Если речь о межконтинентальных системах, цена неверного распознавания становится выше.

Очередной объект критической инфраструктуры оказался во власти вымогателей.

Оказалось, что перед соблазном списывания не могут устоять даже взрослые.

Первые группы курсантов уже приступили к освоению секретных методик.

Достаточно одной невидимой строчки текста, чтобы превратить ваше устройство в кибероружие.

Когда обычного «кризис-менеджмента» уже недостаточно…

Новая ракета бьет на 370 километров.

Следы ведут к группировке Mustang Panda, которая радикально обновила свой киберарсенал.

BOS Semiconductors превращает любую машину в умный гаджет.

Кажется, торговая война не помеха, когда на кону стоит контроль над будущим.

Китайские пользователи обсуждают ИИ видео, где одиночество подают как наказание за отказ от семьи.

Теорема 1983 года наконец заработала для систем, которые могут расти вечно.

Одно обновление превратилось в ловушку для криптоинвесторов.

В Китае вынесли на обсуждение документ, который должен укротить «почти живые» чат-боты и снизить риск зависимости, манипуляций и вреда психике.

Бывшего сотрудника поддержки Coinbase арестовали в Индии по подозрению в том, что он за деньги сливал данные пользователей преступникам.

Мы проанализируем, как изменился ландшафт угроз, куда движется рынок, на что делать ставку в 2026 году и как в новой реальности выстроить работу, которая позволит не просто выживать, но и уверенно развиваться.

Екатерина Черун, коммерческий директор, Security VisionАтаки на репозиторииИлья Шабанов отметил, что в 2025 году стали сильно заметнее атаки на репозитории кода, такие как Git и NPM.

Алексей Павлов в ответ подчеркнул, что в случае подобных сложных инцидентов необходимо привлекать профессионалов и проводить полномасштабную работу.

Александр Лебедев отметил, что в определённой степени отрасль уже получила «прививку» от подобных угроз благодаря инциденту с Protestware в 2022 году.

Их сут…

И ключевую роль в ней играет NDR (Network Detection and Response) — модуль, который видит атаку не с конца и не с начала, а целиком, на уровне сетевых коммуникаций.

Таким образом, ключевое различие в том, что NTA предоставляет данные для расследования ИБ-инцидентов, а NDR — это готовый инструмент для расследования и реагирования.

Отметим, что и до появления NDR в KATA были модули по распознаванию угроз в копии сетевого трафика.

NDR как стратегияИнтеграция NDR в экосистему защиты, как это реализовано в платформе KATA, — это качественный сдвиг в стратегии противодействия целевым атакам.

Однако ключевой инсайт заключается не в самой технологии, а в изменении подхода к расследованию.

Servicepipe Cybert обеспечивает защиту от нежелательной автоматизации в веб-трафике (в том числе OWASP Automated Threats) и в зависимости от схемы внедрения защищает от volumetric L3/L4 и/или L7 DDoS-атак.

Реализованная в Servicepipe Cybert функциональность:Защита от DDoS-атак на уровнях L3–L7 с автоматическим срабатыванием (в реальном времени).

On-prem модель защиты (NGINX-модуль)On-prem модель подразумевает локальную установку ПО Cybert в качестве модуля на веб-сервера NGINX или Angie в контуре заказчика.

Расширенная аналитика в Servicepipe CybertЛоги запросов (Request logs)В данном разделе отображается вся информация о запросах, которые поступают к ресурсу.

Настройки ресурсаПользовательс…

RuSIEM WAF 1.0 обеспечивает защиту веб-приложений от атак и уязвимостей.

Версия 1.0 RuSIEM WAF позволяет снизить перечисленные угрозы, обеспечивая защиту веб-приложений от атак.

Функциональные возможности RuSIEM WAF 1.0RuSIEM WAF — интеллектуальная система защиты веб-приложений от атак и уязвимостей.

Создание учётной записи пользователя в RuSIEM WAF 1.0После выполнения настроек сведения о состоянии веб-приложения отображаются на панели мониторинга.

Архитектура движка обработки правил AegisФункциональность балансировки нагрузки в RuSIEM WAF позволяет распределять входящие запросы между несколькими серверами, что повышает надёжность и производительность системы.

Во-вторых, такие инциденты несут в себе не только технологические, но и кадровые, юридические и репутационные риски.

После 2020 года с массовым переходом на удалённую работу и изменениями в законодательстве учёт рабочего времени в DLP-системах стал стандартной необходимостью.

Контроль информации и документов: мониторинг мест хранения, перемещения и круга лиц, имеющих к ним доступ.

Александр Луганцев обратил внимание на правовой контекст, пояснив, что с точки зрения государства инциденты могут классифицироваться по нормам гражданского, административного или уголовного права.

Как показала дискуссия экспертов и опыт участников, ключ к успеху лежит в системном подходе, который начинается задолг…

Архитектура, системные требования и лицензированиеКомпоненты платформы DeteAct EASM размещаются на облачных ресурсах, арендованных в ИТ-компаниях «Селектел» и «Яндекс.Облако».

Запуск сканирования с текущими настройкамиПри создании нового сканирования необходимо задать его название, выбрать тип («Разведка»/«Инфраструктура»), указать ID воркера, указать настройки запуска.

Домены в DeteAct EASMИнтерфейс и функциональность раздела «IP-адреса» аналогичен разделу «Домены», разница заключается только в нескольких полях.

Фильтрация веб-сервисов в DeteAct EASMУправление уязвимостямиВ разделе «Уязвимости» отображается информация, полученная от сетевых сканеров.

Оценка соответствия в DeteAct EASMВывод…

Positive Technologies представил PT Dephaze для безопасного внутреннего автопентеста.

Функциональные возможности PT Dephaze 3.0Концепция PT Dephaze — постоянная оценка защищённости внутренней инфраструктуры через реальные атаки, которые используются злоумышленниками и пентестерами.

Как работает PT Dephaze 3.0Принцип работы PT Dephaze схож с ручным тестированием: продукт последовательно анализирует системы и их компоненты, предпринимая попытки эксплуатации недостатков, перехвата данных из трафика для компрометации систем.

Возможности PT Dephaze 3.0 позволяют:ограничивать область тестирования;исключать из проверки критичные бизнес-активы;настраивать параметры отдельных атак;согласовывать дейс…

Владимир Зуев , технический директор центра мониторинга и реагирования на кибератаки RED Security SOC, RED Security.

, технический директор центра мониторинга и реагирования на кибератаки RED Security SOC, RED Security.

При этом первый шаг — это грамотная оценка ситуации: нужно понять, какие именно данные потребуются для расследования, и доходчиво объяснить клиенту, что и с каких систем необходимо собрать.

После работы команды реагирования и расследования часто не проводится работа по устранению уязвимостей и усилению защиты, что делает повторение инцидента лишь вопросом времени.

Когда же подобных случаев накапливается несколько, их решение становится быстрым и как раз поддаётся автоматизац…

Система удалённого мониторинга и управления АССИСТЕНТ, разработанная компанией «САФИБ», принесёт безопасность и прозрачность в процессы управления инфраструктурой.

Объединение и настройка всех компонентов в одном месте обеспечивает прозрачность управления и масштабируемость при работе как с внутренними, так и с клиентскими инфраструктурами.

Управление политиками устройств и сотрудниковПри добавлении устройствам и сотрудникам назначаются политики безопасности и доступа.

Набор собираемых данных достаточно широк и включает:информацию об оборудовании;установленное ПО;информацию и историю обновлений Windows;содержимое каталогов Program Files и автозагрузки;данные об антивирусном ПО и брандмауэре…

Сегодня защита корпоративных коммуникаций вышла за рамки технической задачи ИТ-отделов и превратилась в стратегический приоритет, непосредственно влияющий на репутацию, финансовую стабильность и само существование компании.

Понимание и реализация эффективной защиты коммуникаций — это не просто техническая задача.

Угрозы при использовании небезопасных средств корпоративных коммуникацийИспользование несанкционированных средств коммуникаций — личных мессенджеров и аккаунтов в сервисах видеосвязи — создаёт для компании «слепые зоны» и серьёзные риски утечки данных.

Это создаёт серьёзные риски для безопасности, утечки данных и соответствия нормативным требованиям, поскольку данные инструменты об…

Для противодействия перечисленным угрозам Positive Technologies разработала продукт для защиты конечных устройств от сложных и целевых атак MaxPatrol Endpoint Detection and Response (MaxPatrol EDR).

Редактирование стандартной роли в MaxPatrol EDR 8.1АдминистрированиеАгент MaxPatrol EDR устанавливается на сервер или рабочую станцию и изначально не содержит активных модулей или функциональной нагрузки.

Работа с пользовательскими правилами осуществляется в компоненте PT Knowledge Base, общем для MaxPatrol SIEM и MaxPatrol EDR.

Системные требования MaxPatrol EDR 8.1 и лицензированиеMaxPatrol EDR применяется совместно с системой MaxPatrol SIEM версии 27.2, 27.3 или 27.4.

MaxPatrol EDR использует…

Основные функциональные характеристики СУБД JatobaЗащищённая СУБД Jatoba основана на модернизированном ядре СУБД с открытым кодом PostgreSQL.

Централизованное управление СУБД Jatoba и другими СУБД на PostgreSQLКомпонент веб-интерфейса Jatoba Data Safe (JDS) предназначен для администраторов СУБД, специалистов по безопасности и аудиторов безопасности.

Функциональные возможности позволяют администрировать как СУБД Jatoba, так и другие СУБД на базе PostgreSQL.

Релевантность СУБД Jatoba трендам развития рынка СУБДПродуктовая команда Jatoba учитывает в развитии СУБД практически все рыночные тренды, такие как:Облачные среды, СУБД как сервис DBaaS.

Поддержка отказоустойчивых и геораспределённых кла…

Оценка уязвимости по шкале CVSS 4.0 — 10.0 баллов.

Оценка уязвимости по шкале CVSS 4.0 — 6.8 баллов.

Оценка уязвимости по шкале CVSS 4.0 — 8.5 баллов.

Затронуты следующие версии продуктов:Fortinet FortiOS с 7.6.0 по 7.6.3FortiOS с 7.4.0 по 7.4.8FortiOS с 7.2.0 по 7.2.11FortiOS с 7.0.0 по 7.0.17FortiProxy с 7.6.0 по 7.6.3FortiProxy с 7.4.0 по 7.4.10FortiProxy с 7.2.0 по 7.2.14FortiProxy с 7.0.0 по 7.0.21FortiSwitchManager с 7.2.0 по 7.2.6FortiSwitchManager с 7.0.0 по 7.0.5Эксплуатация:Уязвимость позволяет удаленному злоумышленнику обойти процедуру аутентификации при отправке специально созданного SAML-ответа.

Оценка уязвимости по шкале CVSS 4.0 — 9.3 балла.

Со странным сценарием, запоминающимися персонажами и с большим количеством несостыковок.

А сама идея называть папки просто FOUO (For Official Use Only), и не обозначить хоть минимальное назначение файлов, выглядит как будто их создал психопат.

После чего Кевин просит твой IP - но ты не дурак и сразу звонишь и докладываешь об этом Джеффу и получаешь еще 50 очков!

Настолько интересный ролик, что ты не замечаешь, как мужик спер твою мобилу!

Но главная проблема этого тренажёра - не в странных NPC и не в абсурдных ситуациях.

EPSS «на дату добавления в KEV» удалось получить только для 203 (≈83%).

Напоминалка: что такое EPSS и почему там 2 числа epss — вероятность (0…1), что уязвимость будут эксплуатировать в ближайшие 30 дней.

Если EPSS используется в реальном процессе, отсутствие EPSS — это тоже означает «не поймал».

Что это значит на практикеПлохой пример (или почему «низкий EPSS» не спасает): «кровоточащая Монга»CVE-2025-14847 / MongoBleedEPSS на дату добавления в KEV: 0.00041 (то есть 0.041%).

