Международная спецоперация вскрыла масштабную ловушку, в которую попали тысячи людей.

В GDB добавили поддержку технологий Intel CET и Shadow Stack.

66 ферментов заставили делать то, что биология считала невозможным последние 4 миллиарда лет.

В Госдуме признали, что в Telegram вложены «значительные силы и средства».

Физики применили тезис Черча — Тьюринга к мирозданию и официально разрешили считать нас кодом.

Это — консервы Большого взрыва, которые вскрыли прямо на наших глазах.

Что меняется, когда к мониторингу событий добавляется управляемое реагирование и сценарии автоматизации.

Он не выглядит как вирус и не ловится сигнатурами, но даёт root/SYSTEM.

Ранее РКН пригрозил полной блокировкой мессенджера в РФ.

В npm полгода жил пакет, который притворялся библиотекой для WhatsApp Web, а на деле тихо уносил переписки, контакты и токены.

За несколько дней до Рождества почтовая служба столкнулась с киберинцидентом, который ударил по онлайн-сервисам и логистике.

Основные функциональные характеристики СУБД JatobaЗащищённая СУБД Jatoba основана на модернизированном ядре СУБД с открытым кодом PostgreSQL.

Централизованное управление СУБД Jatoba и другими СУБД на PostgreSQLКомпонент веб-интерфейса Jatoba Data Safe (JDS) предназначен для администраторов СУБД, специалистов по безопасности и аудиторов безопасности.

Функциональные возможности позволяют администрировать как СУБД Jatoba, так и другие СУБД на базе PostgreSQL.

Релевантность СУБД Jatoba трендам развития рынка СУБДПродуктовая команда Jatoba учитывает в развитии СУБД практически все рыночные тренды, такие как:Облачные среды, СУБД как сервис DBaaS.

Поддержка отказоустойчивых и геораспределённых кла…

Функциональные возможности Efros DefOps NACХотя Efros DefOps NAС является одним из модулей Efros Defence Operations (Efros DefOps), он может использоваться как полностью самостоятельное решение.

Архитектура работы Efros DefOps NAC с EDO-агентамиАрхитектура Efros DefOps NAC построена по многокомпонентной схеме, включающей центральный сервис и агентское ПО.

Архитектура Efros DefOps NAC и EDO-агентовСистемные требования Efros DefOps NACРешение Efros DefOps NAC в версии 2.13 может быть развёрнуто либо на базе платформы контейнеризации Docker, либо в инфраструктуре оркестрации контейнеризированных приложений Kubernetes.

Варианты технической поддержкиРабота с системой Efros DefOps NACРассмотрим в…

Российская инфраструктура виртуальных рабочих столов (VDI) превращается в стратегический стандарт для бизнеса и госсектора.

Параллельно отечественные решения достигли уровня зрелости, достаточного для работы в энтерпрайз-сегменте, и в ближайшее время ожидаются масштабные внедрения у крупных заказчиков.

Компании теперь активно запускают пилотные проекты и включают полноценное внедрение отечественных VDI в свои дорожные карты.

Алексей Ватутин подчеркнул, что с точки зрения интегратора VDI реализует те же сценарии, что и западные решения.

VDI в современных условиях открывает особенно важный сценарий: использование виртуальных рабочих столов для удалённого доступа позволяет повысить общий урове…

Проверка электронной подписи требует не только формального соответствия закону, но и учёта регуляторных пробелов, статусов УЦ и особенностей МЧД.

Сама проверка представляет собой нетривиальную задачу, состоит из проверки различных условий и при детальном рассмотрении таит в себе немало «подводных камней».

Правовые основы и логика проверки электронной подписиПроверка ЭП в России регулируется национальным законодательством и техническими стандартами.

Почему проблему проверки ЭП по-прежнему недооцениваютКачественная проверка электронной подписи прежде всего нужна, чтобы избежать серьёзных и негативных юридических последствий.

ВыводыКачественная проверка электронной подписи — не формальность, а…

Всё это обсуждали участники очередного «Дня безопасной разработки ПО».

Введение«День безопасной разработки ПО» является отраслевой ежегодной конференцией, традиционно проводимой на площадке Открытой конференции Института системного программирования РАН им.

За это время уровень проникновения технологий разработки безопасного ПО (РБПО) вырос почти на порядок.

Однако их можно и нужно устранять, для чего технологии безопасной разработки и применяются.

Как напомнила представитель органа по сертификации ИСП РАН Елена Маньжова, любой проект внедрения РБПО должен начинаться с разработки регламентов.

Функциональные возможности Ideco NGFW NovumРассмотрим функциональные возможности, отличающие Ideco NGFW Novum от предыдущей версии этого продукта — Ideco 20.X.

Принцип работы Ideco Client в Ideco NGFW NovumРасширение функций уровня L2В Ideco NGFW Novum реализована функция, которая часто запрашивалась заказчиками — L2-мост для использования межсетевого экрана в «прозрачном» режиме.

Модули Ideco NGFW NovumСистемные требования Ideco NGFW NovumIdeco NGFW Novum поставляется в виде ПАК (программно-аппаратных комплексов) и виртуальных машин.

Сценарии использования Ideco NGFW NovumРассмотрим практические аспекты работы с Ideco NGFW Novum.

Панель мониторинга в Ideco NGFW NovumВыводыВ Ideco Novum NGF…

В этой статье мы разберём эти вопросы и расскажем, как на них отвечает WAF Check Risk.

Доступ к сервису осуществляется по модели SaaS, при этом продукт доступен как для юридических, так и для физических лиц.

Преимущества использования WAF Check RiskПерспективы развития WAF не раз обсуждались в эфирах AM Live.

WAF Check Risk распространяется по SaaS-модели и не вызывает у пользователей перечисленных выше затруднений.

Тонкая настройка правил блокировки нежелательного трафика возможна как для группы приложений, так и для отдельных защищаемых активов.

ГК «Гарда» разработала сервис «Гарда Threat Intelligence Feeds», который помогает увидеть киберугрозы до того, как они станут инцидентами.

Функциональные возможности «Гарда Threat Intelligence Feeds»Сервис «Гарда Threat Intelligence Feeds» предназначен для сбора, накопления и анализа сведений об актуальных киберугрозах, полученных из различных источников.

Принцип работы «Гарда Threat Intelligence»Особенности сервисаЭффективность сервиса «Гарда Threat Intelligence Feeds» достигается за счёт большого количества релевантных индикаторов и экспертизы в анализе данных об угрозах.

Также сервис «Гарда Threat Intelligence Feeds» поддерживает интеграцию с продуктами экосистемы безопасности «Гарда», у…

Долгие годы мировой, и в частности российский, рынок практически полностью состоял из продуктов американской корпорации Microsoft.

В первом опросе зрители поделились, на каком этапе замены Microsoft Office находится их организация:Полностью перешли на российские офисные пакеты — 25 %.

Это называется формат Open XML, который был создан компанией Microsoft и в 2008 году передан в опенсорс.

Для крупных компаний, готовых инвестировать в инфраструктуру, доступно ПО в коробочном формате для установки он-премис».

Но главная проблема — не в технологиях, а в целеполагании.

Эксперты поговорили о ключевых принципах и практических шагах, которые позволяют не только предотвратить атаку, но и минимизировать ущерб в случае инцидента.

Порядка 15 % атак на средний и крупный бизнес оказывались диверсиями — компаниям наносился непоправимый урон, возможности выкупа декриптора не предоставлялось.

При переводе средств выяснилось, что в кошельке хранится два биткойна, которые в итоге злоумышленники забрали».

Это единственный способ увидеть, как процессы работают на практике, а не на бумаге».

Есть ли у вас чёткий план: кто и что будет делать, сколько времени займёт восстановление, как найти нужный сервер?

Причём травля, судя по источникам, встречалась и в учебных заведениях, ориентированных на небогатых людей, и в школах, где обучалась высшая аристократия.

С другой стороны, если речь заходит о кибербуллинге, то более активны девочки, причём и в качестве агрессоров, и в качестве жертв.

Были такие прецеденты и в России, в частности, с сочинцем Владимиром Голубовым.

Они находятся в одном ряду с разжиганием ненависти и насилия, вовлечением в пьянство и употреблением наркотиков, сексуальной эксплуатацией, распространением идеологий террористических группировок.

С другой стороны, данная проблема является застарелой, её предпосылки складывались много лет, и с ней на системном уровне практически не …

Как проходит рабочий день специалиста, какие ошибки могут быть критичными для ИБ организации и как справляться с постоянными вызовами — обо всём этом подробнее.

Список задач в основном следующий: разработка и внедрение новых правил и политик безопасности, сложные расследования АРТ-атак и взаимодействие с внешними организациями, регуляторами.

Распределение обязанностей в корпоративном SOC и коммерческом не является строго фиксированным: конкретный набор задач зависит от структуры команды, применяемых платформ и организационных процессов.

Описанная система KPI обеспечивает прозрачность работы SOC, позволяет выявлять узкие места в процессах и поддерживать одинаковый уровень эффективности как в…

Мы побывали на одной из стратегических сессий, проведённых компанией WMT AI в Москве в кластере «Образовательный» МГУ.

Снижение затрат при внедрении ИИ в ПО в разных областях (McKinsey Global Survey, 2025)GenAI и безопасностьПочти все разделяют мнение, что приход GenAI в сферу кибербезопасности неизбежен.

Очевидно, что по мере нарастания ИИ-агентов в бизнес-системах, поддержку этих однотипных задач лучше выделить в отдельный фреймворк для управления ИИ.

Делать это необходимо хотя бы потому, что ИИ постепенно становится основным носителем информации, даже шире, чем интернет или соцсети.

Обсуждение кейсов на реальных примерах позволит грамотно ставить возникающие задачи, активней внедрять ИИ …

Фолза, фолза, фолза...... как же все устали от фолзы... вот и я устал...Ты думал, что устроившись работать в SOC аналитиком будешь раскрывать крутые инциденты и выводить хакера на чистую воду?

А вот и нет!

В итоге я понял для себя, что просто читать новости ИБ, статьи разборов техник без практики (закрепления) бесполезно для меня.

И вот я здесь)Это моя первая статья, проба пера и всё такое.

Посмотрим, что из этого выйдет.

Поэтому сегодня работа с ИБ становится более комплексной, часто требующей серьезных вложений.

О том, как и сколько средств закладывать на защиту инфраструктуры в бюджет, рассказали специалисты компании «Анлим», центра компетенций по информационной безопасности.

Сегодня затраты на ИБ нужно воспринимать не как издержки, а как инвестицию в стабильность бизнеса.

Однако специалисты компании «Анлим» уверены, что для каждой компании нужен индивидуальный план.

Конкретного ответа на вопрос: сколько нужно закладывать на ИБ, — нет и быть не может.

Первые серьезные требования ИБ к работе с подрядчиками и интеграции ИИВедомства планомерно встраивают ИИ в системы государственного планирования и управления, в системы управления финансами и бюджетной политикой.

** НКЦКИ определяет компьютерную атаку как целенаправленное воздействие программных и (или) программно-аппаратных средств на ИР в целях нарушения и (или) прекращения их функционирования и (или) создания угрозы безопасности обрабатываемой ИР информации.

Однако основной проблемой на объектах КИИ и в госучреждениях остается нехватка квалифицированных кадров в области ИБ, способных обслуживать, настраивать высокотехнологичное ПО и работать с ним.

🔮 По нашим прогнозам, в 2026 году злоум…

В прошлой статье мы нескучно рассмотрели как получить джейлбрейк (JB) с рутом на некоторых устройствах iOS с чипом A11.

Поэтому и на mobile и на root необходимо сменить пароли командой: passwd .

Поэтому необходим даунгрейд Frida на устройстве iOS иначе клиент Objection к ней не сможет присоединиться и выдаст ошибку.

dpkgТакже установите PreferenceLoader из репозитория (добавить также как и репозиторий фриды ранее) https://ellekit.space/.

