Формула FOMO: семь видео, одна песня, тысячи обсуждений. Почему платформа сошла с ума из-за «группы 7»?

Дали вспышку, залили этаном, сняли 1000 томограмм. 15 лет ради одного снимка… который перевернёт нейробиологию.

Нейросети пожирают столько энергии, что инженеры готовы идти на крайние меры.

Хакеры скомпрометировали региональную базу Avnet, требуя выкуп за терабайты клиентских и служебных контактов.

Internet Archive отметит исторический день 22 октября 2025 года.

Следствие проверяет данные семи журналистов и медиа-деятелей, пострадавших от кибератаки.

Дыру добавили в список активно эксплуатируемых. Через неё уже взламывают Windows 10, 11 и серверы.

Роскомнадзор подтвердил, что принял меры по «частичному ограничению».

Спецслужбы получили разрешение арестовывать людей по метаданным.

Soitec и CEA нашли способ, как сделать автомобильные микроконтроллеры неуязвимыми для хакеров.

Как превратить пентесты из разовой проверки в стратегию безопасности?

Однако сама по себе эта деятельность не принесёт ценности, если не интегрирована в процессы компании и не подкреплена действиями по устранению найденных уязвимостей.

Если в инфраструктуре что-то меняется или появляется информация о новых критических уязвимостях, можно сразу заложить в программу работ эти проверки, и команда их проведёт.

Как и в любых инвестициях, нужно периодически менять провайдера.

Приходя в компанию за услугой, стоит предупредить, что это в первый раз.

Next Generation SIEM — это смена парадигмы: от реактивного мониторинга к проактивной защите.

ВведениеСмена поколений в мире управления информацией и событиями безопасности (Security Information and Event Management, SIEM) — это не просто апгрейд, это смена приоритетов.

Вячеслав Атласов считает, что с уходом иностранных игроков российские SIEM достигли достаточного уровня зрелости, чтобы конкурировать с западными решениями.

Иван Прохоров добавил, что SIEM — это в первую очередь генератор алертов.

Вячеслав Атласов: «Чтобы SIEM была востребованной, она должна давать возможность делать быстро и просто для пользователей, выполнять те функции, которые возложены на SIEM, и обеспечивать гибкость».

Статистика показала, что маршрут атаки до полной компрометации домена в 21% проектов имел низкую сложность, а в 38% случаев - среднюю.

Это значит, что для организации превентивного процесса управления защищённостью инфраструктуры недостаточно устранять только уязвимости.

MaxPatrol Carbon получает эти данные от системы выявления и устранения уязвимостей MaxPatrol VM с модулем для харденинга и комплаенс-контроля MaxPatrol HCC.

Процесс расчёта мы отслеживаем с помощью специальных дашбордов в Grafana, которая устанавливается вместе с MaxPatrol Carbon.

Пример визуализации маршрута атаки в интерфейсе MaxPatrol CarbonБолее подробно про методику и нюансы расчёта времени атаки в MaxPatrol Carbon мы …

Российские компании получают запросы от Прокуратуры РФ о выполнении требований закона №187-ФЗ по защите критической информационной инфраструктуры.

В письме контролирующий орган требует подтвердить, что бизнес исполняет требования закона №187-ФЗ о безопасности критической информационной инфраструктуры (КИИ) Российской Федерации.

Если компания не относится к КИИ или не владеет информационными системами, направьте в ФСТЭК уведомление об отсутствии необходимости категорирования.

По итогам в ФСТЭК нужно направить акт о результатах категорирования и сведения о присвоенной категории значимости (по форме из приказа ФСТЭК № 236 от 22 декабря 2017 года).

Компании должны оперативно реагировать на запр…

«Лаборатория Касперского» представила новый релиз операционной системы, предназначенной для тонких клиентов — Kaspersky Thin Client 2.3 на базе KasperskyOS.

Сравнение толстых и тонких клиентовЕщё одним немаловажным фактором при выборе тонких клиентов является сокращение стоимости владения парком таких устройств.

После этого происходит подключение и настройка взаимодействия между Kaspersky Thin Client и Kaspersky Security Center.

ЗдравоохранениеВ ходе проекта в сети поликлиник была внедрена инфраструктура рабочих столов на базе тонких клиентов Kaspersky Thin Client и системы управления Kaspersky Security Center.

Для реализации проекта была внедрена инфраструктура рабочих столов на базе тонки…

Политики безопасности могут также включать маскирование или шифрование данных, что, в свою очередь, требует применения данных операций как с помощью штатных средств, так и внешних, интегрируемых с DSP через API или другие механизмы.

В итоге у бизнеса и госструктур просто нет представления о том, где и что хранится.

Системы, используемые в компаниях для защиты данныхВсё это создаёт большую нагрузку на персонал и не позволяет получать целостную картину о данных и правах доступа к ним.

Более того, поддержка нескольких разрозненных систем требует значительных ресурсов и усложняет управление», — сделал вывод руководитель направления защиты данных и приложений «К2 Кибербезопасность» Вадим Католик…

Функциональные возможности AlphaSense Symbiote 2.0AlphaSense Symbiote 2.0 — это комплексный автоматизированный продукт для выявления, верификации и дальнейшей эксплуатации уязвимостей, с подбором сценариев обхода СЗИ.

Информационная панель EASM в AlphaSense Symbiote 2.0Для упрощения анализа и повышения удобства предусмотрена фильтрация угроз по хостам, типу размещения ИТ-актива — внешний / внутренний, по наличию эксплуатации и обнаруженных уязвимостей CVE.

Настройка заданий сканирования в AlphaSense Symbiote 2.0Для ускорения настройки предусмотрены готовые профили сканирования, которые можно модифицировать и сохранять в виде собственных шаблонов.

Профили сканирования в AlphaSense Symbiote 2…

Это частный случай активно развивающейся на наших глазах шеринговой экономики с оплатой по подписке и с понятными метриками.

По его оценке, SLA легко адаптировать под специфику ИБ и в данном механизме заложены механизмы ответственности перед клиентами за некачественные услуги.

Андрей Кузнецов, ML-директор Positive TechnologiesТакже Андрей Кузнецов подчеркнул то обстоятельство, что ИИ является мультипликатором, если уровень квалификации сотрудника превышает определённый уровень.

И в целом при оснащении ИИ-ассистентами сотрудники первой линии технической поддержки или SOC будут способны решать больше задач.

Так что не исключено, что уже в самом скором будущем средства защиты, которые не испол…

Кибератаки сегодня нацелены не только на серверы и базы данных, но и на саму интеллектуальную основу бизнеса — алгоритмы.

Стоит учитывать, что при выстраивании безопасности нужно исходить от формата модели и того, что она делает.

Защита ML — вопрос интересов компании и модели использования чат-бота, и определяется тем, насколько важны репутационные риски.

Антон Башарин:«Берите любую угрозу, изучайте как её эксплуатировать, как можно применить, на что влияет, попробовать в лаборатории, потом на большой модели».

Успех внедрения MLSecOps зависит от понимания, что безопасность должна быть вплетена в жизненный цикл модели с самого начала, а не добавляться постфактум.

И дело не только в использовании каких-либо несертифицированных или зарубежных средств, но и в том, что многие организации подходят к защите виртуальных ИТ-инфраструктур как к физическим серверам.

Виртуальное исполнение межсетевых экранов:те же ограничения что и у физических МЭ;ограниченно масштабируются лишь за счёт добавления ресурсов виртуальной машине.

При этом vGate может использоваться и как наложенное средство безопасности, и как дополнительный механизм микросегментации.

В этом случае сетевой трафик будет ориентироваться на ограничения и от vGate, и от zVirt.

ВыводыСогласно исследованию iKS-Consulting и «Кода Безопасности», ежегодно объём рынка виртуализации будет расти более чем на …

ВведениеРынок межсетевых экранов нового поколения (Next Generation Firewall, NGFW) в России развивается в условиях ужесточающихся требований регуляторов к защите информации.

Каким требованиям должен соответствовать NGFWМы уже детально рассматривали базовые требования к NGFW на примере 17-й версии Ideco NGFW.

Обеспечение безопасности удалённого доступа в Ideco NGFW NovumВендор формирует план развития Ideco NGFW Novum, исходя из реальных запросов и задач собственных и потенциальных клиентов.

На лендинге эксклюзивного проекта Anti-Malware.ru и Ideco показано, как Ideco NGFW Novum меняет подход к защите корпоративной инфраструктуры — будет интересно.

Итоги внедрения: Ideco NGFW не только обеспе…

Российский рынок систем управления ИБ-событиями (SIEM) в 2025 году определяется трендами на суверенитет и импортозамещение.

Иван Прохоров, руководитель продуктов MaxPatrol SIEM / MaxPatrol IM, Positive TechnologiesМаксим Степченков считает, что SIEM не сильно изменились за последние годы.

Универсальный SIEM, подходящий для использования в SOC — тот, который можно максимально просто и быстро встроить в треугольник «люди — процессы — технологии».

Илья Одинцов:«Более 4 млрд событий в секунду обрабатываем в SOC.

ВыводыРоссийский рынок SIEM в 2025 году демонстрирует зрелость, смещая фокус с простого сбора логов на обеспечение реальной киберустойчивости бизнеса.

Компания UserGate объявила о запуске услуги «Центр мониторинга ИБ как сервис» (SOCaaS) — UserGate uFactor.

Поэтому игроки, ориентированные на свободный рынок, несомненно будут искать не только закулисные ходы, но и тренды в ИБ, на которые можно опереться.

«UserGate uFactor — это не отдельно взятый центр компетенций, консалтинговая структура или SOC, в их классическом понимании, — отметил директор по развитию бизнеса UserGate Эльман Бейбутов.

SOC-as-a-Service — это больше, чем NGFWСтанут ли услуги UserGate uFactor (включая SOCaaS) востребованными для российского рынка, учитывая его традиционную нелюбовь к аутсорсингу функций безопасности?

Поэтому передача функций безопасности в формат SOCaaS…

Эти аббревиатуры отражают эволюцию систем управления, где каждое последующее поколение предоставляет более широкий спектр функций:MDM-системы (Mobile Device Management) служат для управления функциями мобильных устройств.

UEM позволяют управлять разнородным парком корпоративной техникиСтоит заметить, что системы для управления корпоративной мобильностью нередко относят к классу MDM, даже если они обладают функциональностью UEM-систем.

Обзор российских UEM-системПосле ухода ряда международных компаний с российского рынка их место в сегменте удаленного управления корпоративными устройствами быстро заполнили отечественные разработчики.

Также доступна стратегия работы COPO, когда выданные компа…

раздел «Атаки на техническую реализацию» статьи Атаки на системы квантового распределения ключей).