Хороший пример (EPSS действительно помогает поднять приоритет): React2ShellCVE-2025-55182 (React Server Components RCE)EPSS на дату добавления в KEV: 0.13814 (13.8%).

А также — обеспечивает единый доступ к операционным и административным действиям, фиксирует различные события с ресурсами аккаунта и помогает отслеживать потенциально подозрительные активности.

Сравнение Wazuh и RuSIEMОбе SIEM-системы поддерживают сбор логов через агенты и syslog, нормализацию и парсинг различных форматов логов, корреляцию событий безопасности, управление инцидентами и долгосрочное хранение событий.

Хранение и корреляцияНормализованные события индексируются и сохраняются на месяц и более.

Мы должны пойти на специальный авторизационный URL — с паролям и данными, указывающими на сервисного пользователя и аккаунт, и получить в ответе токен.

Сам доступ к аудит-логам имеет фильт…

Компания «Анлим», центр компетенций по информационной безопасности, в статье делится рейтингом пяти наиболее эффективных средств для защиты данных.

О каждом классе, вошедшем в стартовый набор для построения системы ИБ, опираясь на многолетний опыт, подробнее расскажет Вячеслав Пронюшкин, первый заместитель технического директора.

Его необходимость обусловлена тем, что на различных этапах кибератаки злоумышленники часто применяют вредоносный код, включая бесфайловые программы.

Могут приобретаться как вместе, так и по отдельности.

Межсетевые экраны нового поколения проводят глубокую инспекцию трафика, что позволяет выявить аномальную активность даже внутри легальных соединений», — отметил Вяч…

Кроме DOM, атака затрагивает протоколы MCP и A2A, которые позволяют агентам напрямую обмениваться данными и выполнять действия без участия пользователя, а значит, внедрение промтов может влиять не только на браузер, но и на всю цепочку агентных взаимодействий.

Пользователь не видит ничего подозрительного, ассистент отвечает как обычно, а в это время на фоне уже идут лишние запросы.

Это и корпоративные помощники, поисковые системы на базе RAG или внутренние инструменты, построенные на LLM.

Пользователь видит свой ввод и ответ модели, но не замечает, что между ними кто‑то вставил лишние инструкции.

И тут проблема не только в получении прямого доступа к файлам, но и в аналитике.

В процедуре рукопожатия происходит согласование параметров подключения (шифры, ключ симметричного шифрования, версии протоколов) и аутентификация сервера (по имени).

В случае взаимного TLS (mTLS — mutual TLS authentication) клиент также должен представиться с помощью сертификата для того, чтобы получить доступ к ресурсам на сервере.

Если при обычном подключении HTTPS‑клиент уже имеет список доверенных (корневых) удостоверяющих центров, то в mTLS сертификат доверенного центра указывается в конфигурации явно.

Рассмотрим новые директивы для mTLS:ssl_client_certificate — сертификат нашего удостоверяющего центра (для проверки клиентских сертификатов);ssl_crl — список отозванных сертификатов (для…

Ну а что - сейчас все хотят VPN.

Ну ребёнок и ввёл.

Месяцем ранее оператор сотовой связи сказал "у вас кончились деньги, не хотите в долг до 10 тыс.?

Сейчас уже ни кто не может вспомнить как это подключилось, но лимит был как на связь так и на мобильные платежи MTC Pay.

поддержку Apple - это они забрали ваши деньги, а мы вам только в долг дали (кстати, если долг более 1 тыс.

Декабрь принёс и другие горячие новости: у Spotify случился незапланированный децентрализованный бэкап, а у подрядчика PornHub утекла история просмотров премиальных юзеров.

Массовая эксплуатация была неизбежна, анализ патчей шёл полным ходом, и на React и его фреймворках выстроена половина сети.

А с учётом публичных проверок концепции (можно подсмотреть, например, здесь), к эксплуатации вскоре присоединились все желающие.

По бенчмарку у Gemini 2.5 Pro точность 78,98% по городу и 97,20% по стране; у GeoVista 72,68% и 92,64%, соответственно.

В общем, расследование задалось, но явно не в их пользу.

В статье «Лаборатории Касперского» упоминаются три проблемы с достаточно высоким рейтингом опасности по шкале CVSS v3.

В зависимости от эксплойта и вариации поддельной страницы, злоумышленники распространяют собственный вредоносный код как в комплекте с рабочим эксплойтом для указанной уязвимости, так и без него.

Для максимального правдоподобия в каждом репозитории GitHub опубликована подробная статья с описанием уязвимости, инструкциями по скачиванию и даже с предложениями по защите от эксплуатации проблемы.

В прошлом году специалисты «Лаборатории Касперского» сообщали о распространении вредоносного кода под видом эксплойта для достаточно громкой уязвимости RegreSSHion в библиотеке OpenSSH…

В ф072 (№ 6406-У) и в 850-П перечислены Технологические процессы, которые подлежат учету в части Операционной надежности и по которым «до винтика» должна быть расписана реализующая эти тех-процессы ИТ-система организации.

Форма (ф072) содержит не только ИТ-архитектуру: модели серверов и их ПО (CI, Configuration Item) и не только их «упаковку» в АС (автоматизированную систему), например, состав элементов трёхзвенной архитектуры АС.

Достаточно детальные данные («много данных», Big Data) по архитектуре в каждом банке уже есть в ф072 и их можно легко загрузить в графовую витрину.

При этом речь не только об интересах ИТ-архитекторов организации и менеджерах CMDB, но и корпоративных архитекторов,…

Внедрение двухфакторной аутентификации (2FA) в KerberosДля повышения уровня защиты учётных записей пользователей в службе каталогов MULTIDIRECTORY появилась интеграция с двухфакторной аутентификацией (2FA) в протоколе Kerberos.

Выход Enterprise-версии MULTIDIRECTORYВ 2025 году вышла Enterprise-версия службы каталогов MULTIDIRECTORY с официальным техническим сопровождением от вендора.

Включение Enterprise-версии MULTIDIRECTORY в реестр отечественного ПОСлужба каталогов MULTIDIRECTORY, предназначенная для централизованного хранения данных и управления информацией о пользователях, группах и ресурсах, была включена в Реестр российского программного обеспечения.

Журналирование событий в SyslogСл…

И если в 2024 году атаки были сконцентрированы в основном на оборонном секторе и госуправлении, то теперь под удар попали практически все отрасли.

Рост числа уведомлений среди прочего связан с переходом хакеров к массовым атакам на различные отрасли российской экономики и с появлением новых агрессивных группировок.

Как и в PyPI, продолжают распространяться стандартные стилеры, нацеленные на переменные окружения и другие конфиденциальные данные.

Публикации вредоносных пакетов в репозитории NPMОтдельной проблемой остается фишинг, в 2025 году эксперты зафиксировали две крупные кампании.

Классические направления услуг сохранили стабильный рост: спрос на пентест вырос на 7% (с 87 до 93 проектов)…

В 2023–2024 годах количество уязвимостей, уже использованных в реальных атаках, снизилось, однако за весь рассматриваемый период данный показатель оставался на сопоставимом уровне.

В 2025 году зафиксирован рост числа уязвимостей, добавленных в базу CISA KEV, их количество превысило 230, что свидетельствует о повышении общего уровня угроз.

В 2025 году в БДУ ФСТЭК было внесено 216 уязвимостей, из которых 74 не были отражены в каталоге CISA KEV.

Трендовые итоги 2025 года от R-VisionВ течение 2025 года команда RVD оптимизировала свои процессы поиска, обработки и определения уязвимостей, которые мы называем «трендовыми».

Благодаря внедрению процессов мониторинга уязвимостей в публичном пространс…

Так сформировалась концепция LLM Firewall — не как очередной модный термин, а как попытка адаптировать фундаментальные подходы ИБ к новым реалиям.

Необходимо выстраивать полноценную систему контроля и защиты, в которую LLM Firewall как раз интегрируется как ключевой элемент.

Ключевая цель — интегрировать LLM как полноценный инструмент в контур информационной безопасности, сделав его функциональным дополнением существующих средств защиты.

Сегодня рынок активно осваивает парадигмы «ИИ для ИБ» и «ИИ для ИТ», стремясь ускорить процессы, снизить нагрузку на специалистов и повысить эффективность бизнеса.

Ярким примером такого подхода служит платформа Carmina AI — узнайте подробнее, как LLM интегр…

Са­мая мощ­ная DDoS-ата­ка года дос­тигла 29,7 Тбит/с, про­изош­ла в треть­ем квар­тале 2025 года и была отра­жена ком­пани­ей Cloudflare.

Гла­ва Cloudflare Мэтью Принс сооб­щил, что в пери­од с июля 2025 года ком­пания заб­локиро­вала более 416 мил­лиар­дов зап­росов от ИИ‑ботов.

Еще один червь — IndonesianFoods — начал рас­простра­нять­ся еще в сен­тябре 2025 года и соз­дал более 100 тысяч пакетов в npm.

Дело в том, что в этом году сра­зу нес­коль­ко гло­баль­ных сбо­ев про­изош­ли из‑за слу­чай­ных оши­бок раз­работ­чиков ком­пании.

ИИ-слоп годаИИ-краулерыВ этом году мы решили отка­зать­ся от номина­ции «Хайп года» и пред­став­ляем тво­ему вни­манию новую руб­рику, пос­вящен­ную ИИ‑мусор…

В индийском городе Хайдарабад задержан бывший сотрудник службы поддержки криптобиржи Coinbase, который помогал злоумышленникам получить доступ к базе данных компании.

Весной 2025 года представители Coinbase заявили, что у биржи произошла утечка данных.

Как оказалось, злоумышленники сумели подкупить нескольких сотрудников поддержки компании и в результате похитили данные клиентов.

Как выяснилось, утечка произошла через индийскую аутсорсинговую компанию TaskUs, которая предоставляла сотрудников для поддержки Coinbase.

После этого инцидента TaskUs уволила всех 226 сотрудников департамента, хотя причастны к атаке на Coinbase были лишь двое.

Хакерская группировка Everest опубликовала на своем сайте в даркнете заявление о взломе систем американского автопроизводителя Chrysler.

Согласно заявлению злоумышленников, они украли у компании 1088 ГБ данных — всю базу, связанную с операциями Chrysler.

Якобы в наборе данных содержатся более 105 ГБ из Salesforce, включая записи о клиентах, дилерах и внутренних агентах автопроизводителя.

Также хакеры анонсировали релиз аудиозаписей звонков клиентской поддержки, усиливая давление на Chrysler.

В настоящее время представители Chrysler не подтвердили факт кибератаки и никак не прокомментировали заявления группировки.

Эксперты TRM Labs обнаружили, что украденные во время взлома LastPass в 2022 году зашифрованные резервные копии хранилищ до сих пор позволяют злоумышленникам взламывать слабые мастер-пароли и похищать криптовалюту.

Напомним, что в 2022 году менеджер паролей LastPass пострадал от крупной утечки данных.

Тогда хакеры взломали домашний ПК сотрудника компании и в результате получили доступ к информации пользователей, включая зашифрованные хранилища паролей.

Так, по данным исследователей, один из российских обменников получал средства, связанные с утечкой данных LastPass, в октябре 2025 года.

Из них 28 млн конвертировали в биткоин и отмыли через Wasabi Wallet в период с конца 2024-го по начало 20…

29 декабря 2025 года Таганский районный суд города Москвы прекратил производство по административному иску, в котором группа пользователей, во главе с калужским активистом Константином Ларионовым, требовала признать незаконными действия Роскомнадзора и Минцифры по ограничению голосовых звонков в мессенджерах, а также заявляла, что это нарушает конституционные права и интересы граждан.