ВыводыМы рассмотрели, как получить шелл на iOS после джейлбрейка и как поставить основные утилиты.

А React Native Community CLI через командную строку предоставляет инструменты для разработки и сборки этих приложений, куда как раз и входил злополучный пакет.

Но проблема глубже: уязвимость в популярном пакете может затронуть сотни проектов одновременно и ударить не только по продакшену, но и по устройствам разработчиков и CI-пайплайнам.

Впрочем, ответственность не только на них.

Эта RCE-уязвимость эксплуатировалась без необходимости аутентификации, что и дало высокий рейтинг CVSS 9.8+ из-за сетевого вектора атаки.

Уязвимость крылась в механизме работы с каналом и обработкой флага PIPE_BUF_FLAG_CAN_MERGE в функциях copy_page_to_iter_pipe и push_pipe .

Как Озон заподозрил мошенника, если он учел все и не сделал никаких ошибок.

Как любой другой честный и правильный мошенник он делает все как написано в мануале, не нарушает никаких правил мануала и не пропускает никаких шагов.

Получается, оно становится умнее и сильнее само по себе без участия человека, просто учится на своих ошибках и на данных пользователей сайта.

В антифроде системе, как и в ИБшных SIEMах, есть две основные ошибки:False Positive (ложное срабатывание) - когда система блокирует честного пользователя, приняв его за мошенника.

Компания должна держать баланс, чтобы система защищала сервис от мошенничества и не банила обычных пользователей.

На этот раз мне попался баг, который даёт примитивы произвольного чтения и записи памяти в процессе рендеринга.

Объект является «бессмертным», то есть относится к отдельному классу системных объектов, которые никогда не перемещаются и не удаляются.

Благодаря этому ограниченная уязвимость use‑after‑free превратится в инструмент для чтения и модификации данных в памяти V8.

Расчёт смещенияЧтобы один объект мог наложиться на другой в нужной точке, нам нужно точно контролировать их расположение в памяти.

Сервисы должны создаваться с расчётом на хакерские атаки: даже если один компонент взломан, это не должно приводить к полной компрометации системы.

В декабре 2025 я принял участие в челлендже Agent Breaker от Lakera.

Это не просто отчет о соревновании, а демонстрация реальных рисков: те же дыры в защите могут быть открыты у любого бизнеса, внедряющего LLM в инфраструктуру.

Модель зачастую не отличает полезную нагрузку документа от враждебного промпта - для неё это один и тот же поток токенов.

Это на порядок быстрее поиска уязвимостей вручную.

Казалось бы «Игровая» инъекция в RAG на практике превращается в Indirect Prompt Injection и безобидное на вид резюме перепрограммирует HR-бота.

С самого начала 2025 года стало понятно, что Роскомнадзор продолжил использовать методы блок��ровки, опробованные в прошлом году, но с большим размахом.

Он работает и сейчас: чтобы им воспользоваться, нужно скачать приложение AmneziaVPN, выбрать «VPN от Amnezia» и активировать Amnezia Free, находясь на территории Турции.

Новая версия прошла все тесты и стала доступна для пользователей Amnezia Premium и Free, а затем и для self-hosted-пользователей.

Подводя итог июню и июлю: РКН научился распознавать и блокировать первую версию протокола AmneziaWG (AWG), что и заставило нашу команду ускорить разработку и внедрение версии 1.5.

В октябре нашему приложению исполнилось 5 лет и мы подвели итоги в…

Почта, возможно, самый традиционный способ, предусматривающий наличие на фишинговой странице PHP-скрипта, который пересылает данные на адрес, подконтрольный злоумышленнику.

Но все же наиболее продвинутым методом сбора данных с фишинговых страниц является использование специализированных панелей управления.

Это может быть использование телефонного номера для мошеннических звонков, персональных данных для атак с применением социальной инженерии.

Собранные и верифицированные данные продают на специализированных киберкриминальных площадках — в даркнете, но часто и в мессенджере Telegram.

Отдельный, четвертый этап жизни украденных данных в статье называется «формированием крупных целей».

Мало того, что вся информация (куда хочется достучаться) зашифрована, так ещё и понять, по подключению, что это ShadowSocks - сложно.

Что есть TCP соединение?

По сути, то, что мы коннектимся к порту 8388, означает, что для транспорта ShadowSocks данных используется протокол TCP.

Корневой класс для работы с WebRTC это RTCPeerConnection, который в конструктор просит iceServers - STUN/TURN серверы для передачи трафика.

Если DataPeer будет корректно маркировать все буфера данных, на входе и на выходе, всё будет окей.

Задача была не в том, чтобы придумать очередной CTF-квест, а в том, чтобы воспроизвести процесс расследования реальной атаки так, как он выглядит в корпоративной среде.

GET /server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=falseПосле этого, как и при обычной первоначальной настройке, нам предложат создать администратора, чем мы и воспользуемся.

В то время, как на целевом сервере bkcp01 , где установлен Veeam, антивирус имел не обновленные базы и не смог обнаружить шифровальщика.

Рекомендация: настройте правила корреляции (SIEM/EDR) на запуск процессов не по имени, а по хеш‑суммам известных хакерских утилит или по метаданным файла ( OriginalFileName в PE‑заголовке).…

По данным Ponemon Institute, 54% специалистов по кибербезопасности считают незакрытые уязвимости главной проблемой в эпоху атак с использованием ИИ.

В первом случаи атаки полностью совершаются с участием людей, ИИ в таких случаях служит для автоматизации, оптимизации и масштабирования киберпреступлений.

Отправка в «песочницу» : анализ файлов в изолированных средах с целью эффективного обнаружения данных, созданных с помощью ИИ и содержащих вредоносное ПО.

Источник: AIMultiple*Facebook признана экстремистской организацией в РоссииТаким образом, средства искусственного интеллекта становятся все более грозным и непредсказуемым оружием в руках киберпреступников.

При этом запуск атак на основе м…

Согласно исследованию Positive Technologies, количество фишинговых атак продолжает расти: в 2024 году, по сравнению с 2023 годом, их количество выросло на 33%, а с 2022-го — на 72%.

Факт: по отчету SlashNext, с появлением ChatGPT в конце 2022 года количество фишинговых атак выросло на 1265% за год.

Киберкультура — осознание того, что цифровое доверие должно быть заслуженным, а не по умолчанию.

Воспитывайте в себе бдительность: главный вопрос не «Похоже ли это письмо на настоящее?», а «Ожидал ли я это сообщение в таком контексте?».

В ответ защита тоже должна переходить от «заплаток» к системной архитектуре безопасности, где человеческое внимание становится последней, а не единственной линией…

Приложение Be My Eyes, которое помогает незрячим и слабовидящим людям через видеосвязь с волонтерами, перестало работать в России, что подтверждают его разработчики.

Однако в Роскомнадзоре сообщили, что не ограничивают работу сервиса.

Директор по маркетингу Be My Eyes Энди Бейли (Andy Bailey) подтвердил изданию «Такие дела», что проблемы в работе приложения, скорее всего, связаны с блокировкой некоторых поставщиков услуг компании в России.

«Приносим извинения за это, но, к сожалению, до тех пор пока ситуация с блокировками не изменится, наши услуги могут быть недоступны в России», — заявил он.

Однако после выхода этой публикации представители Роскомнадзора сообщили ТАСС, что ведомство не бл…

Проект поправки к закону 149-ФЗ «Об информации, информационных технологиях и защите информации» вызвал серьезную обеспокоенность в ИБ-сообществе.

Документ в первоначальной редакции сделал бы невозможной публикацию открытой информации об уязвимостях.

В первоначальной редакции документа предлагалось дополнить часть 1 статьи 15.3 так, что она могла привести к внесудебной блокировке публикаций об уязвимостях, методах анализа безопасности и других учебных и исследовательских материалов в сфере кибербезопасности.

В ответ на это основатель «Хакера» Дмитрий Агарунов направил открытое письмо министру цифрового развития Максуту Шадаеву.

Принципиально важно, что в такой редакции норма направлена на ра…

Компания Cisco предупредила клиентов о неустраненной 0-day-уязвимости в Cisco AsyncOS, которая уже активно используется для атак на устройства Secure Email Gateway (SEG) и Secure Email and Web Manager (SEWM).

Уязвимости присвоили идентификатор CVE-2025-20393, и она затрагивает только Cisco SEG и Cisco SEWM с нестандартными конфигурациями: для успешной атаки функция помещения спама в карантин должна быть включена и доступна через интернет.

AquaTunnel и другую малварь, задействованную в этих атаках, ранее уже связывали с другими китайскими группировками, включая UNC5174 и APT41.

Рекомендации включают ограничение доступа в интернет, ограничение подключений только доверенными хостами, а также р…

Проект агрегирует контент из Z-Library, Sci-Hub, Library Genesis (LibGen), Internet Archive и других источников.

По словам активистов, недавно они обнаружили способ массово скрапить Spotify и решили использовать эту возможность для архивации контента.

«Некоторое время назад мы нашли способ скрапить данные из Spotify в огромных масштабах.

— Конечно, в Spotify нет всей музыки в мире, но это отличное начало».

Хотя это лишь 37% от общего числа композиций, доступных с Spotify, на эти треки приходится 99,6% всех прослушиваний на платформе.

Ежегодный отчет блокчейн-аналитиков из компании Chainalysis показал, что за прошедший год злоумышленники похитили 3,41 млрд долларов в криптовалюте.

Как сообщает Chainalysis, 2,02 млрд долларов — это лишь нижняя планка оценки, которая все равно на 51% превосходит результаты прошлого года, когда злоумышленникам из КНДР удалось похитить 1,3 млрд долларов.

Также отмечается, что за последние пять лет северокорейские хакеры украли минимум 6,75 млрд долларов в криптовалюте.

Как уже было отмечено выше, больше половины украденных в этом году средств (почти 1,5 млрд долларов) — это результат февральского взлома и ограбления криптобиржи Bybit.

«Рост краж в 2025 году, вероятно, связан с расширением пр…

Постепенная деградация звонков в WhatsApp была начата в августе, о чем Роскомнадзор сообщал в СМИ.

Также в Роскомнадзоре заявляют, что WhatsApp будет полностью заблокирован, если продолжит не выполнять требования российского законодательства.

Напомним, что Роскомнадзор начал применять первые ограничительные меры против WhatsApp еще в августе 2025 года, когда была запущена «деградация» голосовых звонков.

Как позже заявлял заместитель руководителя Роскомнадзора Олег Терляков, блокировка голосовых вызовов в WhatsApp и Telegram снизила мошеннические звонки на 40% за месяц.

В конце ноября в ведомстве предупредили, что если WhatsApp не прекратит нарушать российские законы, его заблокируют в стран…

И в резуль­тате мы научи­лись детек­тить все акту­аль­ные на сегод­ня ата­ки на Wi-Fi.

Это одна из самых ста­рых и в то же вре­мя популяр­ных по сей день атак.

to_bytes ( 1 , ' big ' ) ) / \ Dot11Elt ( ID = 48 , len = 20 , info = b ' \ x01\ x00\ x00\ x0f\ xac\ x04\ x01\ x00\ x00\ x0f\ xac\ x04\ x01\ x00\ x00\ x0f\ xac\ x02\ x00\ x00 ' ) sendp ( beacon , iface = iface , inter = 0.

to_bytes ( 1 , ' big ' ) return o def b ( mac ) : o = b '' for m in mac .

encode () , 4096 , 32 ) snonce = get_rand ( 32 ) ptk = PRF_512 ( pmk , b " Pairwise key expansion " , min ( b ( ap ) , b ( sta ) ) + max ( b ( ap ) , b ( sta ) ) + min ( anonce , snonce ) + max ( anonce , snonce ) ) kck = ptk [ 0 : 16 ] rsn_c…

По его словам, в будущем в базу могут попасть не только телефоны, но также планшеты и ноутбуки.

Напомним, что на прошлой неделе стало известно, что в 2026 году Минцифры планирует запустить единую платформу для учета IMEI-номеров всех мобильных устройств в России.