Действительно, фактически вся атака построена на том, что кодирующий компонент не селективен – модулирует и легитимное, и вражеское излучение.

Используемый нами ЛФД в меру чувствителен во всем исследуемом спектральном диапазоне, что, вообще говоря, влияет лишь на время измерений, но не на точность.

Итоговые значения взаимной информации Алисы и Евы (в исследуемой нами системе) оказались равны χ_Eve~〖10〗^(-16), а в случае атаки на систему Боба χ_Eve ~〖10〗^(-18).

Во-вторых, диапазон атаки Евы не ограничивается ближним инфракрасным, теоретически атака может быть проведена и в видимом, и в среднем …

Такой пласт проблем часто ускользает от классических правил и требует семантического понимания кода и контекста исполнения.

Основанная на архитектуре T5 (Text-to-Text Transfer Transformer), эта модель была предварительно обучена на большом корпусе кода на различных языках программирования.

Этот модуль основан на библиотеке Pygments — инструменте для лексического анализа и подсветки синтаксиса, который поддерживает более 500 языков программирования, включая Solidity.

Для каждой категории токенов мы определяем весовые коэффициенты, отражающие их потенциальную важность для анализа безопасности.

Это может быть использовано как для диагностики, так и для интерпретации моделей на этапе аудита.

Стандартизация для нас — способ не «пересолить» сложность и хаос: и мы выбрали ISO как универсальное мерило баланса.

Прозрачность и контроль — чёткую систему выявления, оценки и управления рисками, связанными с информационной безопасностью.

Основу — архитектуру процессов, общие подходы, автоматизацию и контроль — мы «варим» вместе.

Секреты шефа: проверенные приёмы ISO 27001 в Яндекс 360В большой кухне всё держится не только на вкусе продуктов, но и на знании приёмов готовки.

И на десерт: почему по этому рецепту стоит готовить снова и сноваВ кулинарии информационной безопасности, как и на настоящей кухне, всё держится на балансе: традиций и инноваций, следовании технологии и готовности к экс…

Если вы начинающий разработчик и создаете свой пет-проект, легко увлечься бэкендом и фронтендом, а на ИБ сил уже не останется.

И да — это все происходило в приложении, которое оказалось простым и удобным для пользователей, а уж для меня — почти праздник.

Пентест у нас двухраундовый, и это не потому что мы любим усложнять себе жизнь.

Вывод простой: приложение не проверяет авторство операций и полагается на данные, пришедшие от клиента, а клиент легко может их подделать.

PoC:Рекомендация — в настройках Webvisor запретить запись чувствительных данных, таких как логины, чтобы они не сохранялись и не могли попасть в чужие руки.

В этом обзоре расскажем о новинках в нашем DLP‑решении для защиты от утечки данных с корпоративных компьютеров Кибер Протего 10.7.

Речь пойдет об интеграции Кибер Протего с анализатором сетевого трафика EtherSensor компании Microolap Technologies.

Это становится возможным благодаря тому, что EtherSensor использует REST API Кибер Протего для загрузки в базу данных событий и теневых копий в многопоточном режиме.

При этом задача DLP‑контроля периферийных устройств и портов рабочих станций выполняется агентом Кибер Протего, а в базе данных сервера управления Кибер Протего для централизованного анализа собираются события и данные как от EtherSensor в части объектов сетевого трафика, так и от аге…

Геополитическая напряженность превратила страну в одну из наиболее привлекательных мишеней: по информации TAdviser, доля заказных кибератак на российские компании в 2023 году составляла около 10%, а в 2024 году она выросла более чем в 4 раза.

Компании сталкиваются уже не с отдельными фишинговыми рассылками, а с многоуровневыми, тщательно подготовленными кампаниями хакерских группировок, работа над которыми может занимать месяцы.

Ответственность за инцидент взяли группировки Silent Crow и «Киберпартизаны Белоруссии», заявившие о краже 12 ТБ данных и полном контроле над корпоративной сетью.

Размер санкций варьируется: физические лица могут быть оштрафованы на сумму до 400 тысяч рублей, должно…

Virtual Wire в Palo Alto: Полное руководство.

Сегодня поговорим про Virtual Wire на Palo Alto и разберём, как это работает на практике.

Есть несколько моментов, которые нужно учитывать:Интерфейсы, которые объединяем в Virtual Wire, должны иметь одинаковую скорость и дуплекс.

Palo Alto Firewall : Интерфейсы eth11/1 и eth11/2 объединены в Virtual Wire и относятся к зоне Trust .

Интерфейсы eth11/3 и eth11/4 объединены в Virtual Wire и относятся к зоне Untrust .

Ключевые параметры Wi-Fi и то, как они влияют на атаки хакеровУстройства Wi-Fi не только передают интернет по воздуху, но и расширяют границы возможного для хакеров.

Характеристики оборудования вроде мощности передатчика и угла антенны напрямую влияют на зону доступности сети, а значит, и на поверхность атаки.

Корпоративные и гостевые сети: в чем разницаБеспроводная сеть позволяет сотрудникам компаний мобильно пользоваться корпоративными ресурсами и уже давно стала важной частью ИТ-инфраструктуры.

Протоколы безопасности и методы аутентификации в беспроводных сетяхХороший Wi-Fi в нашей парадигме — это не только про быструю скорость передачи данных, но и про безопасность.

При подключении к се…

И зря: от этой метрики напрямую зависит эффективность обработки событий и, как следствие, надежность всей системы защиты.

Он помогает понять, насколько эффективно SOC справляется с потоком событий и где проходят реальные границы производительности инфраструктуры.

EPS помогает оценить, сколько событий будет поступать в SOC и потянет ли инфраструктура такую нагрузку.

Определите источники событийСоставьте список всех систем и устройств, которые будут передавать события в SOC, чтобы оценить нагрузку на SOC и не пропустить «слепые зоны» в мониторинге.

Не сверили расчетный EPS с реальными даннымиТеоретические оценки EPS без сверки с историческими логами часто дают завышенные или заниженные значен…

Ничего грандиозного — пара тестовых сайтов, простенький веб-сервер на базе nginx, пара скриптов в cron для автоматизации рутины, SSH для удалённого доступа.

Для чистоты эксперимента я решил создать абсолютно новый, чистый VDS с нуля, не меняя стандартных настроек SSH, и отследить, как быстро и с какой интенсивностью начнутся атаки.

Это не целенаправленные атаки — это автоматическое сканирование всего интернета ботнетами 24/7.

Любой созданный VDS уже начинают атаковать в первые минуты запуска, когда он становится доступным в сети, в среднем за неделю эта цифра может быть более 50 000 попыток проникновения, и это только по SSH.

Поддержка множества сервисов — Fail2Ban работает не только с SSH,…

Ручное добавление маршрутов в условиях больших, распределённых сетей и высоких требований к доступности не может быть масштабируемо и создаёт задержки и риски.

В новых инсталляциях RIP полностью замещается OSPF и BGP.

Схема резервирования каналов на основе OSPF и static routeРеализацияЗадача была решена настройкой OSPF через VPN.

РезультатАрхитектура обеспечивала простую и надёжную схему резервирования, при которой восстановление соединения происходило без участия администратора и оставалось прозрачным для пользователей и сервисов.

На стороне A располагались два независимых межсетевых экрана (A1 и A2), на стороне B другие два межсетевых экрана (B1 и B2).

Мы хотели бы продолжить его поддержку, но это оказалось невозможным с точки зрения времени и ресурсов», — сообщили операторы DNS0.EU.

Команда поблагодарила инфраструктурных партнеров и партнеров по безопасности, а также порекомендовала пользователям переходить на DNS4EU — резолвер с фокусом на приватность, разработанный ENISA, или NextDNS, основатели которого помогали создавать DNS0.EU.

Сервис обещал пользователям работу без логов, сквозное шифрование для защиты от прослушки и подмены данных, а также защиту от вредоносных доменов — будь то фишинговые сайты или управляющие серверы малвари.

Также DNS0.EU предоставлял фильтры для родительского контроля, блокируя контент для взрослых, пиратство…

Впервые описанный специалистами в феврале 2025 года вредонос связан с кампанией, нацеленной на устройства Cisco, ASUS, Qnap и Synology.

В атаках, зафиксированных в феврале 2025 года, злоумышленники эксплуатировали известную проблему в роутерах Cisco (CVE-2023-20118), чтобы загружать через FTP шелл-скрипт с именем q. Затем этот скрипт скачивал и запускал бэкдор PolarEdge на скомпрометированном устройстве.

Конфигурация встроена в последние 512 байт ELF-файла и обфусцирована с помощью XOR с однобайтовым ключом 0x11.

Так, если параметр HasCommand равен ASCII-символу 1, бэкдор извлекает и выполняет команду, указанную в поле Command, и передает обратно результат выполненной команды.

После запуска…

На прошлой неделе компания Microsoft закрыла уязвимость ASP.NET Core, получившую 9,9 балла из 10 возможных по шкале CVSS — самый высокий рейтинг серьезности за всю историю таких уязвимостей.

Проблема, получившая идентификатор CVE-2025-55315, была связана с «контрабандой» HTTP-запросов (HTTP request smuggling) и была обнаружена в веб-сервере Kestrel ASP.NET Core.

«Злоумышленник, успешно эксплуатировавший эту уязвимость, мог просматривать чувствительную информацию (например, учетные данные других пользователей), вносить изменения в содержимое файлов на целевом сервере, а также потенциально вызывать сбой в работе сервера», — объяснили в Microsoft.

Чтобы защитить приложения ASP.NET Core от поте…

Исследователи Koi Security заметили масштабную атак на цепочку поставок в OpenVSX и Visual Studio Code Marketplace.

Специалисты обнаружили как минимум одиннадцать зараженных GlassWorm расширений в OpenVSX и одно в Visual Studio Code Marketplace:• [email protected] и 1.8.4;• [email protected];• [email protected];• [email protected];• [email protected];• [email protected] и 1.0.91;• [email protected];• [email protected];• [email protected];• [email protected];• [email protected];• cline-ai-main.cli…

Ут­ром 1 июля 2075 года З. В. прос­нулся, как обыч­но, слиш­ком рано.

З. В. носил пос­леднюю модель, из серии «In past we trust», что­бы не отли­чать­ся от прос­тых людей.

Быс­тро разоб­равшись с дефол­тны­ми утренни­ми про­цеду­рами и выпив про­шед­ший про­цесс обратно­го осмо­са без потери полез­ных минера­лов ста­кан воды, З. В. отпра­вил­ся в офис.