«Таганский районный суд города Москвы 29 декабря 2025 года прекратил производство по административному иску от Ларионова Константина Вячеславовича, действующего в своих интересах и интересах группы лиц (105 соистцов) к Федеральной службе по надзору в сфере связи, информационных технологий и массовых коммуникац…

Специалисты компании Pen Test Partners нашли несколько уязвимостей в ИИ-чат-боте железнодорожного оператора Eurostar.

После месяца безрезультатных попыток связаться с компанией, 7 июля, исследователи нашли контакт главы службы безопасности Eurostar в LinkedIn.

Как оказалось, как раз в момент отправки первого сообщения о багах, Eurostar передала обработку полученных отчетов об уязвимостях на аутсорс.

Из-за этого в компании заявили, что «не имеют никаких записей» о предупреждениях от исследователей.

При этом в отчете отмечается, что в какой-то момент представители железнодорожного оператора вообще попытались обвинить исследователей в шантаже (когда те в очередной раз напомнили компании об ори…

Заод­но узна­ем, с какими метода­ми защиты паролей при­ходит­ся иметь дело хеш­кре­керам, что делать с «дороги­ми» алго­рит­мами, как пос­читать вре­мя под­бора пароля и что такое хеш­рейт.

Такая защита уве­личи­вает вре­мя под­сче­та одно­го хеша за счет объ­ема, но не слож­ности вычис­лений, тем самым замед­ляя хеш­кре­кинг.

Но вывод один: тер­мин «хеш­кре­кинг» сно­ва сби­вает нас с тол­ку, потому что он свя­зан не толь­ко с хешами, но и с раз­ными алго­рит­мами, которые могут вооб­ще не исполь­зовать хеш‑фун­кции.

В срав­нение попали и l0phtcrack, и Aircrack-ng, но вто­рой нужен толь­ко для работы с Wi‑Fi, а пер­вый поч­ти не под­держи­вает­ся и силь­но огра­ничен по воз­можнос­тям.

Есл…

Ори­гиналь­ная Пре­мия Дар­вина — это вир­туаль­ная антипре­мия, воз­никшая из интернет‑шуток, рас­простра­няв­шихся еще в 1980-х годах в груп­пах Usenet.

Идея соз­дания Пре­мии Дар­вина в области ИИ зароди­лась в Slack, где Пит обща­ется со сво­ими друзь­ями и быв­шими кол­легами.

Он рас­ска­зыва­ет, что недав­но они завели спе­циаль­ный канал, пос­вящен­ный ИИ, так как сами все чаще экспе­римен­тиру­ют с LLM и делят­ся опы­том.

Вре­мя от вре­мени в этот канал неиз­бежно попада­ла информа­ция об оче­ред­ном свя­зан­ном с ИИ про­вале.

При­ем номинан­тов на Пре­мию Дар­вина в области искусс­твен­ного интеллек­та прод­лится до кон­ца года, а в янва­ре 2026 года на сайт будет добав­лен инс­тру…

Напомним, с 1 сентября 2025 года кредитные организации уже руководствуются девятью критериями выявления мошенничества при снятии наличных.

Если хотя бы один критерий совпадает, банк на 48 часов ограничивает выдачу в банкомате до 50 000 рублей в сутки.

По их мнению, самым затратным станет выстраивание каналов оперативной передачи данных от операторов связи, владельцев мессенджеров и сайтов о нетипичных звонках, сообщениях и трафике.

Для клиентов банков последствия будут заметны в виде более строгих проверок и дополнительных шагов подтверждения.

Особенно значимыми станут усиленный контроль за переводами на криптобиржи, операциями через удаленные каналы доступа и платежами в пользу зарубежных …

В конце прошлой недели браузерное расширение кошелька Trust Wallet было скомпрометировано, и в результате у пользователей украли 7 млн долларов в криптовалюте.

Напомним, что на прошлой неделе пользователи расширения Trust Wallet для Chrome начали массово жаловаться на исчезновение криптовалюты.

Фактически разработчики Trust Wallet не раскрывали вообще никаких технических деталей случившегося.

]com, который имитировал официальный сайт Trust Wallet и предлагал «исправить уязвимость», установив новую версию кошелька.

В Trust Wallet напоминают: официальные каналы — это единственный безопасный способ связи.

В выходные серверы тактического шутера Rainbow Six Siege компании Ubisoft подверглись взлому, который позволил атакующим манипулировать внутренними процессами.

Также в компании подчеркивают, что не имеют никакого отношения к фейковыми сообщениям о блокировках.

Также был выполнен откат транзакций, и в компании предупреждают, что пользователи могут временно потерять доступ к некоторым своим предметам.

В VX-Underground предполагают, что пятая группа создает и продает читы для игр Ubisoft и состоит из «очень талантливых реверс-инженеров».

Группа номер пять пообещала позже предоставить нам письменный технический анализ [случившегося], которым мы сможем поделиться публично.

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0).

"This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence," CloudSEK researchers Prajwal Awasthi and Koushik Pal said in an analysis published last week.

Also tracked as SwimSnake, The Great Thief of Valley (or Valley Thief), UTG-Q-1000, and Void Arachne, Silver Fox is the name assigned to an aggressive cybercrime group from China that has been active since 2022.

]space") used by Silver Fox to track download activity relate…

Findings from our 2025 SANS SOC Survey reinforce that disconnect.

Automation and OrchestrationAutomation has long been part of SOC operations, but AI is reshaping how teams design these workflows.

The 2025 SANS SOC Survey highlights just how far behind this area remains: 69 percent of SOCs still rely on manual or mostly manual processes to report metrics.

SOC AI utilization can be described via three convenient categories.

I'll be exploring these themes in more depth during my keynote session at SANS Security Central 2026 in New Orleans.

"The driver file is signed with an old, stolen, or leaked digital certificate and registers as a minifilter driver on infected machines," the Russian cybersecurity company said.

"Its end-goal is to inject a backdoor trojan into the system processes and provide protection for malicious files, user-mode processes, and registry keys."

It's suspected that the attackers abused previously compromised machines to deploy the malicious driver.

The malicious driver comes fitted with two user-mode shellcodes that are embedded into the .data section of the binary.

The second payload is the TONESHELL backdoor that's injected into that same "svchost.exe" process.

Wiz noted that 42% of cloud environments have at least one instance of MongoDB in a version vulnerable to CVE-2025-14847.

"We've confirmed that approximately $7 million has been impacted, and we will ensure all affected users are refunded," Trust Wallet said.

This means that downloaded WhatsApp images (and videos) can hit the image parsing attack surface within the com.samsung.ipservice application."

This means that downloaded WhatsApp images (and videos) can hit the image parsing attack surface within the com.samsung.ipservice application."

Chameleon — It is an open-source honeypot tool used to monitor attacks, bot activity, and stolen credentials across a wide range of network services.

The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical infrastructure-adjacent organizations in the U.S. and Allied nations, according to Socket.

"A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft," researchers Nicholas Anderson and Kirill Boychenko said.

Socket said the domains packed into these packages overlap with adversary-in-the-middle (AitM) phishing infrastructure associated…

A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world.

The problem is rooted in MongoDB Server's zlib message decompression implementation ("message_compressor_zlib.cpp").

Successful exploitation of the shortcoming could allow an attacker to extract sensitive information from MongoDB servers, including user information, passwords, and API keys.

"Because the vulnerability is reachable prior to authentication and does not require user interaction, Internet-exposed MongoDB servers are particularly at risk."

Other mitigations include restricting network exposure of Mon…

Traditional security frameworks have served organizations well for decades.

Where Traditional Frameworks Stop and AI Threats BeginThe major security frameworks organizations rely on, NIST Cybersecurity Framework, ISO 27001, and CIS Control, were developed when the threat landscape looked completely different.

CIS Controls v8 covers endpoint security and access controls thoroughly—yet none of these frameworks provide specific guidance on AI attack vectors.

Most security teams can't even inventory the AI systems in their environment, much less apply AI-specific security controls that frameworks don't require.

Building AI security expertise within existing security teams rather than treating i…

A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory.

"Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client," according to a description of the flaw in CVE.org.

The flaw impacts the following versions of the database -MongoDB 8.2.0 through 8.2.3MongoDB 8.0.0 through 8.0.16MongoDB 7.0.0 through 7.0.26MongoDB 6.0.0 through 6.0.26MongoDB 5.0.0 through 5.0.31MongoDB 4.4.0 through 4.4.29All MongoDB Server v4.2 versionsAll MongoDB Server v4.0 versionsAll MongoDB Server v3.6 versionsThe issue has been addressed in MongoDB versions 8.2.3,…

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million.

The extension has about one million users, according to the Chrome Web Store listing.

"We've confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded," Trust Wallet said in a post on X.

Trust Wallet is also urging users to refrain from interacting with any messages that do not come from its official channels.

"This backdoor incident originated from malicious source code modification within the internal Trust Wallet extension codebase (analytics logic), rathe…

It has been linked to a hacking group called Evasive Panda, which is tracked as Bronze Highland, Daggerfly, and StormBamboo.

This is not the first time Evasive Panda's DNS poisoning capabilities have come to the fore.

Evasive Panda is also one of the many China-aligned threat activity clusters that have relied on AitM poisoning for malware distribution.

"There is a possibility that the attackers used a DNS poisoning attack to alter the DNS response of p2p.hd.sohu.com[.

It's worth noting that Evasive Panda has previously leveraged watering hole attacks to distribute an Apple macOS malware codenamed MACMA.

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt injection.

LangChain Core (i.e., langchain-core) is a core Python package that's part of the LangChain ecosystem, providing the core interfaces and model-agnostic abstractions for building applications powered by LLMs.

"A serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions," the project maintainers said in an advisory.

What's more, the escaping bug enables the injection of LangChain object structures through user-controlled fields like metadata, additional_k…

Attackers are no longer just breaking in — they're blending in, hijacking everyday tools, trusted apps, and even AI assistants.

What used to feel like clear-cut "hacker stories" now looks more like a mirror of the systems we all use.

The newest campaigns don't shout for attention — they whisper through familiar interfaces, fake updates, and polished code.

ThreatsDay pulls these threads together — from corporate networks to consumer tech — revealing how quiet manipulation and automation are reshaping the threat landscape.

Every exploit, fake lure, or AI twist is a sign of systems being tested in real time.

The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs.

The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors in the activity, with one of the Russian exchanges receiving LastPass-linked funds as recently as October.

The breach also prompted the company to issue a warning at the time, stating bad actors may use brute-force techniques to guess the master passwords and decrypt the stolen vault data.

"As users failed to rotate passwords or improve …

Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations.

The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if the case of the username was changed.

"This happens when two-factor authentication is enabled in the 'user local' setting, and that user authentication type is set to a remote authentication method (eg, LDAP)," Fortinet noted in July 2020.

"If the user logs in with 'Jsmith', or 'jSmith', or 'JSmith', or 'js…

Brushing scams are a type of e-commerce fraud where a seller sends a package to an apparently random person’s address.

It shouldn’t take too much effort to work out if you’ve been singled out by brushing scammers.

It’s yours to keep, if you want toHow do I stay safe from brushing scams?

There are steps you can also take to stop brushing scams from even targeting you.

Brushing scams are just one of many ways fraudsters weaponize your personal information against you.

We provide our method to reproduce the crash using a simple 12-bit or 16-bit JPG image, and an examination of the initial released patch.

CVE-2025-50165 is a flaw in the encoding and compressing process of a JPG image, not in its decoding.

Zscaler’s findings, as well as the description provided by Microsoft, reveal that the flaw stems from the dereference of an uninitialized function pointer in WindowsCodecs.dll, which is part of the Windows Imaging Component.