По замыслу чиновников, привязка IMEI к конкретным номерам позволит точно определять, находится ли SIM-карта в дроне, что в перспективе может помочь ослабить действующий режим блокировок мобильного интернета в приграничных регионах.

По его словам, операторы связи внесут идентификаторы устройств в централизованный реестр и станут предоставлять услуги только тем аппаратам, чьи IMEI есть в базе и помечены как «разрешенные».

Отметим, чт…

Троян нацелен на системы под управлением Windows и похищает конфиденциальную информацию — от логинов и паролей до данных платежных карт и криптокошельков.

Чаще всего атаки малвари фиксируются на устройствах в России, но также обнаружены атаки в других странах, включая Турцию, Бразилию, Германию и Индию.

Сообщается, что злоумышленники маскируют Stealka под легитимный софт: фальшивые моды и читы для игр, активаторы для различных программ.

Такие фальшивки распространяют через популярные площадки вроде GitHub и SourceForge, а также через собственные сайты атакующих, имитирующие в том числе игровые ресурсы.

По словам исследователей, фейковые страницы сделаны качественно, и не исключено, что при …

Специалисты Riot Games обнаружили уязвимость в имплементации UEFI на материнских платах Asus, Gigabyte, MSI и ASRock.

Уязвимость связана с механизмом DMA — аппаратной функцией, которая позволяет устройствам вроде видеокарт, Thunderbolt-девайсов и PCIe-устройств напрямую читать и записывать данные в оперативную память, минуя центральный процессор.

Хотя исследователи описывают уязвимость с точки зрения геймдева (как проблему, позволяющую читерам загружать свой софт на ранних этапах загрузки машины), угроза распространяется и на любой другой вредоносный код.

В CERT/CC подтвердили, что уязвимость затрагивает ряд моделей материнских плат ASRock, Asus, Gigabyte и MSI.

CVE-2025-14304 (7,0 баллов п…

Коллекционный выпуск «Хакера» с лучшими статьями 2025-го года покинул типографию, и первые экземпляры уже прибыли к своим владельцам.

Если ты еще не успел приобрести бумажный номер, самое время это исправить — мы продолжаем прием заказовЧто внутриВ номер вошли 22 лучших материала уходящего года — наиболее яркие, важные и полезные тексты.

Спецвыпуск насчитывает 240 страниц на плотной бумаге, вдвое толще старых номеров «Хакера» образца 2015 года.

Бумажный журнал — это коллекционный артефакт, который приятно держать в руках, перелистывать и можно поставить на полку, специально для тех, кто собирает не цифровые закладки, а настоящую библиотеку.

Хочешь порадовать себя или друзей — рекомендуем не…

Over the course of the initiative, more than 6,000 malicious links were taken down and six distinct ransomware variants were decrypted.

Ukrainian National Pleads Guilty to Nefilim Ransomware AttacksThe disclosure comes as a 35-year-old from Ukraine pleaded guilty in the U.S. to using Nefilim ransomware to attack companies in the country and elsewhere in his capacity as an affiliate.

In September, the Justice Department (DoJ) charged another Ukrainian national, Volodymyr Viktorovich Tymoshchuk, for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations between December 2018 and October 2021.

"In June 2021, Nefilim administrators gave Stryzhak access to…

Passwd is designed specifically for organizations operating within Google Workspace.

Passwd is based on a zero-knowledge architecture; only the users, not Passwd, are able to access decrypted data.

The platform connects directly to Google Workspace for identity management, making onboarding and administration easier.

This focus also creates clarity about the intended environment in which Passwd will operate: Passwd works only inside the Google Workspace ecosystem and cannot be used with external identity providers.

Overview of closing walkthroughA walkthrough of Passwd shows a password manager featuring predictability, efficiency, and organizational alignment rather than feature saturation.

The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud.

]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials.

"The criminal group perpetrating the bank account takeover fraud delivered fraudulent advertisements through search engines, including Google and Bing," the DoJ said.

The DoJ said the confiscated domain stored the stolen login credentials of thousands of victims, in addition to hosting a backend server to facilitate takeover fraud as recently as last month.

Accord…

A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances.

The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0.

"An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process.

Per the attack surface management platform Censys, there are 103,476 potentially vulnerable instances as of December 22, 2025.

In light of the criticality of the flaw, users are advised to apply the updates as soon as possible.

The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns.

To that end, the agency has added to its Covered List Uncrewed aircraft systems (UAS) and UAS critical components produced in a foreign country, and all communications and video surveillance equipment and services pursuant to the 2025 National Defense Authorization Act (NDAA).

This move will keep China-made drones such as those from DJI and Autel Robotics out of the U.S. market.

"UAS and UAS critical components must be produced in the United States," the FCC said.

The FCC noted that specific drones or components would …

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account.

More significantly, the library is inspired by @whiskeysockets/baileys, a legitimate WebSockets-based TypeScript library for interacting with the WhatsApp Web API.

The attack doesn't stop there, for the package also harbors covert functionality to create persistent access to the victim's WhatsApp account by hijacking the device linking process by using a hard-coded pairing code.

"They have complete, persistent access to your Whats…

Ink Dragon does not merely use victims for data theft but actively repurposes them to support ongoing operations against other targets of interest.

It's believed that the threat actors are using smishing texts or phishing emails impersonating delivery companies to deceive recipients into clicking on booby-trapped URLs hosting the apps.

"This analysis reveals how threat actors are hijacking abandoned, self-hosted GitLab servers to create a legitimate-looking payload distribution infrastructure," Trellix said.

"This analysis reveals how threat actors are hijacking abandoned, self-hosted GitLab servers to create a legitimate-looking payload distribution infrastructure," Trellix said.

Metis — I…

This article explains what eco-friendly browsing means, why it matters, and how a green browser like Wave Browser pairs a modern, secure browsing experience with a mission to help protect our ocean through verified cleanup efforts.

How Wave Browser Supports Eco-Friendly BrowsingWave Browser is designed for users who want a modern browsing experience while supporting environmental action.

Connecting Everyday Browsing to Real-World ImpactWave Browser goes beyond digital efficiency by linking browsing activity to verified environmental action.

By choosing a browser that:Uses resources efficientlyReduces unnecessary digital loadSupports verified environmental actionUsers can make a meaningful d…

Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan.

The disclosure coincides with the emergence of new Android malware, such as Cellik, Frogblight, and NexusRoute, that are capable of harvesting sensitive information from compromised devices.

"Through its control interface, an attacker can browse the entire Google Play Store catalogue and select legitimate apps to bundle with the Cellik payload," iVerify's Daniel Kelley said.

Malware families like Cellik and Frogblight are part of a growing trend of Android malware, wherein even attacker…

Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting victims in Sweden, the Netherlands, and Turkey.

"This threat group is still active, relevant, and dangerous."

The group has also managed to remain elusive, attracting little attention, unlike other Iranian groups such as Charming Kitten, MuddyWater, and OilRig.

Attacks mounted by the group have prominently leveraged two strains of malware: a downloader and victim profiler named Foudre that delivers a second-stage implant called Tonnerre to extract data from high-value machines.

"APT 35, the same administrati…

The U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme.

The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the U.S. and force them to dispense cash.

Prosecutors also alleged that TdA has leveraged jackpotting schemes to siphon millions of dollars in the U.S. and transfer the ill-gotten proceeds among its members and associates.

The jackpotting operation is said to have relied on the TdA recruiting an unspecified number of individuals to deploy the malware across the nation.

The malware is equipped to issue unauthorized comm…

A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover attacks.

Device code phishing was documented in detail by both Microsoft and Volexity in February 2025, attributing the use of the attack method to Russia-aligned clusters such as Storm-2372, APT29, UTA0304, and UTA0307.

Over the past couple of months, Amazon Threat Intelligence and Volexity have warned of continued attacks mounted by Russian threat actors by abusing the device code authentication flow.

To counter the risk posed by device code phishing, the best option is to create a Conditional…

If the service is detected, the persistence command is tweaked to "cmd.exe /c start /b mshta.exe ."

YouTube Ghost Network Delivers GachiLoaderThe disclosure comes as Check Point disclosed details of a new, heavily obfuscated JavaScript malware loader dubbed GachiLoader that's written in Node.js.

The malware is distributed by means of the YouTube Ghost Network, a network of compromised YouTube accounts that engage in malware distribution.

"This technique loads a legitimate DLL and abuses Vectored Exception Handling to replace it on-the-fly with a malicious payload."

In at least one case, GachiLoader has served as a conduit for the Rhadamanthys information stealer malware.

WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks.

Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code.

"This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer," the company said in a Thursday advisory.

"If the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both of th…

We provide our method to reproduce the crash using a simple 12-bit or 16-bit JPG image, and an examination of the initial released patch.

CVE-2025-50165 is a flaw in the encoding and compressing process of a JPG image, not in its decoding.

Zscaler’s findings, as well as the description provided by Microsoft, reveal that the flaw stems from the dereference of an uninitialized function pointer in WindowsCodecs.dll, which is part of the Windows Imaging Component.

We analyzed the vulnerable version 10.0.26100.4768 (SHA-1: 5887D96565749067564BABCD3DC5D107AB6666BD), and then performed a binary comparison with the first patched version 10.0.26100.4946 (SHA-1: 4EC1DC0431432BC318E78C520387911EC44F84…

We provide a detailed analysis of NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, NosyLogger, and other tools used by LongNosedGoblin.

NosyDoor Stage 3 – payloadNosyDoor’s third stage, the main payload, is a C#/.NET backdoor with the internal name OneDrive and with PDB path E:\Csharp\Thomas\Server\ThomasOneDrive\obj\Release\OneDrive.pdb.

NosyStealer Stage 2 – injectorWe observed two NosyStealer Stage 2 samples – one (SERV.dll) in our telemetry, and the other (msi.dll) uploaded to VirusTotal from Malaysia.

NosyStealer Stage 4 – payloadAgain, like NosyStealer Stage 3 – loader, this stage is shellcode that decrypts, loads, and executes an embedded PE file in memory using Donut’s reflecti…

A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research expertsThe second half of the year underscored just how quickly attackers adapt and innovate, with rapid changes sweeping across the threat landscape.

AI-powered malware moved from theory to reality in H2 2025, as ESET discovered PromptLock, the first known AI-driven ransomware, capable of generating malicious scripts on the fly.

Meanwhile, CloudEyE, also known as GuLoader, surged into prominence, skyrocketing almost thirtyfold in ESET telemetry.

On the Android platform, NFC threats continued to grow in scale and sophistication, with an 87% increase in ESET telemet…

“A City of a Thousand Zero Days” is the partial title of a talk at Black Hat Europe 2025.

Compounding the issue, the software is hosted on public-facing IP addresses; thus, it’s accessible from the internet.

One comment I distinctly remember from the research is that the protocol used by the ICS device concerned was never designed to be connected to the internet.

The talk by Gjoko raised a similar concern: the building management system was not designed to be public facing on the internet, and the vendor recommends to secure it behind a virtual private network (VPN).

Building management systems are one example of this.

Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victimsBlack Hat Europe 2025 opened with a presentation by Max Smeets of Virtual Rotes titled ‘Inside the Ransomware Machine’.

At their height, between 2022-2024, the group had 194 affiliates, of which 110 had managed to get a cyberattack to the point of negotiation, with 80 of the affiliates succeeding in getting paid by the ransomware group.

Reputation is everythingA key message delivered by Max was regarding reputation, both of the victim and the ransomware group.

The victim company needs to uphold their reputation with their customers and any hint of a data breach can …

Which brings to mind Schrödinger’s cat, the famous thought experiment where a cat in a sealed box is simultaneously alive and dead – until you look inside.

But now I’m going to pick holes in the analogy a little whilst hoping to underscore the key message.

Therefore, the quantum breach analogy doesn’t quite hold.

And that’s even if you can recruit enough people due to the much reported, cybersecurity skills shortage.