Но­вый про­ект толь­ко что стар­товал и, как и все пре­дыду­щие, обе­щал быть инте­рес­ным.

Под­клю­чив по ста­рин­ке ноут­бук про­водом RJ45 8P8C в, сла­ва богу, еще работа­ющую и ком­мутиру­емую ког­да‑то розет­ку, З. В. вошел в кибер­пространс­тво.

Представители Microsoft подтвердили, что октябрьские обновления безопасности отключают USB-мыши и клавиатуры в среде восстановления Windows (WinRE), из-за чего ею становится невозможно пользоваться.

Как сообщает Microsoft, после установки октябрьского обновления KB5066835 возникает проблема: пользователи не могут использовать проводные USB-мыши и клавиатуры в режиме восстановления.

Устройства ввода продолжают работать в самой Windows, и ошибка проявляется лишь тогда, когда пользователю нужно попасть в WinRE — то есть в момент, когда ОС уже требует устранения неполадок или диагностики.

Известно, что проблема затрагивает клиентские (Windows 11 24H2 и 25H2) и серверные (Windows Server 2025) ве…

Хакеры похитили персональные данные более 17,6 млн человек, взломав системы финансовой компании Prosper.

Среди похищенных данных были имена, адреса, даты рождения, адреса электронной почты, номера социального страхования, удостоверения личности и так далее.

Тогда сообщалось, что злоумышленники похитили данные клиентов и заемщиков.

Но какие именно сведения были украдены, помимо номеров социального страхования, компания не раскрывает, так как все еще ведется расследование инцидента.

«У нас есть доказательства, что были похищены конфиденциальные и личные данные, включая номера социального страхования.

Исследователи обнаружили в официальном магазине Chrome 131 расширение для автоматизации работы с WhatsApp Web.

— Код внедряется напрямую на страницу WhatsApp Web, работая наряду со скриптами самого WhatsApp, автоматизирует массовую рассылку и планирование таким образом, чтобы обходить антиспам-защиту».

Порой расширения рекламируются как CRM-инструменты для WhatsApp, обещая максимизировать продажи через веб-версию мессенджера.

«Превратите свой WhatsApp в мощный инструмент продаж и управления контактами.

DBX Tecnologia, по данным Socket, рекламирует white-label программу для реселлеров, позволяющую потенциальным партнерам ребрендировать и продавать расширение для работы с WhatsApp Web под соб…

Исследователи из компании Seqrite Labs обнаружили новую вредоносную кампанию, которая предположительно нацелена на российский автомобильный сектор и e-commerce.

LNK-файл, имеющий то же название, что и ZIP-архив («Перерасчет заработной платы 01.10.2025»), отвечает за выполнение .NET-импланта (adobe.dll) с помощью легитимного бинарника rundll32.exe.

Сам бэкдор проверяет, работает ли он с правами администратора и собирает список установленных на машине жертвы антивирусных продуктов.

Для закрепления в системе используются два метода, включая создание запланированной задачи и создание LNK-файла в папке автозагрузки Windows для автоматического запуска DLL бэкдора, скопированной в папку Windows Ro…

Он был замаскирован под легитимные инструменты для использования прокси в проектах и позволял установить на скомпрометированные устройства разработчиков фреймворк AdaptixC2 — опенсорсный аналог известного Cobalt Strike.

Фреймворк AdaptixC2 появился в 2024 году и создавался как замена для Cobalt Strike и опенсорсно­го Havoc.

Adaptix представляет собой рас­ширя­емый фрей­мворк для пос­тэкс­плу­ата­ции, раз­работан­ный спе­циаль­но для пен­тесте­ров и red team.

Для этого JS-скрипт копирует легитимный файл msdtc.exe в ту же директорию и выполняет его, что в свою очередь загружает вредоносную библиотеку.

Перед загрузкой AdaptixC2 скрипт проверяет целевую архитектуру — x64 или ARM — и в зависимос…

Сле­дом исполь­зуем несог­ласован­ность меж­ду пос­тавщи­ками Kerberos и ском­про­мети­руем еще один хост на Linux, а затем и весь домен.

На­ша конеч­ная цель — получе­ние прав супер­поль­зовате­ля на машине DarkCorp с учеб­ной пло­щад­ки Hack The Box.

warning Под­клю­чать­ся к машинам с HTB рекомен­дует­ся с при­мене­нием средств ано­ними­зации и вир­туали­зации.

На пер­вом про­изво­дит­ся обыч­ное быс­трое ска­ниро­вание, на вто­ром — более тща­тель­ное ска­ниро­вание, с исполь­зовани­ем име­ющих­ся скрип­тов (опция -A ).

В фор­ме Contact Us на сай­те мож­но отпра­вить сооб­щение, а в Burp Proxy — уви­деть, что оно идет на поч­товый ящик support@drip.

Why passphrases win on every frontThe case for passphrases isn't theoretical, it's operational:Fewer resets.

Making it stick with the right policy toolsYour Active Directory password policy needs three updates to support passphrases properly:Raise the minimum length.

Tools like Specops Password Policy handle all three functions: extending policy minimums, blocking over 4 billion compromised passwords, and integrating with SSPR workflows.

A tool like Specops Password Policy checks it against the compromised password database – it's clean.

What's changed is our understanding of what actually slows them down, so your next password policy should reflect that.

Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.

The campaign remains unattributed at this stage, although some signs point to it being the work of Chinese-speaking threat actors.

Regardless of the method used, the attackers attempted to deploy an ASPX web shell to gain basic command execution capabilities.

Kaspersky also noted that NeuralExecutor variants spotted in 2024 were designed to retrieve the C2 server addresses straight from the configuration, whereas artifacts found this year reach out to a GitHub repository to obtain the C2 server address -- …

Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions.

The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in late August 2025.

Tokio-tar is a Rust library for asynchronously reading and writing TAR archives built atop the Tokio runtime for the programming language.

The issue, in a nutshell, is the result of inconsistent handling when handling PAX extended headers and ustar headers when determining file data boundaries.

PAX, short for portable arc…

TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution.

The vulnerabilities in question are listed below -CVE-2025-6541 (CVSS score: 8.6) - An operating system command injection vulnerability that could be exploited by an attacker who can log in to the web management interface to run arbitrary commands(CVSS score: 8.6) - An operating system command injection vulnerability that could be exploited by an attacker who can log in to the web management interface to run arbitrary commands CVE-2025-6542 (CVSS score: 9.3) - An operating system command injection vulnerability that …

Meta on Tuesday said it's launching new tools to protect Messenger and WhatsApp users from potential scams.

On Messenger, users can opt to enable a setting called "Scam detection" by navigating to Privacy & safety settings.

Once it's turned on, users are alerted when they receive a potentially suspicious message from an unknown connection that may contain signs of a scam.

"Because detection happens on your device, chats with end-to-end encryption stay secure," Meta said in a support document.

If the review finds that it's indeed a possible scam, users are given more information about common scams, such as job offers in exchange for money, opportunities promising fast cash, and work-from-hom…

Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge.

PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose.

The TLS server is implemented with mbedTLS v2.8.0 and relies on a custom binary protocol for parsing incoming requests matching specific criteria, including a parameter named "HasCommand."

Furthermore, the backdoor incorporates a wide range of anti-analysis techniques to obfuscate information related to the TLS server setup and fingerprinting logic.

In the scenario th…

To truly benefit from AI, defenders need to approach securing it with the same rigor they apply to any other critical system.

Establishing Trust for Agentic AI SystemsAs organizations begin to integrate AI into defensive workflows, identity security becomes the foundation for trust.

The emergence of Agentic AI systems make this especially important.

The SANS Secure AI Blueprint outlines a Protect AI track that provides a clear starting point.

Join us to connect with peers, learn from experts, and see what secure AI in practice really looks like.

The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following the publication of its LOSTKEYS malware around the same time.

While it's currently not known for how long the new malware families have been under development, the tech giant's threat intelligence team said it has not observed a single instance of LOSTKEYS since disclosure.

The new malware, codenamed NOROBOT, YESROBOT, and MAYBEROBOT, is "a collection of related malware families connected via a delivery chain," GTIG researcher Wesley Shields said in a Monday analysis.

While the attacks spotted in January, …

A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon.

Salt Typhoon, also known as Earth Estries, FamousSparrow, GhostEmperor, and UNC5807, is the name given to an advanced persistent threat actor with ties to China.

One of the malware families delivered as part of the attack is Snappybee (aka Deed RAT), a suspected successor to the ShadowPad (aka PoisonPlug) malware that has been deployed in prior Salt Typhoon attacks.

"This pattern of activity indicates that the attacker relied on DLL side-loading via legitimate antivirus software to execute their payloads."

"Salt Typhoon contin…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks.

The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator that could allow attackers unauthorized access to critical data.

CVE-2025-61884 is the second flaw in Oracle EBS to be actively exploited along with CVE-2025-61882 (CVSS score: 9.8), a critical bug that could…

In this blogpost, we uncover the first known cases of collaboration between Gamaredon and Turla, in Ukraine.

In April and June 2025, we detected that Kazuar v2 was deployed using Gamaredon tools PteroOdd and PteroPaste.

We believe that Gamaredon compromised the first four machines in January 2025, while Turla deployed Kazuar v3 in February 2025.

TurlaSimilarly, for Turla, we detected the use of Kazuar v2 and Kazuar v3, which we believe are exclusive to that group.

Third chain: Deployment of Kazuar v2 via PteroPasteOn June 5th and 6th, 2025, we detected Gamaredon deploying a Turla implant on two machines in Ukraine.

Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprisesThink your business is too small to be singled out for digital extortion?

Verizon data reveals that, while ransomware comprises 39% of data breaches at large organizations, the figure rises to 88% for SMBs.

How ransomware groups are evolvingTo tackle the threat, you also need to understand who or what’s driving it, and how it’s changing.

How AI is transforming ransomwareAs technology advances, ransomware groups are also changing tack to increase their chances of success.

How to protect your businessA handful of SMBs know to their cost what can happen follow…

ESET researchers have uncovered a new ransomware strain that they have named HybridPetya.

While resembling the infamous Petya/NotPetya malware, it comes with a new and dangerous twist – it adds the ability to compromise UEFI-based systems and weaponize CVE‑2024‑7344 in order to bypass UEFI Secure Boot on outdated systems.

HybridPetya is not actively spreading in the wild, but it's at least the fourth known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality.

What else is there to know about the malware?

Find out in the video with ESET Chief Security Evangelist Tony Anscombe and make sure to read the blogpost.

It is a copycat of the infamous Petya/NotPetya malware, adding the capability of compromising UEFI-based systems and weaponizing CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems.

