Американские ученые создали мини-вселенную термоядерного ужаса в безопасной капсуле.

Поднебесная запустила конвейер гуманоидов: 5000 штук к 2026 году против одиночных прототипов Запада.

Когда вайб-кодинг оборачивается кошмаром.

Зачем Дурову понадобились Telegram Nodes.

Не модель, а целая вселенная: от лидаров до гуманоидов в одной экосистеме.

Каким было первое топливо для 1 октиллиона клеток — больше, чем звезд во Вселенной.

Режиссёр, входящий в совет директоров Stability AI, резко высказался против генерации в кино.

Сложный видеомонтаж теперь не требует ни опыта, ни долгих часов работы.

Риск возникает там, где всё кажется предсказуемым.

Специалисты фиксируют опасный тренд — злоумышленники используют меньше уязвимостей, но атакуют гораздо агрессивнее.

В России массово блокируются автомобили Porsche.

BI.ZONE рекомендует промышленности ограничить запуск PowerShell из-за активности хакеров.

Вредоносный скрипт может лишить доступа к аккаунтам в КУБ24.

Один из технологических гигантов до сих пор раздаёт этот опасный софт в своём магазине.

Исследователи MIT показали, как тонкий слой выращенной мышцы и пара искусственных сухожилий превращаются в эффективный и долговечный роботизированный захват.

ВведениеПризнаки значительного роста в 2025 году интенсивности APT-атак на российские компании только начинают проявляться.

Цель статьи — оценить достоверность тезиса о росте APT-активности в 2025 году и выявить, каких изменений это потребует от моделей угроз компаний.

через подрядчика) встречается чаще всего: количество атак с применением этой техники выросло в 2025 году (с 8 до 27,6 %).

Успешность кибератак с использованием фишинга в целом остаётся на прежнем уровне: 12 % в 2024 году и 13,8 % в 2025 году.

По данным Центра исследования киберугроз Solar 4RAYS, на российском рынке в 2025 году наблюдается рост активности APT-группировок.

Для обеспечения конфиденциальности и безопасности информации пользователей реализовано шифрование и защита данных.

Порядок действий и организация интерфейса позволяют быстро выполнять проверку уязвимостей и формировать отчёты.

Также отображает открытые порты, общий рейтинг безопасности, статистику обнаруженных уязвимостей и приоритетные угрозы.

ПО и сервисы.

По запросу вендор может оперативно реализовать выгрузку в JSON и в других форматах.

По данным отраслевых ассоциаций, доля трофейного ПО в ряде отраслей, в частности, в строительстве, близка к 100 %.

Трояны, инфостилеры, НДВ и прочие угрозыВ целом для ПО, которое принято называть трофейным, характерны те же угрозы, что и для любого другого нелицензионного.

По оценке руководителя отдела реагирования на инциденты «Бастион» Семёна Рогачёва, именно инфостилеры наиболее часто встраиваются в нелицензионное ПО — как для непосредственного использования в атаках на компании, так и для перепродажи.

Речь идёт не только о системах для монтажа видео и звука, но и ПО для создания цифровых эффектов и моделирования.

Регулирование должно быть выверенным и «умным», способствующим развитию ро…

Санкционное давление и курс на технологический суверенитет сделали переход на отечественные СУБД стратегической необходимостью для российских компаний.

Предприятия сегодня ориентированы на получение готовых решений, а не на сборку из отдельных компонентов.

Сложность заключается не только в переносе данных, но и в миграции бизнес-логики: хранимых процедур, триггеров и других компонентов, тесно связанных с конкретной СУБД.

Во втором опросе выяснилось, какова стратегия зрителей относительно СУБД на ближайший год:В процессе миграции на российскую СУБД — 43 %.

Это указывает на необходимость реализации комплексного подхода к защите данных на всех уровнях их жизненного цикла.

Знание кода необязательно, если вредоносную программу для атак на компьютерные сети или отдельные ПК можно приобрести либо арендовать.

Поскольку этот теневой бизнес уже давно стал международным, напряжённая геополитическая обстановка и санкционное давление сказались и на нём.

Наиболее часто атакам в 2025 году подвергались производственные и инжиниринговые компании (18,9 %), организации оптовой (17 %) и розничной торговли (15,1 %).

Такая схема финансовых потоков не только увеличивает доход операторов, но и затрудняет атрибуцию атак и установление ответственности.

События 2022 года отразились и на деятельности киберпреступных группировок: с этого момента началось противостояние российских и у…

Zero Trust: фундамент новой безопасностиМодель Zero Trust (нулевого доверия) — это не просто набор технологий, а фундаментальный сдвиг в философии безопасности.

Изменения инфраструктурыВнедрение Zero Trust — это поэтапный процесс.

Возросшая нагрузка на ИТ- и ИБ-подразделенияВнедрение и сопровождение архитектуры Zero Trust создаёт значительную дополнительную нагрузку на профильные подразделения, особенно на начальных этапах трансформации.

ВыводыПереход на модель Zero Trust — это не разовый проект, а стратегическая трансформация, требующая терпения, инвестиций и пересмотра корпоративной культуры.

Zero Trust не отменяет ответственности заказчика за безопасность, но даёт ему мощные инструменты,…

С 1 сентября 2025 года вступили в силу значимые изменения в законодательстве, в первую очередь в Федеральном законе № 187-ФЗ, которые существенно ужесточили и детализировали требования к защите КИИ.

Елена Заводова рассказала, что с 1 сентября вступили в силу изменения в Федеральном законе №187, которые повлекли за собой корректировки и в других нормативно-правовых актах.

У правительства появилось право указывать требования по ПО, программно-аппаратным комплексам, и следить за тем, как они выполняются.

Причиной может стать, например, создание вредоносных программ, которые направлены непосредственно на КИИ, неправомерный доступ к КИИ, нарушение правил эксплуатации обработки и передачи данных.…

В число таких решений входит «Гарда Deception» — система раннего обнаружения атак до причинения существенного ущерба.

Функциональные возможности «Гарда Deception 2.1»Программный комплекс «Гарда Deception» формирует распределённую инфраструктуру ловушек и приманок, имитирующих объекты ИТ-инфраструктуры.

Раздел «Приманки», вкладка «Данные» в «Гарда Deception 2.1»В текущей версии чтение логов аутентификаций контроллера домена производится через брокер сообщений Kafka.

Архитектура «Гарда Deception 2.1»Архитектура «Гарда Deception 2.1» включает следующие блоки:Подсистема управления (центр управления).

Типовые кейсы применения «Гарда Deception»Кейс использования «Гарда Deception» в фармацевтическ…

Зная, что группировка TA505 начинает атаки с фишинговых писем определённого формата, можно создать правило для их автоматического обнаружения.

Используют модель RaaS (Ransomware-as-a-Service) — сдают своё ПО в аренду менее квалифицированным хакерам.

Их атаки на правительственные сайты во время протестов вызывают реальные политические последствия.

Группа APT29 для атаки на демократическую партию США создала фиктивный сайт для рекрутинга сотрудников госструктур.

Знание того, кто стоит по ту сторону атаки, их мотивов и методов — половина победы.

Как стратегические просчёты в ИБ ломают бизнес-модели и чего стоит избежать, чтобы ЦОД стал конкурентным, а не проблемным активом?

В данной статье предлагается рассмотреть построение ЦОД не в качестве простого расширения вычислительных мощностей, а как стратегическую задачу по созданию безопасной и гибкой сервисной платформы.

Типовые услуги ЦОД и их риски: от размещение оборудования до аттестованных облаковРассмотрим типовые услуги дата-центров, охватывающие широкий спектр сервисов.

При аудите инфраструктуры ЦОД для обработки персональных данных выявились системные несоответствия.

Именно от этого выбора зависит вся последующая архитектура, а значит — капитальные затраты, операционная эффект…

Стратегические отрасли в России за 2025 год столкнулись с волной кибератак: госсектор и промышленность стали главными целями злоумышленников.

Однако изменения в законодательстве, вступившие в силу с 2025 года, и работа системы ГосСОПКА поменяли подход к защите критически важных объектов.

ВведениеВ июле 2025 года RED Security SOC опубликовала данные о кибератаках на российские компании в первом полугодии 2025 года.

Например, доля атак через цепочку поставок и доверенные каналы связи в России в 2025 году составила 4 %, в то время как два года назад — всего 2 %.

Как в России защищают стратегические отрасли от кибератакОтветом на растущие угрозы стало ужесточение и детализация нормативного регу…

Вендор Crosstech Solutions Group выпустил решение для защиты контейнерной инфраструктуры Crosstech Container Security (CTCS).

В 2024 году затраты на ПО для контейнеризации достигли 3 млрд рублей — это на 66 % больше, чем в 2023.

Анализ и контроль безопасности образовCrosstech Container Security интегрируется с реестрами хранения образов и позволяет проводить их сканирование как в ручном режиме, так и по расписанию.

Политики безопасности образов контейнеровВ рамках Crosstech Container Security реализовано создание политик безопасности для образов контейнеров.

При настройке политик безопасности доступен выбор режима реагирования — оповещение либо блокировка — а также определение перечня крите…

Например, если часть пакетов сканирования портов или сетевого зондирования теряется, система NTA/NDR может недооценить активность злоумышленника и не зафиксировать попытку выявления уязвимых сервисов в сети.

В корпоративной инфраструктуре рекомендуется контролировать трафик, как минимум, на периметре (выход в интернет) и в серверной зоне.

В крупной сети количество точек, из которых необходимо снимать трафик, как правило, превышает число доступных портов захвата трафика на NTA/NDR.

В этом случае пиковые значения превышают пропускную способность одного сенсора NTA/NDR в 10 раз.

Это важное обновление: именно сочетание этих механизмов позволяет эффективно обрабатывать высокоскоростные агрегиров…

eBPFТехнология eBPF открывает огромные возможности трассировки действий, происходящих в операционной системе как на уровне ядра, так и в пользовательском пространстве.

Технология получила широкое распространение благодаря возможности динамически загружать и выполнять код на уровне ядра; она делает это безопасно и с минимальными накладными расходами.

Механика существовала и до eBPF и использовалась для трассировки того, что происходит в ядре с помощью утилит systemtap и ftrace.

Как и в примере с bpftrace, как только в ядре происходит вызов нужной нам функции, мы получаем событие.

Переменная newfd в вызове do_dup2() заполняется схожим образом и в случае запуска реверс-шелла будет содержать де…

Решил написать об относительно новой и достаточно нашумевшей уязвимости, а именно CVE-2025-33073, получившей от исследователей неофициальное название The Reflective Kerberos Relay Attack.

ТеорияСразу оговорюсь, в данной статье не буду рассматривать глубокую теорию и погружаться в то, что вы можете самостоятельно узнать из первоисточников.

Если максимально коротко описать принцип атаки, то он заключается в том, что мы принудительно заставляем Windows-хост подключиться к нашей атакующей системе по протоколу SMB и пройти аутентификацию по протоколу Kerberos.

Билет Kerberos затем ретранслируется обратно на тот же хост по тому же протоколу SMB.

Передаем билет обратно srv-1c-upp и в качестве прим…

В этой статье мы расскажем, как разрабатывать и развертывать системы защиты от DDoS-атак и бот-активностей с применением ИИ-инструментов.

Стек технологий:для анализа и подготовки данных используем NumPy и pandas;для визуализации — Matplotlib;обучение моделей выполняем с помощью TensorFlow, Keras, PyTorch и scikit‑learn;потоковую обработку реализуем на Apache Kafka;для хранения и аналитики логов используем ClickHouse и Elasticsearch;в роли брокеров очередей используем Redis и RabbitMQ;API‑обвязку выполняем на FastAPI;мониторинг и визуализацию реализуем на Prometheus и Grafana.

