В жизни каждого чат-бота бывают моменты, когда он заходит «не в ту дверь».

Автор описывает скрытие процессов и файлов, маскировку сети и антидетект-подходы.

Компания обещает «квантовое преимущество» на задаче с проверкой через реальный кошелек.

В FRIB впервые измерили реакцию, важную для рождения селена-74.

Почему в новой войне неважно, как далеко ты стреляешь, если твою ракету невозможно поймать.

Кажется, эпоха ручного цифрового шпионажа подошла к концу.

Даже если вы измерите каждый миллиметр поверхности, нет гарантий, что вы правильно поняли её форму.

Технология, которая была круче всех в 1987-м, покидает Linux.

Почему инструмент для помощи пользователям вдруг стал идеальным подарком для хакеров.

Взломщик биржи Bitfinex намерен начать карьеру в сфере кибербезопасности.

Лондонские власти восстановили прием онлайн-оплат спустя несколько месяцев после кибератаки.

Патч уже в 6.19 и пойдет в бэкпорты, чтобы прерывания выключались правильно во всех сценариях.

В первую волну (в марте 2025 года) злоумышленники вводили в заблуждение получателей писем тем, что приглашали принять участие в общественно-экономическом форуме «Примаковские чтения» в РАН.

Паоло Лецци, CEO компаний Memento Labs (ранее — Hacking Team) и InTheCyberПричём здесь Hacking Team?

Речь пойдёт об итальянской компании Hacking Team, которая в результате продажи и ребрендинга превратилась в 2019 году в компанию Memento Labs.

Участие Hacking TeamИстория взлома серверов на Hacking Team прояснила также некоторые другие важные детали, касающиеся её разработки коммерческого spyware-софта.

Лецци также отметил, что не может «уверенно назвать, кто именно из клиентов компании оказался виновным …

В таких условиях формальный подход к ИБ превращается в источник новых рисков.

Понимание ограничений технологий и отказ от иллюзий — первый шаг к построению устойчивой и живой системы защиты, способной адаптироваться к реальным, а не «учебным» угрозам.

В-третьих, многофакторную аутентификацию (MFA), которая является одной из самых эффективных мер для защиты от атак с использованием украденных учётных данных.

Когда атаки не укладываются в сценарииЕсли автоматизация и стандартные сценарии защиты не обнаруживают всех атак, реальность оказывается ещё сложнее.

Иллюзия полной защищённостиРеальные компрометации редко укладываются в учебные сценарии, а ошибки в проектировании создают ложное ощущение…

По направлению миграцииИз локальной инфраструктуры в облако — перенос сервисов и данных из собственной вычислительной среды заказчика в публичное или частное облако.

Rehost (Lift and Shift) — перенос приложений и данных в облачную инфраструктуру практически без изменений архитектуры и логики работы.

Сложности в процессе миграции и типичные ошибкиМиграция в облако редко проходит гладко: могут возникнуть технические несовместимости или скрытые архитектурные зависимости.

Чек-лист по миграции в облакоВыше мы рассмотрели теорию, проанализировали ключевые аспекты миграции и изучили реальные кейсы российских компаний.

Именно такой подход позволял переносить в облако не только вспомогательные, но и…

Атаки на роботов.

В целом атака на роботов может приводить к различным последствиям:Физический ущерб людям и имуществу вследствие потери контроля (в том числе самоконтроля).

Через взломанного робота можно распространять атаку и на неподключённые экземпляры из группы.

Средства защиты должны стать неотъемлемой частью архитектуры роботов и включать изоляцию компонентов, строгую аутентификацию команд, минимальные привилегии и тотальный контроль всех взаимодействий.

Они направлены не только на соблюдение требований безопасности, но и на обеспечение стабильной, предсказуемой работы систем.

Большинство экспертов оценили объём российского рынка ITSM-систем в 2024 году в диапазоне 10–35 млрд рублей, в зависимости от методологии расчёта.

По мнению TAdviser, среди отечественных вендоров уже который год лидирует компания Naumen — как по объёму выручки, так и по количеству подтверждённых внедрений.

Из независимых обзоров, по мнению редакции, внимания достоин рейтинг российских ITSM-систем 2024 года от «Компьютерры».

ESMPESMP — это программная ITSM-платформа для управления и автоматизации работы любых сервисных подразделений компании.

Ведение каталога услуг и управление SLA позволяет структурировать перечень ИТ-услуг, устанавливать соглашения об уровне обслуживания и контролировать и…

Планирование операции по захвату Н.МадуроПо данным The Guardian, подготовкой организационной части операции по захвату Н. Мадуро занималось ЦРУ и ряд других государственных агентств, связанных с разведывательной деятельностью.

Главный акцент американцев при проведении операции Absolute Resolve возлагался на внезапность (неизвестность момента атаки) и завоевание тактического превосходства в воздухе.

Американцы определили, что в ночь операции Н.Мадуро будет находиться в Фуэрте-Тиуна, ключевой военной базе в окрестностях Каракаса.

Поэтому распространившееся позднее утверждение, что в ходе операции не было кибератаки, выглядит малоубедительным.

Отметим еще одно необычное событие, которое произо…

О том, как проходили эти дни и что происходило за кулисами, рассказали участники российской делегации — представители ГК «Солар».

Практика последних лет показала, что в условиях глобального интернета объектами кибератак становятся в равной степени все страны, в том числе те, которые остаются «слабым звеном».

Ханойская конвенция получила одобрение со стороны Китая, многих стран Ближнего и Среднего Востока, стран АСЕАН, большинства государств Латинской Америки.