One of the analyzed HybridPetya variants exploits CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems, leveraging a specially crafted cloak.dat file.

We also separately dissect a version of HybridPetya that is capable of bypassing UEFI Secure Boot by exploiting CVE-2024-7344.

Also, the version deployed with the UEFI Secure Boot bypass uses a different contact email address (wowsmith999999@proton[.

D0BD283133A80B471375 62F2AAAB740FA15E6441 cloak.dat EFI/Diskcoder.A Specially formatted cloak.dat …

According to Verizon, “use of stolen credentials” has been one of the most popular methods for gaining initial access over recent years.

The use of stolen credentials appeared in a third (32%) of data breaches last year, its report notes.

Infostealers are thought to have been responsible for 75% of compromised credentials last year.

Infostealers are thought to have been responsible for 75% of compromised credentials last year.

The gang leveraged a set of stolen credentials to remotely access a server that did not have multifactor authentication (MFA) turned on.

Ransomware is the most obvious: by encrypting critical data, threat actors effectively bring operations to a standstill in the targeted organization.

According to IBM’s Cost of a Data Breach Report 2025, 86% of organizations that suffered a data breach over the past year experienced this sort of operational disruption.

Building proactive resilienceOf course, speed is not the only way to differentiate top-tier MDR services from the rest.

Other related elements you should be looking for include 24/7 monitoring to ensure threat actors are stopped in their tracks, wherever in the world they’re located.

Speed is of the essence here, as threat actors often try to victimize the same organization m…

Stats like these should make protective measures such as data encryption a no-brainer.

By transforming plain text data into an unreadable format, data encryption serves to protect your organization’s most sensitive information, whether at rest or in transit.

The data explosion is also accelerating thanks to growth in AI and large language models (LLMs), which require huge volumes of potentially sensitive data to train.

The data explosion is also accelerating thanks to growth in AI and large language models (LLMs), which require huge volumes of potentially sensitive data to train.

Carriers either may not insure your business if it doesn’t deploy strong data encryption, or else increase premi…

ESET researchers have identified a new threat actor, whom we have named GhostRedirector, that compromised at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam.

GhostRedirector has an arsenal that includes the passive C++ backdoor Rungan, the malicious IIS trojan Gamshen, and a variety of other utilities.

GhostRedirector is not the first known case of a China-aligned threat actor engaging in SEO fraud via malicious IIS modules.

Note the ExeHelper class, which provides a function to execute a file named link.exe – GhostRedirector used the same filename to deploy the GoToHTTP tool.

Table 3.Rungan backdoors commandsParameter Body Description Response mkuser user=&pwd;=&groupname;…

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity newsAs August 2025 comes to a close, ESET Chief Security Evangelist Tony Anscombe reviews a selection of the top cybersecurity stories that moved the needle, raised the alarms or offered vital lessons over the past 30 or so days, as well as offers insights they hold for your own cyber-defenses:Don't forget to check out the July 2025 edition of Tony's monthly security news roundup for more insights.

If left to fester, it can have a significant impact on the mental health and even physical wellbeing of your kids.

In this context, it’s vital that you’re able to spot the warning signs of cyberbullying before things spiral out of control.

They may be embarrassed to tell you, or scared that it could make things worse.

If you’re keen to do so, remember to explain first to your child why you’re doing it.

A worst-case scenarioIf you discover your child is being bullied online, don’t panic.

The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threatsESET researchers have discovered what they called "the first known AI-powered ransomware".

“The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes.

PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption," said ESET researchers.

"The PromptLock ransomware is written in Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal," added the …

Like many online phenomena, half-truths, myths and misconceptions can distort the reality of cyberbullying – and make it harder for you to make the right parenting decisions.

What happens online stays onlineLike many online trends, bullying is enabled by technology, but has its roots deep in the human psyche.

There are many reasons why kids may engage in bullying behavior, from peer pressure to low self-esteem, attention seeking and domestic abuse.

It’s almost impossible to identify online bulliesSometimes the cloak of anonymity online does empower bullies – just as it enables cybercrime to thrive.

Social media platforms are to blameSocial media and messaging platforms are often demonized f…

Keep regulators happy by demonstrating your commitment to fast, effective threat detection and response.

You need enterprise-grade SOC expertise that works like an extension of your IT security team to handle daily monitoring, proactive threat hunting and incident response.

You need enterprise-grade SOC expertise that works like an extension of your IT security team to handle daily monitoring, proactive threat hunting and incident response.

Leading research capabilities : Vendors that run renowned malware research labs will be best placed to stop emerging threats, including zero days.

: Vendors that run renowned malware research labs will be best placed to stop emerging threats, including z…

Unfortunately, scammers are preying on this need with increasingly sophisticated schemes on social media.

How do financial deepfake scams work?

Investment scams have been the biggest money-maker for cybercriminals for several years, according to the FBI.

These are usually deployed as a lure to trick the victim into either handing over personal information or direct them straight to an investment scam.

Others use deepfake Instagram stories featuring banking investment strategists to harvest personal info and/or lure them to investment scam-themed WhatsApp groups.

Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?

That’s because when bombs start dropping and the physical elements of war are under way, the misinformation spreading through digital channels becomes less important.

What this means for your businessMoving beyond the panel discussion, this raises a critical question for businesses: do they really understand their dependencies to be operationally resilient?

A real-world example might be an attack on a catering company that is contracted to feed patients in a hospital.

If we can’t get to a point of resilience, then we at least need to understand the risk posed by the dependencies.

Axoflow has launched its Security Data Layer, extending its pipeline offering with multiple storage solutions.

The Security Data Layer addresses challenges in log management, SIEM optimization, pipeline reliability, and data accessibility.

In addition to a full-fledged security data pipeline that classifies, reduces, normalizes, and enriches data, now security teams gain access to flexible, cost-effective, and high-performance storage options.

Axoflow’s Security Data Layer changes that.

Building the Security Data LayerWith integrated pipeline, storage, and AI capabilities, Axoflow’s Security Data Layer helps security teams move beyond traditional compromises between cost, speed, and scale.

Elastic released Agent Builder, a complete set of capabilities powered by Elasticsearch, that makes it easy for developers to build custom AI agents on company data—all within minutes.

Agent Builder also provides an out-of-the-box conversational experience for exploring, analyzing, and optimizing any data in Elasticsearch.

While Elasticsearch has always been a platform for the core of context engineering, Agent Builder expands on this strength.

Users of Agent Builder on Elasticsearch can ask natural language questions, identify which indexes to query, configure searches, define agent parameters and more.

With Agent Builder, developers can:

Keycard emerged from stealth with its identity and access platform for AI agents that integrates with organizations’ existing user identity solutions.

Keycard’s platform identifies AI agents, lets users assign task-based permissions and dynamically enforces policy while tracking all activity.

“AI agents represent a once-in-a-generation shift, greater than the SaaS and cloud wave combined.

Keycard purpose-built its identity and access platform for AI agents.

Keycard plans to use the funding to continue to advance its identity and access platform and to expand its R&D team.

Each of these conversations helped move forward the ideas that eventually became the Death and the Digital Estate Community Group (DADE CG).

Should some accounts be inheritable (e.g., accounts where you pay for games, books, etc., or accounts storing digital art and other creative digital works)?

This creates an exceptional burden on individuals planning their digital estate, and on individuals who manage the digital estates of the deceased.

For example, some services require the use of impersonation – logging in as the user with their credentials – to close their digital accounts.

What are the most important aspects that need to be addressed correctly to achieve satisfactory digital estate…

OpenFGA is an open-source, high-performance, and flexible authorization engine inspired by Google’s Zanzibar system for relationship-based access control.

It helps developers model and enforce fine-grained access control in their applications.

What really sets OpenFGA apart is how it combines the best of different access control paradigms.

It supports relationship-based, role-based, and attribute-based models, creating a system that can handle complex authorization needs.

Must read:Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools.

Blind and low-vision users face the same password challenges as everyone else, but the tools meant to make security easier often end up getting in the way.

Researchers spoke with blind and low-vision participants who manage passwords for both personal and work accounts.

This gap in practical accessibility meant that tools built to strengthen security became tools of convenience.

Others kept passwords in braille notes, text files, or spreadsheets that worked better with assistive tools.

Some made braille password lists to keep their credentials accessible and as a backup during outages.

In this Help Net Security video, Dustin Kirkland, SVP of Engineering at Chainguard, explores three of the most pressing DevOps security issues engineers encounter: unpatched code, legacy systems, and the rise of AI and automation.

He explains how each one affects security and productivity, shares practical strategies for managing risk, and emphasizes the importance of visibility, accountability, and thoughtful modernization.

Kirkland highlights how combining human judgment with automation can help teams build secure, resilient, and innovative software.

51% of European IT and cybersecurity professionals said they expect AI-driven cyber threats and deepfakes to keep them up at night in 2026, according to ISACA.

AI takes centre stage in threat outlookThe main reason for this concern is that most organizations are not ready to manage AI-related risks.

AI is seen as a growing threat and an opportunity for cyber and digital trust professionals, who recognize how transformative it can be for their organization.

When identifying the most significant cyber threats, 59% said AI-driven social engineering.

“AI cybersecurity and assurance certifications will help cyber professionals manage the evolving risk related to AI, implement policy, and ensure …

A new way to interact with threat dataGoogle has launched agentic threat intelligence, a preview feature available to customers of its Threat Intelligence Enterprise and Enterprise+ products.

These agents can handle tasks such as cyber threat intelligence (CTI) and malware analysis.

“The future of threat intelligence isn’t about more data; it’s about generating better insights, faster,” Emiliano Martinez, Product Management, Google Cloud, told Help Net Security.

“With agentic threat intelligence, what once took analysts hours of painstaking, manual research can now be accomplished in minutes.

By correlating data from its threat intelligence sources, the platform can show how threat actors, …

Illumio has released Insights Agent, a new capability within Illumio Insights, the company’s AI-driven cloud detection and response (CDR) solution.

Agent is an AI-powered, persona-driven guide designed to reduce alert fatigue, accelerate threat detection, and enable containment by delivering real-time, tailored alerts and instant one-click remediation recommendations.

“Illumio Insights was built to deliver clarity, not clutter.

Powered by an AI security graph, Illumio Insights ingests and analyzes cloud-scale network data, delivering real-time visibility into traffic and risks.

Illumio Insights and Illumio Segmentation have been deployed across the entire corporate IT environment at Microso…

CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers.

The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has added the flaw to its Known Exploited Vulnerabilities catalog, presumably based on credible reports.

About CVE-2025-33073CVE-2025-33073 allows for privilege escalation, enabling attackers to gain SYSTEM (highest) privileges on a vulnerable Windows or Windows Server system.