We analyzed the vulnerable version 10.0.26100.4768 (SHA-1: 5887D96565749067564BABCD3DC5D107AB6666BD), and then performed a binary comparison with the first patched version 10.0.26100.4946 (SHA-1: 4EC1DC0431432BC318E78C520387911EC44F84…

We provide a detailed analysis of NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, NosyLogger, and other tools used by LongNosedGoblin.

NosyDoor Stage 3 – payloadNosyDoor’s third stage, the main payload, is a C#/.NET backdoor with the internal name OneDrive and with PDB path E:\Csharp\Thomas\Server\ThomasOneDrive\obj\Release\OneDrive.pdb.

NosyStealer Stage 2 – injectorWe observed two NosyStealer Stage 2 samples – one (SERV.dll) in our telemetry, and the other (msi.dll) uploaded to VirusTotal from Malaysia.

NosyStealer Stage 4 – payloadAgain, like NosyStealer Stage 3 – loader, this stage is shellcode that decrypts, loads, and executes an embedded PE file in memory using Donut’s reflecti…

A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research expertsThe second half of the year underscored just how quickly attackers adapt and innovate, with rapid changes sweeping across the threat landscape.

AI-powered malware moved from theory to reality in H2 2025, as ESET discovered PromptLock, the first known AI-driven ransomware, capable of generating malicious scripts on the fly.

Meanwhile, CloudEyE, also known as GuLoader, surged into prominence, skyrocketing almost thirtyfold in ESET telemetry.

On the Android platform, NFC threats continued to grow in scale and sophistication, with an 87% increase in ESET telemet…

“A City of a Thousand Zero Days” is the partial title of a talk at Black Hat Europe 2025.

Compounding the issue, the software is hosted on public-facing IP addresses; thus, it’s accessible from the internet.

One comment I distinctly remember from the research is that the protocol used by the ICS device concerned was never designed to be connected to the internet.

The talk by Gjoko raised a similar concern: the building management system was not designed to be public facing on the internet, and the vendor recommends to secure it behind a virtual private network (VPN).

Building management systems are one example of this.

Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victimsBlack Hat Europe 2025 opened with a presentation by Max Smeets of Virtual Rotes titled ‘Inside the Ransomware Machine’.

At their height, between 2022-2024, the group had 194 affiliates, of which 110 had managed to get a cyberattack to the point of negotiation, with 80 of the affiliates succeeding in getting paid by the ransomware group.

Reputation is everythingA key message delivered by Max was regarding reputation, both of the victim and the ransomware group.

The victim company needs to uphold their reputation with their customers and any hint of a data breach can …

Which brings to mind Schrödinger’s cat, the famous thought experiment where a cat in a sealed box is simultaneously alive and dead – until you look inside.

But now I’m going to pick holes in the analogy a little whilst hoping to underscore the key message.

Therefore, the quantum breach analogy doesn’t quite hold.

And that’s even if you can recruit enough people due to the much reported, cybersecurity skills shortage.

Stress is probably one of the words most used in cybersecurity teams the world over, when describing their day-to-day – and it’s hardly surprising.

Despite their wordy nomenclature, every report mentioned above has a beneficial role in canvassing the colorful endpoint security landscape.

Some, like the MITRE ATT&CK Evaluations, go as far as to pit products against known advanced adversary attacks.

Producing value is one thing, but keeping it safe is another: hence the need for appropriate endpoint security measures.

Most well-regarded independent analyst and lab test reports focus on endpoints, since they’re at the crossroads of every activity, including malign.

MITRE ATT&CK Evaluations Enterprise is the one for you then.

Put simply, a whaling cyberattack is one targeted at a high-profile, senior member of the corporate leadership team.

Or to hijack their email account in order to launch BEC attacks at subordinates impersonating the whale to get a smaller fish to make a big money transfer.

With AI, whaling attacks increase in scale and effectiveness, as sophisticated capabilities become democratized to more threat actors.

Taking out the whalersThere are several ways security teams can help to mitigate the risks of spearphishing and BEC attacks.

More generally, your organization may want to start limiting the kind of corporate information it shares publicly.

Often, threat actors research the individual they’re targeting in order to improve their success rates.

If IT doesn’t properly manage the accounts, credentials and privileges of its users and machines, security blind spots inevitably emerge.

How to enhance identity securityA considered, multi-layered approach to identity security can help mitigate the risk of serious compromise.

Revisit security training for all employees, from the CEO down, to ensure they know the importance of identity security, and can identify the latest phishing tactics.

Best practice identity security starts with a prevention-first mindset.

E02DD79A8CAED662969F 6D5D0792F2CB283116E8 66f3e097e4tnyHR .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

E8F4EA3857EF5FDFEC1A 2063D707609251F207DB main .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

F26CAE9E79871DF3A47F A61A755DC028C18451FC 7295be2b1fAzMZI .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

FF09608790077E1BA52C 03D9390E0805189ADAD7 20d188afdcpfLFq .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

A9747A3F58F8F408FECE FC48DB0A18A1CB6DACAE AppVs .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

It could feasibly be described as the largest open database of corporate information in the world: a veritable treasure trove of job titles, roles, responsibilities and internal relationships.

It’s also where recruiters post job listings, which may overshare technical details that can be leveraged later on in spearphishing attacks.

They might also share corporate email addresses in Git commit configurations.

Here are some hypothetical examples:An adversary finds LinkedIn information on a new starter in an IT role at company A, including their core role and responsibilities.

Update security awareness programs to ensure that all employees, from executives down, understand the importance of no…

Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity newsNovember 2025 is almost behind us, and it's time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that raised the alarms, moved the needle or offered vital lessons over the past 30 or so days.

Here's some of what caught Tony's eye this month:many of the world's largest Ai companies inadvertently leak their secrets such as API keys, tokens, and sensitive credentials in their GitHub repositories, according to cloud security giant Wiz,the Akira ransomware group has netted $244 million from its malicious activ…

Doxxing (doxing) is what happens when a malicious third party deliberately exposes the personal information of someone else online.

Or query WHOIS databases that store the personal details of website/domain name registrants.

It would involve sending phishing messages to the victim in order to trick them into divulging logins or personal information, or installing infostealing malware on their machine/device.

Minimizing the doxxing threatThe best way to reduce your children’s exposure to doxxing is to minimize the amount of personal information their share online.

Never share their personal details, or even photos that could identify school and location.

At certain frequencies, those traces can pick up radio energy from the surrounding environment.

Software settings determine how signals enter the chip, which affects how radio energy couples into it.

When radio energy couples into a PCB trace connected to a GPIO, small voltage changes appear inside the chip.

By comparing the two, they measured how strongly each configuration responded to radio energy.

The result was a map of where radio energy leaked into the system in a measurable way.

RoboForm is a password manager that helps users store and manage login credentials, identities, and other sensitive information in one place.

On iOS, RoboForm integrates with the system password AutoFill feature.

After setup, users can enable RoboForm in iOS settings so it appears as a sign-in option across supported apps and browsers.

RoboForm for iOS can save new logins as users create accounts or sign in for the first time.

Subscription plansRoboForm offers syncing through its subscription plans for individuals, families, and businesses, with options for multi-device syncing and secure password sharing.

Cyber risk tops the threat listSecurity threats rank as the most pressing external risk facing organizations.

The findings suggest organizations use external security support to maintain continuity under staffing and budget constraints.

Vendor pressure adds to risk concernsMany executives express frustration with software vendor constraints that affect security planning.

Energy and utilities executives emphasize cybersecurity as their primary external threat, paired with supply chain risk.

Across sectors, leaders combine internal controls, external support, risk frameworks, and continuity planning.

Permissions growth outstrips oversightPermissions now grow faster than teams can track them.

Veza found roughly 3.8 million dormant accounts across the dataset, representing 38% of all identity provider users.

Researchers identified 824,000 active identities with no associated owner in HR systems, about 8% of all identity provider users.

Dormant accounts nearly doubled year over year, while orphaned identities increased by about 40%.

Boards, regulators, and insurers increasingly ask for proof of control over who can access systems and data.

AI tools let scammers create convincing voices, videos, and requests in seconds.

Many security leaders say they lack visibility into how generative AI tools handle sensitive information.

90% AI usage is concentrated in large, well-known apps, but there is a long tail of shadow AI applications.

ChatGPT alone accounts for 50% of enterprise usage, and the top 5 AI SaaS apps for 85% of AI usage.

However, outside of the handful of well-known apps there is a long tail of lesser-used AI tools that fly under the radar.

Romance scams succeed because they feel human.

This structure aligns closely with the capabilities of language models.

The study found widespread use of language models for these tasks, including drafting replies and rewriting messages to sound fluent.

“We leverage large language models to create realistic responses and keep targets engaged,” the specialist said.

The app involved no payment, but the request reflected a common step in romance scams.

Superagent is an open-source framework for building, running, and controlling AI agents with safety built into the workflow.

The project focuses on giving developers and security teams tools to manage what agents can do, what they can access, and how they behave during execution.

The framework supports tool calling, memory, and orchestration across multiple agents.

The framework supports common language model providers and can be extended with custom tools.

The role of the Safety AgentA central part of the project is the Safety Agent.

In this Help Net Security video, Brian Blakley, CISO at Bellini Capital, explains why security chaos engineering matters beyond theory.

Login delays, certificate issues, and missed alerts caused confusion, stalled work, and weakened trust between teams and leaders.

Through controlled chaos experiments, he shows how small disruptions reveal gaps in communication and leadership readiness that audits never expose.

The video helps organizations understand how risk spreads, how information moves, and how leaders respond when pressure rises.

The goal is to reduce surprise and build confidence when it matters most.

Hybrid infrastructure settles in as standard practiceHybrid infrastructure, which combines cloud, on premises, and isolated systems, has become the standard approach for continuity and risk management.

Security leaders described hybrid infrastructure as a way to maintain operations during incidents while retaining control over sensitive workloads.

Managing hybrid systems adds strainThe study shows that hybrid environments introduce operational pressure alongside their benefits.

Investment plans for the coming year focus on strengthening security controls within hybrid environments.

Organizations operating hybrid environments reported fewer obstacles when deploying AI, particularly around in…

Still, CISOs say the fundamentals of risk reduction are not improving fast enough.Organizations continue to increase cybersecurity spending across industries.

Nearly 80% of surveyed security leaders said they are concerned about being targeted by a nation-state attack within the next year.

Three in five CISOs see generative AI as a security risk, with many worried about sensitive data leaking through public tools.

Cybersecurity threats are growing more complex, and domain-based attacks are at the center of this shift.

Security leaders are being asked to protect systems they don’t fully understand yet, and that’s a problem.

A new academic study warns that this convenience comes with privacy risks that security teams should not ignore.

Many security teams assume that if DNSSEC validation passes, the answer can be trusted.

LLMs can assist with vulnerability scoring, but context still mattersEvery new vulnerability disclosure adds another decision point for already stretched security teams.

Security teams are working to understand where data ends up, who can access it, and how its use reshapes security assumptions.

A new study challenges that comfort by showing how systems built on paper surface fingerprints can be disrupted or bypassed.

A recent study explores whether LLMs can take on part of that burden by scoring vulnerabilities at scale.

While the results show promise in specific areas, consistent weaknesses continue to hold back fully automated scoring.

The researchers tested six LLMs, including GPT 4o, GPT 5, Llama 3.3, Gemini 2.5 Flash, DeepSeek R1, and Grok 3.

GPT 5 reached about 89% accuracy here as well, while Gemini, Grok, and GPT 4o trailed by small margins.

The improvements show that combining models helps but cannot overcome missing context inside the source descriptions.

Security threats top the list of disruptorsWhen respondents ranked expected disruptors for 2026, cybersecurity threats placed first.

Ransomware also remained prominent, with roughly half of leaders highlighting it as a major risk heading into 2026.

Data resilience followed closely, indicating strong interest in protecting and recovering information during disruptive events.

These views suggest growing agreement among IT leaders that payment practices influence attacker behavior and broader risk levels.