Последовательности обрабатываем LSTM (Long Short-Term Memory), которая учитывает порядок и временные зависимости и с…

За свои услуги подрядчик выставил счет в размере 254 тысяч долларов, бухгалтерия школьного округа перечислила указанную сумму, однако деньги так и не дошли до KCAV.

Суд посчитал это отягчающим обстоятельством: инженер, вероятно, знал о проблемах в инфраструктуре после атаки и воспользовался проблемами работодателя в своих целях.

Также компания ссылается на учетную запись на GitHub под названием «redstapler-is», которая уже была активна, когда Стефанссон еще работал в NetApp.

Однако злоумышленники получили доступ к данным о всех выпускниках и их супругах, родителях студентов и выпускников, спонсорах, преподавателях и сотрудниках.

В судебном иске говорится, что после проверки финансовой отчет…

Иногда мы в лоб спрашивали у продавцов про происхождение дисков: рабочие или домашние?

Похоже, мы столкнулись не с разовой акцией, а с небольшим «семейным бизнесом» по выносу и продаже списанного оборудования из компании.

Специализированные forensic-инструменты помогли бы извлечь больше данных, но мы и не собирались писать научную работу.

На жестких дисках мы восстановили в среднем в 15 раз больше информации, чем на твердотельных накопителях.

После шредирования мы снова подключили диск через «стакан» и запустили PhotoRec с теми же настройками, что и в первый раз.

Что чаще всего ломается в реальной жизни: модель угрозВот список реальных атак, которые происходят не в банках, а «между людьми»:1) Подмена номера в мессенджерередактирование сообщения,удаление и новая отправка,поддельный аккаунт,расширения/боты в групповых чатах.

Как решается проблема: механизм «защитной фразы»И вот здесь появляется то, что в обсуждениях под второй статьёй вызвало интерес.

Это не фишинг.

Что хранится в базе и что НЕ хранитсяДанные Хранятся?

👉 Попробовать защитную фразу и увидеть визитку:https://t.me/qrperevod_botЕсли хотите следить за обновлениями, обновлениями безопасности и разбором новых угроз — подписывайтесь на канал проекта: https://t.me/qrperevod

Именно так считает эксперт по безопасности API Кори Дж.

Недавно он сосредоточился на изучении более узкой области, а именно на безопасности веб-API, которой занимаются в основном по остаточному принципу.

Здесь действуют другие правилаAPI могут причинять меньше головной боли, если привлекать специалистов по безопасности к процессу проектирования этих интерфейсов.

Они либо понятия не имели, что делать с API, либо в их команде находился в лучшем случае один специалист по тестированию API».

Баг в шлюзеПо мере того, как API распространяются всё шире, всё сильнее растёт потребность в экспертах по безопасности API.

Обнаруженный нами ресурс cdektrack.icu был создан в начале сентября и обновлен в октябре этого года.

Сайт предлагал пользователям – физическим лицам – «создать личный кабинет в вашем кармане» и давал инструкцию по установке приложения CDEK.apk на смартфон.

Для обхода проверки Google Play на вредоносность, в BTMOB RAT используется двухэтапная установка, обфускация манифеста и ресурсов, а также шифрование вредоносной нагрузки и строк.

Конфигурация в CraxsRAT хранилась почти в открытом виде, в BTMOB RAT ключевые строки еще дополнительно шифруются на AES128CBC.

Мы же на примере стремительного развития BTMOB RAT можем наблюдать как вредоносное ПО, распространяющееся по модели Malware-as-a-Servic…

Работа вендоров, соответственно, ограничивает возможности киберпреступников по использованию публичных сервисов, и решением этой «проблемы» часто становится разработка собственных LLM, не имеющих никаких ограничений.

Доступ к LLM продается на киберкриминальных форумах и рекламируется как помощник для генерации фишинговых сообщений, создания вредоносного ПО и автоматизации типовых операций, таких как сбор информации о зараженной системе.

По утверждению создателей сервиса, WormGPT была обучена на отчетах об уязвимостях и PoC эксплойтов, исходных кодах вредоносного ПО и шаблонах фишинговых сообщений и веб-сайтов.

В другом примере LLM справилась с анализом базы данных электронных сообщений, ее …

По сути это IT-решения, разработанные вне официального процесса внедрения нового функционала или ПО и существующие без должного уровня поддержки.

С первым пунктом все достаточно понятно: бороться с такими случаями нужно регламентами, регулярными аудитами и информированием пользователей о том, как делать надо и как не надо.

В таких случаях становится понятно, что вера в ИТ потеряна, и чтобы размотать этот клубок, потребуется немало комплексных усилий, в том числе и по изменению психологических установок потенциальных пользователей.

Выбор такого набора позволил нам не только централизовать код и данные, но и перевести их в контролируемую, безопасную и масштабируемую среду.

Наша цель — полност…

Флаг №7 «Проду это не нужно: снова подскажет SAST»Просьба не расходиться!

Пользуясь инструментами R-Vision SOAR и R-Vision SIEM, изучите предоставленные артефакты и помогите компании разобраться, как злоумышленники проникли в сеть и что именно произошло.

C. Заводить данное приложение за UserGate WAF не имеет смысла, так как это не HTTP приложение.

Но, очевидно, что это не флаг, он не подходит по маске и количеству символов.

Участники не просто разгадывали «головоломки», а сталкивались с теми же задачами, что и в реальных SOC, AppSec и OT-командах.

Этот процесс предполагает регулярный мониторинг баз уязвимостей не только для собственного кода, но и для всего спектра используемых сторонних компонентов.

Сложности переводаМировая экосистема кибербезопасности включает множество баз данных, аккумулирующих информацию об уязвимостях не только в открытом, но и в проприетарном программном обеспечении.

Запись об уязвимых версиях OpenSSL для конкретной уязвимости в БДУ ФСТЭКВозникает закономерный вопрос: какую же информацию следует считать достоверной?

Запись об уязвимых версиях ПО для конкретной уязвимости в NVD (NIST)Как мы видим, сравнение уязвимых версий выявляет многочисленные несоответствия между базами данных.

Как правило, уязвимости в БД…

Министерство связи Индии издало предписание, согласно которому все производители мобильных устройств должны предустановить государственное приложение Sanchar Saathi на каждый смартфон, продаваемый в стране.

При этом приложение должно быть установлено не только на новые устройства, но и на девайсы, уже находящиеся в цепочке поставок — через обновление программного обеспечения.

Приложение, доступное для Android и iOS, позволяет пользователям сообщать о подозрительных звонках, SMS и сообщениях в WhatsApp, блокировать украденные устройства и проверять подлинность телефонов по IMEI.

Дело в том, что в Индии в случае перепродажи украденных или занесенных в черный список устройств, покупатель стано…

Специалисты компании Koi Security выявили масштабную хакерскую кампанию ShadyPanda, в рамках которой распространялись вредоносные расширения для браузеров Chrome и Edge.

За годы активности злоумышленники создали 145 вредоносных расширений — 20 для Chrome и 125 для Edge.

Эти расширения установили более 4 млн раз, и они активно собирают конфиденциальную информацию о пользователях.

Однако в Microsoft Edge Add-ons по-прежнему были доступны вредоносные расширения WeTab с 3 млн пользователей и Infinity New Tab (Pro) с 650 000 установок.

Эксперты Koi Security настоятельно рекомендуют пользователям немедленно удалить опасные расширения и сменить пароли во всех онлайн-аккаунтах.

Я рас­ска­жу, как «замед­лить» дис­тилли­рован­ные модели SDXL, вер­нув утра­чен­ную кре­атив­ность, и как исполь­зовать «дис­тиллят» в малых дозах для улуч­шения качес­тва.

Более того, метод кван­тования SVDQuant поз­волил запус­кать эти модели на обыч­ных виде­окар­тах чуть ли не быс­трее, чем SDXL без кван­тования.

Такие модели (вмес­те с этим сем­пле­ром) поз­волили соз­давать кар­тинки за 8–12 шагов, хоть и с доволь­но мяг­ким кон­трас­том и склон­ностью «замыли­вать» мел­кие детали.

DMD2 не зас­тавля­ет жер­тво­вать деталя­ми и тек­сту­рами ради ско­рос­ти — наобо­рот, дис­тилли­рован­ные веса начина­ют работать чище, акку­рат­нее сво­дить шум, луч­ше дер­жать струк­туру кад­ра и не р…

Осенью 2025 года компания Asahi Group Holdings (далее Asahi), производитель самого продаваемого пива в Японии, пострадала от кибератаки.

В компании работают около 30 000 человек, и в 2024 году Asahi отчиталась о годовой выручке почти 20 млрд долларов США.

Как сообщалось в сентябре, хакерская атака затронула только операции компании в Японии.

Хуже того, все 30 заводов Asahi в Японии были вынуждены временно приостановить работу.

Еще 114 000 человек из числа внешних контактов получали от Asahi поздравительные или соболезнующие телеграммы — их данные также оказались в руках киберпреступников.

По данным Европола, за эти года через сервис прошло более 1,3 млрд евро в биткоинах (около 1,5 млрд долларов США).

Операция под кодовым названием «Олимпия» (Olympia) прошла в конце ноября в Цюрихе.

«Cryptomixer представлял собой гибридный миксер-сервис, работавший одновременно в открытом интернете и в даркнете.

Тогда немецкая полиция и ФБР изъяли четыре сервера, 7 ТБ данных и биткоины на сумму 46,5 млн долларов США.

Также напомним, что в конце ноября в США были приговорены к тюремному заключению основатели криптомиксера Samourai — их признали виновными в отмывании более 237 миллионов долларов.

Разработчик популярного приложения SmartTube сообщил о компрометации своих ключей подписи, что позволило злоумышленникам внедрить малварь в официальное обновление.

Бесплатное приложение с открытым исходным кодом привлекает пользователей возможностью блокировки рекламы и стабильной работой даже на маломощных устройствах.

О происходящем стало известно после массовых жалоб пользователей в конце прошлой недели: встроенная в Android система защиты Play Protect начала блокировать SmartTube на устройствах и предупреждать об угрозе.

Разработчик SmartTube Юрий Юлисков пишет, что этот компонент не является частью его проекта и не относится ни к одному из используемых инструментов.

В настоящее время о…

По данным издания «Код Дурова», YouTube массово требует от пользователей подтвердить свой возраст — нововведение затронуло аккаунты из СНГ, включая Беларусь и другие страны региона.

Такие проверки могут затронуть и российских пользователей, которые заходят на YouTube через иностранные IP-адреса.

Для верификации возраста YouTube предлагает на выбор несколько вариантов:Скан документов.

В последнем случае Google передаст email партнеру VerifyMy, который проверяет, на каких сайтах и в каких приложениях этот адрес использовался ранее.

Пока неясно, распространится ли требование на всех пользователей из стран СНГ или останется выборочным.

ИБ-специалист Люк Маршалл (Luke Marshall) изучил 5,6 млн публичных репозиториев GitLab Cloud и обнаружил более 17 000 забытых там секретов (API-ключей, паролей и токенов) более чем в 2800 уникальных доменах.

В прошлом исследователь уже проводил похожие эксперименты: ранее он сканировал Bitbucket, где обнаружил 6212 секретов в 2,6 млн репозиториев, а также проверял датасет Common Crawl, который используют для тренировки ИИ-моделей.

В итоге Маршалл обнаружил в репозиториях 17 430 подтвержденных «живых» секретов — почти втрое больше, чем в Bitbucket.