“Upon connecting, the malicious server could compromise the protocol.”An attacker could also convince a target user to execute this script.

Subscribe to our breaking news e-mail alert to never miss out on th…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Agentic AI’s OODA Loop ProblemThe OODA loop—for observe, orient, decide, act—is a framework to understand decision-making in adversarial situations.

AI security has a temporal asymmetry.

All this requires us to reconsider risks to the agentic AI OODA loop, from top to bottom.

This is the agentic AI security trilemma.

B. Schneier, “The age of integrity,” IEEE Security & Privacy , vol.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Here’s the summary:We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication.

A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks.

This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware.

There are thousands of geostationary satellite transponders globally, and data from a single transponder may be visible from an area as lar…

Cryptocurrency ATMsCNN has a great piece about how cryptocurrency ATMs are used to scam people out of their money.

The fees are usurious, and they’re a common place for scammers to send victims to buy cryptocurrency for them.

The companies behind the ATMs, at best, do not care about the harm they cause; the profits are just too good.

Posted on October 16, 2025 at 7:06 AM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

I and Nathan E. Sanders will be speaking and signing books at the Cambridge Public Library in Cambridge, Massachusetts, USA, on October 22, 2025 at 6:00 PM ET.

I and Nathan E. Sanders will give a virtual talk about our book Rewiring Democracy on October 23, 2025 at 1:00 PM ET.

I and Nathan E. Sanders will give a virtual talk about our book Rewiring Democracy on November 3, 2025 at 2:00 PM ET.

I’m speaking and signing books at the University of Toronto Bookstore in Toronto, Ontario, Canada, on November 14, 2025.

I and Nathan E. Sanders will be speaking at the MIT Museum in Cambridge, Massachusetts, USA, on December 1, 2025 at 6:00 pm ET.

This chilling paragraph is in a comprehensive Brookings report about the use of tech to deport people from the US:The administration has also adapted its methods of social media surveillance.

Though agencies like the State Department have gathered millions of handles and monitored political discussions online, the Trump administration has been more explicit in who it’s targeting.

Secretary of State Marco Rubio announced a new, zero-tolerance “Catch and Revoke” strategy, which uses AI to monitor the public speech of foreign nationals and revoke visas of those who “abuse [the country’s] hospitality.” In a March press conference, Rubio remarked that at least 300 visas, primarily student and vi…

Rewiring Democracy is Coming SoonMy latest book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship, will be published in just over a week.

No reviews yet, but can read chapters 12 and 34 (of 43 chapters total).

You can order the book pretty much everywhere, and a copy signed by me here.

I want this book to make a splash when it’s public.

Or make a TikTok video.

If these emerging AI tools become popular in the midterms, it won’t just be a few candidates from the tightest national races texting you three times a day.

On the other side, the National Democratic Training Committee recently released a playbook for using AI.

Progressive-aligned startups Chorus AI and BattlegroundAI are offering AI tools for automatically generating ads for use on social media and other digital platforms.

Another movement for “Public AI” is focused on wresting AI from the hands of corporations to put people, through their governments, in control.

The Belgian union ACV-CVS has used AI to sort hundreds of emails per day from members to help them respond more efficiently.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

The annual Chinese AI hacking challenge, Robot Hacking Games, might be on this level, but little is known outside of China.

Vulnerability research could potentially be carried out during operations instead of months in advance.

But AI agents don’t have to be better at a human task in order to be useful.

Think of it as AI-assisted vulnerability research available to everyone, at scale, repeatable, and integrated into enterprise operations.

This would increase security, but having customers patch software without vendor approval raises questions about patch correctness, compatibility, liability, right-to-repair, and long-term vendor relationships.

The company Flok is surveilling us as we drive:A retired veteran named Lee Schmidt wanted to know how often Norfolk, Virginia’s 176 Flock Safety automated license-plate-reader cameras were tracking him.

The answer, according to a U.S. District Court lawsuit filed in September, was more than four times a day, or 526 times from mid-February to early July.

No, there’s no warrant out for Schmidt’s arrest, nor is there a warrant for Schmidt’s co-plaintiff, Crystal Arrington, whom the system tagged 849 times in roughly the same period.

You might think this sounds like it violates the Fourth Amendment, which protects American citizens from unreasonable searches and seizures without probable cause.…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.

Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues.

Earlier this week, KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession, each bearing the name of different Zendesk customers, such as CapCom, CompTIA, Discord, GMAC, NordVPN, The Washington Post, and Tinder.

In the example below, replying to any of the junk customer sup…

October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems.

To execute these flaws, an attacker would social engineer a target into previewing an email with a malicious Microsoft Office document.

Speaking of Office, Microsoft quietly announced this week that Microsoft Word will now automatically save documents to OneDrive, Microsoft’s cloud platform.

If you’re reluctant or unable to migrate a Windows 10 system to Windows 11, there are alternatives to simply continuing to use Windows 10 without ongoing security updates.

One option is to pay for another year’s worth of security updates through Microsoft’s Extended Security Updates (ESU)…

Traces from the recent spate of crippling Aisuru attacks on gaming servers can be still seen at the website blockgametracker.gg, which indexes the uptime and downtime of the top Minecraft hosts.

In the following example from a series of data deluges on the evening of September 28, we can see an Aisuru botnet campaign briefly knocked TCPShield offline.

“The outbound and cross-bound DDoS attacks can be just as disruptive as the inbound stuff,” Dobbin said.

“The Aisuru attacks on the gaming networks these past seven day have been absolutely huge, and you can see tons of providers going down multiple times a day,” Coelho said.

However, Forky has posted on Telegram about Botshield successfully m…

“Contact us to negotiate this ransom or all your customers data will be leaked,” the website stated in a message to Salesforce.

Nobody else will have to pay us, if you pay, Salesforce, Inc.”Below that message were more than three dozen entries for companies that allegedly had Salesforce data stolen, including Toyota, FedEx, Disney/Hulu, and UPS.

The Scattered Lapsus$ Hunters claim they will publish data stolen from Salesforce and its customers if ransom demands aren’t paid by October 10.

Google catalogs Scattered Lapsus$ Hunters by so many UNC names (throw in UNC6240 for good measure) because it is thought to be an amalgamation of three hacking groups — Scattered Spider, Lapsus$ and ShinyHu…

Members of Star Chat targeted multiple wireless carriers with SIM-swapping attacks, but they focused mainly on phishing T-Mobile employees.

However, Star Chat was by far the most prolific of the three, responsible for at least 70 of those incidents.

But U.S. prosecutors say Jubair and fellow Scattered Spider members continued their hacking, phishing and extortion activities up until September 2025.

U.S. authorities say they traced some of those payments to Scattered Spider to an Internet server controlled by Jubair.

For further reading (bless you), check out Bloomberg’s poignant story last week based on a year’s worth of jailhouse interviews with convicted Scattered Spider member Noah Urban.

The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

The Shai-Hulud worm emerged just days after unknown attackers launched a broad phishing campaign that spoofed NPM and asked developers to “update” their multi-factor authentication login options.

That attack led to malware being inserted into at least two-dozen NPM code packages, but the outbreak was quickly contained and was narrowly focused on siphoning cryptocurrency payments.

He said the first NPM package compromised by this worm appears to have been altered on Sept. 14, around 17:58 UTC.

The security-foc…

Materializing just two weeks before Russia invaded Ukraine in 2022, Stark Industries Solutions became a frequent source of massive DDoS attacks, Russian-language proxy and VPN services, malware tied to Russia-backed hacking groups, and fake news.

But a new report from Recorded Future finds that just prior to the sanctions being announced, Stark rebranded to the[.

But he maintained that Stark Industries Solutions Inc. was merely one client of many, and claimed MIRhosting had not received any actionable complaints about abuse on Stark.

However, it appears that MIRhosting is once again the new home of Stark Industries, and that MIRhosting employees are managing both the[.

Mr. Zinad did not res…

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software.

The problem here resides with Windows NTLM, or NT LAN Manager, a suite of code for managing authentication in a Windows network environment.

CVE-2025-54916 is an “important” vulnerability in Windows NTFS — the default filesystem for all modern versions of Windows — that can lead to remote code execution.

“For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,” Narang observed.

AskWoody also reminds us that we’re now just two months out from Microsoft discontinuing free security updates for Wind…

Akido is a security firm in Belgium that monitors new code updates to major open-source code repositories, scanning any code updates for suspicious and malicious code.

Once logged in, the phishers then changed the email address on file for Junon’s NPM account, temporarily locking him out.

Caturegli said it’s remarkable that the attackers in this case were not more ambitious or malicious with their code modifications.

In this case, they didn’t compromise the target’s GitHub account.

“That NPM does not require that all contributor accounts use security keys or similar 2FA methods should be considered negligence.”

The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder.

Koli-Lõks taps into real-time intelligence about daily spam volumes by monitoring large numbers of “spamtraps” — email addresses that are intentionally set up to catch unsolicited emails.

Tossavainen told KrebsOnSecurity that WinRed’s emails hit its spamtraps in the .com, .net, and .org space far more frequently than do fundraising emails sent by ActBlue.

Koli-Lõks published a graph of the stark disparity in spamtrap activity for WinRed versus ActBlue, showing a nearly fourfold increase in spamtrap hits from WinRed emails in t…

Salesloft disclosed on August 20 that, “Today, we detected a security issue in the Drift application,” referring to the technology that powers an AI chatbot used by so many corporate websites.

On August 28, Salesforce blocked Drift from integrating with its platform, and with its productivity platforms Slack and Pardot.

“Rather than creating custom malware, attackers use the resources already available to them as authorized users.”It remains unclear exactly how the attackers gained access to all Salesloft Drift authentication tokens.

Salesloft announced on August 27 that it hired Mandiant, Google Cloud’s incident response division, to investigate the root cause(s).

“We are working with Sale…

The gaming sites ask visitors to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action.

“We have a completely self-written from scratch FAKE CASINO engine that has no competitors,” Gambler Panel’s wiki enthuses.

Gambler Panel also walks affiliates through a range of possible responses to questions from users who are trying to withdraw funds from the platform.

The researcher, who asked to be identified only by the nickname “Thereallo,” said Gambler Panel has built a scalable business product for other criminals.

“It’s a scalable system designed to be a resilient foundation for thousands…

This post examines the history and provenance of DSLRoot, one of the oldest “residential proxy” networks with origins in Russia and Eastern Europe.

DSLRoot is sold as a residential proxy service on the forum BlackHatWorld under the name DSLRoot and GlobalSolutions.