Они вряд ли примкнули бы к Будапештской конвенции и в будущем.

Если отдельные участники считают, что в другой стране “проседают” те или иные компетенции, то суверенное право каждой страны самой выбирать, что делать дальше», — отметил А…

В ходе итоговой пресс-конференции Positive Technologies был сделан традиционный прогноз: легче в 2026 году не станет.

Угрозы в новом годуКак спрогнозировала руководитель направления аналитических исследований Positive Technologies Ирина Зиновкина на итоговой пресс-конференции «Анатомия цифровых бурь», рост успешных атак в 2026 году составит около 30 %.

По оценке аналитиков J`son & Partners Consulting, данная угроза заняла стала самой распространённой в 2025 году и её актуальность сохранится в 2026 году.

По оценке УЦСБ, тенденция на атаки российского ПО сохранится и в 2026 году.

Наконец, в 2026 году можно ожидать принятия второго пакета антимошеннических мер.

Статистика за 2025 год подтверждает эту тенденцию: атаки на цепочки поставок (Supply Chain Attacks), компаний выросли на 110 %.

Атаки на цепочку поставок и меры противодействияЧтобы оценить реальные масштабы угрозы, важно опираться не на общие рассуждения, а на конкретные инциденты, в которых уязвимость поставщика привела к компрометации его клиентов.

Разработчикам рекомендовали усилить защиту учётных записей, внедрить проверку целостности зависимостей и наладить процессы аудита цепочки поставок на всех этапах жизненного цикла ПО.

Атака на цепочку поставок ПО «GhostAction»В сентябре 2025 года исследователи из GitGuardian раскрыли масштабную кампанию «GhostAction», затронувшую 327 пользовате…

Инцидент ИБ — не формальность и не тикет, а сбой сложной системы.

Такой подход кажется удобным, но на практике не устраняет первопричину и не даёт накопления опыта, из-за чего проблемы возвращаются.

Выводы, решения, найденные уязвимости и удачные практики не переходят в систему и не масштабируются на команду.

В такой модели выводы и решения становятся предсказуемыми и объективными, а сам процесс начинает опираться на стандарты, а не на интуицию отдельных специалистов.

Суть проста: задача не в том, чтобы вернуть всё в исходное состояние, а в том, чтобы устранить фундаментальный сбой и не допустить повторения инцидента в других точках инфраструктуры.

Дмитрий Курашев, директор-сооснователь UserGate (слева) и Станислав Кудж, ректор МИРЭА, открыли лабораторию UserGateЛаборатория, открытая в МИРЭА, стала шестой локацией Академии UserGate в российских вузах.

К 2025 году ситуация меняется: в «лёгком» классе — 60 и 80 %; в «среднем» классе — 49 и 50 %; в «тяжёлом» классе – 18 и 0 % соответственно.

Но где связь между образованием в области ИБ и открытием лаборатории UserGate в МИРЭА?

Экспорт российской системы образования в области ИБ рассматривается ими, скорей, как дополнительный элемент в рамках продвижения собственных ИБ-продуктов.

Фактически в UserGate накапливается собственный опыт поддержки системы образования в области ИБ.

Он занимает первую строчку по частотности упоминаний и в прогнозах развития киберугроз, и в предположениях о будущем средств защиты информации.

Следовательно, уязвимости в Windows 10, найденные после окончания поддержки, могут затронуть очень и очень многих — и в «домашнем» сегменте, и в корпоративном.

Поэтому переход на отечественные решения и повышение киберустойчивости для критической инфраструктуры становятся постоянным режимом работы и для государства, и для коммерции.

Поэтому сегментация сетей, минимальные привилегии, MFA и глубокий анализ трафика становятся обязательными элементами и для коммерческого сектора, и для критической инфраструктуры.

Эта тема преобладает и в прогнозах по ча…

Мы сравнили 6 бесплатных антивирусов для Android, которые доступны в России к началу 2026 года.

ВведениеНаше предыдущее сравнение антивирусов для Android вышло в 2021 году, когда на российском рынке ещё присутствовали топовые зарубежные компании-разработчики.

Среди прочего большинство мобильных антивирусов, рассмотренных в предыдущем сравнении, теперь недоступны для россиян: их не удастся найти в магазине Google Play, если не изменить геолокацию.

Авторитетные российские разработчики антивирусов — «Лаборатория Касперского» и «Доктор Веб» — по-прежнему с нами, и сегодня мы посмотрим, что общего и что разного у отечественных и иностранных антивирусов для Android, доступных в России к началу 20…

На смену срочности и необходимости простой замены пришёл запрос на качество, гарантированную совместимость компонентов и экономическую эффективность решений.

Вендорам и интеграторам пришлось отвечать на этот вызов, делая ставку не на единичные продукты, а на создание или встраивание в доверенные экосистемы.

в промышленном сегменте, выпустили новое решение для резервного копирования и серьёзно продвинулись в области инфраструктурных решений для искусственного интеллекта.

Андрей Крючков, директор по развитию технологических партнёрств, компания «Киберпротект»Валентин Губарев: «Наша стратегия в этом году строилась на 3 ключевых фокусах.

Год показал, что будущее отечественных информационных тех…

Автоматизировать процесс внедрения стандартов и комплаенс-контроль по этому сценарию поможет модуль MaxPatrol Host Compliance Control (MaxPatrol HCC) в составе MaxPatrol VM.

Как MaxPatrol HCC делает комплаенс-контроль и харденинг прощеMaxPatrol HCC — это модуль для MaxPatrol VM, который позволяет приоритизировать риски, назначать политики безопасности, контролировать выполнение требований и сроки устранения несоответствий.