Stress is probably one of the words most used in cybersecurity teams the world over, when describing their day-to-day – and it’s hardly surprising.

Despite their wordy nomenclature, every report mentioned above has a beneficial role in canvassing the colorful endpoint security landscape.

Some, like the MITRE ATT&CK Evaluations, go as far as to pit products against known advanced adversary attacks.

Producing value is one thing, but keeping it safe is another: hence the need for appropriate endpoint security measures.

Most well-regarded independent analyst and lab test reports focus on endpoints, since they’re at the crossroads of every activity, including malign.

MITRE ATT&CK Evaluations Enterprise is the one for you then.

Put simply, a whaling cyberattack is one targeted at a high-profile, senior member of the corporate leadership team.

Or to hijack their email account in order to launch BEC attacks at subordinates impersonating the whale to get a smaller fish to make a big money transfer.

With AI, whaling attacks increase in scale and effectiveness, as sophisticated capabilities become democratized to more threat actors.

Taking out the whalersThere are several ways security teams can help to mitigate the risks of spearphishing and BEC attacks.

More generally, your organization may want to start limiting the kind of corporate information it shares publicly.

Often, threat actors research the individual they’re targeting in order to improve their success rates.

If IT doesn’t properly manage the accounts, credentials and privileges of its users and machines, security blind spots inevitably emerge.

How to enhance identity securityA considered, multi-layered approach to identity security can help mitigate the risk of serious compromise.

Revisit security training for all employees, from the CEO down, to ensure they know the importance of identity security, and can identify the latest phishing tactics.

Best practice identity security starts with a prevention-first mindset.

E02DD79A8CAED662969F 6D5D0792F2CB283116E8 66f3e097e4tnyHR .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

E8F4EA3857EF5FDFEC1A 2063D707609251F207DB main .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

F26CAE9E79871DF3A47F A61A755DC028C18451FC 7295be2b1fAzMZI .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

FF09608790077E1BA52C 03D9390E0805189ADAD7 20d188afdcpfLFq .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

A9747A3F58F8F408FECE FC48DB0A18A1CB6DACAE AppVs .exe WinGo/TrojanProxy .Agent.D MuddyWater – go‑socks5 reverse tunnel.

It could feasibly be described as the largest open database of corporate information in the world: a veritable treasure trove of job titles, roles, responsibilities and internal relationships.

It’s also where recruiters post job listings, which may overshare technical details that can be leveraged later on in spearphishing attacks.

They might also share corporate email addresses in Git commit configurations.

Here are some hypothetical examples:An adversary finds LinkedIn information on a new starter in an IT role at company A, including their core role and responsibilities.

Update security awareness programs to ensure that all employees, from executives down, understand the importance of no…

Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity newsNovember 2025 is almost behind us, and it's time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that raised the alarms, moved the needle or offered vital lessons over the past 30 or so days.

Here's some of what caught Tony's eye this month:many of the world's largest Ai companies inadvertently leak their secrets such as API keys, tokens, and sensitive credentials in their GitHub repositories, according to cloud security giant Wiz,the Akira ransomware group has netted $244 million from its malicious activ…

Doxxing (doxing) is what happens when a malicious third party deliberately exposes the personal information of someone else online.

Or query WHOIS databases that store the personal details of website/domain name registrants.

It would involve sending phishing messages to the victim in order to trick them into divulging logins or personal information, or installing infostealing malware on their machine/device.

Minimizing the doxxing threatThe best way to reduce your children’s exposure to doxxing is to minimize the amount of personal information their share online.

Never share their personal details, or even photos that could identify school and location.

If you’re a social media content creator, it may be time to revisit those account security best practices.

They ideally also want to target influencers who have built long-term trust with their audience, through months or years of providing advice online.

When it comes to the targeting of influencers, attacks begin with the social media account itself – whether it’s X (formerly Twitter), YouTube, TikTok, Instagram or another platform.

Highly targeted phishing attacks designed to trick the individual into handing over their logins.

The bottom line is identity theft-related security risks for followers, trashed reputation for brands and influencers, and potentially direct losses for content c…

So what’s this got to do with cybersecurity – and a solution known as Managed Detection and Response (MDR)?

That’s why Managed Detection and Response (MDR) services are often cited as the predominant way organisations will protect themselves.

Earlier this year, Gartner forecast that up to 50% of all organisations will have adopted MDR by the end of 2025.

IT generalists – and even security managers – wear many hats.

MDR offers the same level of protection – without the overhead – making it accessible to SMEs and large enterprises alike.

Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept (PoC) exploits for known vulnerabilities.

Delivering the malwareThe recently uncovered Webrat can steal data from Telegram, Discord and Steam accounts and cryptocurrency wallets.

The malware is packaged into a password-protected archive that’s offered for download on GitHub, via repositories that ostensibly host PoC exploits for vulnerabilities with high CVSSv3 scores.

Last year, they similarly took advantage of the high-profile RegreSSHion vulnerability, which lacked a working PoC at the time,” Kaspersky researchers no…

Firewalla has announced Firewalla App version 1.67, a major upgrade that focuses on enterprise-grade Wi-Fi security, deeper access point control, and more flexible management for MSPs, small businesses, and advanced home users.

The new release features expanded support for Enterprise Wi-Fi and RADIUS, including WPA2-Enterprise and WPA3-Enterprise security for the Firewalla Wi-Fi 7 Access Point, enabling per-user credentials, stronger authentication, and compatibility with modern 6 GHz networks.

Firewalla App 1.67 also introduces bridge mode support for AP7, a long-requested feature that allows AP7 deployment in bridged environments while maintaining Firewalla’s unified management experience…

A new study links this pattern to enforcement, showing that PCI DSS compliance trails behind HIPAA, GDPR, and the EU’s NIS2 Directive.

A compliance gap that keeps wideningThe authors report that only about 32% of organizations met all PCI DSS requirements in 2022.

That figure comes from industry reporting and represents the most recent stable data point before the rollout of PCI DSS version 4.0 in 2023.

When expressed as business impact, PCI DSS penalties amount to less than 0.001% of revenue for a large organization.

Public disclosure of PCI DSS compliance status would allow cardholders and business partners to factor security posture into their decisions.

Many security teams assume that if DNSSEC validation passes, the answer can be trusted.

It uses formal verification techniques that are common in cryptographic protocol analysis but rarely applied to DNSSEC at this scale.

When standards collideThe most significant finding comes from how DNSSEC standards interact.

Formal analysis showed that a resolver can accept a valid looking NSEC3 proof while ignoring an NSEC record that contradicts it.

Old attacks resurfaceThe formal model also rediscovered three known classes of DNSSEC attacks without being explicitly programmed to find them.

The research comes from CodeRabbit and examines how AI co-authored code compares with human written code across hundreds of open source projects.

When normalized per 100 pull requests, critical issues rose from 240 in human authored code to 341 in AI co-authored code, an increase of about 40%.

Security findings rise across common weakness typesSecurity related findings also increased consistently in AI assisted code.

Improper password handling stood out, with AI pull requests showing nearly double the frequency.

Excessive input output operations occurred nearly eight times more often in AI co-authored pull requests.

A new Palo Alto Networks study shows security teams struggling to keep up with development cycles, growing cloud sprawl, and attacker tactics that now compress breaches into minutes instead of weeks.

Cloud serves as the default operating environmentProduction workloads now run primarily in cloud environments, with public cloud services carrying a growing share of sensitive systems and data.

Security teams manage identities, permissions, data access, and configuration across layers that change constantly.

Security teams report difficulty enforcing guardrails before release.

Cloud security, application security, and SOC teams often operate with separate workflows and telemetry.

You will lead threat modeling and architecture reviews for modern systems, including web, API, microservices, and cloud-native environments.

CISOLyondellBasell | France | Hybrid – View job detailsAs a CISO, you will develop and execute the enterprise cybersecurity strategy aligned with business and IT priorities.

Cyber Security Engineer-PentesterProtergo | Indonesia | On-site – View job detailsAs a Cyber Security Engineer-Pentester, you will conduct vulnerability assessments, penetration testing, and red team engagements in a consulting environment.

Cybersecurity Vulnerability AnalystMarelli | Italy | Hybrid – View job detailsAs a Cybersecurity Vulnerability Analyst, you will perform vulner…

More than 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by attackers, Shadowserver’s latest scanning reveals.

About CVE-2025-14733WatchGuard Firebox firewalls, which also incorporate VPN and unified threat management capabilities, are used by organizations around the world.

The appliances run the Fireware OS, a network security operating system built on a hardened Linux-based kernel.

CVE-2025-14733 affects Fireware OS v2025.1, v12.x, v12.5.x (on T15 & T35 models), v12.3.1 (FIPS-certified release), and v11.x.

“After a failed or successful exploit, the IKED process will crash and…

One of these – DIG AI – was identified on September 29 of this year and has already gained popularity among cybercriminal and organized crime circles.

DIG AI enables malicious actors to leverage the power of AI to generate tips ranging from explosive device manufacturing to illegal content creation including CSAM.

Because DIG AI is hosted on the TOR network, such tools are not easily discoverable and accessible to law enforcement.

DIG AI doesn’t require an account and can be accessed via the Tor browser in just a few clicks.

According to the announcement published by DIG AI author under the alias Pitch, the service is based on ChatGPT Turbo.

Docker has made its open source Docker Hardened Images project available at no cost for every developer and organization.

The catalog contains more than 1,000 container images built on open source distributions such as Debian and Alpine and is released under the Apache 2.0 license.

“By making hardened images freely available and providing tooling that works with AI coding agents, we’re giving the entire industry and community the best possible baseline to build on.”What hardened images includeDocker Hardened Images are designed to give developers a base set of container images that integrate common security features.

A Docker AI assistant extension can analyze existing containers and recomm…

Law enforcement agencies across 19 countries arrested 574 suspects and recovered approximately $3 million during a major cybercrime operation spanning Africa.

(Source: Europol)The month-long initiative, known as Operation Sentinel (27 October–27 November), targeted three of the region’s most prevalent cybercrime threats: business email compromise (BEC), digital extortion, and ransomware.

In Cameroon, law enforcement responded swiftly after two victims reported being defrauded through an online vehicle sales platform.

The outcomes from Operation Sentinel reflect the commitment of African law enforcement agencies, working in close coordination with international partners.

Operation Sentinel w…

Where do you see the real bottleneck in the cyber talent pipeline?

As we look at the cyber talent pipeline, the bottlenecks I’ve seen are primarily in bridging the gap between knowledge from colleges, universities, and certifications and the practice of defending complex networks, risk management and incident response.

Investing in your team, from the technical skills of the cyber team to developing the leadership to provide and sustain a strong culture is critical.

Some of the strongest and most creative cyber teams have teams that have diversity in their technical background which allows them to approach problems in unique ways.

When team members bring their complementary skillsets, we ca…

The report evaluates eight popular browser agents released or updated in 2025.

Component and architecture flawsThe researchers measured privacy risks tied to the component systems each browser agent depends on, the web browser and the language model, and how those parts are assembled.

Six of the eight browser agents did not show any safe browsing warnings when directed to a known phishing test page.

Improving privacy in browser agentsBrowser agent developers can reduce privacy risk by working with browser privacy experts and by running existing test tools on a regular basis.

Browser agents combine several complex systems, and small design or code changes can affect privacy in ways that are …

Anubis is an open-source tool designed to protect websites from automated scraping and abusive traffic by adding computational friction before a request is served.

At its core, Anubis acts as a gatekeeper that sits in front of a web service.

In the web context, this approach raises the cost of bulk scraping while remaining manageable for normal visitors.

From a security perspective, Anubis does not attempt to identify or classify bots through behavioral analysis or reputation feeds.

Must read:Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools.

In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it.

He walks through how web applications rely on browsers to store session tokens after login often in cookies or browser storage.

Attackers use this access to steal tokens and bypass MFA giving them the same access as valid users for a limited time.

Simon describes how these tokens are sold through live feeds and why this trend is growing as authentication improves.