DSLRoot’s profile on the marketing agency digitalpoint.com from 2010 shows their previous username on the forum was “Incorptoday.” GlobalSolutions user accounts at bitcointalk[.

And these days, there are plenty of residential proxy providers who will make it worth your while.

Lloyd Davies is the founder of Infrawatch, a London-based security startup that tracks residential proxy networks.

Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy.

In November 2024 Urban was charged by federal prosecutors in Los Angeles as one of five members of Scattered Spider (a.k.a.

That phishing spree netted Urban and others access to more than 130 companies, including Twilio, LastPass, DoorDash, MailChimp, and Plex.

King Bob constantly bragged on the Com about stealing unreleased rap music recordings from popular artists, presumably through SIM-swapping attacks.

The Star Fraud SIM-swapping group gained the ability to temporarily move targeted mobile numbers to devices they controlled by constantly phishing employees of the major mobile pr…

In episode 73 of The AI Fix, AI now writes more web content than humans and more books by ex-British prime ministers than ex-British prime ministers.

Also in this episode, Graham discovers that LLMs show all the characteristics of pathological gambling, and Mark explains why AI training is like eating a prawn buffet.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining …

Specifically, prosecutors allege that Bolton improperly retained and transmitted classified information to members of his family, via an AOL account.

Which, if found to be true, would be a serious security breach in itself.

But what makes the situation worse is that it is alleged that Iranian hackers gained access to Bolton's personal AOL account, downloaded the sensitive documents, and threatened to extort Bolton.

One has to wonder what layers of security Bolton had enabled on his AOL account.

John Bolton has pleaded not guilty to charges of sharing classified information.

Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group.

404 Media says that it has reviewed spreadsheets posted to the hacking group's Telegram channel containing the alleged personal data of 680 DHS officials, over 170 FBI email addresses, and more than 190 Department of Justice officials.

Bounties have allegedly been offered to shoot ICE and CBP officers, according to a DHS press release.

Now the hackers who posted the details of ICE, DHS, and CBP staff to Telegram have suggested that they may dox IRS officials next.

In 2016, a group called Crackas With Attitude, published the personal inform…

In a significant crackdown against online cybercriminals, German authorities have successfully dismantled a network of fraudulent cryptocurrency investment sites that has targeted millions of unsuspecting people across Europe.

In tandem, scammers at call centres pressure those who engage with the fraudulent investment sites to make further "investments".

In the case of the domains seized by Operation Heracles, the sites specifically targeted German-speaking individuals.

BaFin warns that the online trading fraud sites are particular dangerous because of their professional execution.

That sobering statistic underlines just how widespread and pernicious online investment fraud has become.

All this and more is discussed in episode 439 of “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and his special guest Annabel Berry.

Smashing Security listeners get $1000 off!

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

In episode 72 of The AI Fix, GPT-5’s “secret sauce” turns out to be phrases from adult websites, Irish police beg TikTokers to stop faking AI home intruders, Jeff Bezos pitches gigawatt data centers in space, OpenAI rolls out Agent Kit for drag-and-drop agents, and a Chinese startup unveils the creepiest robot head ever.

Meanwhile, Graham looks askance at corporate America’s AI obsession – earning calls full of sunshine, SEC filings full of dread – while 95% of AI pilots flop.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-…

Law enforcement agencies in the United States and France have seized control of domains linked to the notorious BreachForums hacking forum, commonly used for the leaking of stolen data, and the sale of hacked credentials.

However, observers are warning the takedown - although worthy and laudable - may be more symbolic than final, as a version of BreachForums on the dark web remains active.

Unfortunately, for everyone who isn't a cybercriminal - the underlying Tor-based leak site on the dark web remains active and can continue to be used to expose sensitive data.

Over the past few years, law enforcement agencies have repeatedly tried - and sometimes succeeded - in disrupting BreachForums and…

All this and more is discussed in episode 436 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and his special guest Geoff White.

Drata – The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

In episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the excl…

Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company.

According to the hugely popular messaging platform which has more than 200 million monthly users, the hackers breached a third-party customer service provider rather than gaining access to Discord directly.

The total number of affected Discord users has not been made public.

Unfortunately for Discord this is not the first time it has found its name hitting the headlines due to a breach at a third-party customer service provider.

As organisations increasingly rely on third-party service providers, the attack surface expands…

Beer lovers will be sobbing into their pints at the news that a ransomware attack has brought Japan's largest brewer to its knees and left the country days away from running out of its most popular beverage.

Japan is reportedly facing an unprecedented shortage of the nation's most popular beer, Asahi Super Dry, following an announcement earlier this week that malicious hackers had forced Asahi Group Holdings to suspend production across nearly all of its domestic facilities.

Unfortunately for Asahi Super Dry's many devotees, there is currently no estimates as to when the brewer's normal operations will resume.

Fortunately for consumers based outside of Japan, Asahi has confirmed that the cy…

And we discuss why data breach communicationss still default to “we take security seriously” while quietly implying “assume no breach” – until the inevitable walk-back.

Hear all this and more in episode 437 of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Paul Ducklin.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Полностью удалить как собственные GPT, так и свой аккаунт в ChatGPT и связанные с ним персональные данные.

Как использовать временные чаты в ChatGPTВременные чаты в ChatGPT по задумке напоминают режим инкогнито при поиске в браузере.

В приложениях ChatGPT для macOS и Windows для активации временного чата нажмите на выбор модели ИИ, и в нижней части открывшегося окна появится переключатель «Временный чат».

Надеемся, что собранный нами подробный гайд по настройкам приватности и безопасности в ChatGPT поможет вам в этом нелегком деле.

Это поможет обеспечить надежную защиту вашей учетной записи как в ChatGPT, так и в других сервисах.

Сегодня мы расскажем, чем наличие таких скрытых ссылок вредит вашему бизнесу, как злоумышленники внедряют их на легитимные ресурсы и как защитить свой сайт от такой неприятности.

Почему скрытые ссылки представляют угрозу для вашего бизнесаВ первую очередь скрытые ссылки на сомнительные ресурсы могут существенно навредить репутации вашего сайта и понизить его рейтинг, что незамедлительно отразится на поисковой выдаче.

Еще одна причина понижений позиции сайта в поисковой выдаче связана с тем, что скрытые ссылки, как правило, ведут на ресурсы с низким доменным рейтингом и нерелевантным для вашего бизнеса содержанием.

У вашего сайта есть некоторая репутация, которая оказывает влияние на рейтинг…

Наши эксперты исследовали очередную кампанию по рассылке вредоносных писем, проводимую Librarian Likho, и новые инструменты, используемые этой APT-группой.

В июньской публикации в блоге Securelist мы уже исследовали их инструментарий и пришли к выводу, что отличительной чертой группировки является то, что она не использует собственные вредоносные бинарные модули.

Разумеется, полностью отказаться от использования легитимного программного обеспечения они не смогли, однако в новой кампании они также обзавелись своими собственными разработками.

Чем известна группа Librarian LikhoLibrarian Likho — это APT-группа, специализирующаяся на кибератаках, целью которых являются организации в Российской …

Наши эксперты обнаружили кампанию по рассылке мошеннических писем от имени известных авиакомпаний и аэропортов.

На первом этапе они присылают жертве достаточно безобидное письмо от имени отдела закупок крупной авиакомпании или аэропорта, в котором анонсируют старт некой партнерской программы на 2025–2026 годы и приглашают к взаимовыгодному сотрудничеству.

Письма не содержат вредоносных вложений и ссылок, да и в документах нет никакого подвоха, поэтому базовые защитные механизмы не всегда блокируют эту переписку.

Как защитить компанию от мошенниковВ идеале следует использовать решения, которые вообще не допустят мошеннические, фишинговые и вредоносные письма до почтовых ящиков сотрудников.

Е…

А ведь все данные попадают в Сеть, в большинстве случаев, нашими стараниями: в среднем, у каждого интернет-пользователя десятки, если не сотни, аккаунтов.

И если вы думаете про себя: «Да кому я нужен» – то поверьте, много кому: от бывших любовников, рекламодателей и мошенников до работодателей и государственных служб.

Аналоги существуют и в других странах, в том числе и в России.

Настраиваем уведомления об утечкахУтечки данных в Сети случаются практически ежедневно, и в них оказывается огромное количество персональных данных: IP-адреса, имена, номера телефонов, адреса e-mail, платежная информация и многое-многое другое.

Но для комплексного подхода и вашего удобства лучше всего мониторить ут…

Уязвимый ИИ-кодКогда языковая модель создает код, в нем могут содержаться ошибки и программные уязвимости.

Недавнее исследование Veracode показало, что ведущие ИИ-модели стали генерировать значительно более корректный код — в 90% случаев он компилируется без ошибок.

А вот безопасность кода не улучшилась — 45% созданного моделью кода содержало классические программные уязвимости из OWASP Top 10, и за два года мало что изменилось.

Исследование проводилось на сотне популярных разновидностей LLM и фрагментах кода, написанных на Java, Python, C# и JavaScript.

Если запрос для создания функции или приложения недостаточно четкий и не упоминает аспекты безопасности, вероятность генерации уязвимого к…

Однако самые масштабные атаки происходят не на отдельные машины, а… на серверы их производителей.

с помощью отключения тормозов, резкого включения громкой музыки и активации прочих отвлекающих факторов — как с упомянутым выше Jeep Cherokee.

Выбирая новый автомобиль сегодня, стоит обращать внимание не только на его технические параметры, но и на кибербезопасность.

Отключите все неиспользуемые функции — как в приложении, так и в автомобиле.

А вот для организаций, владеющих десятками или сотнями автомобилей, — таксопарков, каршеринговых компаний, грузоперевозчиков или парков строительной техники — риски существенно выше.

В популярном игровом движке, используемом и для компьютерных, и для консольных, и для мобильных игр, обнаружилась программная уязвимость, для устранения которой нужно обновить все опубликованные игры.

Чем грозит уязвимость, и как устранить ее, не удаляя игры?

Опасность эксплуатации уязвимости во многом зависит от настроек игры, версии и настроек ОС, но Unity, Valve и Microsoft в один голос рекомендуют обновить все игры в системе.

Она имеет те же права и доступы, что и сама игра, а также может проскочить «под радаром» некоторых антивирусов.

Unity подчеркивает, что дефект обнаружен этичными хакерами и на сегодня нет никаких свидетельств того, что уязвимость применяется в реальных атаках.

В этом посте рассказываем, в чем сложности детектирования техники DLL Hijacking и как наш продукт справляется с этой задачей.

Как работает DLL Hijacking и в чем сложность ее детектированияВнезапный запуск неизвестного файла в среде Windows неизбежно привлекает внимание защитных решений или просто блокируется.