Возможность разрабатывать собственные стандарты или адаптировать системные, включая стандарты PT Essentials, с помощью встроенного в MaxPatrol HCC конструктора.

В MaxPatrol HCC уже реализованы готовые стандарты, интегрированные в продукт.

Дашборды в MaxPatrol HCC для ключ…

Ветка 1: «Официальный вход» и его эксплуатацияЗдесь мы видим, как легитимный механизм входа для бизнеса превращается в лазейку.

Ветка 2: «Фрод-исследователь» и его улейЭта ветка еще более показательна.

Манипуляция рейтингом: Скоординированные действия группы связанных аккаунтов (все подписаны на компанию Femida Search Search).

Мультиаккаунтинг: Высокая вероятность, что за @MnsDev, @free_kedr @jobi8 и @kirill_berill стоит один и тот же оператор.

Хабр — это место для обмена знаниями, а не доска объявлений для «серых» сервисов пробива.

Однако, учитывая минималистичную природу и предполагаемое использование этих систем, версия Wireshark для командной строки (tshark) часто является более подходящим вариантом для захвата и анализа трафика.

Установка Wireshark на LinuxВыполните следующие шаги для установки Wireshark на Linux:Установите WiresharkОткройте командную строку и введите команду установки для вашего дистрибутива Linux:Дистрибутив Команда для установки Wireshark Ubuntu/Debian sudo apt install wireshark ‑y Fedora/Rocky Linux/RHEL sudo dnf install wireshark ‑y openSUSE sudo zypper install wireshark ‑yПримечание: Kali Linux часто используется для анализа сети и тестирования на проникновение.

Установка Wireshark на Window…

Зачем нужен DAST?

IAST (Interactive Application Security Testing)IAST — это гибридный подход, сочетающий элементы SAST и DAST.

IAST-агенты встраиваются в приложение и анализируют его поведение во время выполнения, отслеживая потоки данных и выявляя уязвимости в реальном времени.

RASP-агенты встраиваются в приложение и могут не только обнаруживать, но и блокировать атаки в реальном времени.

Комбинация SAST, DAST и SCA закрывает до 90% типичных рисков.

На днях AdGuard выложил в открытый доступ свой VPN-протокол, который назвал TrustTunnel.

Главная проблема тормозов в классическом подходе «устойчивых» протоколов - они обертывают VPN-данные в TCP-соединение и мимикрируют под HTTPS.

Выглядит это в итоге как обычный веб-трафик, но TCP добавляет проблем со своим обязательным подтверждением доставки пакетов.

И всё это теперь открыто под лицензией Apache 2.0 - можно форкать и использовать.

Полезные ссылки: Спецификация протокола, Конфигурация, TrustTunnel на GitHub, Сайт проекта, Обсуждение на HN

Проверка физических лиц по открытым источникам информации давно вышла за рамки простого любопытства: сегодня это рабочий инструмент для расследований, комплаенса, корпоративной безопасности и частных проверок.

Грамотно выстроенный OSINT-анализ позволяет выявить юридические, финансовые и репутационные риски, не нарушая закон и не выходя за пределы публично доступных данных.

Дополнительно следует использовать сайты мировых судов:Поиск ведем по ФИО, фамилии и инициалам, с учетом региона и судебного участка.

Контент физлица и его лояльностьФормальные реестры показывают прошлое, а контент — настоящее.

Подведем итогПроверка физлиц по открытым источникам — это не один запрос и не один сервис.

В первой части мы обсудили само понятие инноваций и инновации в DLP-системах, в этой же статье поговорим о:критериях универсальности инноваций;факторах, тормозящих их внедрение;стимулах, помогающих в их распространении в компании.

Отличия инноваций в зависимости от сфер деятельностиЧасто думают, что в разных отраслях должны быть разные инновации.

По сути, так и рождаются новые продукты и инновации, которые мы в дальнейшем дорабатываем и тиражируем.

Инновации — это не вещь в себе, они не могут жить в вакууме и должны быть интегрированы в какие-то продукты.

Поэтому инновации должны быть гармонично встроены в жизнь и в продукты, а также в рабочие процессы людей.

На скомпрометированную систему устанавливается агент Merlin – открытый постэксплуатационный инструмент на Go, совместимый с фреймворком Mythic и работающий через HTTP/1.1, HTTP/2 и HTTP/3.

Merlin Легитимный инструмент с открытым исходным кодом, написанный на Go, используемый группировкой на этапе постэксплуатации.

Этот фреймворк представляет собой предоставляет веб-интерфейс для коллаборации операторов и обеспечивает модульную архитектуру для создания агентов на любом языке программирования и для любой платформы (Windows, Linux, macOS).

XDSpyXDSpy (Silent Zmiy, Silent Werewolf) активна с 2011 года и специализируется на краже конфиденциальных документов у государственных учреждений стран СНГ…

Но что на самом деле происходит, когда вы запускаете скрипт?

В отличие от контейнеризации, агент работает в том же процессе, что и IDE – нет никаких барьеров между агентом и вашими данными.

Таким образом использование активатора JetBrains на основе Java-агента – это не просто обход проверки лицензии, а комплексная компрометация системы на всех уровнях.

Риски сопоставимы с намеренной установкой вредоносного ПО с правами администратора и полным доступом к вашим проектам, ключам и паролям.

Скачивайте OpenIDE и пробуйте новые возможности в деле и подписывайтесь на нас в Telegram, чтобы не пропустить свежие обновления и полезные материалы.