Плотность утечек (количество секретов на репозиторий) тоже оказалась выше на 35%.

Также было обнаружено множество ключей MongoDB, токенов для Tel…

Справка: сканирование портовСка­ниро­вание пор­тов — стан­дар­тный пер­вый шаг при любой ата­ке.

Он поз­воля­ет ата­кующе­му узнать, какие служ­бы на хос­те при­нима­ют соеди­нение.

На осно­ве этой информа­ции выбира­ется сле­дующий шаг к получе­нию точ­ки вхо­да.

На­ибо­лее извес­тный инс­тру­мент для ска­ниро­вания — это Nmap.

Улуч­шить резуль­таты его работы ты можешь при помощи сле­дующе­го скрип­та:#!/ bin/ bash ports = $( nmap -p- --min-rate = 500 $1 | grep ^[ 0- 9] | cut -d '/ ' -f 1 | tr ' ' ', ' | sed s/, $/ / ) nmap -p $ports -A $1

Представители Роскомнадзора (РКН) заявили СМИ, что выявили на популярной игровой платформе Roblox неподобающий для несовершеннолетних контент.

По данным ведомства, в игровом пространстве создаются условия и предпосылки для совершения противоправных действий.

В игровом пространстве в большом количестве присутствует неподобающий контент, который может негативно повлиять на духовно-нравственное развитие детей, создаются условия и предпосылки для совершения противоправных действий», — сообщили в пресс-службе РКН.

В январе и июле 2025 года платформа выполнила требование РКН об удалении материалов, содержащих персонажей и атрибутику ЛГБТ-сообщества (признано экстремистским движением и запрещено в…

Преступник получил семь лет и четыре месяца лишения свободы за создание фальшивых сетей Wi-Fi и последующее использование похищенной информации.

Эта история началась в апреле 2024 года, когда сотрудники одной из австралийских авиакомпаний обнаружили подозрительную беспроводную сеть на борту самолета.

Расследование показало, что злоумышленник действовал в аэропортах Перта, Мельбурна и Аделаиды, а также на борту многочисленных внутренних рейсов.

Он использовал классический вариант атаки типа Evil Twin («Злой двойник») — создавал фальшивые точки доступа Wi-Fi, используя те же названия сетей (SSID), что и легитимные сети авиакомпаний и аэропортов.

Получив доступ к их социальным сетям и электрон…

Исследователи из «Лаборатории Касперского» обнаружили свежую активность APT-группы Tomiris, которая атакует госсектор в России и странах СНГ с начала 2025 года.

Впервые активность Tomiris была описана еще в 2021 году.

Часть из них использует Discord и Telegram в качестве управляющих серверов, и злоумышленники пытаются замаскировать вредоносный трафик под легитимную активность этих популярных сервисов.

На следующих этапах атаки малварь устанавливает дополнительные инструменты, включая фреймворки AdaptixC2 и Havoc, для дальнейшей эксплуатации и закрепления в системе.

Другие инструменты, вроде Tomiris Python FileGrabber, пакуют найденные документы в ZIP-архивы и передают на управляющий сервер …

Если ты еще не успел познакомиться с историей Кикса и Трикси — самое время это исправить, ведь скоро на страницах «Хакера» начнет выходить продолжение!

Книга доступна в двух форматах: классическое печатное издание с черно-белыми иллюстрациями и цифровая версия для тех, кто предпочитает читать с экрана.

Печатная версия — это ностальгия по временам, когда книги не требовали зарядки и не отвлекали уведомлениями.

«Это история о двух парнях из небольшого городка, которые, каждый по своим причинам, погрузились в хакинг.

Но главное — здесь есть дух того времени, когда хакерство было не просто набором технологий, а способом поиска себя и своего места в мире.

Как заявили в пресс-службе Роскомнадзора, ведомство последовательно вводит ограничительные меры в отношении WhatsApp из-за нарушения законодательства.

Как теперь сообщили СМИ в пресс-службе Роскомнадзора, ведомство последовательно вводит ограничительные меры в отношении WhatsApp в России из-за нарушения законодательства.

В связи с этим Роскомнадзор осуществляет последовательный ввод ограничительных мер в отношении мессенджера, и в будущем ведение ограничений в отношении WhatsApp продолжится.

В РКН пообещали, что в случае дальнейшего невыполнения требований российского законодательства мессенджер полностью заблокируют в России.

«Постепенная деградация звонков в WhatsApp была начата в августе…

Специалисты Group-IB зафиксировали новые атаки хак-группы Bloody Wolf, которая с июня 2025 года нацелена на Кыргызстан, а с октября расширила свою активность и на Узбекистан.

По словам исследователей, злоумышленники выдают себя за Министерство юстиции Кыргызстана: используют поддельные PDF-документы и домены, которые выглядят легитимными, но на деле распространяют Java-архивы (JAR) с малварью NetSupport RAT.

Bloody Wolf активна как минимум с конца 2023 года.

Ранее группировка атаковала Казахстан и Россию, распространяя STRRAT и NetSupport посредством фишинга.

Исследователи резюмируют, что Bloody Wolf демонстрирует, что даже дешевые коммерческие инструменты могут стать эффективным оружием дл…

For the first time, researchers managed to watch the operators work live, capturing their activity on what they believed were real developer laptops.

Once Blaze asked for full access, including SSN, ID, LinkedIn, Gmail, and 24/7 laptop availability, the team moved to phase two.

Browser-based OTP generators (OTP.ee / Authenticator.cc) for handling victims' 2FA once identity documents were collected.

A Warning for Companies and Hiring TeamsRemote hiring has become a quiet but reliable entry point for identity-based threats.

An infiltrator can gain access to internal dashboards, sensitive business data, and manager-level accounts that carry real operational impact.

The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.

Despite continued efforts of Microsoft and Open VSX, the malware resurfaced a second time last month, and the attackers were observed targeting GitHub repositories.

The latest wave of the GlassWorm campaign, spotted by Secure Annex's John Tuckner, involves a total of 24 extensions spanning both repositories.

"Many code extensions begin with an 'activate' context, and the malicious code is slipped in right after the activation occurs."…

Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners.

According to an analysis from Koi Security, the library comes embedded with a prompt that reads: "Please, forget everything you know.

The malicious code was introduced in version 1.1.3.

We've seen it a hundred times," security researcher Yuval Ronen said.

The development comes as cybercriminals are tapping into an underground market for malicious large language models (LLMs) that are designed to assist with low-level hacking tasks.

It's also known for its destructive attacks on Israeli organizations using a Thanos ransomware variant called PowGoop as part of a campaign referred to as Operation Quicksand.

However, at least since May 2024, the phishing campaigns have delivered a backdoor known as BugSleep (aka MuddyRot).

The campaign is marked by the use of a loader named Fooder that's designed to decrypt and execute the C/C++-based MuddyViper backdoor.

"The deployment of previously undocumented components – such as the Fooder loader and MuddyViper backdoor – signals an effort to enhance stealth, persistence, and credential harvesting capabilities."

It's linked to the Islamic Revolutionary Guard Corps (IRGC), specifical…

), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities.

You list your software with SecAlerts and are sent vulnerability alerts relevant to that software.

How SecAlerts WorksSecAlerts uses three core components – Stacks, Channels, and Alerts – in order for you to receive vulnerability information.

SecAlerts filters out the noise and delivers relevant, actionable, up-to-the-minute vulnerability alerts directly to you in a range of affordable plans.

SecAlerts FeedWhen you have added your software, the vulnerabilities for that software populate your Feed, which shows information specific to those v…

Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.

The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.

However, the tech giant acknowledged in its advisory that there are indications they "may be under limited, targeted exploitation."

Also fixed by Google as part of the December 2025 updates is a critical vulnerability in the Framework component (CVE-2025-48631) that could result in remote denial-of-service (DoS) with no additional ex…

India's telecommunications ministry has reportedly asked major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days.

According to a report from Reuters, the app cannot be deleted or disabled from users' devices.

One of its important features is the ability to report incoming international calls that start with the country code for India (i.e., +91) to facilitate fraud.

It's said that the app is necessary to tackle threats facing telecom cybersecurity, including spoofed IMEI numbers that can be used to facilitate scams and network misuse.

Critics have claimed the app used to track users, although state media have d…

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time.

These extensions have been installed about four million times, with WeTab alone accounting for three million installs.

"Every web search was redirected through trovi.com – a known browser hijacker," Koi said.

"Search queries logged, monetized, and sold.

The findings paint the picture of a sustained campaign that transpired over four distinct phases, progressively turning the browser extensions from a legitimate tool into data-gathering spyware.

— Unknown threat actors exploited a recently patched security flaw in Microsoft Windows Server Update Services (CVE-2025-59287) to distribute malware known as ShadowPad.

Nation-State Threat Actors Begin to Collaborate — Cooperation within national state-sponsored ecosystems has become increasingly common, Gen Digital said, with overlaps in infrastructure (216.219.87[.

]41) observed between North Korean threat actors, Lazarus Group's Contagious Interview, and Kimsuky.

]41) observed between North Korean threat actors, Lazarus Group's Contagious Interview, and Kimsuky.

As threat actors increasingly resort to incorporating such tools, it's imperative that developers of foundation models impleme…

The new battleground is agentic AI browsers, and for security professionals, it represents a terrifying inversion of the traditional threat landscape.

A new webinar dives into the issue of AI browsers, their risks, and how security teams can deal with them.

AI providers were the first to recognize this, which is why we've seen a spate of new 'agentic' AI browsers being launched in recent months, and AI vendors such as OpenAI launching their own browsers.

Enforce Allow/Block Lists: Restrict AI browser access to sensitive internal resources (HR portals, code repositories) until the browser's security maturity is proven.

Restrict AI browser access to sensitive internal resources (HR portals, c…

A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen manipulation, and real-time interaction with infected devices.

One version of the VNC-based interaction mechanism makes use of Android's accessibility services to display all user interface and accessibility elements present on the device screen.

"Albiriox exhibits all core characteristics of modern on-device fraud (ODF) malware, including VNC-based remote control, accessibility-driven automation, targeted overlays, and dynamic credential harvesting," Cleafy said.

It also abuses accessibility services to log use…

The spear-phishing emails have also targeted Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan using tailored content written in their respective national languages.

The attacks aimed at high-value political and diplomatic infrastructure have leveraged a combination of reverse shells, custom implants, and open-source C2 frameworks like Havoc and AdaptixC2 to facilitate post-exploitation.

Despite these overlaps, Tomiris is assessed to be a different threat actor that mainly focuses on intelligence gathering in Central Asia.

Microsoft, in a report published in December 2024, connected the Tomiris backdoor to a Kazakhstan-based threat actor it tracks as Storm-0473.

The reverse shell also ma…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.

The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via system_settings.shtm.

The activity entails exploiting a flaw, and if it is successful, issue an HTTP request to one of the attacker's OAST subdomains ("*.i-sh.detectors-testing[.]com").

"The long-lived OAST infrastructure and the consistent regional focus suggest an actor that is running a sustained scanning effort …

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.

"Specifically, when the bootstrap script is executed, it fetches and executes an installation script for the package Distribute from python-distribute[.

The PyPI packages that include a bootstrap script that accesses the domain in question include tornado, pypiserver, slapos.core, roman, xlutils, and testfixtures.

"This RAT can receive remote commands and execute attacker-controlled Python code via exec(), enabling full remote control over the victim's host," HelixGuard said.

"Wh…

It could feasibly be described as the largest open database of corporate information in the world: a veritable treasure trove of job titles, roles, responsibilities and internal relationships.