He also explains why network focused security tools fail to detect this activity.

After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows.

of the most visible holdouts in supporting RC4 has been Microsoft.

Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard.

But by default, Windows servers have continued to respond to RC4-based authentication requests and return an RC4-based response.

US Senator Ron Wyden (D-Ore.) in September called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the continued default support for RC4.

Friday Squid Blogging: Petting a SquidVideo from Reddit shows what could go wrong when you try to pet a—looks like a Humboldt—squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Posted on December 19, 2025 at 5:06 PM • 0 Comments

At least some of this is coming to light:Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone farm to manage at least hundreds of AI-generated social media accounts and promote products has been hacked.

The hack reveals what products the AI-generated accounts are promoting, often without the required disclosure that these are advertisements, and allowed the hacker to take control of more than 1,000 smartphones that power the company.

The hacker, who asked for anonymity because he feared retaliation from the company, said he reported the vulnerability to Doublespeed on October 31.

At the time of writing, the hacker said he still has access to the company’s backend, i…

I’m sure there’s a story here:Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items.

The man deceived the BA check-in agent by posing as a family member who had their passports and boarding passes inspected in the usual way.

Just since the end of September, there were also major nationwide internet shutdowns in Tanzania and Cameroon, and significant regional shutdowns in Pakistan and Nigeria.

The frequency of deliberate internet shutdowns has skyrocketed since the first notable example in Egypt in 2011.

India, meanwhile, has been the world shutdown leader for many years, with 855 distinct incidents.

They are also impactful on people’s daily lives, business, healthcare, education, finances, security, and safety, depending on the context.

The international community plays an important role in shaping how internet shutdowns are understood and addressed.

New report: “The Party’s AI: How China’s New AI Systems are Reshaping Human Rights.” From a summary article:China is already the world’s largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there.

By exposing the full scope of China’s AI driven control apparatus, this report presents clear, evidence based insights for policymakers, civil society, the media and technology companies seeking to counter the rise of AI enabled repression and human rights violations, and China’s growing efforts to project that repression beyond its borders.

Examined together, those cases show how new AI capabiliti…

States that have already enacted consumer protections and other AI regulations, like California, and those actively debating them, like Massachusetts, were alarmed.

Then, a draft document leaked outlining the Trump administration’s intent to enforce the state regulatory ban through executive powers.

AI companies and their investors have been aggressively peddling this narrative for years now, and are increasingly backing it with exorbitant lobbying dollars.

The often-heard complaint that it is hard to comply with a patchwork of state regulations rings hollow.

EDITED TO ADD: Trump signed an executive order banning state-level AI regulations hours after this was published.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, at 6:00 PM CT on February 5, 2026.

I’m speaking at Capricon 44 in Chicago, Illinois, USA.

I’m speaking at the Munich Cybersecurity Conference in Munich, Germany on February 12, 2026.

I’m speaking at Tech Live: Cybersecurity in New York City, USA on March 11, 2026.

I’m speaking at RSAC 2026 in San Francisco, California, USA on March 25, 2026.

I have no context for this video—it’s from Reddit—but one of the commenters adds some context:Hey everyone, squid biologist here!

With so many people carrying around cameras, we’re getting more videos of giant squid at the surface than in previous decades.

We’re also starting to notice a pattern, that around this time of year (peaking in January) we see a bunch of giant squid around Japan.

When we see big (giant or colossal) healthy squid like this, it’s often because a fisher caught something else (either another squid or sometimes an antarctic toothfish).

There are a few colossal squid sightings similar to this from the southern ocean (but fewer people are down there, so fewer cameras, fe…

It makes sense; the engineering expertise that designs and develops AI systems is completely orthogonal to the security expertise that ensures the confidentiality and integrity of data.

We each want this data to include personal data about ourselves, as well as transaction data from our interactions.

The engineering expertise to build AI systems is orthogonal to the security expertise needed to protect personal data.

AI companies optimize for model performance, but data security requires cryptographic verification, access control, and auditable systems.

Fortunately, decoupling personal data stores from AI systems means security can advance independently from performance (https:// ieeexplore…

AIs Exploiting Smart ContractsI have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature.

Here’s some interesting research on training AIs to automatically exploit smart contracts:AI models are increasingly good at cyber tasks, as we’ve written about before.

In a recent MATS and Anthropic Fellows project, our scholars investigated this question by evaluating AI agents’ ability to exploit smart contracts on Smart CONtracts Exploitation benchmark (SCONE-bench)­a new benchmark they built comprising 405 contracts that were actually exploited between 2020 and 2025.

Going beyond retrospective analysis, we evaluated both Sonnet 4.5 and GPT-5 in…

The FBI is warning of AI-assisted fake kidnapping scams:Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release.

Oftentimes, the criminal actor will express significant claims of violence towards the loved one if the ransom is not paid immediately.

The criminal actor will then send what appears to be a genuine photo or video of the victim’s loved one, which upon close inspection often reveals inaccuracies when compared to confirmed photos of the loved one.

Examples of these inaccuracies include missing tattoos or scars and inaccurate body proportions.

Criminal actors will sometimes p…

There’s a public health imperative to quickly expand the adoption of autonomous vehicles.

The answer is critical for determining how autonomous vehicles may shape motor vehicle safety and public health, and for developing sound policies to govern their deployment.

In this paper, we calculate the number of miles of driving that would be needed to provide clear statistical evidence of autonomous vehicle safety.

And yet, the possibility remains that it will not be possible to establish with certainty the safety of autonomous vehicles.

One problem, of course, is that we treat death by human driver differently than we do death by autonomous computer driver.

Here’s a fun paper: “The Naibbe cipher: a substitution cipher that encrypts Latin and Italian as Voynich Manuscript-like ciphertext“:Abstract: In this article, I investigate the hypothesis that the Voynich Manuscript (MS 408, Yale University Beinecke Library) is compatible with being a ciphertext by attempting to develop a historically plausible cipher that can replicate the manuscript’s unusual properties.

The resulting cipher­a verbose homophonic substitution cipher I call the Naibbe cipher­can be done entirely by hand with 15th-century materials, and when it encrypts a wide range of Latin and Italian plaintexts, the resulting ciphertexts remain fully decipherable and also reliably reprod…

A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time — regardless of whether the visitor clicked on any links at the parked page.

Infoblox found parked websites are benign if the visitor arrives at the site using a virtual private network (VPN), or else via a non-residential Internet address.

A defanged list of these typosquatting domains is available here (the dots in the listed domains have been replaced with commas).

“It was often a chain of redirects — one or two domains outside p…

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software.

This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.

Despite releasing a lower-than-normal number of security updates these past few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% increase from 2024.

The zero-day flaw patched today is CVE-2025-62221, a privilege escalation vulnerability affecting Windows 10 and later editions.

For anyone seeking a more granular breakdown of the security updates Microsoft pushed today, check out the roundup at the SANS In…

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine.

UK companies belonging to the group that have been shut down by Google Ads since Jan 2025 include:–Proglobal Solutions LTD (advertised nerdifyit[.

Currently active Google Ads accounts for the Nerdify brands include:-OK Marketing LTD (advertising geekly-hub[.

For a number of years, Lobov and Perkon co-produced a cross-cultural event in the U.K. called Russian Film Week.

While Synergy University promotes itself as Russia’s largest private educational institutio…

The phishing domains are being promoted by scam messages sent via Apple’s iMessage service or the functionally equivalent RCS messaging service built into Google phones.

The website scanning service urlscan.io shows thousands of these phishing domains have been deployed in just the past few days alone.

Pivoting off these T-Mobile phishing domains in urlscan.io reveals a similar scam targeting AT&T customers:Ford Merrill works in security research at SecAlliance, a CSIS Security Group company.

CAVEAT EMPTORMany SMS phishing or “smishing” domains are quickly flagged by browser makers as malicious.

“The fake e-commerce sites are tough because a lot of them can fly under the radar,” Merrill sai…

A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations.

Scattered LAPSUS$ Hunters (SLSH) is thought to be an amalgamation of three hacking groups — Scattered Spider, LAPSUS$ and ShinyHunters.

But last week, SLSH announced on its Telegram channel the release of their own ransomware-as-a-service operation called ShinySp1d3r.

The individual responsible for releasing the ShinySp1d3r ransomware offering is a core SLSH member who goes by the handle “Rey” and who is currently one of just three administrators of the SLSH Telegram channel.

Incredibly, Rey w…

UNBOXINGCensys’s Ashley said the phone home to China’s Tencent QQ instant messaging service was the first red flag with the Superbox devices she examined.

In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants dubbed the “BadBox 2.0 Enterprise,” which Google described as a botnet of over ten million Android streaming devices that engaged in advertising fraud.

Several of the Android streaming devices flagged in Google’s lawsuit are still for sale on top U.S. retail sites.

Kilmer said Badbox 2.0 was used as a distribution platform for IPidea, a China-based entity that is now the world’s largest residential proxy network.

-Generic TV streaming devices advertis…

Sixteen months later, however, Mozilla is still promoting Onerep.

This week, Mozilla announced its partnership with Onerep will officially end next month.

In a statement published Tuesday, Mozilla said it will soon discontinue Monitor Plus, which offered data broker site scans and automated personal data removal from Onerep.

Mozilla said current Monitor Plus subscribers will retain full access through the wind-down period, which ends on Dec. 17, 2025.

Shelest released a lengthy statement wherein he acknowledged maintaining an ownership stake in Nuwber, a data broker he founded in 2015 — around the same time he launched Onerep.

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline.

Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites.

However, some customers did manage to pivot their domains away from Cloudflare during the outage.

“Then you see through DNS changes that the target has eliminated Cloudflare from their web stack due to the outage.

But also look hard at the behavior inside your org.”Scott said organizations seeking security insights from the Cloudflare outage should ask themselves:1.

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited.

Affected products this month include the Windows OS, Office, SharePoint, SQL Server, Visual Studio, GitHub Copilot, and Azure Monitor Agent.

Many of the more concerning bugs addressed by Microsoft this month affect Windows 10, an operating system that Microsoft officially ceased supporting with patches last month.

As that deadline rolled around, however, Microsoft began offering Windows 10 users an extra year of free updates, so long as they register their PC to an active Microsoft accoun…

More recently, Lighthouse has been used to spoof e-commerce websites, financial institutions and brokerage firms.

Google’s lawsuit alleges the purveyors of Lighthouse violated the company’s trademarks by including Google’s logos on countless phishing websites.

Ford Merrill works in security research at SecAlliance, a CSIS Security Group company, and he’s been tracking Chinese SMS phishing groups for several years.

Merrill said many Lighthouse customers are now using the phishing kit to erect fake e-commerce websites that are advertised on Google and Meta platforms.

But he said the Chinese mobile phishing market is so lucrative right now that it’s difficult to imagine a popular phishing serv…

The Washington Post recently reported that more than a half-dozen federal departments and agencies were backing a proposed ban on future sales of TP-Link devices in the United States.

“TP-Link vigorously disputes any allegation that its products present national security risks to the United States,” Ricca Silverio, a spokeswoman for TP-Link Systems, said in a statement.

Microsoft found the hacker groups were leveraging the compromised TP-Link systems to conduct “password spraying” attacks against Microsoft accounts.

Happily, TP-Link users spooked by the proposed ban may have an alternative to outright junking these devices, as many TP-Link routers also support open-source firmware options l…

Cloudflare responded by redacting Aisuru domain names from their top websites list.

One Aisuru botnet domain that sat prominently for days at #1 on the list was someone’s street address in Massachusetts followed by “.com”.

Other Aisuru domains mimicked those belonging to major cloud providers.

Sometime in the past 24 hours, Cloudflare appears to have begun hiding the malicious Aisuru domains entirely from the web version of that list.

However, downloading a spreadsheet of the current Top 200 domains from Cloudflare Radar shows an Aisuru domain still at the very top.

The 2012 indictment targeting the Jabber Zeus crew named MrICQ as “John Doe #3,” and said this person handled incoming notifications of newly compromised victims.

