받은것뿐인데  - 사실이라면 참으로 나쁜사람이군요 - 다시말해서 거짓말이라고 하네요 

다음 검색어에 대한 결과 포함: 맬웨어 - 내용을 구글에서 복사하고요 - 

밀웨어가 사실이라면 당신은 천벌 만벌을 받을 것입니다 .

 - 이사람이 - 

TLDR InfoSec <dan@tldrnewsletter.com>

TLDR InfoSec <dan@tldrnewsletter.com> -   - 이

다음 검색어에 대한 결과만 표시: 밀웨어

AI 개요

멀웨어(Malware)는 

악성 소프트웨어(Malicious Software)의 줄임말로, 컴퓨터 시스템이나 사용자에게 해를 끼치도록 설계된 바이러스, 트로이 목마, 랜섬웨어, 스파이웨어 등을 통칭합니다. 주로 정보 유출, 시스템 파괴, 광고 노출, 금전 탈취 등을 목적으로 동작합니다. 

주요 내용

• 대표 유형: 랜섬웨어(파일 암호화), 스파이웨어(정보 수집), 봇넷, 트로이 목마(정상 파일로 위장), 애드웨어.
• 감염 경로: 악성 이메일 첨부 파일, 감염된 웹사이트 방문, 보안이 취약한 USB 등.
• 제거 및 예방: Malware Zero(멀웨어 제로) 같은 무료 치료 도구를 사용하거나 백신 프로그램을 통해 예방.
• 특징: 일반적인 프로그램 오류(버그)와 달리, 공격자가 의도적으로 피해를 주기 위해 생성. 

멀웨어 제거 도구 - 멀웨어 제로(Malware Zero) 사용 방법

멀웨어 제로 사용 방법을 안내하는 영상입니다.

51s

정리스터

YouTube• 2024. 1. 27.

1. 공식 웹사이트에서 프로그램을 다운로드합니다.
2. 압축을 풀고, Start.bat 파일을 관리자 권한으로 실행합니다.
3. 검사 중에는 컴퓨터 사용을 자제하며, 완료 후 재부팅합니다. 

• 참고: 자동 업데이트가 되지 않아 실행할 때마다 최신 버전을 다운로드해야 합니다. 

• 멀웨어란 무엇일까요? | Akamai

  멀웨어는 IT 환경에 손상이나 중단을 유발하거나 해커가 IT 환경에 접속할 수 있도록 돕도록 설계된 소프트웨...

  

  Akamai

  
• 멀웨어 - 나무위키:대문

  사용자의 이익에 반해 시스템을 파괴하거나 정보를 변조, 유출하는 등 악의적인 작업을 하도록 만들어진 소프트웨...

  

  나무위키

  
• 맬웨어란? 정의와 유형 | Microsoft Security

  맬웨어는 디바이스에서 중요한 데이터를 방해하거나 도용하도록 설계된 악성 소프트웨어로, 개인과 기업 모두에게 ...

  

  Microsoft

  

모두 표시

/////////////////////////////////////////////////////////

복사본입니다 -

LiteLLM Backdoored , Vibe Code, Real Vulns , Google PQC: 2035 → 2029  

스팸함

TLDR InfoSec <dan@tldrnewsletter.com>	3월 26일 (목) PM 10:13 (17시간 전)
나에게

위험한 메일일 수 있음

멀웨어를 호스팅하는 웹사이트의 링크가 포함되어 있습니다. 메일에 포함된 링크를 클릭하지 마세요.

위험한 메일일 수 있음

멀웨어를 호스팅하는 웹사이트의 링크가 포함되어 있습니다. 메일에 포함된 링크를 클릭하지 마세요.