При этом «атмосферная квантовая связь» может применяться и в более «приземлённых» сценариях — дронах, автомобилях, мобильных узлах связи, которые могут появляться и исчезать, менять траекторию и работать лишь считанные минуты.

Квантовые передатчики и приёмники выполнены в виде автономных модулей и могут устанавливаться как на дроны, так и на автомобили.

Вся система работает в замкнутом контуре и не требует обмена служебными данными между узлами — каждый модуль сам «ловит» партнёра и удерживает линию визирования.

Периодические провалы связаны с паузами на синхронизацию и запись данных, а не с потерей канала связи.

Если убрать цифры и графики, ценность этой работы в другом: она показывает, чт…

А если добавить Weight Decay (L2-регуляризацию), то процесс забывания лишнего должен идти еще быстрее.

Суть экспериментаДля изучения влияния эффекта Weight Decay на обучение модели, пришлось очень тщательно подойти к постановке эксперимента.

Обе задачи зависят от одних и тех же входов — координат x и y.Контрольная модель, обучаясь только задаче B, формирует осмысленные представления x и y только вне ограниченного радиуса.

После переобучения на задачу B с Weight Decay мы проверяем с помощью зонда, сохранилась ли эта старая структура внутри слепого пятна.

Weight Decay в этом режиме работает как стабилизатор инерции.

Но главное изменение не в количестве инцидентов, а в их скорости.

Разрыв между скоростью атаки и скоростью реакции достиг критической точки.

В этой статье — о реальных угрозах начала 2026 года и о том, как выстроить защиту, когда противник работает на машинной скорости.

Эксперты прогнозируют, что в 2026 году произойдёт первый крупный инцидент, связанный с компрометацией MCP.

Прогнозируется, что в 2026 году будет опубликовано более 50 000 новых CVE — объём, который невозможно обработать вручную.

Декларируется, что яркий сигнал виден на 360° (±8° по вертикали) и заметен на расстоянии до 1 километра при хороших условиях видимости.

После активации маячок передает информацию об аварии на сервер DGT, после чего данные об аварии начинают отображаться на дорожных табло и в подключенных навигаторах.

Тем не менее в DGT стояли на своем - с 1 января 2026 года только V16 с подключением к собственной платформе DGT 3.0 является законным способом обозначить аварийную остановку.

В DGT, ответ на критику, заявляют, что работают на усилением требований безопасности по доступу к API.

Для тех, кто бывал в Испании, местный колорит в виде активного внимания к забытым на пляже вещам или рюкзаку в толпе вр…

Не в последнюю очередь, кстати, это произошло и из-за Китайских хакерских форумов, тематики и материалы которых можно изучать бесконечно.

Мы, конечно, не утверждаем, что эти программы явно используются APT-группировками или продвинутыми хакерами, работающими на государство в Китае.

Пусть это и было очевидно, учитывая, насколько прокся многофункциональная и сколько лет считается «стандартом» для поиска эксплоитов в веб-приложениях.

Полагаю, из этого обстоятельства нельзя делать слишком много выводов, кроме того, что это довольно мощный инструмент, используемый китайскими пентестерами.

В целом очевидно, что что-то такое должно было быть, учитывая, что Alibaba Cloud и сопутствующие продукты оч…

Всем привет, меня зовут Никита и в настоящее время я являюсь действующим специалистом по анализу защищенности.

Как и в каждом проекте после получения доступов, стоит начать стадию разведки инфраструктуры.

Закидываем, как душе удобно, (например обычным curl), потому что в сети не было обнаружено какой-либо IPS / IDS.

Также хочется упомянуть, что на хосте был воткнут флеш-накопитель, который содержал абсолютно все пароли в чистом виде от инфраструктуры компании.

Неужели заказчик развернул его ради какого-либо теста ПО, да еще и на винде?

А вот со столь же жел­тым кафелем в убор­ной и отва­лива­ющи­мися обо­ями на сте­нах нуж­но и вправ­ду что‑то делать.

Во­оду­шевив­шись столь сво­евре­мен­ной мыслью, он соору­дил себе кофе с бутер­бро­дом и при­нял­ся остерве­нело отди­рать обои в коридо­ре и в ком­нате.

Он брал сегод­няшнюю дату и прев­ращал ее в чис­ло, затем добав­лял к нему сек­ретное зна­чение, извес­тное толь­ко ему и его соз­дателю.

Изящ­ное решение, при­думан­ное явно не нович­ком и не слу­чай­ным вирусо­писа­телем.

И Кирилл, при всем сво­ем чутье, не имел пра­ва округлять веро­ятность до еди­ницы.

Каждый принт уникален, а все дизайны создавались с учетом того, что хотели видеть наши читатели.

Носи как хочешь: на конференции, в офисе, дома за кодом или как базовый слой под худи в холода.

В наличии остались только небольшие размеры — если носишь такие сам или планируешь сделать кому-то подарок, самое время забирать со скидкой.

Бейсболки «Хакера»Четыре модели бейсболок с объемной вышивкой и лаконичным дизайном отлично дополняют футболки или работают сами по себе.

Лаконичный дизайн подойдет как для митапов, так для обычных прогулок по городу.

Разработчики GitLab исправили ряд серьезных уязвимостей, включая критическую проблему с обходом двухфакторной аутентификации (2ФА), которая затрагивает как Community, так и Enterprise Edition.

Сообщается, что уязвимость была связана с некорректной проверкой возвращаемых значений в сервисах аутентификации GitLab.

Помимо CVE-2026-0723, в GitLab CE/EE закрыли еще два критических бага.