Two sources familiar with the Jabber Zeus investigation said Rybtsov was arrested in Italy, although the exact date and circumstances of his arrest remain unclear.

Further searching on this address in Constella finds the same apartment building was shared by a business registered to Vyacheslav “Tank” Penchukov, the leader of the Jabber Zeus crew in Ukraine.

Nevertheless, the pilfered Jabber Zeus group chats provided the basis for dozens of stories published here about small businesses fighting their banks in court over six- and se…

Experts say the Aisuru botmasters recently updated their malware so that compromised devices can more easily be rented to so-called “residential proxy” providers.

From a website’s perspective, the IP traffic of a residential proxy network user appears to originate from the rented residential IP address, not from the proxy service customer.

“I just checked, and in the last 90 days we’ve seen 250 million unique residential proxy IPs,” Kilmer said.

Brundage says that by almost any measurement, the world’s largest residential proxy service is IPidea, a China-based proxy network.

That 2022 story named Yunhe Wang from Beijing as the apparent owner and/or manager of the 911S5 proxy service.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Danny Palmer.

Smashing Security #448:The Kindle that got pwned [Your browser does not support the audio element]Host:Graham Cluley:@grahamcluley.com @[email protected] / grahamcluleyGuest:Danny Palmer:/ dannypalmerwriter‬Episode links:Sponsors:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podca…

The cruise line has updated its list of prohibited items, specifically banning smart glasses and similar wearable devices from public areas.

The ban means that you could find your expensive Google Glass, Meta/Ray-Ban Stories confiscated by the cruise's security team if you break the rules.

An obvious question is why are smart glasses subject to a ban onboard, but not other recording devices such as smartphones and regular cameras?

And, unfortunately, it's not always obvious that someone is wearing smart glasses.

Smart glasses are becoming increasingly sophisticated and harder to distinguish from regular glasses.

In episode 81 of The AI Fix, Graham discovers that deepfakes are already marking your kids’ homework, while Mark glimpses the future when he discovers AI agents that can communicate by reading each other’s minds.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive cont…

Regular readers of Hot for Security will have read plenty of articles about cybercriminals who have created malware, or malicious hackers who have used malware to infect the systems of victims.

But the news this week is that a court in Singapore has jailed a man not for launching an attack himself, but instead for teaching others exactly how to do it.

According to Singaporean authorities this is the country's first prosecution specifically targeted against somebody who had taught others how to use malware.

Prosecutors claim that Lee Rong Teng provided Cheoh with several versions of the spyware and asked him to learn how they functioned.

Cheoh’s alleged accomplice, Lee Rong Teng, is thought …

Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future." Read more in my article on the Fortra blog.

Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable.

All this, and more, in episode 447 of the “Smashing Security” podcast with Graham Cluley, and special guest Jenny Radcliffe.

Smashing Security listeners get $1000 off!

CoreView – Benchmark your Microsoft 365 tenant security against the Center for Internet Security (CIS) controls.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

A new report from the United States's Financial Crimes Enforcement Network (FinCEN) has shone a revealing light on the state of the criminal industry of ransomware. The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion over the three-year period. Yes, that number is enormous - but it hides a more interesting story beneath it: that after peaking in 2023, ransomware payments actually started to decline. Read more in my article on the Fortra blog.

Remember when a notorious ransomware gang hit the Irish Health Service back in May 2021?

Four years on, and it seems victims who had their data exposed will finally receive compensation.

The attack against the Health Service Executive (HSE) began when the Russia-linked Conti ransomware group tricked a user into downloading a boobytrapped Microsoft Excel file.

The Health Service Executive (HSE) has now made an offer of €750 to victims whose personal data was compromised in what was declared the largest ever cyber attack against a health service computer system in Ireland.

According to media reports, a Cork-based solicitors firm representing more than 100 people affected by the data breach re…

A 22-year-old from Newport Beach, California has pleaded guilty to his role in a sophisticated criminal network that stole approximately US $263 million in cryptocurrency from victims.

Evan Tangeman is the ninth defendant to plead guilty in connection with what prosecutors have described as a highly-organised criminal enterprise, dubbed the "Social Engineering Enterprise" (SE Enterprise).

Some members of SE Enterprise specialised in hacking databases to identify wealthy cryptocurrency investors.

Evan Tangeman admitted to working as a money launderer for the group, helping convert US $3.5 million worth of stolen cryptocurrency into cash.

For all their supposed sophistication, the downfall of…

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

Grok, the AI chatbot developed by Elon Musk's xAI, has been found to exhibit more alarming behaviour - this time revealing the home addresses of ordinary people upon request.

And, as if that wasn't enough of a privacy violation, Grok has also been exposed as providing detailed instructions for stalking and surveillance of targeted individuals.

If Grok was not able to identify the exact person, it would often return lists of similarly named individuals with their addresses.

Grok was also not afraid of offering tips for encountering a world-famous pop star, providing tips for waiting near venue exits.

As AI becomes embedded in our daily lives, it is clear that stronger safeguards are not opti…

A new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen. Read more in my article on the Fortra blog.

All this and more is discussed in episode 446 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Rik Ferguson.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

The FBI has recently issued a public service announcement that warns that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million. Read more in my article on the Fortra blog.

Что нужно знать об этих изменениях и какие знания и привычки взять с собой в 2026 год?

Мы рекомендуем Kaspersky Premium — с ним вы получите и защиту от вредоносного ПО, и оповещения (если ваши личные данные засветились в каких-то публичных утечках), и менеджер паролей, и родительский контроль, и многое другое.

Как и в случае с фастфудом, телевизором, TikTok и другими легкодоступными благами, важно найти баланс между здоровым применением этих помощников и опасными привычками.

А где-то вам подключили дополнительную опцию, о которой вы и не знаете, и ее нужно отключить.

Предполагается, что нейросети помогут дому самостоятельно решать, что и когда делать, чтобы владельцу было удобнее, — без зар…

В основном Stealka распространяют на популярных ресурсах — вроде GitHub, SourceForge, Softpedia, sites.google.com и других — под видом кряков известных программ, читов и модов для игр.

Чем опасен стилер StealkaУ Stealka достаточно большой арсенал возможностей, но «лакомый кусок» для него — данные из браузеров на движках Chromium и Gecko.

Не менее интересны для хакеров куки-файлы и токены сессий, которые позволяют обойти двухфакторную аутентификацию и угнать аккаунты без ввода пароля.

В зоне риска — Discord, Telegram, Unigram, Pidgin, Tox и другие.. В служебных файлах мессенджеров хранятся данные об аккаунтах, идентификаторы устройств, токены авторизации и параметры шифрования переписки.

— S…

Наши эксперты из команды GReAT обнаружили и исследовали новую волну целевых рассылок за авторством APT-группы «Форумный тролль».

Внутри содержались персонализированные ссылки, по которым жертве предлагали скачать отчет о проверке какого-то материала на плагиат, что, по замыслу атакующих, должно было заинтересовать ученых.

В случае если жертва испытывала сомнения в легитимности письма и заходила на страницу e-library{.

Сам файл, впрочем, не был персонализирован — это был достаточно размытый отчет в формате одной из российских систем проверки на плагиат.

Мы рекомендуем устанавливать надежные ИБ-решения не только на все устройства, с которых сотрудники выходят в Интернет, но и на почтовый шлюз…

Мы в «Лаборатории Касперского» изучили, какой путь проходят данные после фишинговой атаки: кому они достаются, как их сортируют, перепродают и используют на теневом рынке.

: реквизиты карт, данные от криптокошельков.

В таких архивах часто попадаются мусорные и устаревшие данные, и поэтому стоят они недорого: стартовая цена — $50.

Данными пользователей торгуют при этом не только в даркнете, но и в старом добром Telegram.

Несложно догадаться, что наиболее дорогой и востребованный товар на этом рынке — данные от банковских аккаунтов и криптокошельков.

Разумеется, сообщать облачный пароль нельзя никому — он нужен исключительно для того, чтобы войти в ваш аккаунт в Telegram.. Сделайте это в разделе Настройки → Конфиденциальность Telegram прямо сейчас.

После недавнего обновления в Telegram появилась возможность защитить вход в аккаунт не только облачным паролем, но и ключом доступа.

После недавнего обновления в Telegram появилась возможность защитить вход в аккаунт не только облачным паролем, но и ключом доступа.

Поэтому мы рекомендуем создать сложный и уникальный облачный пароль Telegram и хранить как его, так и ключ доступа для Telegram в Kaspersky Password Manager.

Поэтому мы рекомендуем создать сложный и уникальный облачный пароль Teleg…

Правоохранительные органы Южной Кореи арестовали четырех подозреваемых во взломе 120 000 IP-камер, установленных как в частных домах, так и в коммерческих помещениях — например, в комнатах караоке, студии пилатеса и гинекологической клинике.

Объясняем, что представляют собой IP-камеры и в чем состоят их уязвимости, а также подробно рассказываем об инциденте в Южной Корее и о том, как не стать жертвой злоумышленников, охотящихся за горячими видео.

Что случилось в Южной КорееВернемся к событиям, произошедшим этой осенью в Южной Корее.

Он взломал 63 000 IP-камер и создал, а затем продал 545 видео сексуального характера за 35 миллионов южнокорейских вон (чуть меньше 24 000 долларов).

Он взломал…

В этом посте попробуем определить, какие активы требуют первоочередного внимания, как их обнаружить и в какой форме проводить реагирование.

Физические и виртуальные серверы остаются бесхозными в крупных инфраструктурах после проектов по миграции или после слияния и поглощения компаний.

Важно также закрепить в политике способы учета создаваемых хранилищ и запрет на «бесхозные» данные, доступные без ограничений, паролей и шифрования.

Для внутренней разработки — обязательное использование сканеров и комплексных систем защиты, интегрированных с конвейером CI/CD и предотвращающих сборку ПО с устаревшими компонентами.

Подключенные к сети, но не управляемые и не обновляемые роутеры, межсетевые экр…

Недавно на новостных сайтах появилась информация о том, что некие злоумышленники распространяют инфостилер через бесплатные файлы 3D-моделей для ПО Blender.

Почему Blender и онлайн-маркетплейсы 3D-моделей могут быть источниками рискаBlender — это программное обеспечение для создания 3D-графики и анимации, которое используется множеством специалистов по визуализации в различных областях.

Среди прочих возможностей Blender есть и поддержка выполнения Python-скриптов, которые используются для автоматизации задач и расширения функциональности ПО.

Чем опасны рабочие инструменты, не контролируемые ИБПроблема не в Blender как таковом — злоумышленники неизбежно попробуют эксплуатировать возможности …

Теперь поделиться можно еще и чатом с ИИ-ассистентом, и ссылка на него будет вести на официальный сайт чат-бота.

При правильном вводе скрипт скачивает вредоносное ПО и использует указанный пароль для установки и запуска зловреда.

Инфостилер и бэкдорЕсли пользователь поддастся на уговоры, на его компьютере запустится распространенный инфостилер AMOS (Atomic macOS Stealer).

Использовать надежную защиту от вредоносного ПО на всех своих смартфонах, планшетах и компьютерах, включая компьютеры под управлением macOS и Linux.

Никогда не выполнять технические инструкции, о которых вы не просили и в которых разбираетесь не до конца.

Что нового в Kaspersky Embedded Systems Security для WindowsНаши эксперты значительно переработали кодовую базу решения, добавив ряд продвинутых механизмов детектирования и блокирования угроз.

Что нового в Kaspersky Embedded Systems Security для LinuxМы значительно доработали и новый KESS для Linux, но большинство нововведений в нем повышают эффективность уже реализованных защитных механизмов.

В нем мы планируем:Обеспечить полную совместимость Kaspersky Embedded Systems Security с сервисом Kaspersky Managed Detection and Response.

Добавить в Kaspersky Embedded Systems Security для Linux технологию защиты от BadUSB, которая уже работает в Windows-версии.