Organizations must prioritize data resilience and compliance while embracing innovation responsibly,” said Anand Eswaran, CEO of Veeam.

Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in 2026 driven by new realities of cybersecurity, hybridization, AI, and more.

As the space matures, privileged access workflows will increasingly depend on adaptive authentication policies that validate identity and device posture in real time.

AI-assisted security will make privileged access oversight continuous and contextual, helping enterprises detect insider threats and compromised accounts faster than ever before.

New technical and workforce realities will accelerate this model, enabling secure privileged access from any location or device without installing agents.

Enterprises w…

ServiceNow entered into an agreement to acquire Armis for $7.75 billion in cash.

The acquisition will expand ServiceNow’s security workflow offerings and advance AI-native, proactive cybersecurity and vulnerability response across all connected devices.

“ServiceNow is building the security platform of tomorrow,” said Amit Zavery, president, chief operating officer, and CPO at ServiceNow.

As longtime partners, ServiceNow and Armis already offer multiple integrations that connect Armis’ differentiated data and insights to ServiceNow’s workflow action.

Transaction detailsUnder the terms of the definitive agreement, ServiceNow has agreed to acquire Armis for approximately $7.75 billion in cash,…

Many of these programs have long been operated by a mix of humans and machines, even if not previously using modern AI tools such as Large Language Models.

In 2023, a Colombian judge was the first publicly to use AI to help make a ruling.

Policymakers worldwide are already using AI in many aspects of lawmaking.

Examples from around the globe demonstrate how legislatures can use AI as tools for tapping into constituent feedback to drive policymaking.

In the hands of a society that wants to distribute power, AI can help to execute that.

New research:

Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the chromatophore system for communication. Camouflage adaptations to the substrate while moving has been recently described in the semi-pelagic oval squid (Sepioteuthis lessoniana). Our current study focuses on the same squid’s complex camouflage to substrate in a stationary, motionless position. We observed disruptive, uniform, and mottled chromatic body patterns, and we identified a threshold of contrast…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

This is pretty scary:Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), Meta AI.

For each platform, the extension includes a dedicated “executor” script designed to intercept and capture conversations.

The only way to stop the data collection is to uninstall the extension entirely.

[…]The data collection operates independently of the VPN functionality.

Whether the VPN is connected or not, the harvesting runs continuously in the background.

News:The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in 2024 and a series of distributed denial-of-service (DDoS) attacks on Danish websites in the lead-up to the municipal and regional council elections in November.

The first, it said, was carried out by the pro-Russian group known as Z-Pentest and the second by NoName057(16), which has links to the Russian state.

After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows.

of the most visible holdouts in supporting RC4 has been Microsoft.

Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard.

But by default, Windows servers have continued to respond to RC4-based authentication requests and return an RC4-based response.

US Senator Ron Wyden (D-Ore.) in September called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the continued default support for RC4.

Friday Squid Blogging: Petting a SquidVideo from Reddit shows what could go wrong when you try to pet a—looks like a Humboldt—squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Posted on December 19, 2025 at 5:06 PM • 0 Comments

At least some of this is coming to light:Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone farm to manage at least hundreds of AI-generated social media accounts and promote products has been hacked.

The hack reveals what products the AI-generated accounts are promoting, often without the required disclosure that these are advertisements, and allowed the hacker to take control of more than 1,000 smartphones that power the company.

The hacker, who asked for anonymity because he feared retaliation from the company, said he reported the vulnerability to Doublespeed on October 31.

At the time of writing, the hacker said he still has access to the company’s backend, i…

I’m sure there’s a story here:Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items.

The man deceived the BA check-in agent by posing as a family member who had their passports and boarding passes inspected in the usual way.

Just since the end of September, there were also major nationwide internet shutdowns in Tanzania and Cameroon, and significant regional shutdowns in Pakistan and Nigeria.

The frequency of deliberate internet shutdowns has skyrocketed since the first notable example in Egypt in 2011.

India, meanwhile, has been the world shutdown leader for many years, with 855 distinct incidents.

They are also impactful on people’s daily lives, business, healthcare, education, finances, security, and safety, depending on the context.

The international community plays an important role in shaping how internet shutdowns are understood and addressed.

New report: “The Party’s AI: How China’s New AI Systems are Reshaping Human Rights.” From a summary article:China is already the world’s largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there.

By exposing the full scope of China’s AI driven control apparatus, this report presents clear, evidence based insights for policymakers, civil society, the media and technology companies seeking to counter the rise of AI enabled repression and human rights violations, and China’s growing efforts to project that repression beyond its borders.

Examined together, those cases show how new AI capabiliti…

States that have already enacted consumer protections and other AI regulations, like California, and those actively debating them, like Massachusetts, were alarmed.

Then, a draft document leaked outlining the Trump administration’s intent to enforce the state regulatory ban through executive powers.

AI companies and their investors have been aggressively peddling this narrative for years now, and are increasingly backing it with exorbitant lobbying dollars.

The often-heard complaint that it is hard to comply with a patchwork of state regulations rings hollow.

EDITED TO ADD: Trump signed an executive order banning state-level AI regulations hours after this was published.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, at 6:00 PM CT on February 5, 2026.

I’m speaking at Capricon 44 in Chicago, Illinois, USA.

I’m speaking at the Munich Cybersecurity Conference in Munich, Germany on February 12, 2026.

I’m speaking at Tech Live: Cybersecurity in New York City, USA on March 11, 2026.

I’m speaking at RSAC 2026 in San Francisco, California, USA on March 25, 2026.

I have no context for this video—it’s from Reddit—but one of the commenters adds some context:Hey everyone, squid biologist here!

With so many people carrying around cameras, we’re getting more videos of giant squid at the surface than in previous decades.

We’re also starting to notice a pattern, that around this time of year (peaking in January) we see a bunch of giant squid around Japan.

When we see big (giant or colossal) healthy squid like this, it’s often because a fisher caught something else (either another squid or sometimes an antarctic toothfish).

There are a few colossal squid sightings similar to this from the southern ocean (but fewer people are down there, so fewer cameras, fe…

Democratic lawmakers have urged the SEC to investigate what they call “concerning ties to President Trump and his family” as potential conflicts of interest and foreign influence.

In October, President Trump pardoned Changpeng Zhao, the founder of the world’s largest cryptocurrency exchange Binance.

President Trump this term has fired most of the people involved in processing Freedom of Information Act (FOIA) requests for government agencies.

CONSUMER PROTECTION, PRIVACYAt the beginning of this year, President Trump ordered staffers at the Consumer Financial Protection Bureau (CFPB) to stop most work.

Nevertheless, it emerged in June that the Trump administration has built a central databas…

A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time — regardless of whether the visitor clicked on any links at the parked page.

Infoblox found parked websites are benign if the visitor arrives at the site using a virtual private network (VPN), or else via a non-residential Internet address.

A defanged list of these typosquatting domains is available here (the dots in the listed domains have been replaced with commas).

“It was often a chain of redirects — one or two domains outside p…

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software.

This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.

Despite releasing a lower-than-normal number of security updates these past few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% increase from 2024.

The zero-day flaw patched today is CVE-2025-62221, a privilege escalation vulnerability affecting Windows 10 and later editions.

For anyone seeking a more granular breakdown of the security updates Microsoft pushed today, check out the roundup at the SANS In…

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine.

UK companies belonging to the group that have been shut down by Google Ads since Jan 2025 include:–Proglobal Solutions LTD (advertised nerdifyit[.

Currently active Google Ads accounts for the Nerdify brands include:-OK Marketing LTD (advertising geekly-hub[.

For a number of years, Lobov and Perkon co-produced a cross-cultural event in the U.K. called Russian Film Week.

While Synergy University promotes itself as Russia’s largest private educational institutio…

The phishing domains are being promoted by scam messages sent via Apple’s iMessage service or the functionally equivalent RCS messaging service built into Google phones.

The website scanning service urlscan.io shows thousands of these phishing domains have been deployed in just the past few days alone.

Pivoting off these T-Mobile phishing domains in urlscan.io reveals a similar scam targeting AT&T customers:Ford Merrill works in security research at SecAlliance, a CSIS Security Group company.

CAVEAT EMPTORMany SMS phishing or “smishing” domains are quickly flagged by browser makers as malicious.

“The fake e-commerce sites are tough because a lot of them can fly under the radar,” Merrill sai…

A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations.

Scattered LAPSUS$ Hunters (SLSH) is thought to be an amalgamation of three hacking groups — Scattered Spider, LAPSUS$ and ShinyHunters.

But last week, SLSH announced on its Telegram channel the release of their own ransomware-as-a-service operation called ShinySp1d3r.

The individual responsible for releasing the ShinySp1d3r ransomware offering is a core SLSH member who goes by the handle “Rey” and who is currently one of just three administrators of the SLSH Telegram channel.

Incredibly, Rey w…

UNBOXINGCensys’s Ashley said the phone home to China’s Tencent QQ instant messaging service was the first red flag with the Superbox devices she examined.

In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants dubbed the “BadBox 2.0 Enterprise,” which Google described as a botnet of over ten million Android streaming devices that engaged in advertising fraud.

Several of the Android streaming devices flagged in Google’s lawsuit are still for sale on top U.S. retail sites.

Kilmer said Badbox 2.0 was used as a distribution platform for IPidea, a China-based entity that is now the world’s largest residential proxy network.

-Generic TV streaming devices advertis…

Sixteen months later, however, Mozilla is still promoting Onerep.

This week, Mozilla announced its partnership with Onerep will officially end next month.

In a statement published Tuesday, Mozilla said it will soon discontinue Monitor Plus, which offered data broker site scans and automated personal data removal from Onerep.

Mozilla said current Monitor Plus subscribers will retain full access through the wind-down period, which ends on Dec. 17, 2025.

Shelest released a lengthy statement wherein he acknowledged maintaining an ownership stake in Nuwber, a data broker he founded in 2015 — around the same time he launched Onerep.

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline.

Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites.

However, some customers did manage to pivot their domains away from Cloudflare during the outage.

“Then you see through DNS changes that the target has eliminated Cloudflare from their web stack due to the outage.

But also look hard at the behavior inside your org.”Scott said organizations seeking security insights from the Cloudflare outage should ask themselves:1.

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited.

Affected products this month include the Windows OS, Office, SharePoint, SQL Server, Visual Studio, GitHub Copilot, and Azure Monitor Agent.

Many of the more concerning bugs addressed by Microsoft this month affect Windows 10, an operating system that Microsoft officially ceased supporting with patches last month.

As that deadline rolled around, however, Microsoft began offering Windows 10 users an extra year of free updates, so long as they register their PC to an active Microsoft accoun…

More recently, Lighthouse has been used to spoof e-commerce websites, financial institutions and brokerage firms.

Google’s lawsuit alleges the purveyors of Lighthouse violated the company’s trademarks by including Google’s logos on countless phishing websites.

Ford Merrill works in security research at SecAlliance, a CSIS Security Group company, and he’s been tracking Chinese SMS phishing groups for several years.

Merrill said many Lighthouse customers are now using the phishing kit to erect fake e-commerce websites that are advertised on Google and Meta platforms.

But he said the Chinese mobile phishing market is so lucrative right now that it’s difficult to imagine a popular phishing serv…

The Washington Post recently reported that more than a half-dozen federal departments and agencies were backing a proposed ban on future sales of TP-Link devices in the United States.

“TP-Link vigorously disputes any allegation that its products present national security risks to the United States,” Ricca Silverio, a spokeswoman for TP-Link Systems, said in a statement.

Microsoft found the hacker groups were leveraging the compromised TP-Link systems to conduct “password spraying” attacks against Microsoft accounts.

Happily, TP-Link users spooked by the proposed ban may have an alternative to outright junking these devices, as many TP-Link routers also support open-source firmware options l…

Cloudflare responded by redacting Aisuru domain names from their top websites list.