Обе проблемы позволяли неаутентифицированным злоумышленникам вызвать отказ в обслуживании (DoS): CVE-2025-13927 — с помощью отправки запросов с некорректными данными аутентификации, и CVE-2025-13928 — через эксплуатацию ошибок валидации прав доступа к API.

По статистике Shadowserver, в настоящее время в сети дост…

По данным СМИ, компания Luxshare — один из ключевых партнеров Apple по сборке iPhone, AirPods, Apple Watch и Vision Pro — предположительно стала жертвой вымогательской атаки.

Компания является ключевым партнером Apple по сборке устройств и производит значительную часть iPhone, AirPods и Apple Watch, что дает ей доступ к детальным техническим спецификациям продуктов.

Утечка включает детали конфиденциальных проектов по ремонту и логистике устройств между Apple и Luxshare — с таймлайнами, описанием процессов и информацией о других клиентах пострадавшей компании.

«Архивы содержат данные Apple, Nvidia, а также LG, Geely, Tesla и других крупных компаний, чья информация защищена соглашениями о нер…

Все эти сер­висы пре­дос­тавля­ют API, поэто­му их лег­ко встро­ить в свои плат­формы и обра­баты­вать дан­ные в при­выч­ной сре­де.

Как анализировать полученные данные и какие бывают паттерны поиска?

Нап­ример, поиск по клю­чевым сло­вам вро­де login, panel, c2, stealer или по наз­вани­ям вре­доно­сов помога­ет находить управля­ющие панели.

title: "C2 Panel"Что­бы най­ти откры­тые дирек­тории с вре­донос­ными фай­лами, в Censys мож­но исполь­зовать такой зап­рос (на при­мере Sliver C2):( services.

В отли­чие от пре­дыду­щих методов, JA4+ пред­став­лены в удоб­ном для чте­ния фор­мате и для людей, и для сис­тем, что повыша­ет эффектив­ность поис­ка и ана­лиза угроз.

Основатель и ведущий разработчик Curl Даниэль Стенберг (Daniel Stenberg) объявил о закрытии программы bug bounty проекта на платформе HackerOne.

До 31 января 2026 года Curl продолжит принимать сообщения об ошибках через HackerOne, и все отчеты, находящиеся в работе на эту дату, будут рассмотрены полностью.

Однако с 1 февраля проект полностью откажется от приема новых заявок на HackerOne и перейдет на прямые сообщения об уязвимостях через GitHub.

Нынешний поток заявок создает высокую нагрузку на команду безопасности Curl, и это попытка снизить информационный шум».

Bug bounty программа Curl и libcurl работала с 2019 года через HackerOne и Internet Bug Bounty.

19 и 21 января группа провела массированную атаку на российские компании из самых разных отраслей — от ЖКХ и финансов до аэрокосмического сектора и маркетплейсов.

PhantomCore известна с 2024 года и нацелена исключительно на российские и белорусские компании.

Полученный таким образом скрипт делает три вещи: показывает жертве документ-приманку, загружает в память следующую стадию вредоноса и прописывается в планировщике задач Windows.

Созданная задача повторяется с интервалом в 61 секунду — сразу после создания и в начале каждого следующего дня.

Отмечается, что в этой версии вредоноса обрабатывается только команда cmd, хотя в более ранних версиях PhantomCore поддерживалась также команда downl…

Спам генерируется через платформы поддержки компаний, которые используют Zendesk для работы с клиентами.

Атакующие эксплуатируют функцию, позволяющую неверифицированным пользователям создавать тикеты, и Zendesk автоматически отправляет письмо-подтверждение на адрес, указанный при создании заявки.

Злоумышленники пропускают через эту систему огромные списки email-адресов, создавая фальшивые тикеты и используя Zendesk для массовой рассылки спама.

Представители Zendesk сообщили изданию, что компания уже внедрила новые защитные функции для обнаружения и блокировки подобного спама в будущем.

Стоит отметить, что в декабре 2025 года в Zendesk уже предупреждали пользователей о таких злоупотреблениях…

Хакеры за считанные секунды взламывают устройства через уязвимость в SSO, создают фальшивые аккаунты администратора с VPN-доступом и похищают конфигурации.

Операторы этой кампании эксплуатируют некую проблему в механизме SSO и моментально создают новые учетные записи, правят настройки VPN и файрвола, а также выгружают полные конфигурации устройств.

В Arctic Wolf подчеркивают, что все эти действия выполняются за секунды, что указывает на полную автоматизацию атак.

Эти индикаторы компрометации совпадают с данными Arctic Wolf: исследователи пишут, что наблюдают аналогичную активность как в текущих атаках, так и в декабрьских инцидентах.

Пока Fortinet не выпустит полноценные патчи, эксперты рек…

Каждую субботу на сайте выходит новая глава романа « Белый хакер » — продолжения романа Валентина Холмогорова « Хакеры.RU ».

Если ты следишь за приключениями героев в режиме реального времени, но еще не знаком с первой книгой — сейчас самое время ее прочитать.

Первая книга доступна в печатном варианте с черно-белыми иллюстрациями и в электронном формате — выбирай, что удобнее.

Но главное — здесь есть дух того времени, когда хакерство было не просто набором технологий, а способом поиска себя и своего места в мире.

И если эта книга станет для кого-то искрой, пробуждающей интерес к знаниям, значит, все было не зря», — говорит автор романа, ведущий редактор «Хакера» Валентин Холмогоров.

Разработчики менеджера паролей LastPass предупредили пользователей о новой фишинговой кампании, которая маскируется под уведомления о технических работах.