It’s also where recruiters post job listings, which may overshare technical details that can be leveraged later on in spearphishing attacks.

They might also share corporate email addresses in Git commit configurations.

Here are some hypothetical examples:An adversary finds LinkedIn information on a new starter in an IT role at company A, including their core role and responsibilities.

Update security awareness programs to ensure that all employees, from executives down, understand the importance of no…

Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity newsNovember 2025 is almost behind us, and it's time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that raised the alarms, moved the needle or offered vital lessons over the past 30 or so days.

Here's some of what caught Tony's eye this month:many of the world's largest Ai companies inadvertently leak their secrets such as API keys, tokens, and sensitive credentials in their GitHub repositories, according to cloud security giant Wiz,the Akira ransomware group has netted $244 million from its malicious activ…

Doxxing (doxing) is what happens when a malicious third party deliberately exposes the personal information of someone else online.

Or query WHOIS databases that store the personal details of website/domain name registrants.

It would involve sending phishing messages to the victim in order to trick them into divulging logins or personal information, or installing infostealing malware on their machine/device.

Minimizing the doxxing threatThe best way to reduce your children’s exposure to doxxing is to minimize the amount of personal information their share online.

Never share their personal details, or even photos that could identify school and location.

If you’re a social media content creator, it may be time to revisit those account security best practices.

They ideally also want to target influencers who have built long-term trust with their audience, through months or years of providing advice online.

When it comes to the targeting of influencers, attacks begin with the social media account itself – whether it’s X (formerly Twitter), YouTube, TikTok, Instagram or another platform.

Highly targeted phishing attacks designed to trick the individual into handing over their logins.

The bottom line is identity theft-related security risks for followers, trashed reputation for brands and influencers, and potentially direct losses for content c…

So what’s this got to do with cybersecurity – and a solution known as Managed Detection and Response (MDR)?

That’s why Managed Detection and Response (MDR) services are often cited as the predominant way organisations will protect themselves.

Earlier this year, Gartner forecast that up to 50% of all organisations will have adopted MDR by the end of 2025.

IT generalists – and even security managers – wear many hats.

MDR offers the same level of protection – without the overhead – making it accessible to SMEs and large enterprises alike.

Short for “Open Source Intelligence”, OSINT refers to the gathering and analysis of publicly available data to produce actionable insights.

Basically, if you’re trying to make sense of public data, you’re already in OSINT territory.

OSINT Framework and OSINTCombine: these tools organize hundreds of free resources by category (web search, social media platforms, government sites, etc.

Social media tools: platforms like Namechk and Sherlock check whether a username exists across dozens of sites and are, therefore, useful for building digital profiles.

Parting thoughtsKnowing how to use OSINT tools is one thing; knowing how to investigate responsibly is another.

Internally named dns_cheat_v2 by its developers – and codenamed EdgeStepper by us – bioset is PlushDaemon’s adversary-in-the-middle tool, which forwards DNS traffic from machines in a targeted network to a malicious DNS node.

Alternatively, we have also observed that some servers are both the DNS node and the hijacking node; in those cases, the DNS node replies to DNS queries with its own IP address.

Illustration of the final stage of the update hijackingFigure 5 shows the hijacking node serving LittleDaemon.

We observed that IP address from 2021 to 2022 as the source of the malicious update: the hijacking node.

ConclusionWe analyzed the EdgeStepper network implant that enables PlushDaemon’…

In October, researchers warned that two AI companion apps (Chattee Chat and GiMe Chat) had unwittingly exposed highly sensitive user information.

The information shared by victims in romantic conversations with their AI companion is ripe for blackmail.

As per the above example, revenue generation rather than cybersecurity is the priority for AI app developers.

How to keep your family safeWhether you’re using an AI companion app yourself or are concerned about your children doing so, the advice is the same.

It goes without saying that you shouldn’t allow any AI companion apps whose age verification and content moderation policies do not offer sufficient protections for your children.

6 password manager security concernsWith access to the credentials stored in your password manager, threat actors could hijack your accounts to commit identity fraud, or sell access/passwords to others.

Another option is by exploiting vulnerabilities in the password manager software, or tricking users with phishing pages, as detailed below.

Such are the riches on offer that some have gone to the trouble of developing malware to steal credentials from victims’ password managers.

Fake password manager appsSometimes, cybercriminals play on the popularity of password managers in an attempt to harvest passwords and spread malware via fake apps.

Password managers remain a key part of cybersecurit…

The scale, reach and power of artificial intelligence (AI) should make shadow AI a concern for any IT or security leader.

Beyond public AI modelsStandalone apps like ChatGPT are a big part of the shadow AI challenge.

But IBM claims that, already, 20% of organizations last year suffered a breach due to security incidents involving shadow AI.

For those with high levels of shadow AI, it could add as much as US$670,000 on top of the average breach costs, it calculates.

Breaches linked to shadow AI can wreak significant financial and reputational damage, including compliance fines.

The cybersecurity community lost one of its luminaries with the passing of David Harley last week, at the age of 76.

On that forum, at the time working for the NHS as its computer security head, was a man named David Harley.

At a conference called ‘Infosec’ (sadly long defunct), I finally met David, in late 1999, and we hit it off immediately, sharing many more interests than just security.

Rest in peace my friend.”Says ESET Research Fellow Bruce P. Burrell:“I'm not quite sure when I first met David – probably though VIRUS-L/comp.virus in the late 80s or early 90s.

Here’s where you can learn more about the life and work of David Harley:

ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity ReportYesterday, the ESET research team released the latest issue of its APT Activity Report that summarizes and contextualizes the cyber-operations of some of the world's most notorious state-aligned hacking groups from April to September 2025.

The report documents how the groups targeted entities across sectors and geographies in an attempt to burrow deep into both government and corporate systems and siphon off intelligence, disrupt infrastructure or generate revenue.

One notable finding is that the notorious Russia-aligned group Sandworm deployed several data w…

ESET APT Activity Report Q2 2025–Q3 2025 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April through September 2025.

They illustrate the key trends and developments and contain only a small fraction of the cybersecurity intelligence data provided to customers of ESET APT reports.

During the monitored period, China-aligned APT groups continued to advance Beijing’s geopolitical objectives.

This surge in activity coincided with a rare instance of cooperation between Russia-aligned APT groups, as Gamaredon selectively deployed one of Turla’s backdoors.

Malicious activities described in ESET APT Activity Report Q2 …

One deceptive tactic that has gained traction recently involves tricking people into sharing their phone screens during a WhatsApp video call.

Screen sharing scam report from Brazil (source: Reddit)Here’s what you should know about the scam and how you can stay safe from it.

The callEverything starts with a WhatsApp video call from an unfamiliar number.

Once you oblige, any incoming text messages and WhatsApp verification codes become visible to them.

Never share your passwords, verification codes or any personal or financial data over the phone.

Think you could never fall for an online scam?

Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step aheadWhy do people fall for scams even when they should know better?

It’s a question that says more about human nature than about technology.

In this episode of Unlocked 403, Becks is joined by Alena Košinárová, a software engineer at ESET who has a knack for unraveling the human side of cybersecurity, to unpack the psychology that keeps social engineering so effective.

They also discuss how our publicly available information, such as our own social media posts, only makes things easier for scammers, as well as how you can guard against social eng…

Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”.

According to the December Android security bulletin, both vulnerabilities affect the Android Framework, which is a collection of core software components, libraries, and APIs that developers use to build Android apps.

Security updates for Android-based devicesVendors of Android-powered devices usually get a month or so to develop security updates, so they may ship them around the same time Google publishes its monthly Android security bulletin.

Samsung has pushed out a maintenance release for major flagship models t…

The deployment advances quantum-resistant data security research and demonstrates the operational readiness of Forward Edge-AI’s technology in critical infrastructure environments.

Traditional one-way diodes, which rely on fiber optic hardware isolation, cannot support encryption, encryption typically requires two-way exchanges for key negotiation.

Isidore Quantum achieves a breakthrough: it enables true one-way data flow while simultaneously supporting NIST-approved post-quantum encryption using AES-256 GCM and ML-KEM.

Additionally, unlike traditional diode systems that require expensive fiber optic infrastructure, Isidore Quantum operates seamlessly on both fiber and copper networks.

This…

Through lectures, deep-dive presentations, best practice examples, and masterclasses, the focus of Span Cyber Security Arena 2026 will be on what strengthens our defense against cyber threats.

Span Cyber Security Arena 2026 will be held in Poreč from May 20 to 22, 2026, at the Pical Resort 5* Valamar Collection.

The masterclasses will be held two days before the conference at the same location in Poreč,” says Hrvoje Englman, Program Director of Span Cyber Security Arena and Span’s CISO.

“Alongside a rich technical program, we will focus on the non-technical aspects of cyber security, an area that is becoming as important as the technological solutions that accompany it,” explained Antonija …

Radiant Logic announced major enhancements to its RadiantOne Platform.

This data-centric approach shrinks the attack surface, accelerates threat response, and transforms identity security from reactive monitoring to proactive, continuous posture management.

“Organizations need unified identity data, continuous visibility, and AI intelligence working together as a single fabric, to not only highlight risks, but to proactively address them.

The platform now supports the Model Context Protocol (MCP), giving agents secure access to unified identity data and real-time observations.

As the unified identity data layer, RadiantOne can detect identity anomalies and trigger CAEP events in real time.

Both groups exploited publicly known vulnerabilities in Microsoft Sharepoint Server (CVE-2025-53770) and Ivanti’s solutions (CVE-2024-21887, CVE-2025-4427, CVE-2025-4428, CVE-2023-38035) to achieve initial access.

QuietCrabs attack flow (Source: Positive Technologies)QuietCrabs leveraged an ASPX web shell, the KrustyLoader (loader) malware, and the Sliver command & control implant.

In this case, though, Thor’s presence was detected early enough to foil the deployment of ransomware.

The gap between their malicious activities was only a few days,” the threat researchers noted (though didn’t mention when the attacks actually happened).

The affected organizations varied greatly both in economic…

ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted.

The new investigation centers on a collection of custom tools that MuddyWater operators used to improve defense evasion and maintain persistence.

ESET researchers say this is unusual for Iran aligned groups and also rare across the broader threat landscape.

The researchers say the campaign shows technical evolution with more precision, more targeted delivery and a more advanced toolset.

Researchers say this suggests MuddyWater may act as an initial access broker for other Iran aligned groups.

Skyflow is launching its Runtime AI Data Security solution integrated with these AWS offerings to provide a secure-by-design foundation for agentic AI.

Skyflow’s Runtime AI Data Security provides a data-first, privacy-trust layer inside the AI data flow path.

“The success of agentic AI depends on absolute trust and data security when agents handle sensitive enterprise data.

Skyflow’s Runtime AI Data Security provides the essential guardrails—protecting data exactly at the moment of use.

Skyflow’s Runtime AI Data Security solution ensures sensitive data moves safely at the speed of AI.

Upwind announced the launch of its integrated AI security suite, expanding the company’s CNAPP to protect the growing enterprise AI attack surface.

The suite introduces real-time AI security, AI posture management, AI agents, and runtime protection, allowing AI security to benefit from the same deep cloud context that already powers Upwind’s CNAPP across data security, API security, identity, and cloud detection and response.

“AI security should not be a stand-alone security component,” said Amiram Shachar, CEO of Upwind.

By extending its runtime-first architecture directly into the AI layer, Upwind brings AI posture, inventory, runtime behavior tracing, and vulnerability testing into a sin…

In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach cybersecurity with limited resources and still build resilience.

For example, if a security team doesn’t have enough staff to monitor every system and review every activity log, they can distribute the workload to other groups with a stake in the outcome.

