zlacker

[parent] [thread] 3 comments
1. averev+(OP)[view] [source] 2026-02-02 03:11:06
Right the writeup doesn't mention when it started and what versions are affected
replies(2): >>hug+e >>freita+C4
2. hug+e[view] [source] 2026-02-02 03:13:30
>>averev+(OP)
> Based on both assessment, I estimate the overall compromise period spanned from June through December 2, 2025, when all attacker access was definitively terminated.

FTA.

3. freita+C4[view] [source] 2026-02-02 04:06:11
>>averev+(OP)
The writeup says it right there:

"The security exper’s analysis indicates the attack ceased on November 10, 2025, while the hosting provider’s statement shows potential attacker access until December 2, 2025. Based on both assessment, I estimate the overall compromise period spanned from June through December 2, 2025, when all attacker access was definitively terminated."

replies(1): >>avazhi+PK
◧◩
4. avazhi+PK[view] [source] [discussion] 2026-02-02 11:45:38
>>freita+C4
Yeah, that refers to the MITM attack on the update server. We have no fucking clue what they actually did while they were in the middle - whatever exploit code was running may very well be running right now on compromised machines. Nobody knows what the compromised exes actually did.

Thanks for your nonanswer, though. It was about as unhelpful and unspecific as the original blogpost for this.

[go to top]