One Aisuru botnet domain that sat prominently for days at #1 on the list was someone’s street address in Massachusetts followed by “.com”.

Other Aisuru domains mimicked those belonging to major cloud providers.

Sometime in the past 24 hours, Cloudflare appears to have begun hiding the malicious Aisuru domains entirely from the web version of that list.

However, downloading a spreadsheet of the current Top 200 domains from Cloudflare Radar shows an Aisuru domain still at the very top.

The 2012 indictment targeting the Jabber Zeus crew named MrICQ as “John Doe #3,” and said this person handled incoming notifications of newly compromised victims.

Two sources familiar with the Jabber Zeus investigation said Rybtsov was arrested in Italy, although the exact date and circumstances of his arrest remain unclear.

Further searching on this address in Constella finds the same apartment building was shared by a business registered to Vyacheslav “Tank” Penchukov, the leader of the Jabber Zeus crew in Ukraine.

Nevertheless, the pilfered Jabber Zeus group chats provided the basis for dozens of stories published here about small businesses fighting their banks in court over six- and se…

This Christmas special of The AI Fix podcast sets out to answer that question in the most sensible way possible: by consulting chatbots, Google’s festive killjoys, and the laws of relativistic physics.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Danny Palmer.

Smashing Security #448:The Kindle that got pwned [Your browser does not support the audio element]Host:Graham Cluley:@grahamcluley.com @[email protected] / grahamcluleyGuest:Danny Palmer:/ dannypalmerwriter‬Episode links:Sponsors:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podca…

The cruise line has updated its list of prohibited items, specifically banning smart glasses and similar wearable devices from public areas.

The ban means that you could find your expensive Google Glass, Meta/Ray-Ban Stories confiscated by the cruise's security team if you break the rules.

An obvious question is why are smart glasses subject to a ban onboard, but not other recording devices such as smartphones and regular cameras?

And, unfortunately, it's not always obvious that someone is wearing smart glasses.

Smart glasses are becoming increasingly sophisticated and harder to distinguish from regular glasses.

In episode 81 of The AI Fix, Graham discovers that deepfakes are already marking your kids’ homework, while Mark glimpses the future when he discovers AI agents that can communicate by reading each other’s minds.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive cont…

Regular readers of Hot for Security will have read plenty of articles about cybercriminals who have created malware, or malicious hackers who have used malware to infect the systems of victims.

But the news this week is that a court in Singapore has jailed a man not for launching an attack himself, but instead for teaching others exactly how to do it.

According to Singaporean authorities this is the country's first prosecution specifically targeted against somebody who had taught others how to use malware.

Prosecutors claim that Lee Rong Teng provided Cheoh with several versions of the spyware and asked him to learn how they functioned.

Cheoh’s alleged accomplice, Lee Rong Teng, is thought …

Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future." Read more in my article on the Fortra blog.

Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable.

All this, and more, in episode 447 of the “Smashing Security” podcast with Graham Cluley, and special guest Jenny Radcliffe.

Smashing Security listeners get $1000 off!

CoreView – Benchmark your Microsoft 365 tenant security against the Center for Internet Security (CIS) controls.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

A new report from the United States's Financial Crimes Enforcement Network (FinCEN) has shone a revealing light on the state of the criminal industry of ransomware. The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion over the three-year period. Yes, that number is enormous - but it hides a more interesting story beneath it: that after peaking in 2023, ransomware payments actually started to decline. Read more in my article on the Fortra blog.

Remember when a notorious ransomware gang hit the Irish Health Service back in May 2021?

Four years on, and it seems victims who had their data exposed will finally receive compensation.

The attack against the Health Service Executive (HSE) began when the Russia-linked Conti ransomware group tricked a user into downloading a boobytrapped Microsoft Excel file.

The Health Service Executive (HSE) has now made an offer of €750 to victims whose personal data was compromised in what was declared the largest ever cyber attack against a health service computer system in Ireland.

According to media reports, a Cork-based solicitors firm representing more than 100 people affected by the data breach re…

A 22-year-old from Newport Beach, California has pleaded guilty to his role in a sophisticated criminal network that stole approximately US $263 million in cryptocurrency from victims.

Evan Tangeman is the ninth defendant to plead guilty in connection with what prosecutors have described as a highly-organised criminal enterprise, dubbed the "Social Engineering Enterprise" (SE Enterprise).

Some members of SE Enterprise specialised in hacking databases to identify wealthy cryptocurrency investors.

Evan Tangeman admitted to working as a money launderer for the group, helping convert US $3.5 million worth of stolen cryptocurrency into cash.

For all their supposed sophistication, the downfall of…

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

Grok, the AI chatbot developed by Elon Musk's xAI, has been found to exhibit more alarming behaviour - this time revealing the home addresses of ordinary people upon request.

And, as if that wasn't enough of a privacy violation, Grok has also been exposed as providing detailed instructions for stalking and surveillance of targeted individuals.

If Grok was not able to identify the exact person, it would often return lists of similarly named individuals with their addresses.

Grok was also not afraid of offering tips for encountering a world-famous pop star, providing tips for waiting near venue exits.

As AI becomes embedded in our daily lives, it is clear that stronger safeguards are not opti…

A new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen. Read more in my article on the Fortra blog.

All this and more is discussed in episode 446 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Rik Ferguson.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

The FBI has recently issued a public service announcement that warns that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million. Read more in my article on the Fortra blog.

Что нужно знать об этих изменениях и какие знания и привычки взять с собой в 2026 год?

Мы рекомендуем Kaspersky Premium — с ним вы получите и защиту от вредоносного ПО, и оповещения (если ваши личные данные засветились в каких-то публичных утечках), и менеджер паролей, и родительский контроль, и многое другое.

Как и в случае с фастфудом, телевизором, TikTok и другими легкодоступными благами, важно найти баланс между здоровым применением этих помощников и опасными привычками.

А где-то вам подключили дополнительную опцию, о которой вы и не знаете, и ее нужно отключить.

Предполагается, что нейросети помогут дому самостоятельно решать, что и когда делать, чтобы владельцу было удобнее, — без зар…

В основном Stealka распространяют на популярных ресурсах — вроде GitHub, SourceForge, Softpedia, sites.google.com и других — под видом кряков известных программ, читов и модов для игр.

Чем опасен стилер StealkaУ Stealka достаточно большой арсенал возможностей, но «лакомый кусок» для него — данные из браузеров на движках Chromium и Gecko.

Не менее интересны для хакеров куки-файлы и токены сессий, которые позволяют обойти двухфакторную аутентификацию и угнать аккаунты без ввода пароля.

В зоне риска — Discord, Telegram, Unigram, Pidgin, Tox и другие.. В служебных файлах мессенджеров хранятся данные об аккаунтах, идентификаторы устройств, токены авторизации и параметры шифрования переписки.

— S…

Наши эксперты из команды GReAT обнаружили и исследовали новую волну целевых рассылок за авторством APT-группы «Форумный тролль».

Внутри содержались персонализированные ссылки, по которым жертве предлагали скачать отчет о проверке какого-то материала на плагиат, что, по замыслу атакующих, должно было заинтересовать ученых.

В случае если жертва испытывала сомнения в легитимности письма и заходила на страницу e-library{.

Сам файл, впрочем, не был персонализирован — это был достаточно размытый отчет в формате одной из российских систем проверки на плагиат.

Мы рекомендуем устанавливать надежные ИБ-решения не только на все устройства, с которых сотрудники выходят в Интернет, но и на почтовый шлюз…

Мы в «Лаборатории Касперского» изучили, какой путь проходят данные после фишинговой атаки: кому они достаются, как их сортируют, перепродают и используют на теневом рынке.

: реквизиты карт, данные от криптокошельков.

В таких архивах часто попадаются мусорные и устаревшие данные, и поэтому стоят они недорого: стартовая цена — $50.

Данными пользователей торгуют при этом не только в даркнете, но и в старом добром Telegram.

Несложно догадаться, что наиболее дорогой и востребованный товар на этом рынке — данные от банковских аккаунтов и криптокошельков.

Разумеется, сообщать облачный пароль нельзя никому — он нужен исключительно для того, чтобы войти в ваш аккаунт в Telegram.. Сделайте это в разделе Настройки → Конфиденциальность Telegram прямо сейчас.

После недавнего обновления в Telegram появилась возможность защитить вход в аккаунт не только облачным паролем, но и ключом доступа.

После недавнего обновления в Telegram появилась возможность защитить вход в аккаунт не только облачным паролем, но и ключом доступа.

Поэтому мы рекомендуем создать сложный и уникальный облачный пароль Telegram и хранить как его, так и ключ доступа для Telegram в Kaspersky Password Manager.

Поэтому мы рекомендуем создать сложный и уникальный облачный пароль Teleg…

Правоохранительные органы Южной Кореи арестовали четырех подозреваемых во взломе 120 000 IP-камер, установленных как в частных домах, так и в коммерческих помещениях — например, в комнатах караоке, студии пилатеса и гинекологической клинике.

Объясняем, что представляют собой IP-камеры и в чем состоят их уязвимости, а также подробно рассказываем об инциденте в Южной Корее и о том, как не стать жертвой злоумышленников, охотящихся за горячими видео.

Что случилось в Южной КорееВернемся к событиям, произошедшим этой осенью в Южной Корее.

Он взломал 63 000 IP-камер и создал, а затем продал 545 видео сексуального характера за 35 миллионов южнокорейских вон (чуть меньше 24 000 долларов).

Он взломал…

В этом посте попробуем определить, какие активы требуют первоочередного внимания, как их обнаружить и в какой форме проводить реагирование.

Физические и виртуальные серверы остаются бесхозными в крупных инфраструктурах после проектов по миграции или после слияния и поглощения компаний.

Важно также закрепить в политике способы учета создаваемых хранилищ и запрет на «бесхозные» данные, доступные без ограничений, паролей и шифрования.

Для внутренней разработки — обязательное использование сканеров и комплексных систем защиты, интегрированных с конвейером CI/CD и предотвращающих сборку ПО с устаревшими компонентами.

Подключенные к сети, но не управляемые и не обновляемые роутеры, межсетевые экр…

Недавно на новостных сайтах появилась информация о том, что некие злоумышленники распространяют инфостилер через бесплатные файлы 3D-моделей для ПО Blender.

Почему Blender и онлайн-маркетплейсы 3D-моделей могут быть источниками рискаBlender — это программное обеспечение для создания 3D-графики и анимации, которое используется множеством специалистов по визуализации в различных областях.

Среди прочих возможностей Blender есть и поддержка выполнения Python-скриптов, которые используются для автоматизации задач и расширения функциональности ПО.

Чем опасны рабочие инструменты, не контролируемые ИБПроблема не в Blender как таковом — злоумышленники неизбежно попробуют эксплуатировать возможности …

Теперь поделиться можно еще и чатом с ИИ-ассистентом, и ссылка на него будет вести на официальный сайт чат-бота.

При правильном вводе скрипт скачивает вредоносное ПО и использует указанный пароль для установки и запуска зловреда.

Инфостилер и бэкдорЕсли пользователь поддастся на уговоры, на его компьютере запустится распространенный инфостилер AMOS (Atomic macOS Stealer).

Использовать надежную защиту от вредоносного ПО на всех своих смартфонах, планшетах и компьютерах, включая компьютеры под управлением macOS и Linux.

Никогда не выполнять технические инструкции, о которых вы не просили и в которых разбираетесь не до конца.

Что нового в Kaspersky Embedded Systems Security для WindowsНаши эксперты значительно переработали кодовую базу решения, добавив ряд продвинутых механизмов детектирования и блокирования угроз.

Что нового в Kaspersky Embedded Systems Security для LinuxМы значительно доработали и новый KESS для Linux, но большинство нововведений в нем повышают эффективность уже реализованных защитных механизмов.