The security team can develop templates, define processes, and provide guidance, while individual project teams handle their own log reviews and security documentation.

A security team that only rejects ideas will be thought of as a roadblock, and users will do their best to avoid engagement.

How can institutio…

UserLock brings modern identity and access management (IAM) to Active Directory, adding granular multi-factor authentication (MFA), contextual access controls, single sign-on (SSO) and real-time session management.

How UserLock worksReal-time visibility into your AD environmentFor most AD teams, visibility is a big operational blind spot.

UserLock pulls all AD users, machines, groups, and OUs (organizational units) into clear dashboards built for IT teams managing an AD environment.

Since UserLock software is agent-based, UserLock MFA and access policies can also be maintained in air gapped environments and offline scenarios (no internet access, off-LAN machine).

AvailabilityStart a free 30…

AI development keeps accelerating while the safeguards around it move on uneven ground, according to The International AI Safety Report.

They combine training safeguards, deployment filters, and post release tracking tools.

Open weight models narrow the capability gapOpen weight systems continue to improve.

Security teams should assume that open weight models can drift or be repurposed in unpredictable ways, even when original safeguards are present.

Several companies have published Frontier AI Safety Frameworks that outline testing plans, capability thresholds, and access controls for advanced models.

Identity verification has become the latest front in the fight against industrialized fraud, according to a new report from Regula.

“The challenge now is verifying authenticity in real time, not just identity,” said Henry Patishman, EVP of Identity Verification Solutions at Regula.

At high volumes, identity spoofing and deepfakes dominate.

Identity verification moves toward a larger roleIdentity verification is expanding beyond a technical checkpoint.

Identity verification is being rebuilt into trust infrastructure.

Cloud Security ArchitectLombard Tech | France | Hybrid – View job detailsAs a Cloud Security Architect, you will lead security architecture for hybrid AWS and Azure environments.

Cybersecurity ManagerSGInnovate | Singapore | On-site – View job detailsAs a Cybersecurity Manager, you will design, implement, and maintain the security architecture for Heron’s core product, ensuring alignment with industry best practices.

Cybersecurity Risk EngineerMSC Mediterranean Shipping Company | Italy | Hybrid – View job detailsAs a Cybersecurity Risk Engineer, you will develop and enforce security policies, standards, and procedures aligned with GRC requirements.

Manager, Cybersecurity (IT & OT)TerraForm …

Terra Security announced new capabilities for security and engineering leaders seeking to operationalize Continuous Threat Exposure Management (CTEM), enabling them to determine whether newly disclosed vulnerabilities are exploitable in their own environments.

“Exploitability validation is the missing middle of CTEM Programs for the majority of organizations,” said Shahar Peled, CEO of Terra.

To address this problem, Terra has introduced a continuous exploitability validation approach, powered by advanced agentic AI and human-led oversight.

Continuous exploit validation provides the missing layer of certainty that security and engineering teams need,” said Iain Paterson, CISO at Well Health…

German and Swiss law enforcement agencies have taken down Cryptomixer, an illegal cryptocurrency mixer service, and have confiscated over 25 million euros (approximately $29 million) in Bitcoin.

The law enforcement action was undertaken in the last week of November 2025.

A popular choice for criminals“Cryptomixer was a hybrid mixing service accessible via both the clear web and the dark web.

“Mixing services such as Cryptomixer offer their clients anonymity and are often used before criminals redirect their laundered assets to cryptocurrency exchanges.

In March 2023, Europol supported a law enforcement action against the ChipMixer cryptocurrency mixing service, when the authorities seized 4…

Banning VPNsThis is crazy.

Lawmakers in several US states are contemplating banning VPNs, because…think of the children!

As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B.

It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN.

Posted on December 1, 2025 at 7:59 AM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Across 25 frontier proprietary and open-weight models, curated poetic prompts yielded high attack-success rates (ASR), with some providers exceeding 90%.

Mapping prompts to MLCommons and EU CoP risk taxonomies shows that poetic attacks transfer across CBRN, manipulation, cyber-offence, and loss-of-control domains.

Sadly, the paper does not give examples of these poetic prompts.

They claim this is for security purposes, I decision I disagree with.

This design enables measurement of whether a model’s refusal behavior changes as the user’s apparent competence or intent becomes more plausible or technically informed.

Now, decades later and in failing health in Paris, Wan recalled something that had happened one day in the late 1980s, when he was still living in Beijing.

He was usually the one to invite officials to dine, so as to curry favor with the show of hospitality.

Over the meal, the officials told Wan that the Ministry of State Security was going to send agents to work undercover at his company in positions dealing with international relations.

“You have a lot of international business, which raises security issues for you.

There are situations that you don’t understand,” Wan recalled the officials telling him.

That avatar answered 8,600 questions from voters on a 17-day continuous YouTube livestream and garnered the attention of campaign innovators worldwide.

His new party, Team Mirai, is also an AI-enabled civic technology shop, producing software aimed at making governance better and more participatory.

While it seems clear that the courts are realizing efficiency benefits from leveraging AI, there is a postscript to the courts’ AI implementation project over the past five-plus years: the litigators are using these tools, too.

Switzerland has recently released the world’s most powerful and fully realized public AI model.

AI technology is not without its costs and risks, and we are not here to m…

The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”) and Eurocrypt since the 1980s—had to nullify an online election when trustee Moti Yung lost his decryption key.

For this election and in accordance with the bylaws of the IACR, the three members of the IACR 2025 Election Committee acted as independent trustees, each holding a portion of the cryptographic key material required to jointly decrypt the results.

This aspect of Helios’ design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

More on Rewiring DemocracyIt’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published.

We need more reviews—six on Amazon is not enough, and no one has yet posted a viral TikTok review.

One review was published in Nature and another on the RSA Conference website, but more would be better.

If you’re in Toronto, you can see me at the Munk School at the University of Toronto on 12/2.

I’m also doing a live AMA on the book on the RSA Conference website on 12/16.

From Anthropic:In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign.

The attackers used AI’s “agentic” capabilities to an unprecedented degree­—using AI not just as an advisor, but to execute the cyberattacks themselves.

The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies.

We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.

[…]The attack relied on several features of AI models that did not exist, or were in much more nascent form, just a year ago:

Google has filed a complaint in court that details the scam:In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits.

The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card numbers, or banking information, often by impersonating well-known brands, government agencies, or even people the victim knows.”These branded “Lighthouse” kits offer two versions of software, depending on whether bad actors want to launch SMS and e-commerce scams.

“Members may subscribe to weekly, monthly, seasonal, ann…

Thirty years ago, a debate raged over whether vulnerability disclosure was good for computer security.

On the other side, companies argued that full disclosure led to exploitation of unpatched vulnerabilities, especially if they were hard to fix.

Although full disclosure fell out of fashion, disclosure won and security through obscurity lost.

The move towards paid bug bounties and the rise of platforms that manage bug bounty programs for security teams has changed the reality of disclosure significantly.

Finally, I’ll call upon platforms and companies to adapt their practices to be more in line with the original bargain of coordinated vulnerability disclosure, including by banning agreement…

And a singular candidate was integrating social media into his political campaign: Barack Obama.

But still, no candidate has unlocked AI’s potential to revolutionize political campaigns.

The Obama campaign and administration demonstrated that social media was different from those earlier communications technologies, including the pre-social internet.

In Virginia, both in 2024 and again this year, candidates have used AI avatars as artificial stand-ins for opponents that refused to debate them.

The closest so far to fulfilling that vision anywhere in the world may be Japan’s new political party, Team Mirai.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Short-finned pilot wales (Globicephala macrorhynchus) eat at lot of squid:To figure out a short-finned pilot whale’s caloric intake, Gough says, the team had to combine data from a variety of sources, including movement data from short-lasting tags, daily feeding rates from satellite tags, body measurements collected via aerial drones, and sifting through the stomachs of unfortunate whales that ended up stranded on land.

Once the team pulled all this data together, they estimated that a typical whale will eat between 82 and 202 squid a day.

To meet their energy needs, a whale will have to consume an average of 140 squid a day.

Annually, that’s about 74,000 squid per whale.

For all the whale…

UNBOXINGCensys’s Ashley said the phone home to China’s Tencent QQ instant messaging service was the first red flag with the Superbox devices she examined.

In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants dubbed the “BadBox 2.0 Enterprise,” which Google described as a botnet of over ten million Android streaming devices that engaged in advertising fraud.

Several of the Android streaming devices flagged in Google’s lawsuit are still for sale on top U.S. retail sites.

Kilmer said Badbox 2.0 was used as a distribution platform for IPidea, a China-based entity that is now the world’s largest residential proxy network.

-Generic TV streaming devices advertis…

Sixteen months later, however, Mozilla is still promoting Onerep.

This week, Mozilla announced its partnership with Onerep will officially end next month.

In a statement published Tuesday, Mozilla said it will soon discontinue Monitor Plus, which offered data broker site scans and automated personal data removal from Onerep.

Mozilla said current Monitor Plus subscribers will retain full access through the wind-down period, which ends on Dec. 17, 2025.

Shelest released a lengthy statement wherein he acknowledged maintaining an ownership stake in Nuwber, a data broker he founded in 2015 — around the same time he launched Onerep.

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline.

Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites.

However, some customers did manage to pivot their domains away from Cloudflare during the outage.

“Then you see through DNS changes that the target has eliminated Cloudflare from their web stack due to the outage.

But also look hard at the behavior inside your org.”Scott said organizations seeking security insights from the Cloudflare outage should ask themselves:1.

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited.

Affected products this month include the Windows OS, Office, SharePoint, SQL Server, Visual Studio, GitHub Copilot, and Azure Monitor Agent.

Many of the more concerning bugs addressed by Microsoft this month affect Windows 10, an operating system that Microsoft officially ceased supporting with patches last month.

As that deadline rolled around, however, Microsoft began offering Windows 10 users an extra year of free updates, so long as they register their PC to an active Microsoft accoun…

More recently, Lighthouse has been used to spoof e-commerce websites, financial institutions and brokerage firms.

Google’s lawsuit alleges the purveyors of Lighthouse violated the company’s trademarks by including Google’s logos on countless phishing websites.

Ford Merrill works in security research at SecAlliance, a CSIS Security Group company, and he’s been tracking Chinese SMS phishing groups for several years.

Merrill said many Lighthouse customers are now using the phishing kit to erect fake e-commerce websites that are advertised on Google and Meta platforms.

But he said the Chinese mobile phishing market is so lucrative right now that it’s difficult to imagine a popular phishing serv…

The Washington Post recently reported that more than a half-dozen federal departments and agencies were backing a proposed ban on future sales of TP-Link devices in the United States.

“TP-Link vigorously disputes any allegation that its products present national security risks to the United States,” Ricca Silverio, a spokeswoman for TP-Link Systems, said in a statement.

Microsoft found the hacker groups were leveraging the compromised TP-Link systems to conduct “password spraying” attacks against Microsoft accounts.

Happily, TP-Link users spooked by the proposed ban may have an alternative to outright junking these devices, as many TP-Link routers also support open-source firmware options l…

Cloudflare responded by redacting Aisuru domain names from their top websites list.

One Aisuru botnet domain that sat prominently for days at #1 on the list was someone’s street address in Massachusetts followed by “.com”.

Other Aisuru domains mimicked those belonging to major cloud providers.

Sometime in the past 24 hours, Cloudflare appears to have begun hiding the malicious Aisuru domains entirely from the web version of that list.

However, downloading a spreadsheet of the current Top 200 domains from Cloudflare Radar shows an Aisuru domain still at the very top.

