Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study

Third-party skills extend LLM agents with powerful capabilities but often handle sensitive credentials in privileged environments, making leakage risks poorly understood. We present the first large-scale empirical study of this problem, analyzing 17,022 skills sampled from 170,226 on SkillsMP usi...

Analyzing Dark Crystal RAT, a C# Backdoor

The FireEye Mandiant Threat Intelligence Team helps protect our customers by tracking cyber attackers and the malware they use. The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C variant of Dark Crystal RAT DCRat that the...

HackerOne: Submitting report through Embedded Submission form gives user indefinite access to a profile

Summary: Hi team, @jobert , @ben After testing on the sandbox, I noticed that one of my accountswhich I removed from the program can see some of the information. I don't know if it affects other programs that have other States - private-only, private-only whit external link. I could not find the...