«Обращаем ваше внимание, что LastPass НЕ просит клиентов создавать резервные копии своих хранилищ в ближайшие 24 часа.

— В маловероятном случае непредвиденных технических сложностей или расхождений в данных наличие свежей резервной копии гарантирует сохранность и возможность восстановления информации».

Разработчики отмечают, что атакующие запустили кампанию в праздничные выходные в США — видимо, рассчитывая застать врасплох компании с неполным штатом сотрудников.

А в сентябре прошлого года фишеры предлагали пользователям установить более …

Исследователи из компании Miggo Security нашли способ обойти защиту Google Gemini от промпт-инжектов, используя обычные приглашения в «Календаре».

Атака позволяла похищать приватные данные, просто отправляя жертвам приглашения с вредоносным содержимым.

Когда жертва обращается к Gemini с вопросом о своем расписании, ИИ-ассистент загружает и парсит все события, включая вредоносное.

Эксперты Miggo Security поделились информацией об обнаруженной проблеме с Google, и в компании утверждают, что уже внедрили новые меры защиты для блокировки подобных атак.

Это должно предотвратить автоматические утечки данных через создаваемые Gemini приглашения.

В этой статье я покажу, как вер­нуть к жиз­ни ста­рый ноут­бук с Windows 7 и прев­ратить уста­рев­шую сис­тему в более‑менее сов­ремен­ную рабочую сре­ду.

И я задумал­ся: мож­но ли прев­ратить «семер­ку» в сов­ремен­ную ОС и дать ей вто­рую жизнь, что­бы поль­зовать­ся ста­рым ноут­буком с при­выч­ным ком­фортом?

Стра­ница эму­лиру­ет ори­гиналь­ный Windows Update, вос­ста­нав­ливая дос­туп к цен­тру обновле­ний: ActiveX вза­имо­дей­ству­ет с Windows Update Agent (WUA), про­веря­ет сис­тему, а потом авто­мати­чес­ки заг­ружа­ет необ­ходимые ком­понен­ты и сер­тифика­ты.

Обеспечение совместимостиОб­новле­ния — это толь­ко полови­на дела, их одних недос­таточ­но для того, что­бы в Windows 7 з…

В магазинах расширений для Chrome, Firefox и Edge обнаружили 17 новых вредоносных расширений, связанных с кампанией GhostPoster.

Напомним, что впервые о кампании GhostPoster рассказали исследователи из Koi Security в декабре прошлого года.

Тогда были выявлены 17 расширений для Firefox, которые использовали стеганографию для сокрытия вредоносного JavaScript-кода в PNG-файлах логотипjd.

В этом случае логика подготовки вредоносного кода была перенесена в фоновый скрипт расширения, а в качестве контейнера для скрытой полезной нагрузки использовался встроенный файл изображения, а не только логотип.

«Этот поэтапный процесс выполнения демонстрирует явную эволюцию в сторону более длительного период…

]click в него загружается целевой сайт для накрутки кликов и JavaScript-файл phantom.

Этот скрипт содержит сценарий для автоматизации действий с рекламными объявлениями и фреймворк машинного обучения TensorFlowJS.

Для работы с WebRTC на Android требуется специальная библиотека с Java API, которой нет в стандартной ОС.

Их выкладывают на отдельных сайтах и в Telegram-каналах.

Статистика с одного из Discord-серверов показывает географию жертв, так как для доступа к чатам на разных языках необходимо поставить реакцию с соответствующим флагом.

A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT.

Another "defining characteristic" of the campaign, per Fortinet, is the operational abuse of defendnot to disable Microsoft Defender.

The campaign leverages social engineering to distribute compressed archives, which contain multiple decoy documents and a malicious Windows shortcut (LNK) with Russian-language filenames.

When executed, it runs a PowerShell command to retrieve the next-stage PowerShell script hosted on a GitHub repository ("github[.

A deliberately-introduced 444 second delay later, the PowerShell script runs a Visual Basic Script ("SCR…

The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December 2025.

The attack was unsuccessful, the country's energy minister, Milosz Motyka, said last week.

"The command of the cyberspace forces has diagnosed in the last days of the year the strongest attack on the energy infrastructure in years," Motyka was quoted as saying.

According to a new report by ESET, the attack was the work of Sandworm, which deployed a previously undocumented wiper malware codenamed DynoWiper.

The trojan, which was used to plant a wiper malware dubbed KillDisk, caused a 4–6 hour p…

AI Agents Break Traditional Access ModelsAI agents are not just another type of user.

Without rethinking these assumptions, IAM becomes blind to the real risk AI agents introduce.

The Three Types of AI Agents in the EnterpriseNot all AI agents carry the same risk in enterprise environments.

Rethinking Risk: What Needs to ChangeSecuring AI agents requires a fundamental shift in how risk is defined and managed.

The Cost of Uncontrolled Organizational AI AgentsUncontrolled organizational AI agents turn productivity gains into systemic risk.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

It was resolved by Broadcom in June 2024, along with CVE-2024-37080, another heap overflow in the implementation of the DCE/RPC protocol that could lead to remote code execution.

In particular, they found that one of the heap overflow vulnerabilities could be chained with the privilege escalation vulnerability (CVE-2024-38813) to achieve unauthorized remote root access and ultimately gain control over ESXi.

It's …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The list of vulnerabilities is as follows -It's worth noting that CVE-2025-54313 refers to a supply chain attack targeting eslint-config-prettier and six other npm packages, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall, got-fetch, and is, that came to light in July 2025.