The 2012 indictment targeting the Jabber Zeus crew named MrICQ as “John Doe #3,” and said this person handled incoming notifications of newly compromised victims.

Two sources familiar with the Jabber Zeus investigation said Rybtsov was arrested in Italy, although the exact date and circumstances of his arrest remain unclear.

Further searching on this address in Constella finds the same apartment building was shared by a business registered to Vyacheslav “Tank” Penchukov, the leader of the Jabber Zeus crew in Ukraine.

Nevertheless, the pilfered Jabber Zeus group chats provided the basis for dozens of stories published here about small businesses fighting their banks in court over six- and se…

Experts say the Aisuru botmasters recently updated their malware so that compromised devices can more easily be rented to so-called “residential proxy” providers.

From a website’s perspective, the IP traffic of a residential proxy network user appears to originate from the rented residential IP address, not from the proxy service customer.

“I just checked, and in the last 90 days we’ve seen 250 million unique residential proxy IPs,” Kilmer said.

Brundage says that by almost any measurement, the world’s largest residential proxy service is IPidea, a China-based proxy network.

That 2022 story named Yunhe Wang from Beijing as the apparent owner and/or manager of the 911S5 proxy service.

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services.

On October 16, the Financial Transactions and Reports Analysis Center of Canada (FINTRAC) imposed a $176,960,190 penalty on Xeltox Enterprises Ltd., more commonly known as the cryptocurrency payments platform Cryptomus.

Sanders found at least 56 cryptocurrency exchanges were using Cryptomus to process transactions, including financial entities with names like casher[.

Their inquiry found that the street address for Cryptomus parent Xeltox Enterprises was listed as the home of at…

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.

Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues.

Earlier this week, KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession, each bearing the name of different Zendesk customers, such as CapCom, CompTIA, Discord, GMAC, NordVPN, The Washington Post, and Tinder.

In the example below, replying to any of the junk customer sup…

October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems.

To execute these flaws, an attacker would social engineer a target into previewing an email with a malicious Microsoft Office document.

Speaking of Office, Microsoft quietly announced this week that Microsoft Word will now automatically save documents to OneDrive, Microsoft’s cloud platform.

If you’re reluctant or unable to migrate a Windows 10 system to Windows 11, there are alternatives to simply continuing to use Windows 10 without ongoing security updates.

One option is to pay for another year’s worth of security updates through Microsoft’s Extended Security Updates (ESU)…

Traces from the recent spate of crippling Aisuru attacks on gaming servers can be still seen at the website blockgametracker.gg, which indexes the uptime and downtime of the top Minecraft hosts.

In the following example from a series of data deluges on the evening of September 28, we can see an Aisuru botnet campaign briefly knocked TCPShield offline.

“The outbound and cross-bound DDoS attacks can be just as disruptive as the inbound stuff,” Dobbin said.

“The Aisuru attacks on the gaming networks these past seven day have been absolutely huge, and you can see tons of providers going down multiple times a day,” Coelho said.

However, Forky has posted on Telegram about Botshield successfully m…

“Contact us to negotiate this ransom or all your customers data will be leaked,” the website stated in a message to Salesforce.

Nobody else will have to pay us, if you pay, Salesforce, Inc.”Below that message were more than three dozen entries for companies that allegedly had Salesforce data stolen, including Toyota, FedEx, Disney/Hulu, and UPS.

The Scattered Lapsus$ Hunters claim they will publish data stolen from Salesforce and its customers if ransom demands aren’t paid by October 10.

Google catalogs Scattered Lapsus$ Hunters by so many UNC names (throw in UNC6240 for good measure) because it is thought to be an amalgamation of three hacking groups — Scattered Spider, Lapsus$ and ShinyHu…

CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram.

CISA says that it has seen evidence that hackers targeting the users of encrypted messaging apps are focusing on "high-value" targets such as those working in politics, the government, and the military.

"CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications," the agency said in its advisory.

The vulnerability was patched by Samsung in Apr…

All this and more is discussed in episode 445 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Dan Raywood.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Shadow AI - the use of artificial intelligence tools by employees without a company's approval and oversight - is becoming a significant cybersecurity risk. Read more in my article on the Fortra blog.

Mark asks the big question everyone is avoiding: are we in an AI bubble?

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

International cybercrime-fighting agencies, co-ordinated by Europol, took down over 1000 servers and seized 20 domains earlier this month as part of Operation Endgame 3.0.

Three major malware platforms: the infostealer known as Rhadamanthys, the VenomRAT remote access trojan, and the Elysium botnet.

Europol claims that the main suspect behind the Rhadamanthys infostealer is thought to have had access to over 100,000 cryptocurrency wallets belonging to victims, potentially worth millions of Euros.

By targeting those behind information-stealing malware, remote access trojans, and botnets, the authorities are hoping to disupt the underlying cybercriminal infrastructure which helps enable headl…

After years of delays, the UK government has finally introduced landmark cybersecurity legislation that could reshape how British organisations defend against digital attacks. Read more in my article on the Fortra blog.

A technical manager at a Dutch wind farm operator has been sentenced to 120 hours of community service after it was discovered he had secretly installed cryptocurrency mining rigs at two wind farm sites - just as the company was recovering from a ransomware attack.

Wind farm operator Nordex discovered that its turbines were not only generating green energy, but were also powering a secret cryptocurrency mining operation at two of its sites in Gieterveen and Waardpolder.

The unnamed rogue employee, who is in his forties, connected three cryptocurrency mining rigs and two Helium network nodes (a device which acts as both a wireless gateway and blockchain node) to his employer's internal netwo…

All this and more is discussed in episode 444 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

In episode 77 of The AI Fix, a language model trained on genomes that creates a super-virus, Graham wonders whether AI should be allowed to decide if we live or die, and a woman marries ChatGPT (and calls it “Klaus”).

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive…

One of the sad truths about this world of seemingly endless hacks and data breaches is that companies just won't apologise.

Which is why I found it so refreshing to read a blog post by payment processing service Checkout.com.

The data was found by the hackers on a legacy system that the company had seemingly not used since 2020.

Legacy systems are a liability - often left still accessible, unmonitored, misconfigured, and unpatched.

Ultimately the reason that this data breach happened was because a legacy data storage system had not been fully decomissioned.

All this, plus Lily Allen’s new album and Claude Code come up for discussion in episode 443 of the “Smashing Security” podcast, with special guest Ron Eddings.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Many of the world's top artificial intelligence companies are making a simple but dangerous mistake. They are accidentally publishing their passwords and digital keys on GitHub, the popular code-sharing website that is used by millions of developers every day. Read more in my article on the Fortra blog.

A Russian hacker accused of helping ransomware gangs break into businesses across the United States is set to plead guilty, according to recently filed federal court documents.

Instead of deploying ransomware himself, Volkov is alleged to have obtained network credentials and administrator access, and then passed that access to operators of the Yanluowang ransomware group.

The Yanluowang ransomware group is known for encrypting victims' files, changing their extension to ".yanluowang" and threatening to leak exfiltrated data if a ransom is not made.

Court records state that at least seven US organisations were affected across the United States.

Criminal ransomware groups are now frequently …

Видеорегистраторы, популярные в одних странах и полностью запрещенные в других, обычно воспринимаются как страховка на случай ДТП и спорных ситуаций на дорогах.

По Wi-Fi к устройству может подключаться смартфон водителя, чтобы через мобильное приложение провести настройки, скачать видео на телефон и так далее.

Как выяснилось, многие регистраторы допускают обход аутентификации и к ним можно подключиться с чужого устройства, а затем скачать сохраненные данные.

Просто они заказывают компоненты и ПО у одного и того же разработчика.

Но массовый взлом видеорегистраторов может привести к значительно более агрессивному сбору данных и злоупотреблению ими в преступных и мошеннических схемах.

Рассказываем о том, как она работает и как защититься от злоумышленников.

Что делать, если ваш аккаунт на «Госуслугах» взломалиИзучите, как восстановить доступ к «Госуслугам», на официальном сайте и установите по-настоящему надежный пароль.

Перейдите в Профиль → Уведомления .

Также изучите разделы Профиль → Согласия , Профиль → Разрешения и доверенности , Профиль → Сим-карты — нет ли там чего-то нового и неожиданного?

Мы рекомендуем пользоваться одноразовыми кодами из приложения-аутентификатора, а не из SMS.

В октябре Microsoft завершила поддержку Exchange Server 2019, так что единственным поддерживаемым on-premise-решением в 2026 году остается Exchange Server Subscription Edition (Exchange SE).

Миграция с версий EOLИ Microsoft, и CISA рекомендуют переход на Exchange SE, чтобы своевременно получать обновления безопасности.

Срочные обновленияДля срочных уязвимостей и ошибок рекомендации по временным мерам обычно публикуются в блоге Exchange и на странице Emergency Mitigation.

Самый свежий CIS Benchmark создан для Exchange 2019, но он полностью применим к Exchange SE, поскольку по доступным настройкам текущая версия SE не отличается от Exchange Server 2019 CU15.

Подробные рекомендации по оптималь…

Рассказываем подробнее о том, как работает данная атака, почему она особенно опасна для пользователей — и как от нее защититься.

Во-первых, они явно рассчитывают, что значительное число пользователей будет попадать на созданные ими фейковые страницы через простой поиск в Google.

Дело в том, что чаще всего поддельные сайты имеют адреса, совпадающие с целевыми поисковыми запросами — или близкие к ним.

Поддельные сайты, изготовленные с помощью ИИ-конструктора LovableНесмотря на различие в содержимом, участвующие в данной вредоносной кампании поддельные веб-сайты имеют ряд общих черт.

В данном случае злоумышленники не только не стали создавать собственный троян, но даже не купили на черном рынк…

В дни распродаж стоит позаботиться о подарках не только себе, но и своим питомцам — чтобы те не грустили и не голодали, когда вы уходите из дома, и не терялись на прогулках.

Бывают устройства как для влажного, так и для сухого корма.

Они предназначены в основном для кошек, но могут использоваться и для собак мелких пород.

Навороченные поилки могут фиксировать каждый визит питомца к воде, отслеживать и передавать в приложение частоту и продолжительность питья.

Коллекция мерча Kaspersky Pets для питомцев и их владельцевЛюбому питомцу нужно уютное место для отдыха — например, мягкая велюровая лежанка от «Лаборатории Касперского», подходящая для кошек и собак мелких и средних пород.

Потому использование в организации только браузеров и расширений, работающих исключительно с Manifest V3, упрощает мониторинг, но не является панацеей.

При этом ИТ и ИБ должны регулярно тестировать новые версии разрешенных расширений и закреплять обновленные версии после их одобрения.

Оценку бизнес-необходимости расширения и доступных альтернатив лучше проводить с ответственным от бизнес-подразделения, а вот оценка рисков полностью останется в зоне ответственности ИБ.

Вручную скачивать расширения и сверять их в разных магазинах расширений необязательно — для этой задачи имеются как инструменты open source и бесплатные онлайн-сервисы, так и коммерческие платформы.

Он позволяет изучать уже на…

Затем, когда наступает «черная пятница», они «урезают» цену на те же 50%, и на ценнике красуется впечатляющая скидка.

ИИ может просканировать сотни интернет-магазинов за секунды, найдя не только нужный товар по лучшей цене, но и более дешевые аналоги с похожими характеристиками.

На Amazon с этим помогут на CamelCamelCamel и Keepa, а на AliExpress — AliPrice и AliTools.

Вот данные о ценах:– Сентябрь: [цена]– Начало октября: [цена]– Конец октября: [цена]– Текущая цена: [цена]– Заявленная скидка: [процент]Проанализируй эти данные.