Обеспечить поддержку решением Kaspers…

3 декабря стало известно о скоординированном устранении критической уязвимости CVE-2025-55182 (CVSSv3 — 10), которая содержалась в React server components (RSC), а также во множестве производных проектов и фреймворков: Next.js, React Router RSC preview, Redwood SDK, Waku, RSC-плагинах Vite и Parcel.

Учитывая, что на базе React и Next.js построены десятки миллионов сайтов, включая Airbnb и Netflix, а уязвимые версии компонентов найдены примерно в 39% облачных инфраструктур, масштаб эксплуатации может быть очень серьезным.

Благодаря компонентам RSC, появившимся в React 18 в 2020 году, часть работы по сборке веб-страницы выполняется не в браузере, а на сервере.

Изначально React предназначен дл…

C октября этого года наши технологии фиксируют вредоносные рассылки файлов, в названии которых эксплуатируется тема годовых премий и бонусов.

Еще одной интересной особенностью данной вредоносной кампании является то, что в качестве полезной нагрузки выступает XLL-файл, что достаточно нестандартно.

Атакующие, конечно, меняют иконку, но в некоторых интерфейсах — в первую очередь в «проводнике Windows» — очевидно, что тип файла не соответствует видимому расширению, как показано, например, вот в этом посте.

Тип файла XLL служит для надстроек Microsoft Excel и, по сути, представляет собой DLL-библиотеку, которая запускается непосредственно программой для работы с электронными таблицами.

Часть ко…

Наверняка найдутся и желающие применить на практике новую атаку Whisper Leak.

Исследователи из Microsoft продолжили эту тему и проанализировали параметры поступления ответа от 30 разных ИИ-моделей в ответ на 11,8 тысяч запросов.

Сравнив задержку поступления пакетов от сервера, их размер и общее количество, исследователи смогли очень точно отделить «опасные» запросы от «обычных».

Как защититься от Whisper LeakОсновное бремя защиты от этой атаки лежит на провайдерах ИИ-моделей.

Если вы пользуетесь моделью и серверами, для которых Whisper Leak актуален, можно либо сменить провайдера на менее уязвимого, либо принять дополнительные меры предосторожности.

Как устроена автоматическая машина для тасования карт Deckmate 2Машина для автоматического тасования карт Deckmate 2 была запущена в производство в 2012 году.

В предыдущей модели устройства, Deckmate, внутренней камеры не было и, соответственно, не было возможности подглядеть последовательность карт в колоде.

Как исследователи смогли взломать устройство Deckmate 2Опытные читатели нашего блога уже наверняка заметили несколько уязвимостей в конструкции Deckmate 2, которыми воспользовались исследователи для создания proof-of-concept.

Это позволяло специалистам в реальном времени узнавать порядок карт в тасовке.

Как мафия использовала взломанные Deckmate 2 в реальных покерных играхДва года спус…

Видеорегистраторы, популярные в одних странах и полностью запрещенные в других, обычно воспринимаются как страховка на случай ДТП и спорных ситуаций на дорогах.

По Wi-Fi к устройству может подключаться смартфон водителя, чтобы через мобильное приложение провести настройки, скачать видео на телефон и так далее.

Как выяснилось, многие регистраторы допускают обход аутентификации и к ним можно подключиться с чужого устройства, а затем скачать сохраненные данные.

Просто они заказывают компоненты и ПО у одного и того же разработчика.

Но массовый взлом видеорегистраторов может привести к значительно более агрессивному сбору данных и злоупотреблению ими в преступных и мошеннических схемах.

In this context, the importance of Data Loss Prevention (DLP) capability for data protection cannot be overstated.

Cisco Secure Access: Unified, AI-Powered Data Loss Prevention (DLP) for the Modern EnterpriseCisco Secure Access delivers the next generation of Data Loss Prevention (DLP) as a core component of our Security Service Edge (SSE).

Secure Access DLP also plays a vital role in enabling the safe use of generative Artificial Intelligence (AI) applications and model repositories.

The Endpoint DLP Advantage: Safeguarding Data Movement at the SourceIncorporating endpoint DLP into an organization’s data protection strategy brings immense value.

Recognizing this, Cisco Secure Access launch…

Cisco ISE: Live network visibility—but not always aligned with CMDB metadata or lifecycle information.

The Old Way Was LimitedPrevious integrations between Cisco ISE and ServiceNow attempted to close this gap by pushing CMDB attributes into ISE.

The Cisco ISE + ServiceNow Service Graph Connector finally closes the loop between visibility and control.

With Service Graph Connector for Cisco ISE, watch your network inventory come alive.

Ask a question and stay connected with Cisco Security on social media.

Cisco Identity Intelligence is now the first Cisco product to deliver a customer facing capability powered entirely by a Cisco built artificial intelligence model, Foundation-sec-1.1-8B-Instruct.

Strengthening Identity Security Through Deeper InsightCisco Identity Intelligence helps organizations understand and respond to identity related risk across their entire environment.

A key part of this experience is the weekly email digest that Cisco Identity Intelligence sends to administrators.

Why the Cisco Foundation Model MattersCisco Identity Intelligence selected the Cisco Foundation AI model because it offers clear advantages in quality, control, and long-term strategic alignment.

A Cisco-o…

According to our survey results, 94% of organizations are currently facing segmentation challenges, which range from technical to non-technical issues.

Challenges Inhibiting Segmentation ProjectsUnderstanding the challenges organizations face will ease the transition from partial to comprehensive segmentation implementations, allowing organizations to accelerate their progress through their segmentation journeys.

Currently, what are/ could be the biggest segmentation challenges you are/ could be experiencing at your organization?

Overcoming Segmentation Challenges Enables a Proactive Security StrategySegmentation remains a foundational element of enterprise security.

In the meantime, downlo…

Thanks to Duo, I was quickly given access to all the essential tools: Cisco XDR, Splunk, firewall dashboards, and more from the duo directory.

Detection: Cisco XDR flagged the suspicious behavior, visualizing the connections between one internal asset and several high-risk external hosts.

This raised immediate concerns about potential malware or command-and-control activity (see Cisco XDR investigation below).

In summary, my first SOC experience turned initial nerves into genuine confidence.

Ask a question and stay connected with Cisco Security on social media.

As a reminder, when a Windows client is seeking to talk to a domain controller it will make DNS queries for SRV records for names like _kerberos._tcp.dc._msdcs.DOMAINNAME or _ldap._tcp.dc._msdcs.DOMAINNAME.

These DNS requests enable the client to find nearby Kerberos or LDAP servers for their domain.

Finally, the Cisco Live network is designed to be a safe network for attendees to use.

A properly configured VPN client like Cisco Secure Client can support both a full tunnel VPN and “Start Before Login”.

Check out the other blogs by my colleagues in the Cisco Live Melbourne 2026 SOC.

Kerberoasting: An attacker with a valid ticket can request service tickets from the KDC which are encrypted with the service account password.

An attacker with a valid ticket can request service tickets from the KDC which are encrypted with the service account password.

Cisco XDR: Cross-signal correlation and incident management spanning Secure Firewall, Secure Access (DNS), Secure Network Analytics, and partner telemetry.

Cross-signal correlation and incident management spanning Secure Firewall, Secure Access (DNS), Secure Network Analytics, and partner telemetry.

Secure Network Analytics: NetFlow analytics to surface scanning, beaconing, and anomalous connection patterns at scale.

Building on the success of the 2nd annual Security Operations Centre (SOC) at Cisco Live Melbourne (Asia Pacific Japan) 2024, the executive team supported the first SOC for Cisco Live San Diego (Americas) and invited the team back for 20025.

The SOC at Cisco Live SOC was successfully deployed in just 12 hours over 1 ½ days, demonstrating extensive prior planning and specialized expertise.

The partnership with Endace, a highly skilled full-packet capture provider, whose experience in the 2025 SOC was critical and extended to their commitment for Cisco Live Melbourne.

For example, Ryan MacLennan created an AI model to find domain generated algorithms at the Cisco Live AMER Security SOC.

Ackno…

Joining the Security Operations Centre (SOC) team in Cisco Live Melbourne was a new experience for me as a Cisco Technical Marketing Engineer (TME).

As a Tier1 / Tier 2 analyst the first screen to look at is Cisco XDR, that will bring incidents from the different data sources including Splunk Core.

Day 1 at Cisco Live and guess what?

Distributed Deniel of Service (DDoS) activity was detected targeting Cisco TV devices connected to Cisco Live network.

Check out the other blogs by my colleagues in the Cisco Live APJC 2026 SOC.

In the Cisco Live Melbourne SOC, we use a combination of Endace full packet capture (PCAP), Splunk Enterprise Security, and Splunk SOAR to provide automated detections of cleartext credential leakage.

We resolve this using the coalesce function in Splunk’s eval command.

The coalece function will return the first non-null value from a list of possible values, just like the COALESCE function in SQL.

In our case, we use it like so:However, during Cisco Live we discovered a problem with this logic.

One answer is a Splunk macro.

One area of integration between CSF and Splunk that we worked on at Cisco Live Melbourne involved Enterprise Security Content Update (ESCU) detections in Splunk Enterprise Security (ES).

Splunk ES has around two dozen ESCU detections for Cisco Secure Firewall.

These can be accessed from ES by navigating to Security Content > Content Management and then searching for ‘Secure Firewall’.

All ESCU detections for Secure Firewall reference the same macro, ‘cisco_secure_firewall’.

We transitioned our firewall log export to syslog a few conferences ago, and in Melbourne we decided to test the ESCU detections with syslog.

The Adrenaline of the Real World: Rapid Threat Containment on DisplayThe first thing that strikes you when you walk into the Cisco Live SOC is the energy.

The XDR & Splunk ES Synergy: The key highlight of the visibility demo was the seamless data exchange between XDR and Splunk ES.

Forging the Future: Empowering New and Tier One AnalystsPerhaps the most inspiring aspect of the SOC tours was the focus on people.

The Cisco Live Melbourne 2025 SOC tours weren’t just about the technology of today; they were about sharing our experiences, delivering on the EDUCATE component of our Mission.

Check out the other blogs by my colleagues in the Cisco Live APJC 2026 SOC.

Sometimes though we see exceptions, in this circumstance an asset connected to the Attendee Wi-Fi network at Cisco Live Melbourne 2025 exhibited a large spike in traffic on multiple occasions.

Upon investigation, the asset was found to be connecting to multiple confirmed malicious external IP addresses.

When the Incident was investigated, we found that the asset was communicating with numerous external IP addresses classified as malicious.

Investigating further, we saw the internal IP address communicating with a number of external IP addresses, all classed as malicious.

Cisco Security Social MediaLinkedInFacebookInstagramX

Segmentation introduces critical control points, regulating who and what can access the network environment and its applications.

I consistently approach the segmentation journey with my customers by framing it as a circular cycle.

This cycle starts with visibility, progresses through identity context, policy selection, and policy enforcement, ultimately returning to enhanced visibility.

1: The segmentation cycleVisibilityThe segmentation cycle both starts and ends with robust visibility.

Policy AssignmentPolicy Assignment, often referred to as the Policy Decision Point (PDP) in NIST SP 800-207, represents the “what” in our segmentation cycle.

The survey results also revealed interesting insights into why segmentation remains a foundational concept.

The evolution of segmentation and the development of different segmentation approaches make the concept ideal for implementing a proactive approach to enterprise cybersecurity today.

And now, augmenting macro-segmentation with micro-segmentation implementations allows security teams to split environments into separate networks AND isolate specific workloads based on behavior or identity.

Data split by those who have fully implemented both macro- and micro-segmentation (315), and those who have not fully implemented both (608).

Data split by those who have fully implemented both macro-…

But point solutions can only go so far.

In our new e-book, 3 reasons point solutions are holding you back, we share how a unified, AI-ready platform can transform your security operations to help keep your organization safe.

Download the 3 reasons point solutions are holding you back e-book and discover how a unified, AI-ready platform can help your team stay ahead of cyberthreats and prepare for the future.