According to CrowdSec, exploitation efforts targeting CVE-2025-68645 have been ongoing since January 14, 2026.

There are currently no details on how the other vulnerabilities are being exploited in the…

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls.

The activity essentially mounts to a bypass for patches put in place by the network security vendor to address CVE-2025-59718 and CVE-2025-59719, which could allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled on affected devices.

However, earlier this week, reports emerged of renewed activity in which malicious SSO logins on FortiGate appliances were recorded against the admin account on devices that had been patched agai…

TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S.

The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said.

"The majority American owned Joint Venture will operate under defined safeguards that protect national security through comprehensive data protections, algorithm security, content moderation, and software assurances for U.S. users," it added.

The development comes a month after reports emerged that TikTok had signed an agreement to create a ne…

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts.

"By stealing a 'skeleton key' to the system, they turn legitimate Remote Monitoring and Management (RMM) software into a persistent backdoor."

The attack unfolds in two distinct waves, where the threat actors leverage fake invitation notifications to steal victim credentials, and then leverage those pilfered credentials to deploy RMM tools to establish persistent access.

Specifically, this involves the threat actor registering with LogMeIn using the compromised …

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector.

"The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and evade user awareness," the Microsoft Defender Security Research Team said.

"The attack transitioned into a series of AitM attacks and follow-on BEC activity spanning multiple organizations."

The starting point of the attack is a phishing email likely sent from an email address belonging to a trusted organization, which was compromised beforehand.

The social engineering effo…

However, the Broadcom-owned cybersecurity division said it identified clues that suggest the threat actors who deployed the ransomware may have been previously associated with INC ransomware (aka Warble).

POORTRY is a little different from traditional BYOVD attacks in that it uses a bespoke driver expressly designed for elevating privileges and terminating security tools, as opposed to deploying a legitimate-but-vulnerable driver to the target network.

The attacks have also utilized two drivers ("rsndispot.sys" and "kl.sys") along with "vmtools.exe" to disable security solutions using a BYOVD attack.

The attacks, besides using "hlpdrv.sys" and "ThrottleStop.sys" drivers for BYOVD attacks, a…

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years.

It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7.

"Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a '-f root' value for the USER environment variable," according to a description of the flaw in the NIST National Vulnerability Database (NVD).

This happens because the telnetd server do [sic] not sanitize the USER environment variable before passing it on to login(1), and login(1) uses the -f parameter to by-pass normal authentication.

As temporary workarounds, users can disable telnetd server,…

They relied on familiar systems behaving exactly as designed, just in the wrong hands.

Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them.

Each item is a small signal of a larger shift, best seen when viewed together.

Taken together, these incidents show how quickly the "background layer" of technology has become the front line.

The weakest points weren't exotic exploits, but the spaces people stop watching once systems feel stable.

Google Workspace provides an excellent security foundation, but its native tooling has inherent limitations, and relying on the default configurations can cause headaches.

Turn on advanced scanning: enable Google's enhanced pre-delivery message scanning and malware protection to ensure you're making the most of Google's capabilities.

The next steps to proactive, modern securityA properly-configured Google Workspace offers a solid foundation for securing a fast-growing company.

Google Workspace security spans so many domains that it can be difficult to maintain a complete picture of your posture, and this only gets harder as your organization scales and your Workspace evolves.

That's why Mat…

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts.

According to Socket, the original library has been modified to act as a downloader for an XMRig cryptocurrency miner on compromised systems.

The malicious behavior is designed to trigger only when specific polynomial routines are called so as to fly under the radar.

The altered functions are used to execute a downloader, which fetches a remote JSON configuration and an ELF payload from "63.250.56[.

The end goal of the attack is to download two Linux ELF binaries that are …

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch.

It has been described as an authentication bypass flaw that could allow any user to reset the SmarterMail system administrator password by means of a specially crafted HTTP request to the "/api/v1/auth/force-reset-password" endpoint.

"The kicker of course being that said user is able to use RCE-as-a-feature functions to directly execute OS [operating system] commands," watchTowr Labs researchers Piotr Bazydlo and Sina Kheirkhah said.

It doesn't end there, for the authentication bypass provides a direct path to remote code execution through a b…

The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiperIn late 2025, Poland’s energy system faced what has been described as the “largest cyberattack” targeting the country in years.

ESET Research has now found that the attack was the work of the notorious Russia-aligned APT group Sandworm.

Meanwhile, the attack on Poland’s power grid in the last week of December involved data-wiping malware that ESET has now analyzed and named DynoWiper.

In their latest APT Activity Report, covering April to September 2025, ESET researchers noted that they spotted Sandworm conducting wiper attacks against targets in Ukraine on a regular basis.

ESET Research offer…

AI chatbots have become a big part of all of our lives since they burst onto the scene more than three years ago.

A similar share of parents is worried their kids think AI chatbots are real people.

Our children use generative AI (GenAI) in diverse ways.

Children are going through an incredible period of emotional and cognitive development, making them vulnerable in various ways.

The onus, therefore, is definitely on parents to get ahead of any threats through proactive monitoring and education.

Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step aheadApple Pay is clearly a hit with consumers.

Here are some common scams targeting Apple Pay users.

Top six scams targeting Apple Pay usersApple Pay scammers are usually after your financial information, your money or your Apple ID and logins/2FA codes.

Or it could be a fake story about how your Apple Pay account has been suspended, your card was added to Apple Pay or similar pretexts.

First, take a moment to recognize the most common red flags and Apple Pay scams, as listed above.

A full 25 percent of the top 1,000 most-used passwords are made up of nothing but numerals.