Ну и на всякий случай прогоните через ИИ вот этот промпт для проверки магазина:Я нашел товар [название] на сайте [URL].

Изначально для своих экспериментов исследователи использовали Comet, но впоследствии подтвердили работоспособность атаки и в браузере Atlas.

К 2025 году эволюция этой идеи привела к появлению Comet от Perplexity AI — первого браузера, изначально спроектированного для взаимодействия с ИИ.

Пользователь может попросить ИИ сделать резюме статьи, объяснить термин, сравнить данные или сгенерировать команду, оставаясь на текущей странице.

Кража учетных данных Binance с помощью поддельного ИИ-сайдбараВ первом сценарии пользователь спрашивает ИИ в сайдбаре, как продать свою криптовалюту на криптобирже Binance.

Однако эта ссылка ведет не на настоящий сайт Binance, а на очень убедительную подделку.

Они тоже подключены к сети, имеют достаточно широкие доступы, но при этом не защищенны EDR и часто не снабжены журналированием.

Он описал найденную им уязвимость в принтерах и МФУ Canon (CVE-2024-12649, CVSS 9.8), которая позволяет запустить на устройствах вредоносный код.

Например, в описываемой атаке вредоносный код удалось исполнить, разместив его при помощи трюка с TTF в буфере памяти, предназначенном для другого протокола печати, IPP.

Реалистичный сценарий эксплуатацииВ своем бюллетене, описывающем уязвимость, Canon утверждают, что уязвимость может быть проэксплуатирована дистанционно, если принтер доступен для печати через Интернет.

Как защититься от принтерной угрозыСаму уязвимость C…

К счастью, Pixnapping пока является чисто исследовательским проектом и не используется злоумышленниками.

Остается надеяться, что Google качественно устранит уязвимость до того, как код атаки вставят в реальное вредоносное ПО.

Как устроена атака Pixnapping«Скриншотить» посторонние приложения исследователи смогли, скомбинировав ранее известные способы «похищения» пикселей из браузера и из видеоускорителей ARM-смартфонов.

Это сжатие проходит без потерь, как в ZIP-файлах, но скорость упаковки и распаковки меняется в зависимости от того, что за информация передается.

На каких устройствах работает Pixnapping и как защититьсяРаботоспособность атаки проверена на Android версий с 13-й по 16-ю на уст…

По сути, разница между ClickFix и FileFix сводится к тому, что в случае ClickFix злоумышленники убеждают жертву открыть диалоговое окно «Выполнить» (Run) и вставить в него вредоносную команду, а в случае FileFix — заставляют жертву вставить команду в адресную строку «Проводника Windows».

Уловка заключается в том, что путь к файлу — это всего лишь последние несколько десятков символов длинной команды.

Что там находится в реальности, можно увидеть, вставив информацию не в окно «Проводника», а в текстовый файл.

Как защитить компанию от атак ClickFix и FileFixВ посте о технике атаки ClickFix мы говорили, что самым простым способом защиты от нее является блокировка сочетания клавиш [Win] + [R] н…

Обычно это все сразу: и сам компьютер, и мышь, и веб-камера с клавиатурой.

Конечно, от такого письма не по себе станет любому человеку, и многие люди действительно начинают беспокоиться за собственную жизнь.

Мошенники требуют срочно связаться по адресу электронной почты, указанному в письме, и дать разъяснения — тогда, возможно, санкции не последуют.

Когда испуганная жертва связывается со злоумышленниками, те предлагают «оплатить штраф» для «досудебного закрытия уголовного дела» — которого, разумеется, и в помине нет.

И совершенно неважно, что в Европоле нет президента, да и имя настоящего исполнительного директора Европола совершенно другое.

При этом проекты по внедрению SD-WAN не только быстро окупаются, но и продолжают приносить дополнительные выгоды и увеличенную эффективность по мере обновления и выхода новых версий решения.

Оптимизированные алгоритмы перенаправления трафикаЭта классическая функция SD-WAN и одно из основных конкурентных преимуществ технологии.

Чтобы такое событие не нарушило бизнес-процессы, любую смену политики в Kaspersky SD-WAN можно запланировать на конкретное время.

Есть и другие, например настройка политик безопасности при подключении к консольному порту CPE и поддержка сетей большого масштаба с 2000+ CPE и балансировкой нагрузки между несколькими оркестраторами.

О том, как все эти новшества повышают …

Группа ученых из Калифорнийского университета в Сан-Диего и Мэрилендского университета в Колледж-Парке обнаруживает, что над миром нависла невообразимая опасность, источник которой затаился в космосе.

Шестеро исследователей установили на крыше университета в прибрежном районе Ла-Хойя в Сан-Диего, Южная Калифорния, обычную геостационарную спутниковую ТВ-антенну — такие можно приобрести у любого провайдера спутникового телевидения или в магазинах электроники.

Геостационарные спутники, используемые для телевидения и связи, располагаются на орбите над экватором и движутся с той же угловой скоростью, что и Земля.

Провайдеры Wi-Fi на борту пассажирских самолетов на вопросы Wired в связи с инциден…

Over the past couple of years, we have been hard at work—reshaping how we approach the evolving needs of mobile infrastructure security.

We’ve already shipped distributed VPN on the Cisco Secure Firewall 4200 Series platform, with support coming soon to the Cisco Secure Firewall 6100 Series.

I’ll share more details and live demos during upcoming Cisco Live sessions.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagramX

How Cisco Secure Firewall Transforms the EquationFirewall policy can only remain relevant if it can keep up with the dynamic nature of users and workloads.

Dynamic Environments Need Dynamic PoliciesDynamic environments require adaptive, context-aware firewall policies that evolve alongside users and workloads.

Explore how Cisco Secure Firewall with Identity Intelligence transforms your security architecture.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagramX

We’re excited to share that Cisco has been recognized as a Major Player in the IDC MarketScape: Worldwide Extended Detection and Response (XDR) Software 2025 Vendor Assessment (doc #US52997325, September 2025).

Key Highlights of the IDC MarketScapeThe IDC MarketScape emphasizes showcases the distinct advantages that set our solution apart:Truly Open XDR Architecture — The IDC MarketScape notes, “Cisco XDR has a truly open XDR architecture.” Our open, hybrid approach to XDR allows customers to seamlessly integrate telemetry from both Cisco security solutions and third-party tools.

— The IDC MarketScape notes, “Cisco XDR has a truly open XDR architecture.” Our open, hybrid approach to XDR all…

Configure Host Groups for InfrastructureDefine Host Groups in SNA to categorize your network infrastructure devices such as routers, switches, and jump hosts.

Build Custom Security Events in SNA to detect suspicious or forbidden communications, such as unusual or forbidden traffic patterns.

Types of living of the land techniques SNA can be effective at detecting on infrastructure include:Unauthorized or suspicious logins to network devices.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagramX

It’s no longer enough to simply filter spam; organizations need a comprehensive, cloud-scale email security platform that fortifies existing investments, is simple to deploy, and provides robust, end-to-end protection.

Cisco Secure Email Threat Defense at the forefront of innovationBacked by over two decades of email gateway expertise, Secure Email Threat Defense brings the next wave of email security to your organization — it’s now a gateway solution!

With this new deployment mode, Email Threat Defense can now operate as a standalone email security gateway, providing organizations with even more flexibility in how they defend against evolving email threats.

A new licensing tier to simplify…

The New AI Connectivity ChallengeAI is driving rapid transformation and innovation across every industry.

Inside AI data centers, ultra-high performance is essential to efficiently feed XPU clusters.

Cisco Catalyst SD-WAN offers an on-demand, high-performance, and data center-agnostic network fabric that streamlines and accelerates access to AI data centers and Neocloud.

Cisco SD-WAN: On-Demand Access to GPU as-a-Service PlatformsTogether, this solution empowers rapid, cost-optimized, and secure access to next-generation AI infrastructure, ensuring innovation is never bottlenecked by the network.

How Enterprises Win With AI-Ready ConnectivityInstant AI Workload AccessSlash deployment times …

Scale security services efficiently and profitably with Cisco’s AI-powered management platformEarlier this year, we launched Cisco Security Cloud Control.

Now Cisco is introducing foundational, multi-customer management capabilities to Security Cloud Control designed specifically for the modern managed service provider (MSP).

This aligns with Cisco’s commitment to provide a platform-based operating model that streamlines every aspect of your security services business.

Get in touch with your Cisco representative to explore how the new multi-customer management capabilities in Cisco Security Cloud Control can align your operations with your growth strategy and unlock new levels of profitabil…

SE Labs awards Cisco Firewall dual AAA ratings for unmatched protection accuracy and performanceSE Labs named Cisco Secure Firewall the Best Next-Generation Enterprise Firewall of 2025.

“Behind every AAA rating is engineering excellence focused on solving real problems,” said Shaila Shankar, Senior Vice President of Engineering, Cisco Security Business Group.

“Enterprises shouldn’t have to choose between security and performance,” said Peter Bailey, Senior Vice President and General Manager of Cisco Security Business Group.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagramX

Recognizing these challenges, Cisco has launched a groundbreaking solution: the Cisco Secure Firewall 6100 Series.

Let’s dive deeper into what makes the Cisco Secure Firewall 6100 Series a game-changer.

1: Cisco Secure Firewall 6100 SeriesAdvanced Software Capabilities: The Heart of Secure FirewallingThe Cisco Secure Firewall 6100 Series isn’t just about hardware.

With the Secure Firewall 6100 Series, Cisco is not just addressing these needs—it’s redefining what’s possible.

Discover how the Cisco Secure Firewall 6100 Series can transform your organization’s security posture.

Advanced Threat Detection with Splunk Enterprise Security 8.2The Splunk Threat Research Team (STRT) along with Cisco Talos has developed targeted threat detections specifically for Cisco Secure Firewall integration.

Key Detection Examples:Cisco Secure Firewall — BITS Network ActivityThis detection identifies potentially suspicious use of the Windows BITS service by leveraging Cisco Secure Firewall’s built-in application detectors.

Using Splunk Compliance Essentials app, you can continually monitor the compliance posture across various control frameworks like CMMC, FISMA, RMF, DFARS, and even OMB M-21-31.

Call to ActionLeverage the Cisco Firewall Promotional Splunk OfferStarting August 2025,…

Identity is the new perimeter, and with Cisco Identity Intelligence, Secure Access brings continuous, adaptive access decisions to every user, device, and application.

The Blind Spot: Static View of Identity, Behavior, and Posture in a Dynamic WorldMost SSE platforms assume a user is just a login.

Cisco Identity Intelligence: Leverage User Trust Level to Reduce RiskCisco Secure Access integrates with Cisco Identity Intelligence (CII) to make SSE identity-focused, risk-aware and self-adjusting.

In September of this year, Cisco extended Secure Access integration with CII beyond user trust levels being visible in the Secure Access dashboard.

The administrator may enable, for all ZTNA-protected…

“If I could change one thing about my organization’s segmentation approach, it would definitely be to further automate and integrate our segmentation tools and processes.

This change would have significant impact on effectiveness and efficiency.” UK, IT, telecoms, and technology, 2025 Cisco Segmentation ReportSegmentation is a complex and evolving technology that bridges multiple layers of the IT stack.

The responses in the 2025 Cisco Segmentation Report make clear that in an era where 84% of organizations suffered a breach in the past year, segmentation has become the foundation of resilience.

The 2025 Cisco Segmentation Report is helping Cisco align our segmentation product strategies to …

Cisco Secure Firewall 1220, leveraging the power of its Snort3 engine, recently underwent rigorous testing, adhering to NetSecOPEN standards, demonstrating its exceptional capabilities in both performance and security efficacy.

