# AppSec Newsletter 0039

### Café Seguro - Typo Squatting e C2 via Blockchain

%[https://www.youtube.com/watch?v=JLyIaAnoo4U] 

### Links

* [https://github.com/ossf/package-analysis](https://github.com/ossf/package-analysis): The Package Analysis project analyses the capabilities of packages available on open source repositories.
    
* [s1r1us blog](https://s1r1us.ninja/): a nice security blog =)
    
* [Hacking Discord for $5000 Bounty](https://www.youtube.com/watch?v=R3SE4VKj678): A video of Mrgavyadha explaing a bug report in Discord BBP.
    
* [Chainguard Images](https://www.chainguard.dev/chainguard-images): Build secure applications on a foundation of minimal, hardened container images to protect against vulnerabilities and attacks.
    
* [CVE-2024-39025 by cnetsec](https://medium.com/@cnetsec/a-vulnerability-cve-2024-39025-has-been-identified-in-lettaai-memgpt-v0-3-17-146cb38bb6db): Vulnerability in LettaAI
    
* [Shock News: SHA-256, ECDH, ECDSA and RSA Not Approved by ASD in Australia for 2030 by Prof Bill Buchanan](https://billatnapier.medium.com/shock-news-sha-256-ecdsa-and-rsa-not-approved-in-australia-by-2030-3d1c286cad58)
    
* [OWASP SAMM v2.1.0 Core](https://github.com/owaspsamm/core/releases/tag/v2.1.0): New version of SAMM
    
* [XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner](https://thehackernews.com/2024/11/xmlrpc-npm-library-turns-malicious.html)
    
* [3 DevSecOps success stories by Michael Nadeau and Dan Swinhoe](https://www.csoonline.com/article/567759/3-devsecops-success-stories.html/amp/)
    

### **Siga o Guia de AppSec nas redes!**

* Youtube: [**youtube.com/@GuiadeAppSec**](http://youtube.com/@GuiadeAppSec)
    
* Twitter / X: [**twitter.com/guiadeappsec**](http://twitter.com/guiadeappsec)
    
* Site: [**guiadeappsec.com.br**](http://guiadeappsec.com.br/)
