#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes.
PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption. These Lua scripts are cross-platform compatible, functioning on #Windows, #Linux, and #macOS.
Based on the detected user files, the malware may exfiltrate data, encrypt it, or potentially destroy it. Although the destruction functionality appears to be not yet implemented. #Bitcoin address used in the prompt appears to belong to Bitcoin creator https://en.wikipedia.org/wiki/Satoshi_Nakamoto
For its file encryption mechanism, the PromptLock ransomware utilizes the SPECK 128-bit encryption algorithm.
Although multiple indicators suggest the sample is a proof-of-concept (PoC) or work-in-progress rather than fully operational malware deployed in the wild, we believe it is our responsibility to inform the cybersecurity community about such developments.
The PromptLock ransomware is written in #Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal. IoCs:
Filecoder.PromptLock.A
24BF7B72F54AA5B93C6681B4F69E579A47D7C102
AD223FE2BB4563446AEE5227357BBFDC8ADA3797
BB8FB75285BCD151132A3287F2786D4D91DA58B8
F3F4C40C344695388E10CBF29DDB18EF3B61F7EF
639DBC9B365096D6347142FCAE64725BD9F73270
161CDCDB46FB8A348AEC609A86FF5823752065D2

Ich hasse es, wenn Entwickler in einer Schleife immer wieder die gleiche Datenbank abfragen, um einen Vergleich zu machen.
Schon mal was von Arrays, oder in Go von Structs, gehört? Eine Abfrage in ein Array / einen Struct, und dann in der Schleife damit vergleichen.
Spart Unmengen an Ressourcen.

Ohne Datenimport läuft das Portal nun schon mal hier lokal. Nun mal schauen, wie man in #Go am einfachsten parallel einen Task abarbeiten kann. Der Datenimport sollte laufen, ohne den Rest der Seite sichtbar zu beeinflussen.

Go module for brute force attacks on SSH steals the accesses found

A malicious Go module disguises itself as a brute force tool for SSH, but secretly steals the credentials it finds and transmits them via Telegram.

https://www.heise.de/en/news/Go-module-for-brute-force-attacks-on-SSH-steals-the-accesses-found-10606487.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Go-Modul für Brute-Force-Angriffe auf SSH stiehlt die gefundenen Zugänge

Ein schädliches Go-Modul tarnt sich als Brute-Force-Tool für SSH, stiehlt die gefundenen Zugangsdaten aber heimlich und übermittelt sie per Telegram.

https://www.heise.de/news/Go-Modul-fuer-Brute-Force-Angriffe-auf-SSH-stiehlt-die-gefundenen-Zugaenge-10599723.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Golang: Malicious Go module presents itself as a brute-force tool for SSH, but actually silently exfiltrates #credentials to its creator. GitHub took down the author's repos, but the module's still available on pkg.go[.]dev
#SoftwareSupplyChainSecurity

https://thehackernews.com/2025/08/malicious-go-module-poses-as-ssh-brute.html

Just added

```
!/bin/sh

git stash --keep-index --include-untracked
go test ./...
```
To my `.git/hooks/pre-commit`.

No more commit that break the test or even the build. It should make `git bisect` more useful.

I should have done that WAY SOONER. Somehow, I never stumbled upon it…

ZenZX Preview Release

I thought I'd give people something better than promises to toy around with. Here's a very early, very rough, very green preview release of ZenZX.

ZenZX is a ZX Spectrum emulator written in Go with a focus on ergonomics and modular, understandable code. It's partly based on my other emulation project called zen80, a highly compliant instruction-stepped Z80 emulator.

https://drive.google.com/file/d/1MJR6JMhL1TcIXEfZUkAh4u8eA5yFQgxh/view?usp=drive_link

See the README included in the .zip file and please let me know if you like anything about it, or if you hate anything about it. At this time, and because countless bugs are yet to be corrected, and I'm aware of hundreds of them, I'm not lacking insights of the type "It has a bug". The kind of useful feedback I'd like to get is more about ergonomics and whether you would use a different key mapping, keyboard shortcuts, colours, etc. Any user-facing ideas you would like to see one day, that would be useful.

You know where to find me

How do you extract secrets and URLs effortlessly from JavaScript?

Meet `jsluice` by BishopFox—a Go-powered tool that combines AST parsing with custom matchers. Unlike regex, it intelligently identifies URLs in patterns like `window.open()` or `document.location`. Plus, it can spot secrets like API keys using syntax-aware matchers.

#JavaScript #CyberSecurity #GoLang

Project link on #GitHub https://github.com/BishopFox/jsluice

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Found out about #redka recently. A #redis implementation using #sqlite or #postgres.

I've adapted to using embedded cache libraries. Until redis is a must. This may make that embed cache less necessary when using #golang.

https://github.com/nalgeon/redka

this sucks

Data() []Field  cannot use generic type Field[T any] without instantiation

I'm really puzzled at some #GoLang "conventions":
https://github.com/mholt/archives/issues/3#issuecomment-3212123684

In this issue, a smaller-than-produced-value type is exposed on a factory API: this would make sense if coding defensively, to reduce the API surface, but not here, IMO.

Forcing consumers to do runtime upcasting because of a convention feels wrong, but I'm perhaps missing part of the picture somewhere.

To me, making something "fail at compile time, when wrong" is a massive value proposition for a compiled language.

We may still get a generified version of errors.As in #golang's standard library!

https://github.com/golang/go/issues/51945#issuecomment-3208246400

This week's tech blog post: how to force static binaries ('no I really mean static, please don't link against glibc') when compiling Go:

https://www.phpdeveloper.org.uk/forcing-static-binaries-with-glibc-and-go-on-linux/

Today, that Go project *finally compiled*! It only took 7 complete project restructuring attempts. Now that it builds, the real work begins, and it's a good time to reveal I'm trying to revive Lariat, the linked-read aligner written by 10X Genomics. It's called Arachne

Still seeking help from anyone who understand #golang
#genomics #bioinformatics

This is where the Go generics dream goes to die ...

Go’s simplicity is its superpower.

No frameworks needed to build a high-performance HTTP server in 50 lines. No magic, just clear, maintainable code that compiles to a single binary.

Meanwhile, in other languages… *opens node_modules folder*