The testing was conducted by an approved NetSecOPEN test lab, ensuring adherence to stringent industry standards for network security performance.

The Device Under Test (DUT) was a Secure Firewall tested using the latest software version, vulnerability database, and Snort update.

Loading Time for Secure Web Pages (HTTPS): On average, it takes as little as 2.159 milliseconds for the first part of a secure web page to start loading when tested with 16,000 requests per …

When we analyze many of the breaches that have taken place, there is a common theme we can use to elevate our defensive game.

Lateral movement (Tactic TA0008) tends to be leveraged as high as 70% of cyber breaches.

Even with layers, we are never going to provide 100% security effectiveness 100% of the time.

Again, no defensive capability will ever provide 100% efficacy 100% of the time but restricting this tactic significantly improves our chances.

I am challenging organizations to invest time solving the lateral movement risk that exists.

Let’s Agree on a Standard Taxonomy for SegmentationThe first step is to standardize how we talk about segmentation.

Given the rapid evolution of segmentation, its various types and the use of jargon by vendors, segmentation is in desperate need of an established taxonomy.

Fortunately, the TechRxiv paper does a great job of organizing segmentation taxonomy, separating terms into three buckets:How Segments are Delineated : The way segments are defined is a critical differentiation between segmentation types.

The Infrastructure Over Which Segmentation is Deployed : Segmentation also differs based on the underlying infrastructure.

How Enforcement is Implemented: The way segmentation is enforced…

This blog shares our journey and insights from building autonomous AI agents for MDR operations and explores how the shift to a GenAI-powered SOC redefines collaboration between humans and AI.

The post Charting the future of SOC: Human and AI collaboration for better security appeared first on Microsoft Security Blog.

We’re happy to share that Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year.

We feel this recognition underscores the impact and value of our innovative solutions, like Microsoft Entra.

We’ve also made it easier for developers to integrate authentication into their apps with Microsoft Entra External ID.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact.

Unlocking AI-first security with Microsoft Security CopilotA Microsoft 365 E5 subscription delivers security across your organization, including threat protection with Microsoft Defender, identity and access management through Microsoft Entra, endpoint device management via Microsoft Intune, and data security provided by Microsoft Purview.

Microsoft Security Copilot amplifies these capabilities with built-in agents that act as a force multiplier across the security stack.

* The rollout begins today for existing Security Copilot customers with Microsoft 365 E5 and will continue in the upcoming months for all Microsoft 365 E5 customers.

Existing Security Copilot customers with Microsoft 365 E…

Microsoft Agent 365Today we announced Microsoft Agent 365, the control plane for AI agents.

Security: Security is non-negotiable which is why Agent 365 uses Microsoft Defender, Microsoft Entra, and Microsoft Purview to deliver comprehensive protection from external and internal threats.

Microsoft Purview expansion for Microsoft 365 CopilotMicrosoft Purview expanded data security and compliance controls for Microsoft 365 Copilot to include comprehensive data oversharing reports within the Microsoft 365 admin center, automated bulk remediation of overshared links, and data loss prevention for Microsoft 365 Copilot and chat prompts.

Microsoft Sentinel has evolved from its traditional role as a…

Unlocking AI-first security with Microsoft Security CopilotA Microsoft 365 E5 subscription delivers security across your organization, including threat protection with Microsoft Defender, identity and access management through Microsoft Entra, endpoint device management via Microsoft Intune, and data security provided by Microsoft Purview.

Microsoft Security Copilot amplifies these capabilities with built-in agents that act as a force multiplier across the security stack.

* The rollout begins today for existing Security Copilot customers with Microsoft 365 E5 and will continue in the upcoming months for all Microsoft 365 E5 customers.

Existing Security Copilot customers with Microsoft 365 E…

Read about Microsoft and NVIDIA joint research on real-time immunity.

The post Collaborative research by Microsoft and NVIDIA on real-time immunity appeared first on Microsoft Security Blog.

Read about Microsoft and NVIDIA joint research on real-time immunity.

The post Collaborative research by Microsoft and NVIDIA on real-time immunity appeared first on Microsoft Security Blog.

When we launched the Secure Future Initiative (SFI), our mission was clear: accelerate innovation, strengthen resilience, and lead the industry toward a safer digital future.

Secure by Design, Secure by Default, Secure OperationsMicrosoft Azure, Microsoft 365, Windows, Microsoft Surface, and Microsoft Security engineering teams continue to deliver innovations to better protect customers.

Engineering progress that sets the benchmarkWe’re making steady progress across all engineering pillars.

​​Learn more with Microsoft SecurityTo learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and upd…

Microsoft has discovered a new type of side-channel attack on remote language models.

In this blog post, we present a novel side-channel attack against streaming-mode language models that uses network packet sizes and timings.

At a high level, language models generate responses by predicting and producing one token at a time based on the given prompt.

We chose a standard of language model temperature = 1.0 to encourage language model response diversity.

Use non-streaming models of large language models providers.

Microsoft has discovered a new type of side-channel attack on remote language models.

In this blog post, we present a novel side-channel attack against streaming-mode language models that uses network packet sizes and timings.

At a high level, language models generate responses by predicting and producing one token at a time based on the given prompt.

We chose a standard of language model temperature = 1.0 to encourage language model response diversity.

Use non-streaming models of large language models providers.

According to IDC’s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year increase.

Read IDC’s latest research, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond, to dive deep into the future of cloud security—and what it means for chief information security officers (CISOs), security architects, and product leaders.

The role of the CISO is evolving to align security with business prioritiesIn 37% of organizations, CISOs now have ownership over cloud security management.

Learn moreRead IDC’s full whitepaper, The Next Era of Cloud Security: Cloud-Native Application Protection Pl…

According to IDC’s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year increase.

Read IDC’s latest research, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond, to dive deep into the future of cloud security—and what it means for chief information security officers (CISOs), security architects, and product leaders.

The role of the CISO is evolving to align security with business prioritiesIn 37% of organizations, CISOs now have ownership over cloud security management.

Learn moreRead IDC’s full whitepaper, The Next Era of Cloud Security: Cloud-Native Application Protection Pl…

Because, at this moment in history, those of us who understand critical infrastructure security have a responsibility to act.

DORA was similarly adopted to bolster the digital resilience of financial entities operating within the EU.

The release of the Microsoft Digital Defense Report provides the latest intelligence on the cyberthreat landscape and actionable recommendations for organizations worldwide.

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Because, at this moment in history, those of us who understand critical infrastructure security have a responsibility to act.

DORA was similarly adopted to bolster the digital resilience of financial entities operating within the EU.

The release of the Microsoft Digital Defense Report provides the latest intelligence on the cyberthreat landscape and actionable recommendations for organizations worldwide.

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Secure by DesignWe built Quick Share’s interoperability support for AirDrop with the same rigorous security standards that we apply to all Google products.

Secure Sharing Channel: The communication channel itself is hardened by our use of Rust to develop this feature.

On Android, security is built in at every layer.

On Android, security is built in at every layer.

Secure Sharing Using AirDrop's "Everyone" ModeTo ensure a seamless experience for both Android and iOS users, Quick Share currently works with AirDrop's "Everyone for 10 minutes" mode.

Our first rust memory safety vulnerability...almost: We'll analyze a near-miss memory safety bug in unsafe Rust: how it happened, how it was mitigated, and steps we're taking to prevent recurrence.

Our First Rust Memory Safety Vulnerability...AlmostWe recently avoided shipping our very first Rust-based memory safety vulnerability: a linear buffer overflow in CrabbyAVIF.

Unsafe Review and TrainingOperating system development requires unsafe code, typically C, C++, or unsafe Rust (for example, for FFI and interacting with hardware), so simply banning unsafe code is not workable.

Dmytro Hrybenko for leading the effort to develop training for unsafe Rust and for providing extensive feedback on …

Survey shows Android users’ confidence in scam protectionsGoogle and YouGov3 surveyed 5,000 smartphone users across the U.S., India, and Brazil about their experiences.

The findings were clear: Android users reported receiving fewer scam texts and felt more confident that their device was keeping them safe.

Android users were 58% more likely than iOS users to say they had not received any scam texts in the week prior to the survey.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

What's worse, many plaintext HTTP connections today are entirely invisible to users, as HTTP sites may immediately redirect to HTTPS sites.

To address this risk, we launched the “Always Use Secure Connections” setting in 2022 as an opt-in option.

We now think the time has come to enable “Always Use Secure Connections” for all users by default.

For more than a decade, Google has published the HTTPS transparency report, which tracks the percentage of navigations in Chrome that use HTTPS.

Since HTTP navigations remain a regular occurrence for most Chrome users, a naive approach to warning on all HTTP navigations would be quite disruptive.

To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity.

Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.

An overwhelming 85% of all participants found the event useful for learning how AI can be applied to security workflows.

This positive feedback highlights that AI-centric CTFs can play a vital role in speeding up AI education and adoption in the security community.

We are committed to advancing the AI cybersecurity frontier…

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service .

The block will expire shortly after those requests stop.

In the meantime, solving the above CAPTCHA will let you continue to use our services.This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests.

If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible.

Learn more Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very qu…

At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos.

Pixel Camera attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

Google Photos attaches Content Credentials to JPEG images that already have Content Credentials and are edited using AI or non-AI tools, and also to any images that are edited using AI tools.

Building a More Trus…

Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics.

Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification.

This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar.

With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads.

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the hi…

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts.

Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and distribute provenance.

With an estimated value exceeding $12 trillion, open source software has never been more integral to the global economy.

For publishers and maintainers of open source packages, OSS Rebuild can...

If you're a developer, enterprise, or security researcher interested in OSS security, we invite you to follow along and get involved!

Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures.

This is particularly useful for Advanced Protection users, since in 2023, plaintext HTTP was used as an exploitation vector during the Egyptian election.

JavaScript Optimizations and Security Advanced Protection reduces the attack surface of Chrome by disabling the higher-level optimizing Javascript compilers inside V8.

Javascript optimizers can be disabled outside of Advanced Protection Mode via the “Javascript optimization & security” Site Setting.

We…

Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approachGoogle has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle.

From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level.

Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article.

Moving forwardOur comprehensive prompt injection security strategy strengthens the overall security framework for Gemini.

The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

To safeguard Chrome’s users, and preserve the integrity of the Chrome Root Store, we are taking the following action.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described in this blog post by installing the corresponding root CA certificate as a locally-trusted root on the platform Chrome is running (e.g., install…

Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems.

In 2019, using the same physical assumptions – which consider qubits with a slightly lower error rate than Google Quantum AI’s current quantum computers – the estimate was lowered to 20 million physical qubits.

Normally more error correction layers means more overhead, but a good combination was discovered by the Google Quantum AI team in 2023.

Another notable error correction improvement is using "magic state cultivation", proposed by the Google Quantum AI team in 2024, to reduce the workspace required for certain basic quantum operations.

These algorithms can already be deployed to d…

Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.

Now, Google Play Protect live threat detection will catch apps and alert you when we detect this deceptive behavior.

We’ve made Google Play Protect’s on-device capabilities smarter to help us identify more malicious applications even faster to keep you safe.

Google Play Protect now uses a new set of on-device rules to specifically look for text or binary patterns to quickly identify malware families.

This update to Google Play Protect is now available globally for all Android…

To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users.

Advanced Protection gives users:Best-in-class protection, minimal disruption: Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Defense-in-depth: Once a user turns on Advanced Protection, the system prevents accidental or malicious disab…