Learn moreTo learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

An Access Fabric solution continuously decides who can access what, from where, and under what conditions—in real time.

Why a unified approach to access security is better than a fragmented oneLet’s use an everyday example to illustrate the difference between an access security approach that uses fragmented tools versus one that uses an Access Fabric solution.

This time you, your device, your applications, and your data are wrapped in the protection of an Access Fabric solution that connects identity, device, and network signals.

What makes an Access Fabric solution effectiveFor an Access Fabric solution to secure access in hybrid work environments effectively, it must be contextual, connec…

The React Server Components ecosystem is a collection of packages, frameworks, and bundlers that enable React 19 applications to run parts of their logic on the server rather than the browser.

To exploit CVE-2025-55182, an attacker sends a crafted input to a web application running React Server Components functions in the form of a POST request.

Microsoft Defender Vulnerability Management and Microsoft Defender for CloudMicrosoft Defender for Cloud rolled out support to surface CVE-2025-55182 with agentless scanning across containers and cloud virtual machines (VMs).

In parallel, we recommend that you upgrade affected React Server Components and Next.js packages immediately to patched versi…

The React Server Components ecosystem is a collection of packages, frameworks, and bundlers that enable React 19 applications to run parts of their logic on the server rather than the browser.

To exploit CVE-2025-55182, an attacker sends a crafted input to a web application running React Server Components functions in the form of a POST request.

Microsoft Defender Vulnerability Management and Microsoft Defender for CloudMicrosoft Defender for Cloud rolled out support to surface CVE-2025-55182 with agentless scanning across containers and cloud virtual machines (VMs).

In parallel, we recommend that you upgrade affected React Server Components and Next.js packages immediately to patched versi…

Today, we are proud to share that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense.

The post Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense appeared first on Microsoft Security Blog.

This form of cyberattack involves operatives posing as legitimate remote hires, slipping past human resources checks and onboarding processes to gain trusted access.

With support from Microsoft Threat Intelligence, we quickly traced the activity to the North Korean remote IT workforce known as Jasper Sleet.

TACTICPiKVM devices—low-cost, hardware-based remote access tools—were utilized as egress channels.

Advanced detection tools, including Microsoft Defender for Identity and Microsoft Defender for Endpoint, were deployed to uncover lateral movement and credential misuse.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

This form of cyberattack involves operatives posing as legitimate remote hires, slipping past human resources checks and onboarding processes to gain trusted access.

With support from Microsoft Threat Intelligence, we quickly traced the activity to the North Korean remote IT workforce known as Jasper Sleet.

TACTICPiKVM devices—low-cost, hardware-based remote access tools—were utilized as egress channels.

Advanced detection tools, including Microsoft Defender for Identity and Microsoft Defender for Endpoint, were deployed to uncover lateral movement and credential misuse.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Our blog “Building human-centric security skills for AI” offers insights and guidance you can apply in your organization.

Find in AI Skills Navigator, our agentic learning space, AI and security training tailored to different roles.

—Jeana Jorgensen, Corporate Vice President, Microsoft LearningFostering a culture that prioritizes securityAs AI impacts everyone’s role, make security awareness and responsible AI practices shared priorities.

From awareness to actionIn the agentic AI era, people continue to be our most valuable resource.

It’s essential to empower them with AI and equip them with the skills they need to use AI responsibly and securely.

Our blog “Building human-centric security skills for AI” offers insights and guidance you can apply in your organization.

Find in AI Skills Navigator, our agentic learning space, AI and security training tailored to different roles.

—Jeana Jorgensen, Corporate Vice President, Microsoft LearningFostering a culture that prioritizes securityAs AI impacts everyone’s role, make security awareness and responsible AI practices shared priorities.

From awareness to actionIn the agentic AI era, people continue to be our most valuable resource.

It’s essential to empower them with AI and equip them with the skills they need to use AI responsibly and securely.

As email threats grow more sophisticated and layered security architectures become more common, organizations need clear, data-driven insights to evaluate how their security solutions perform together.

Microsoft’s commitment to transparency continues with the release of our second email security benchmarking report, informed by valuable customer and partner feedback.

The study compares environments protected exclusively by Microsoft Defender with those using a Secure Email Gateway (SEG) positioned in front of Defender, as well as environments where Integrated Cloud Email Security (ICES) solutions add a secondary layer of detection after Defender.

Secure Email Gateway and Integrated Cloud Em…

As email threats grow more sophisticated and layered security architectures become more common, organizations need clear, data-driven insights to evaluate how their security solutions perform together.

Microsoft’s commitment to transparency continues with the release of our second email security benchmarking report, informed by valuable customer and partner feedback.

The study compares environments protected exclusively by Microsoft Defender with those using a Secure Email Gateway (SEG) positioned in front of Defender, as well as environments where Integrated Cloud Email Security (ICES) solutions add a secondary layer of detection after Defender.

Secure Email Gateway and Integrated Cloud Em…

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently.

In defending against threats like Shai-Hulud 2.0, organizations benefit significantly from the layered protection from Microsoft Defender, which provides security coverage from code, to posture management, to runtime.

This blog provides a high-level overview of Shai‑Hulud 2.0, the attack mechanisms, potential attack propagation paths, customized hunting queries, and the actions Microsoft Defender is taking to enhance detection, attack-path analysis, credential scanning, and supply chain hardening.

Tactic Observed activity Microsoft Defender coverage Execution S…

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently.

In defending against threats like Shai-Hulud 2.0, organizations benefit significantly from the layered protection from Microsoft Defender, which provides security coverage from code, to posture management, to runtime.

This blog provides a high-level overview of Shai‑Hulud 2.0, the attack mechanisms, potential attack propagation paths, customized hunting queries, and the actions Microsoft Defender is taking to enhance detection, attack-path analysis, credential scanning, and supply chain hardening.

Tactic Observed activity Microsoft Defender coverage Execution S…

In this article, John Lambert, Chief Technology Officer, Corporate Vice President and Security Fellow at Microsoft dives into the future of cyber defense.

It’s easy to see why some security professionals out there see the physics of defense as being against them.

It’s also important to work on cyber defense together with organizations that you otherwise view as your competitors.

By rewriting the physics of defense, we can reclaim the advantage and redefine what it means to be secure.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

In this article, John Lambert, Chief Technology Officer, Corporate Vice President and Security Fellow at Microsoft dives into the future of cyber defense.

It’s easy to see why some security professionals out there see the physics of defense as being against them.

It’s also important to work on cyber defense together with organizations that you otherwise view as your competitors.

By rewriting the physics of defense, we can reclaim the advantage and redefine what it means to be secure.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation.

What’s Domain Control Validation?

Domain Control Validation is a security-critical process designed to ensure certificates are only issued to the legitimate domain operator.

Sunsetted methods relying on email:Sunsetted methods relying on phone:Sunsetted method relying on a reverse lookup:For everyday users, these changes are invisible - and that’s the point.

These changes push the ecosystem toward standardized (e.g., ACME), modern, and auditable Domain Control Validation methods.

Partnership with ArmOur goal is to raise the bar on GPU security, ensuring the Mali GPU driver and firmware remain highly resilient against potential threats.

We partnered with Arm to conduct an analysis of the Mali driver, used on approximately 45% of Android devices.

This approach allowed us to roll out the new security policy broadly while minimizing the impact on developers.

This effort spans across Android and Android OEMs, and required close collaboration with Arm.

The Android security team is committed to collaborating with ecosystem partners to drive broader adoption of this approach to help harden the GPU.

We built on Gemini's existing protections and agent security principles and have implemented several new layers for Chrome.

To further bolster model alignment beyond spotlighting, we’re introducing the User Alignment Critic — a separate model built with Gemini that acts as a high-trust system component.

A flow chart that depicts the User Alignment Critic: a trusted component that vets each action before it reaches the browser.

The User Alignment Critic runs after the planning is complete to double-check each proposed action.

Looking forwardThe upcoming introduction of agentic capabilities in Chrome brings new demands for browser security, and we've approached this challenge with the same ri…

Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle.

Over the last few years, we’ve launched industry-leading features to detect scams and protect users across phone calls, text messages and messaging app chat notifications.

To help combat these types of financial scams, we launched a pilot earlier this year in the UK focused on in-call protections for financial apps.

The UK pilot of Android’s in-call scam protections has already helped thousands of users end calls that could have cost them a significant amount of money.

We’ve also started to pilot this protection with more app types, including peer-to-peer (P2P) payment apps.

Secure by DesignWe built Quick Share’s interoperability support for AirDrop with the same rigorous security standards that we apply to all Google products.

Secure Sharing Channel: The communication channel itself is hardened by our use of Rust to develop this feature.

On Android, security is built in at every layer.

On Android, security is built in at every layer.

Secure Sharing Using AirDrop's "Everyone" ModeTo ensure a seamless experience for both Android and iOS users, Quick Share currently works with AirDrop's "Everyone for 10 minutes" mode.

Our first rust memory safety vulnerability...almost: We'll analyze a near-miss memory safety bug in unsafe Rust: how it happened, how it was mitigated, and steps we're taking to prevent recurrence.

Our First Rust Memory Safety Vulnerability...AlmostWe recently avoided shipping our very first Rust-based memory safety vulnerability: a linear buffer overflow in CrabbyAVIF.

Unsafe Review and TrainingOperating system development requires unsafe code, typically C, C++, or unsafe Rust (for example, for FFI and interacting with hardware), so simply banning unsafe code is not workable.

Dmytro Hrybenko for leading the effort to develop training for unsafe Rust and for providing extensive feedback on …

Survey shows Android users’ confidence in scam protectionsGoogle and YouGov3 surveyed 5,000 smartphone users across the U.S., India, and Brazil about their experiences.

The findings were clear: Android users reported receiving fewer scam texts and felt more confident that their device was keeping them safe.

Android users were 58% more likely than iOS users to say they had not received any scam texts in the week prior to the survey.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

What's worse, many plaintext HTTP connections today are entirely invisible to users, as HTTP sites may immediately redirect to HTTPS sites.

To address this risk, we launched the “Always Use Secure Connections” setting in 2022 as an opt-in option.

We now think the time has come to enable “Always Use Secure Connections” for all users by default.

For more than a decade, Google has published the HTTPS transparency report, which tracks the percentage of navigations in Chrome that use HTTPS.

Since HTTP navigations remain a regular occurrence for most Chrome users, a naive approach to warning on all HTTP navigations would be quite disruptive.

To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity.

Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.

An overwhelming 85% of all participants found the event useful for learning how AI can be applied to security workflows.

This positive feedback highlights that AI-centric CTFs can play a vital role in speeding up AI education and adoption in the security community.

We are committed to advancing the AI cybersecurity frontier…

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service .

The block will expire shortly after those requests stop.

In the meantime, solving the above CAPTCHA will let you continue to use our services.This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests.

If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible.

Learn more Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very qu…

At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos.

Pixel Camera attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

Google Photos attaches Content Credentials to JPEG images that already have Content Credentials and are edited using AI or non-AI tools, and also to any images that are edited using AI tools.

Building a More Trus…

Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics.

Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification.

This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar.

With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads.

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the hi…

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts.

Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and distribute provenance.

With an estimated value exceeding $12 trillion, open source software has never been more integral to the global economy.

For publishers and maintainers of open source packages, OSS Rebuild can...

If you're a developer, enterprise, or security researcher interested in OSS security, we invite you to follow along and get involved!

Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures.

This is particularly useful for Advanced Protection users, since in 2023, plaintext HTTP was used as an exploitation vector during the Egyptian election.

JavaScript Optimizations and Security Advanced Protection reduces the attack surface of Chrome by disabling the higher-level optimizing Javascript compilers inside V8.

Javascript optimizers can be disabled outside of Advanced Protection Mode via the “Javascript optimization & security” Site Setting.

We…

Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approachGoogle has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle.

From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level.

Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article.

Moving forwardOur comprehensive prompt injection security strategy strengthens the overall security framework for Gemini.