Существует несколько вариантов техники DLL Hijacking.

Детектирование DLL Hijacking при помощи MLКоллеги из команды AI Technology Research решили обучить ML-модель выявлять DLL Hijacking по косвенной информации о библиотеке и о процессе, который его вызвал.

Технология детектирования DLL Hijacking в KUMA SIEMВ SIEM-системе модель проверяет метаданные загружаемых DLL и загружающих их проц…

В сентябре 2025 года исследователи из Швейцарской высшей технической школы в Цюрихе опубликовали научную работу, в которой предложили атаку Phoenix — модификацию атаки Rowhammer, работающую против модулей памяти DDR5.

А чтобы усложнить разработку новых атак, производители модулей памяти не спешили раскрывать, какие именно методы защиты они используют.

Из-за этого начало казаться, что в DDR5 проблема Rowhammer в целом решена.

Этого в целом достаточно, чтобы доказать: атаки Rowhammer действительно представляют опасность, пусть и в крайне ограниченном наборе сценариев.

Актуальность и меры противодействияАтака Phoenix показала, что атаки Rowhammer можно проводить на новых модулях памяти DDR5 не…

Чтобы противостоять этой нарастающей волне угроз, мы добавили в Kaspersky для Android новые возможности.

В этом материале рассказываем о новом уровне защиты от фишинговых и вредоносных ссылок, появившемся в обновлении Kaspersky для Android.

Как работает защита от фишинга в приложении Kaspersky для AndroidТеперь обновленный Kaspersky для Android защищает ваши устройства от фишинга на трех уровнях.

обнаруживает и блокирует вредоносные ссылки в уведомлениях от любых приложений — существующих давно, вроде WhatsApp и Telegram; в тех, которые только появились, вроде мессенджера Max, и даже в тех, которые появятся в будущем.

Первый уровень защиты включен — теперь Kaspersky для Android будет предуп…

Сегодня расскажем, как происходит такая атака, какие последствия она может иметь для жертвы и что делать, чтобы не попасться на удочку мошенникам.

Злоумышленники тут же «зеркалят» этот код на поддельном сайте вместе с инструкцией: открыть WhatsApp, выбрать «Связанные устройства» и ввести код привязки.

Увы, большинство пользователей в неудержимом желании помочь совершенно незнакомому человеку победить в голосовании невнимательно читают предупредительное сообщение от WhatsApp.

И когда беспечная жертва вводит код в приложении на своем смартфоне, активируется веб-сессия WhatsApp, инициированная атакующими.

Если вы полагаете, что случайно попались на удочку злоумышленников и дали им доступ в сво…

Провести атаку проще, если атакуемая модель мультимодальная, то есть умеет не только «читать», но и «видеть» или «слышать».

Например, в одной исследовательской работе была предложена атака, в которой вредоносные инструкции спрятаны в диаграммах связей (mindmap).

В другом исследовании, посвященном мультимодальным инъекциям, авторы тестировали устойчивость популярных чат-ботов к прямой и косвенной инъекции и обнаружили, что она снижается, когда вредоносные инструкции закодированы в изображении, а не в тексте.

Фундаментальная особенность и проблема нейросетей в том, что они используют один и тот же канал информации и для получения команд, и для получения данных, которые нужно обработать.

Проше…

When we analyze many of the breaches that have taken place, there is a common theme we can use to elevate our defensive game.

Lateral movement (Tactic TA0008) tends to be leveraged as high as 70% of cyber breaches.

Even with layers, we are never going to provide 100% security effectiveness 100% of the time.

Again, no defensive capability will ever provide 100% efficacy 100% of the time but restricting this tactic significantly improves our chances.

I am challenging organizations to invest time solving the lateral movement risk that exists.

Let’s Agree on a Standard Taxonomy for SegmentationThe first step is to standardize how we talk about segmentation.

Given the rapid evolution of segmentation, its various types and the use of jargon by vendors, segmentation is in desperate need of an established taxonomy.

Fortunately, the TechRxiv paper does a great job of organizing segmentation taxonomy, separating terms into three buckets:How Segments are Delineated : The way segments are defined is a critical differentiation between segmentation types.

The Infrastructure Over Which Segmentation is Deployed : Segmentation also differs based on the underlying infrastructure.

How Enforcement is Implemented: The way segmentation is enforced…

That trust has become the foundation of McLaren’s digital resilience, especially as the team faces ever more complex and high-stakes security challenges.

That is when Cisco’s latest tech, including Wi-Fi 6E, rolled out across the McLaren Technology Centre and at race venues.

In Formula 1, every millisecond matters, and every piece of data counts, no matter where in the world team is racing.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagramX

The opportunity for defendersImplement remote access to SharePoint over a VPN or, even better, zero trust access (ZTA) — Zero trust access hides the FQDN of these systems from the internet.

— Zero trust access hides the FQDN of these systems from the internet.

Enable signatures for intrusion prevention systems and web application firewalls — SNORT: SID 65092, SID 65183.

Once we identify these systems with CVEs, we quickly remove external access to these systems instantly based on exposure.

Couple this with campus based zero trust and ZTA to the application with workload/application segmentation and we have a recipe for success.

In this post, we explore a forward-looking concept: the Dynamic Context Firewall (DCF), envisioned for the Model Context Protocol (MCP), that could offer the next generation of adaptive AI security.

This is where the idea of a Dynamic Context Firewall comes into play.

The diagram above shows a workflow for securing AI interactions using a Dynamic Context Firewall (DCF).

Potential applications for a Dynamic Context Firewall span the enterprise spectrum.

The Dynamic Context Firewall for MCP represents a vision for that future—a protocol-aware, context-driven security layer that could empower organizations to embrace powerful AI workflows with confidence in their security, privacy, and complia…

By providing “paved paths”—developer-friendly, pre-configured security solutions that integrate seamlessly into existing workflows—security becomes a natural part of the development process, not an add-on.

Security as a First-Class Service: Treating security solutions and services as first-class offerings, complete with dedicated resources for development, maintenance, and operation, signals their importance.

Empathy is Key: Perhaps most critically, security teams must operate from a position of empathy.

This approach has fostered a vibrant community of developers eager to learn, share, and co-design security solutions, viewing security as a shared organizational goal rather than solely the…

4: Data from Enterprise Security GroupWhen it comes to hybrid work, performance cannot be sacrificed for security.

Enterprise Security Group research highlights that improving security effectiveness and better supporting hybrid work models are key drivers for SASE adoption.

Explore Enterprise Security Group Findings on Network and Security Convergence to see how your peers are assessing SASE progress and best practices.

Register for a Zero Trust Workshop to learn how Cisco SASE can accelerate your journey to a robust zero-trust framework.

1 IDC Spotlight, sponsored by: Cisco, SASE Outcomes Exceed Expectations, #US53593725, June 20252 IDC Spotlight, sponsored by: Cisco, SASE Outcomes Exceed …

1: Security Cloud Control, AIOps Insights dashboardA Data-Driven Engine That Learns and Propels ForwardCisco AIOps features advanced, purpose-built engines that analyze configurations, health status, diagnostics, and traffic patterns to proactively detect anomalies and configuration drift in real time.

2: Security Cloud Control, AIOps Software Upgrade PlannerWhat sets our AIOps offering different?

Customers control data sharing, selecting their region (EU, APJC, AMER) to maintain compliance.

Visit the Cisco Security Cloud Integration docs page to learn more.

Experience AIOps for Firewall TodayCisco AIOps for Firewalls is here, redefining what’s possible in network and security operations.

In both cases, the malicious XSS payload typically appears in the HTTP request query or body.

SnortML blocks malicious XSS scripts sent for storage on a vulnerable server (Stored XSS).

How SnortML Protects Against XSSLet’s dive into an example to illustrate how SnortML stops XSS attacks in real-time.

This particular CVE allows a remote attacker to execute arbitrary code by injecting malicious scripts through the formatCaseNumber parameter within the application’s Citation search function.

Ask a question and stay connected with Cisco Security on social media.

The Swiss Army knife is an iconic multi-tool that originated in the late 19th century; predecessor to the popular multitools of today.

The Value of VersatilityThe Swiss Army knife and Cisco XDR share a theme of versatility and integration.

In this integration, Cisco XDR will ingest Secure Access detections for automated triage, correlation, and incident detection.

One key resource is Cisco XDR Connect, a user-friendly resource that makes it simple to search, browse, and view details of all available Cisco XDR integrations and automation content.

Ask a question and stay connected with Cisco Security on social media.

The rise of Agentic AI, the emergence and adoption of AI agents and agent-to-agent networking to autonomously perform tasks on behalf of humans, has introduced unique challenges for existing security products.

Consequently, security solutions such as zero trust should, and can, be evolved to protect agentic AI communications.

Security Inspection and EnforcementTraditional zero trust practices focus on the “access control” aspect of enforcement, often neglecting other important security controls.

An effective agentic AI security solution should have a unified approach for all the networking and communication use cases.

Extending zero trust principles with Semantic Inspection for agentic envi…

Background: The Unique Landscape of the Black Hat NOCOperating the Black Hat Security and Network Operations Center (NOC) presents a unique set of challenges and expectations.

Unlike a typical corporate environment where any hacking activity is immediately deemed malicious, the Black Hat conference is a nexus for cybersecurity research, training, and ethical hacking.

Vigilance in Training Environments: Even in controlled, educational settings like Black Hat, continuous monitoring and swift response are paramount.

Even in controlled, educational settings like Black Hat, continuous monitoring and swift response are paramount.

Driven by the needs of the community, Black Hat events showcase con…

Below are the Cisco XDR integrations for Black Hat USA, empowering analysts to investigate Indicators of Compromise (IOC) very quickly, with one search.

Thank you to alphaMountain.ai and Pulsedive full donating full licenses to Cisco, for use in the Black Hat USA 2025 NOC.

Palo Alto Networks is the official Firewall and XDR/SIEM/SOAR provider for the Black Hat NOC.

In the Black Hat NOC, we collaborate with competition because the real enemy is not another vendor but rather the adversary.

Cisco XDR has an integration module to integrate with Cortex XDR which offers enrichment capability for both EDR detections and Firewall detections.

SnortML False PositivesWhat tripped up SnortML at Black Hat?

3: SnortML false positive, enlargedIn particular the %3d%3d (which decodes to ==) at the end stood out as encoding that likely tripped the detection.

We saw many different attack permutations for these two event types at Black Hat.

The screenshot below shows the payloads from a set of SnortML events, with the alerting packets downloaded into Wireshark.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

Security Store is the gateway for customers to easily discover, buy, and deploy trusted security solutions and AI agents from leading partners—all verified by Microsoft Security product teams to work seamlessly with Microsoft Security products.