В нем мы планируем:Обеспечить полную совместимость Kaspersky Embedded Systems Security с сервисом Kaspersky Managed Detection and Response.

Добавить в Kaspersky Embedded Systems Security для Linux технологию защиты от BadUSB, которая уже работает в Windows-версии.

Обеспечить поддержку решением Kaspers…

3 декабря стало известно о скоординированном устранении критической уязвимости CVE-2025-55182 (CVSSv3 — 10), которая содержалась в React server components (RSC), а также во множестве производных проектов и фреймворков: Next.js, React Router RSC preview, Redwood SDK, Waku, RSC-плагинах Vite и Parcel.

Учитывая, что на базе React и Next.js построены десятки миллионов сайтов, включая Airbnb и Netflix, а уязвимые версии компонентов найдены примерно в 39% облачных инфраструктур, масштаб эксплуатации может быть очень серьезным.

Благодаря компонентам RSC, появившимся в React 18 в 2020 году, часть работы по сборке веб-страницы выполняется не в браузере, а на сервере.

Изначально React предназначен дл…

C октября этого года наши технологии фиксируют вредоносные рассылки файлов, в названии которых эксплуатируется тема годовых премий и бонусов.

Еще одной интересной особенностью данной вредоносной кампании является то, что в качестве полезной нагрузки выступает XLL-файл, что достаточно нестандартно.

Атакующие, конечно, меняют иконку, но в некоторых интерфейсах — в первую очередь в «проводнике Windows» — очевидно, что тип файла не соответствует видимому расширению, как показано, например, вот в этом посте.

Тип файла XLL служит для надстроек Microsoft Excel и, по сути, представляет собой DLL-библиотеку, которая запускается непосредственно программой для работы с электронными таблицами.

Часть ко…

Наверняка найдутся и желающие применить на практике новую атаку Whisper Leak.

Исследователи из Microsoft продолжили эту тему и проанализировали параметры поступления ответа от 30 разных ИИ-моделей в ответ на 11,8 тысяч запросов.

Сравнив задержку поступления пакетов от сервера, их размер и общее количество, исследователи смогли очень точно отделить «опасные» запросы от «обычных».

Как защититься от Whisper LeakОсновное бремя защиты от этой атаки лежит на провайдерах ИИ-моделей.

Если вы пользуетесь моделью и серверами, для которых Whisper Leak актуален, можно либо сменить провайдера на менее уязвимого, либо принять дополнительные меры предосторожности.

Как устроена автоматическая машина для тасования карт Deckmate 2Машина для автоматического тасования карт Deckmate 2 была запущена в производство в 2012 году.

В предыдущей модели устройства, Deckmate, внутренней камеры не было и, соответственно, не было возможности подглядеть последовательность карт в колоде.

Как исследователи смогли взломать устройство Deckmate 2Опытные читатели нашего блога уже наверняка заметили несколько уязвимостей в конструкции Deckmate 2, которыми воспользовались исследователи для создания proof-of-concept.

Это позволяло специалистам в реальном времени узнавать порядок карт в тасовке.

Как мафия использовала взломанные Deckmate 2 в реальных покерных играхДва года спус…

In this context, the importance of Data Loss Prevention (DLP) capability for data protection cannot be overstated.

Cisco Secure Access: Unified, AI-Powered Data Loss Prevention (DLP) for the Modern EnterpriseCisco Secure Access delivers the next generation of Data Loss Prevention (DLP) as a core component of our Security Service Edge (SSE).

Secure Access DLP also plays a vital role in enabling the safe use of generative Artificial Intelligence (AI) applications and model repositories.

The Endpoint DLP Advantage: Safeguarding Data Movement at the SourceIncorporating endpoint DLP into an organization’s data protection strategy brings immense value.

Recognizing this, Cisco Secure Access launch…

Cisco ISE: Live network visibility—but not always aligned with CMDB metadata or lifecycle information.

The Old Way Was LimitedPrevious integrations between Cisco ISE and ServiceNow attempted to close this gap by pushing CMDB attributes into ISE.

The Cisco ISE + ServiceNow Service Graph Connector finally closes the loop between visibility and control.

With Service Graph Connector for Cisco ISE, watch your network inventory come alive.

Ask a question and stay connected with Cisco Security on social media.

Cisco Identity Intelligence is now the first Cisco product to deliver a customer facing capability powered entirely by a Cisco built artificial intelligence model, Foundation-sec-1.1-8B-Instruct.

Strengthening Identity Security Through Deeper InsightCisco Identity Intelligence helps organizations understand and respond to identity related risk across their entire environment.

A key part of this experience is the weekly email digest that Cisco Identity Intelligence sends to administrators.

Why the Cisco Foundation Model MattersCisco Identity Intelligence selected the Cisco Foundation AI model because it offers clear advantages in quality, control, and long-term strategic alignment.

A Cisco-o…

According to our survey results, 94% of organizations are currently facing segmentation challenges, which range from technical to non-technical issues.

Challenges Inhibiting Segmentation ProjectsUnderstanding the challenges organizations face will ease the transition from partial to comprehensive segmentation implementations, allowing organizations to accelerate their progress through their segmentation journeys.

Currently, what are/ could be the biggest segmentation challenges you are/ could be experiencing at your organization?

Overcoming Segmentation Challenges Enables a Proactive Security StrategySegmentation remains a foundational element of enterprise security.

In the meantime, downlo…

Thanks to Duo, I was quickly given access to all the essential tools: Cisco XDR, Splunk, firewall dashboards, and more from the duo directory.

Detection: Cisco XDR flagged the suspicious behavior, visualizing the connections between one internal asset and several high-risk external hosts.

This raised immediate concerns about potential malware or command-and-control activity (see Cisco XDR investigation below).

In summary, my first SOC experience turned initial nerves into genuine confidence.

Ask a question and stay connected with Cisco Security on social media.

As a reminder, when a Windows client is seeking to talk to a domain controller it will make DNS queries for SRV records for names like _kerberos._tcp.dc._msdcs.DOMAINNAME or _ldap._tcp.dc._msdcs.DOMAINNAME.

These DNS requests enable the client to find nearby Kerberos or LDAP servers for their domain.

Finally, the Cisco Live network is designed to be a safe network for attendees to use.

A properly configured VPN client like Cisco Secure Client can support both a full tunnel VPN and “Start Before Login”.

Check out the other blogs by my colleagues in the Cisco Live Melbourne 2026 SOC.

Kerberoasting: An attacker with a valid ticket can request service tickets from the KDC which are encrypted with the service account password.

An attacker with a valid ticket can request service tickets from the KDC which are encrypted with the service account password.

Cisco XDR: Cross-signal correlation and incident management spanning Secure Firewall, Secure Access (DNS), Secure Network Analytics, and partner telemetry.

Cross-signal correlation and incident management spanning Secure Firewall, Secure Access (DNS), Secure Network Analytics, and partner telemetry.

Secure Network Analytics: NetFlow analytics to surface scanning, beaconing, and anomalous connection patterns at scale.

Building on the success of the 2nd annual Security Operations Centre (SOC) at Cisco Live Melbourne (Asia Pacific Japan) 2024, the executive team supported the first SOC for Cisco Live San Diego (Americas) and invited the team back for 20025.

The SOC at Cisco Live SOC was successfully deployed in just 12 hours over 1 ½ days, demonstrating extensive prior planning and specialized expertise.

The partnership with Endace, a highly skilled full-packet capture provider, whose experience in the 2025 SOC was critical and extended to their commitment for Cisco Live Melbourne.

For example, Ryan MacLennan created an AI model to find domain generated algorithms at the Cisco Live AMER Security SOC.

Ackno…

Joining the Security Operations Centre (SOC) team in Cisco Live Melbourne was a new experience for me as a Cisco Technical Marketing Engineer (TME).

As a Tier1 / Tier 2 analyst the first screen to look at is Cisco XDR, that will bring incidents from the different data sources including Splunk Core.

Day 1 at Cisco Live and guess what?

Distributed Deniel of Service (DDoS) activity was detected targeting Cisco TV devices connected to Cisco Live network.

Check out the other blogs by my colleagues in the Cisco Live APJC 2026 SOC.

In the Cisco Live Melbourne SOC, we use a combination of Endace full packet capture (PCAP), Splunk Enterprise Security, and Splunk SOAR to provide automated detections of cleartext credential leakage.

We resolve this using the coalesce function in Splunk’s eval command.

The coalece function will return the first non-null value from a list of possible values, just like the COALESCE function in SQL.

In our case, we use it like so:However, during Cisco Live we discovered a problem with this logic.

One answer is a Splunk macro.

One area of integration between CSF and Splunk that we worked on at Cisco Live Melbourne involved Enterprise Security Content Update (ESCU) detections in Splunk Enterprise Security (ES).

Splunk ES has around two dozen ESCU detections for Cisco Secure Firewall.

These can be accessed from ES by navigating to Security Content > Content Management and then searching for ‘Secure Firewall’.

All ESCU detections for Secure Firewall reference the same macro, ‘cisco_secure_firewall’.

We transitioned our firewall log export to syslog a few conferences ago, and in Melbourne we decided to test the ESCU detections with syslog.

Sometimes though we see exceptions, in this circumstance an asset connected to the Attendee Wi-Fi network at Cisco Live Melbourne 2025 exhibited a large spike in traffic on multiple occasions.

Upon investigation, the asset was found to be connecting to multiple confirmed malicious external IP addresses.

When the Incident was investigated, we found that the asset was communicating with numerous external IP addresses classified as malicious.

Investigating further, we saw the internal IP address communicating with a number of external IP addresses, all classed as malicious.

Cisco Security Social MediaLinkedInFacebookInstagramX

The Adrenaline of the Real World: Rapid Threat Containment on DisplayThe first thing that strikes you when you walk into the Cisco Live SOC is the energy.

The XDR & Splunk ES Synergy: The key highlight of the visibility demo was the seamless data exchange between XDR and Splunk ES.

Forging the Future: Empowering New and Tier One AnalystsPerhaps the most inspiring aspect of the SOC tours was the focus on people.

The Cisco Live Melbourne 2025 SOC tours weren’t just about the technology of today; they were about sharing our experiences, delivering on the EDUCATE component of our Mission.

Check out the other blogs by my colleagues in the Cisco Live APJC 2026 SOC.

Segmentation introduces critical control points, regulating who and what can access the network environment and its applications.

I consistently approach the segmentation journey with my customers by framing it as a circular cycle.

This cycle starts with visibility, progresses through identity context, policy selection, and policy enforcement, ultimately returning to enhanced visibility.

1: The segmentation cycleVisibilityThe segmentation cycle both starts and ends with robust visibility.

Policy AssignmentPolicy Assignment, often referred to as the Policy Decision Point (PDP) in NIST SP 800-207, represents the “what” in our segmentation cycle.

The survey results also revealed interesting insights into why segmentation remains a foundational concept.

The evolution of segmentation and the development of different segmentation approaches make the concept ideal for implementing a proactive approach to enterprise cybersecurity today.

And now, augmenting macro-segmentation with micro-segmentation implementations allows security teams to split environments into separate networks AND isolate specific workloads based on behavior or identity.

Data split by those who have fully implemented both macro- and micro-segmentation (315), and those who have not fully implemented both (608).

Data split by those who have fully implemented both macro-…

But point solutions can only go so far.

In our new e-book, 3 reasons point solutions are holding you back, we share how a unified, AI-ready platform can transform your security operations to help keep your organization safe.

Download the 3 reasons point solutions are holding you back e-book and discover how a unified, AI-ready platform can help your team stay ahead of cyberthreats and prepare for the future.

Learn moreTo learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

An Access Fabric solution continuously decides who can access what, from where, and under what conditions—in real time.