이 메일은 영어로 작성된 것 같습니다

Sign Up |Advertise|View Online TLDR Together With  TLDR Information Security 2026-03-26 Secure access across humans, AI agents, and machine identities (Sponsor) Legacy IAM tools like PAM and SSO can't manage access from the ever-growing sprawl of identities, SaaS apps, and AI agents. That's why 1Password created Unified Access. This is the solution designed to help reduce endpoint blind spots, credential sprawl, and accountability gaps.  Unified Access is a comprehensive solution for shadow AI discovery, secure vaulting, and context-aware authorization. Learn how it gives you visibility and control over all access, whether from humans, agents, or machine identities. Explore the solution. Attacks & Vulnerabilities Popular LiteLLM PyPI Package Backdoored to Steal Credentials and Auth Tokens (2 minute read) The TeamPCP hacking group, which was responsible for the recent supply chain compromise of Trivy, claimed responsibility for a supply chain compromise of the LiteLLM PyPI package. The malicious updates download a ‘.pth' file, which Python runs on every interpreter startup to download the CloudStealer payload. The stealer attempts to steal credentials such as cloud access keys, Kubernetes service account tokens, SSH keys, cryptocurrency wallet data, and database credentials, then attempts lateral movement to Kubernetes clusters and installs a persistence script via systemd. TP-Link Warns Users to Patch Critical Router Auth Bypass Flaw (2 minute read) TP-Link has patched several vulnerabilities in its Archer NX router series, including an authentication bypass that could allow attackers to upload arbitrary firmware. The flaw stems from a missing authentication check in the HTTP server for certain CGI endpoints. Other patched flaws include removing a hardcoded cryptographic key and patching two command-execution vulnerabilities that required admin privileges. TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials (4 minute read) TeamPCP, the group behind the Trivy supply chain attack (CVE-2026-33634, CVSS 9.4), compromised two Checkmarx GitHub Actions, checkmarx/ast-github-action and checkmarx/kics-github-action, by reusing credentials stolen from the Trivy breach four days earlier. The "TeamPCP Cloud stealer" harvests SSH keys, AWS/GCP/Azure creds, Kubernetes configs, Docker secrets, and crypto wallet data, exfiltrating them as an encrypted archive to checkmarx[.]zone. Trojanized Open VSX extensions for VS Code were also pushed. Strategies & Tactics Fake install logs in npm packages load RAT (5 minute read) Researchers found a cluster of malicious npm packages, dubbed the "Ghost campaign," that has been active since early February. Published by a single npm user, the packages display fake installation logs with random delays and a progress bar to disguise malicious activity. During this fake process, users are prompted to enter their sudo password under the guise of fixing installation errors. That password is then used to execute a final-stage RAT that steals crypto wallets and sensitive data. Other research links a related package to the same techniques, suggesting this may have been an early test run of a broader campaign. Pentest of a 100% vibe-encoded app: complete security analysis of an AI-generated app (4 minute read) A web app built entirely with Claude Opus 4.6 was pentested in grey-box mode with standard user credentials. Critical findings came fast: an LFI via an unfiltered full_path parameter exposed /etc/passwd and opened the door to RCE. An IDOR on /employee/{guid} lets any user pull other employees' emails, roles, and password hashes by harvesting GUIDs from a public leaderboard API. The front-end ran Vite 5.4.10, carrying three known CVEs. AI-generated code ended up skipping input validation, weak access controls, and dependency checks. The LiteLLM Supply Chain Attack: A Complete Technical Breakdown Of The AI Ecosystem's Darkest Hour (9 minute read) TeamPCP exploited a `pull_request_target` GitHub Actions misconfiguration in Aqua Security's Trivy scanner on February 27 to steal a privileged PAT, rewrote 75 of 76 mutable version tags in the trivy-action repo to deliver credential-stealing code, and ultimately harvested LiteLLM's PyPI publish token from its unpinned CI/CD pipeline to push malicious versions 1.82.7 and 1.82.8 (97M monthly downloads). The v1.82.8 payload used a `.pth` file in site-packages to trigger a double base64-encoded infostealer on every Python interpreter startup, targeting SSH keys, AWS/GCP/Azure credentials, CI/CD secrets, and crypto wallets, with stolen data AES-256 and RSA-4096 encrypted before exfiltration to `models.litellm.cloud`. Defenders should pin all GitHub Actions to immutable commit hashes, enforce strict lockfiles (Poetry or uv), scope CI/CD tokens to least privilege, and treat any environment that ran Python between 09:00 and 13:30 UTC on March 24 as fully compromised, requiring full credential rotation. Launches & Tools Caterpillar (GitHub Repo) Caterpillar is a security scanner for AI skills that scans for anti-patterns in those skills before a user downloads them. Escape (Product Launch) Escape is launching an offensive security platform that uses automated agents to discover, test, and fix application vulnerabilities within engineering workflows, including attack surface mapping and security testing. Default Creds (GitHub Repo) Default Creds is a centralized, community-driven repository of factory-set credentials. Miscellaneous 81-Month Sentence for Russian Hacker Behind Major Ransomware Campaigns (2 minute read) A US federal court sentenced Aleksei Volkov to 81 months in prison for acting as an initial access broker for the Yanluowang ransomware group. He broke into corporate networks, sold that access to ransomware operators, and took a cut of the proceeds. Attacks caused $9M in actual losses and $24M in intended losses. Arrested in Rome in 2024 and extradited, he pleaded guilty in November 2025 to fraud, identity theft, and conspiracy, and must pay $9.1M in restitution. Delve did the security compliance on LiteLLM, an AI project hit by malware (3 minute read) A credential-harvesting malware slipped into LiteLLM (3.4M daily downloads) via a compromised dependency, propagating across downstream packages and accounts before being caught within hours by a FutureSearch researcher whose machine crashed due to a bug in the malware itself. LiteLLM holds SOC 2 and ISO 27001 certifications issued by Delve, a YC-backed compliance startup that has been separately accused of generating fake audit data and rubber-stamping reports. Mandiant has been brought in for forensic review, with technical findings to be shared with the developer community upon completion. Electric Motorcycles Don't Have To Be Security Nightmares, But This One Was (2 minute read) Researchers Persephone Karnstein and Mitchell Marasch presented at BSides Seattle 2026 how they achieved full firmware control over a Zero Motorcycle by exploiting its OTA update mechanism and a VIN validation bypass that accepted any VIN-structured code rather than a registered one. The attack surface extended to the battery management system, enabling a conceptual payload capable of triggering a battery fire, disabling the brakes via OTA, and blocking factory resets that would otherwise reverse the compromise. Quick Links CSA Launches CSAI Foundation for AI Security (3 minute read) The Cloud Security Alliance spun out CSAI, a nonprofit focused on security for autonomous AI agents. Google moves post-quantum encryption timeline up to 2029 (1 minute read) Citing faster-than-expected advances in quantum hardware, error correction, and factoring, Google accelerated its internal PQC migration deadline to 2029, six years ahead of the NIST-mandated 2035 federal baseline, and called on private industry to follow suit. Mirai Malware Evolves into Hundreds of Variants Driving Botnet Growth (1 minute read) Botnet C2 servers grew 24% in H2 2025, driven by 116 Mirai variants across 21,000+ samples targeting IoT devices. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/460c5618/8 Track your referrals here. Want to advertise in TLDR?  If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR?  Apply here, create your own role or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! TLDR is one of Inc.'s Best Bootstrapped businesses of 2025. If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////