Security Store: Your gateway to stronger securityReleased to public preview on September 30, 2025, Microsoft Security Store brings together a diverse catalog of security solutions and AI-powered agents from Microsoft and leading partners—all in one unified experience.

The Security Store is the place to discover, buy, and deploy security solutions and agents that work with Microsoft Security products, helping organizations strengthen their security.

F…

We also provide threat detections to help contain and prevent Blob Storage threat activity with Microsoft Defender for Cloud’s Defender for Storage plan.

How Azure Blob Storage worksAzure Storage supports a wide range of options for handling exabytes of blob data from many sources at scale.

Attack techniques that abuse Blob Storage along the attack chainReconnaissanceThreat actors enumerate Blob Storage to identify publicly exposed data and credentials that they can leverage later in the attack chain.

Enterprises often use Azure Data Factory and Azure Synapse Analytics to copy and transform data from Azure Blob Storage.

To hear stories and insights from the Microsoft Threat Intelligence com…

We also provide threat detections to help contain and prevent Blob Storage threat activity with Microsoft Defender for Cloud’s Defender for Storage plan.

How Azure Blob Storage worksAzure Storage supports a wide range of options for handling exabytes of blob data from many sources at scale.

Attack techniques that abuse Blob Storage along the attack chainReconnaissanceThreat actors enumerate Blob Storage to identify publicly exposed data and credentials that they can leverage later in the attack chain.

Enterprises often use Azure Data Factory and Azure Synapse Analytics to copy and transform data from Azure Blob Storage.

To hear stories and insights from the Microsoft Threat Intelligence com…

Purpose-built for security, it features a cloud-native architecture that centralizes all security data from more than 350 sources across platforms and clouds.

The Microsoft Sentinel data lake simplifies data management, eliminating silos, and enables cost-effective long-term retention, empowering organizations to maintain strong security postures while optimizing budget.

Microsoft Sentinel data lake centralizes security data from hundreds of sources, enabling real-time detection, contextual analysis, and autonomous response.

—Software Development Project Manager, Software Industry (Source: Gartner Peer Insights™)Download the reportTo learn more about why Microsoft was named a Leader in the …

Purpose-built for security, it features a cloud-native architecture that centralizes all security data from more than 350 sources across platforms and clouds.

The Microsoft Sentinel data lake simplifies data management, eliminating silos, and enables cost-effective long-term retention, empowering organizations to maintain strong security postures while optimizing budget.

Microsoft Sentinel data lake centralizes security data from hundreds of sources, enabling real-time detection, contextual analysis, and autonomous response.

—Software Development Project Manager, Software Industry (Source: Gartner Peer Insights™)Download the reportTo learn more about why Microsoft was named a Leader in the …

According to the latest Microsoft Digital Defense Report, written with our Chief Information Security Officer Igor Tsyganskiy, over half of cyberattacks with known motives were driven by extortion or ransomware.

Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit.

Nation-state actors are expanding operationsWhile cybercriminals are the biggest cyber threat by volume, nation-state actors still target key industries and regions, expanding their focus on espionage and, in some cases, on financial gain.

The cyber threats posed by nation-states are becoming more expansiv…

In my role as Deputy CISO for Microsoft’s business operations, I focus on the unique risks within our customer support operations.

Customer support agents require powerful tools to resolve customer issues—unlocking accounts, troubleshooting complex environments, and more.

Cyberattackers know that customer support operations can require privileged access, and that organizations sometimes treat customer support as an auxiliary function—resulting in a lower security bar.

Recent cyberattacks, including those by nation-state actors like Midnight Blizzard, have targeted customer support operations at Microsoft and across the industry.

Curated and secured support identitiesAt Microsoft, we create …

For broader integration, we are also collaborating with security products such as Microsoft Security Copilot, Microsoft Sentinel, and Microsoft Defender to evaluate and provide feedback on their AI features.

Additionally, Microsoft Security product owners can monitor how different models perform and what they cost, allowing them to choose appropriate models for specific features.

Unlike most open-source benchmarks, ExCyTIn-Bench captures the complexity and ambiguity of actual cyber investigations.

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

For broader integration, we are also collaborating with security products such as Microsoft Security Copilot, Microsoft Sentinel, and Microsoft Defender to evaluate and provide feedback on their AI features.

Additionally, Microsoft Security product owners can monitor how different models perform and what they cost, allowing them to choose appropriate models for specific features.

Unlike most open-source benchmarks, ExCyTIn-Bench captures the complexity and ambiguity of actual cyber investigations.

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

At Microsoft, building a lasting security culture is more than a strategic priority—it is a call to action.

We revamped our employee security training program to tackle advanced cyberthreats like AI-enabled attacks and deepfakes.

The impact we are making on the security culture at Microsoft is not by chance, nor is it anecdotal.

Security culture as a matter of business trustFor Microsoft, a strong security culture helps us protect internal systems and uphold customer and partner trust.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

At Microsoft, building a lasting security culture is more than a strategic priority—it is a call to action.

We revamped our employee security training program to tackle advanced cyberthreats like AI-enabled attacks and deepfakes.

The impact we are making on the security culture at Microsoft is not by chance, nor is it anecdotal.

Security culture as a matter of business trustFor Microsoft, a strong security culture helps us protect internal systems and uphold customer and partner trust.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Explore the security sessions at Microsoft Ignite 2025 Discover sessions tailored for security pros.

The Ignite keynote will include a dedicated security segment featuring Vasu Jakkal, Corporate Vice President (CVP) of Microsoft Security Business, and Charlie Bell, Executive Vice President of Microsoft Security.

If you’re a Microsoft Security partner, be sure to check out the partner-focused security sessions at Microsoft Ignite.

If you’re a Microsoft Security partner, be sure to check out the partner-focused security sessions at Microsoft Ignite.

Explore how Microsoft Purview Data Security Posture Management delivers actionable insights to strengthen your data security posture.

Explore the security sessions at Microsoft Ignite 2025 Discover sessions tailored for security pros.

The Ignite keynote will include a dedicated security segment featuring Vasu Jakkal, Corporate Vice President (CVP) of Microsoft Security Business, and Charlie Bell, Executive Vice President of Microsoft Security.

If you’re a Microsoft Security partner, be sure to check out the partner-focused security sessions at Microsoft Ignite.

If you’re a Microsoft Security partner, be sure to check out the partner-focused security sessions at Microsoft Ignite.

Explore how Microsoft Purview Data Security Posture Management delivers actionable insights to strengthen your data security posture.

Additionally, we provide comprehensive detections and hunting queries to enable organizations to defend against this attack and disrupt threat actor activity.

Attack flow of threat actor activity in a real incidentInitial accessThe threat actor used realistic phishing emails, targeting accounts at multiple universities, to harvest credentials.

If Microsoft Defender alerts indicate suspicious activity or confirmed compromised account or a system, it’s essential to act quickly and thoroughly.

Learn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To hear stories and insights from the Microsoft Threat Intel…

To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity.

Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.

An overwhelming 85% of all participants found the event useful for learning how AI can be applied to security workflows.

This positive feedback highlights that AI-centric CTFs can play a vital role in speeding up AI education and adoption in the security community.

We are committed to advancing the AI cybersecurity frontier…

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service .

The block will expire shortly after those requests stop.

In the meantime, solving the above CAPTCHA will let you continue to use our services.This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests.

If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible.

Learn more Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very qu…

At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos.

Pixel Camera attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

Google Photos attaches Content Credentials to JPEG images that already have Content Credentials and are edited using AI or non-AI tools, and also to any images that are edited using AI tools.

Building a More Trus…

Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics.

Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification.

This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar.

With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads.

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the hi…

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts.

Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and distribute provenance.

With an estimated value exceeding $12 trillion, open source software has never been more integral to the global economy.

For publishers and maintainers of open source packages, OSS Rebuild can...

If you're a developer, enterprise, or security researcher interested in OSS security, we invite you to follow along and get involved!

Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures.

This is particularly useful for Advanced Protection users, since in 2023, plaintext HTTP was used as an exploitation vector during the Egyptian election.

JavaScript Optimizations and Security Advanced Protection reduces the attack surface of Chrome by disabling the higher-level optimizing Javascript compilers inside V8.

Javascript optimizers can be disabled outside of Advanced Protection Mode via the “Javascript optimization & security” Site Setting.

We…

Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approachGoogle has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle.

From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level.

Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article.

Moving forwardOur comprehensive prompt injection security strategy strengthens the overall security framework for Gemini.

The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

To safeguard Chrome’s users, and preserve the integrity of the Chrome Root Store, we are taking the following action.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described in this blog post by installing the corresponding root CA certificate as a locally-trusted root on the platform Chrome is running (e.g., install…

Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems.

In 2019, using the same physical assumptions – which consider qubits with a slightly lower error rate than Google Quantum AI’s current quantum computers – the estimate was lowered to 20 million physical qubits.

Normally more error correction layers means more overhead, but a good combination was discovered by the Google Quantum AI team in 2023.

Another notable error correction improvement is using "magic state cultivation", proposed by the Google Quantum AI team in 2024, to reduce the workspace required for certain basic quantum operations.

These algorithms can already be deployed to d…

To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users.

Advanced Protection gives users:Best-in-class protection, minimal disruption: Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Defense-in-depth: Once a user turns on Advanced Protection, the system prevents accidental or malicious disab…

Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.

Now, Google Play Protect live threat detection will catch apps and alert you when we detect this deceptive behavior.

We’ve made Google Play Protect’s on-device capabilities smarter to help us identify more malicious applications even faster to keep you safe.

Google Play Protect now uses a new set of on-device rules to specifically look for text or binary patterns to quickly identify malware families.

This update to Google Play Protect is now available globally for all Android…

Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data.

Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts.

Chrome has always worked with Google Safe Browsing to help keep you safe online.

Standard Protection users will also benefit indirectly from this feature as we add newly discovered dangerous sites to blocklists.

Beyond tech support scams, in the future we plan to use the capabilities described in this post to help detect other popular scam types, such as package tracking scams and unpaid toll scams.

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers.

This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources.

Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1).

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1…

In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library.

These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy.

These features are why we recommend Sigstore’s signing mechanism as the default approach for signing ML models.

Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods.

This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional so…

The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome.

It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy.

Last spring, the Chrome Root Program led ecosystem-wide experiments, emphasizing the need for linting adoption due to the discovery of widespread certificate mis-issuance.

We recently landed an updated version of the Chrome Root Program Policy that further aligns with the goals outlined in “Moving Forward, Together.” The Chrome Root Program remains committed to proactive advancement of the Web PKI.

We continue to value collaboration with web…