Why a unified approach to access security is better than a fragmented oneLet’s use an everyday example to illustrate the difference between an access security approach that uses fragmented tools versus one that uses an Access Fabric solution.

This time you, your device, your applications, and your data are wrapped in the protection of an Access Fabric solution that connects identity, device, and network signals.

What makes an Access Fabric solution effectiveFor an Access Fabric solution to secure access in hybrid work environments effectively, it must be contextual, connec…

The React Server Components ecosystem is a collection of packages, frameworks, and bundlers that enable React 19 applications to run parts of their logic on the server rather than the browser.

To exploit CVE-2025-55182, an attacker sends a crafted input to a web application running React Server Components functions in the form of a POST request.

Microsoft Defender Vulnerability Management and Microsoft Defender for CloudMicrosoft Defender for Cloud rolled out support to surface CVE-2025-55182 with agentless scanning across containers and cloud virtual machines (VMs).

In parallel, we recommend that you upgrade affected React Server Components and Next.js packages immediately to patched versi…

The React Server Components ecosystem is a collection of packages, frameworks, and bundlers that enable React 19 applications to run parts of their logic on the server rather than the browser.

To exploit CVE-2025-55182, an attacker sends a crafted input to a web application running React Server Components functions in the form of a POST request.

Microsoft Defender Vulnerability Management and Microsoft Defender for CloudMicrosoft Defender for Cloud rolled out support to surface CVE-2025-55182 with agentless scanning across containers and cloud virtual machines (VMs).

In parallel, we recommend that you upgrade affected React Server Components and Next.js packages immediately to patched versi…

Today, we are proud to share that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense.

The post Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense appeared first on Microsoft Security Blog.

This form of cyberattack involves operatives posing as legitimate remote hires, slipping past human resources checks and onboarding processes to gain trusted access.

With support from Microsoft Threat Intelligence, we quickly traced the activity to the North Korean remote IT workforce known as Jasper Sleet.

TACTICPiKVM devices—low-cost, hardware-based remote access tools—were utilized as egress channels.

Advanced detection tools, including Microsoft Defender for Identity and Microsoft Defender for Endpoint, were deployed to uncover lateral movement and credential misuse.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

This form of cyberattack involves operatives posing as legitimate remote hires, slipping past human resources checks and onboarding processes to gain trusted access.

With support from Microsoft Threat Intelligence, we quickly traced the activity to the North Korean remote IT workforce known as Jasper Sleet.

TACTICPiKVM devices—low-cost, hardware-based remote access tools—were utilized as egress channels.

Advanced detection tools, including Microsoft Defender for Identity and Microsoft Defender for Endpoint, were deployed to uncover lateral movement and credential misuse.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Our blog “Building human-centric security skills for AI” offers insights and guidance you can apply in your organization.

Find in AI Skills Navigator, our agentic learning space, AI and security training tailored to different roles.

—Jeana Jorgensen, Corporate Vice President, Microsoft LearningFostering a culture that prioritizes securityAs AI impacts everyone’s role, make security awareness and responsible AI practices shared priorities.

From awareness to actionIn the agentic AI era, people continue to be our most valuable resource.

It’s essential to empower them with AI and equip them with the skills they need to use AI responsibly and securely.

Our blog “Building human-centric security skills for AI” offers insights and guidance you can apply in your organization.

Find in AI Skills Navigator, our agentic learning space, AI and security training tailored to different roles.

—Jeana Jorgensen, Corporate Vice President, Microsoft LearningFostering a culture that prioritizes securityAs AI impacts everyone’s role, make security awareness and responsible AI practices shared priorities.

From awareness to actionIn the agentic AI era, people continue to be our most valuable resource.

It’s essential to empower them with AI and equip them with the skills they need to use AI responsibly and securely.

As email threats grow more sophisticated and layered security architectures become more common, organizations need clear, data-driven insights to evaluate how their security solutions perform together.

Microsoft’s commitment to transparency continues with the release of our second email security benchmarking report, informed by valuable customer and partner feedback.

The study compares environments protected exclusively by Microsoft Defender with those using a Secure Email Gateway (SEG) positioned in front of Defender, as well as environments where Integrated Cloud Email Security (ICES) solutions add a secondary layer of detection after Defender.

Secure Email Gateway and Integrated Cloud Em…

As email threats grow more sophisticated and layered security architectures become more common, organizations need clear, data-driven insights to evaluate how their security solutions perform together.

Microsoft’s commitment to transparency continues with the release of our second email security benchmarking report, informed by valuable customer and partner feedback.

The study compares environments protected exclusively by Microsoft Defender with those using a Secure Email Gateway (SEG) positioned in front of Defender, as well as environments where Integrated Cloud Email Security (ICES) solutions add a secondary layer of detection after Defender.

Secure Email Gateway and Integrated Cloud Em…

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently.

In defending against threats like Shai-Hulud 2.0, organizations benefit significantly from the layered protection from Microsoft Defender, which provides security coverage from code, to posture management, to runtime.

This blog provides a high-level overview of Shai‑Hulud 2.0, the attack mechanisms, potential attack propagation paths, customized hunting queries, and the actions Microsoft Defender is taking to enhance detection, attack-path analysis, credential scanning, and supply chain hardening.

Tactic Observed activity Microsoft Defender coverage Execution S…

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently.

In defending against threats like Shai-Hulud 2.0, organizations benefit significantly from the layered protection from Microsoft Defender, which provides security coverage from code, to posture management, to runtime.

This blog provides a high-level overview of Shai‑Hulud 2.0, the attack mechanisms, potential attack propagation paths, customized hunting queries, and the actions Microsoft Defender is taking to enhance detection, attack-path analysis, credential scanning, and supply chain hardening.

Tactic Observed activity Microsoft Defender coverage Execution S…

In this article, John Lambert, Chief Technology Officer, Corporate Vice President and Security Fellow at Microsoft dives into the future of cyber defense.

It’s easy to see why some security professionals out there see the physics of defense as being against them.

It’s also important to work on cyber defense together with organizations that you otherwise view as your competitors.

By rewriting the physics of defense, we can reclaim the advantage and redefine what it means to be secure.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

In this article, John Lambert, Chief Technology Officer, Corporate Vice President and Security Fellow at Microsoft dives into the future of cyber defense.

It’s easy to see why some security professionals out there see the physics of defense as being against them.

It’s also important to work on cyber defense together with organizations that you otherwise view as your competitors.

By rewriting the physics of defense, we can reclaim the advantage and redefine what it means to be secure.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation.

What’s Domain Control Validation?

Domain Control Validation is a security-critical process designed to ensure certificates are only issued to the legitimate domain operator.

Sunsetted methods relying on email:Sunsetted methods relying on phone:Sunsetted method relying on a reverse lookup:For everyday users, these changes are invisible - and that’s the point.

These changes push the ecosystem toward standardized (e.g., ACME), modern, and auditable Domain Control Validation methods.

Partnership with ArmOur goal is to raise the bar on GPU security, ensuring the Mali GPU driver and firmware remain highly resilient against potential threats.

We partnered with Arm to conduct an analysis of the Mali driver, used on approximately 45% of Android devices.

This approach allowed us to roll out the new security policy broadly while minimizing the impact on developers.

This effort spans across Android and Android OEMs, and required close collaboration with Arm.

The Android security team is committed to collaborating with ecosystem partners to drive broader adoption of this approach to help harden the GPU.

We built on Gemini's existing protections and agent security principles and have implemented several new layers for Chrome.

To further bolster model alignment beyond spotlighting, we’re introducing the User Alignment Critic — a separate model built with Gemini that acts as a high-trust system component.

A flow chart that depicts the User Alignment Critic: a trusted component that vets each action before it reaches the browser.

The User Alignment Critic runs after the planning is complete to double-check each proposed action.

Looking forwardThe upcoming introduction of agentic capabilities in Chrome brings new demands for browser security, and we've approached this challenge with the same ri…

Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle.

Over the last few years, we’ve launched industry-leading features to detect scams and protect users across phone calls, text messages and messaging app chat notifications.

To help combat these types of financial scams, we launched a pilot earlier this year in the UK focused on in-call protections for financial apps.

The UK pilot of Android’s in-call scam protections has already helped thousands of users end calls that could have cost them a significant amount of money.

We’ve also started to pilot this protection with more app types, including peer-to-peer (P2P) payment apps.

Secure by DesignWe built Quick Share’s interoperability support for AirDrop with the same rigorous security standards that we apply to all Google products.

Secure Sharing Channel: The communication channel itself is hardened by our use of Rust to develop this feature.

On Android, security is built in at every layer.

On Android, security is built in at every layer.

Secure Sharing Using AirDrop's "Everyone" ModeTo ensure a seamless experience for both Android and iOS users, Quick Share currently works with AirDrop's "Everyone for 10 minutes" mode.

Our first rust memory safety vulnerability...almost: We'll analyze a near-miss memory safety bug in unsafe Rust: how it happened, how it was mitigated, and steps we're taking to prevent recurrence.

Our First Rust Memory Safety Vulnerability...AlmostWe recently avoided shipping our very first Rust-based memory safety vulnerability: a linear buffer overflow in CrabbyAVIF.

Unsafe Review and TrainingOperating system development requires unsafe code, typically C, C++, or unsafe Rust (for example, for FFI and interacting with hardware), so simply banning unsafe code is not workable.

Dmytro Hrybenko for leading the effort to develop training for unsafe Rust and for providing extensive feedback on …

Survey shows Android users’ confidence in scam protectionsGoogle and YouGov3 surveyed 5,000 smartphone users across the U.S., India, and Brazil about their experiences.

The findings were clear: Android users reported receiving fewer scam texts and felt more confident that their device was keeping them safe.

Android users were 58% more likely than iOS users to say they had not received any scam texts in the week prior to the survey.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

What's worse, many plaintext HTTP connections today are entirely invisible to users, as HTTP sites may immediately redirect to HTTPS sites.

To address this risk, we launched the “Always Use Secure Connections” setting in 2022 as an opt-in option.

We now think the time has come to enable “Always Use Secure Connections” for all users by default.

For more than a decade, Google has published the HTTPS transparency report, which tracks the percentage of navigations in Chrome that use HTTPS.

Since HTTP navigations remain a regular occurrence for most Chrome users, a naive approach to warning on all HTTP navigations would be quite disruptive.

To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity.

Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.

An overwhelming 85% of all participants found the event useful for learning how AI can be applied to security workflows.

This positive feedback highlights that AI-centric CTFs can play a vital role in speeding up AI education and adoption in the security community.

We are committed to advancing the AI cybersecurity frontier…

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service .

The block will expire shortly after those requests stop.

In the meantime, solving the above CAPTCHA will let you continue to use our services.This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests.

If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible.

Learn more Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very qu…

At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos.

Pixel Camera attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

Google Photos attaches Content Credentials to JPEG images that already have Content Credentials and are edited using AI or non-AI tools, and also to any images that are edited using AI tools.

Building a More Trus…

Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics.

Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification.

This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar.

With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads.

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the hi…

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts.

Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and distribute provenance.

With an estimated value exceeding $12 trillion, open source software has never been more integral to the global economy.

For publishers and maintainers of open source packages, OSS Rebuild can...

If you're a developer, enterprise, or security researcher interested in OSS security, we invite you to follow along and get involved!

Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures.

This is particularly useful for Advanced Protection users, since in 2023, plaintext HTTP was used as an exploitation vector during the Egyptian election.

JavaScript Optimizations and Security Advanced Protection reduces the attack surface of Chrome by disabling the higher-level optimizing Javascript compilers inside V8.

Javascript optimizers can be disabled outside of Advanced Protection Mode via the “Javascript optimization & security” Site Setting.

We…

Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approachGoogle has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle.

From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level.

Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article.

Moving forwardOur comprehensive prompt injection security strategy strengthens the overall security framework for Gemini.