This is according to NordPass’ analysis, which is based on billions of leaked passwords and sheds light on password trends among people in 44 countries.

Same old, same oldUsing an easily-guessable password is tantamount to locking the front door of your house with a paper latch.

Weak, obvious, or reused passwords can expose not only individual employees, but entire organizations, their customers, and their partners.

But if your own passwords appear on either list above, improving your account security should be one of the most important of them.

It may be the most recent high-profile case of threat actors abusing LinkedIn to further their own nefarious goals.

It’s easy to get up and running: For threat actors, the potential ROI for attacks using LinkedIn is massive.

Account hijacking : Fake LinkedIn (phishing) pages, infostealers, credential stuffing and other techniques can be used to help threat actors takeover users’ accounts.

: Fake LinkedIn (phishing) pages, infostealers, credential stuffing and other techniques can be used to help threat actors takeover users’ accounts.

However, it would make sense to build LinkedIn threat scenarios of the sort described above into security awareness courses.

New legislation in Australia makes it illegal for those under 16 to have a social media account.

To avoid financial penalties, social media companies have scrambled to remove accounts they believe breach the legislation.

As 2026 has just begun, this also sparks a broader question for internet users and regulators alike: will this be the year the world rethinks identity online?

Unless an app or service is operated by a regulated company that requires identity verification, people are free to create accounts on many services using any identity they desire.

I am not suggesting that all services need to have verified users.

Contrary to popular belief, much of the dark web isn’t the den of digital iniquity that some commentators claim.

involve the large-scale theft of customer/employee information, which then usually appears for sale on the dark web.

If you unwittingly click through and enter your information on a phishing site, it could end up being sold on the dark web.

If you unwittingly click through and enter your information on a phishing site, it could end up being sold on the dark web.

Finally, sign up to identity protection services and sites like HaveIBeenPwned, which will alert you when any PII appears on the dark web.

Indeed, credential stuffing is the digital equivalent of someone discovering a skeleton key that opens your house, office, and safe – all in one sweep.

While credential stuffing is by no means new, several trends have exacerbated the problem.

Here’s the scale at which credential stuffing attacks can be conducted:In 2022, PayPal reported that nearly 35,000 customer accounts were compromised via credential stuffing.

How to protect your organizationThese days, credential stuffing is also a primary vector for account takeover, fraud, and large-scale data theft across industries, including retail, finance, SaaS, and health care.

Importantly, many organizations are embracing passwordless authenti…

As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this yearAs we close out 2025, it's time for ESET Chief Security Evangelist Tony Anscombe to review some of the main cybersecurity stories from both the final month of the year and 2025 as a whole.

While staggering, this figure is still just the tip of the iceberg.

The Texas Attorney General is suing five major TV manufacturers, alleging that they illegally collected their users' data by secretly capturing what the viewers watch.

Indeed, Tony goes on to take a look back at some of the most notable cyber-incidents for the entire year, highlighting some of the most pe…

Brushing scams are a type of e-commerce fraud where a seller sends a package to an apparently random person’s address.

It shouldn’t take too much effort to work out if you’ve been singled out by brushing scammers.

It’s yours to keep, if you want toHow do I stay safe from brushing scams?

There are steps you can also take to stop brushing scams from even targeting you.

Brushing scams are just one of many ways fraudsters weaponize your personal information against you.

We provide our method to reproduce the crash using a simple 12-bit or 16-bit JPG image, and an examination of the initial released patch.

CVE-2025-50165 is a flaw in the encoding and compressing process of a JPG image, not in its decoding.

Zscaler’s findings, as well as the description provided by Microsoft, reveal that the flaw stems from the dereference of an uninitialized function pointer in WindowsCodecs.dll, which is part of the Windows Imaging Component.

We analyzed the vulnerable version 10.0.26100.4768 (SHA-1: 5887D96565749067564BABCD3DC5D107AB6666BD), and then performed a binary comparison with the first patched version 10.0.26100.4946 (SHA-1: 4EC1DC0431432BC318E78C520387911EC44F84…

We provide a detailed analysis of NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, NosyLogger, and other tools used by LongNosedGoblin.

NosyDoor Stage 3 – payloadNosyDoor’s third stage, the main payload, is a C#/.NET backdoor with the internal name OneDrive and with PDB path E:\Csharp\Thomas\Server\ThomasOneDrive\obj\Release\OneDrive.pdb.

NosyStealer Stage 2 – injectorWe observed two NosyStealer Stage 2 samples – one (SERV.dll) in our telemetry, and the other (msi.dll) uploaded to VirusTotal from Malaysia.

NosyStealer Stage 4 – payloadAgain, like NosyStealer Stage 3 – loader, this stage is shellcode that decrypts, loads, and executes an embedded PE file in memory using Donut’s reflecti…

A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research expertsThe second half of the year underscored just how quickly attackers adapt and innovate, with rapid changes sweeping across the threat landscape.

AI-powered malware moved from theory to reality in H2 2025, as ESET discovered PromptLock, the first known AI-driven ransomware, capable of generating malicious scripts on the fly.

Meanwhile, CloudEyE, also known as GuLoader, surged into prominence, skyrocketing almost thirtyfold in ESET telemetry.

On the Android platform, NFC threats continued to grow in scale and sophistication, with an 87% increase in ESET telemet…

“A City of a Thousand Zero Days” is the partial title of a talk at Black Hat Europe 2025.

Compounding the issue, the software is hosted on public-facing IP addresses; thus, it’s accessible from the internet.

One comment I distinctly remember from the research is that the protocol used by the ICS device concerned was never designed to be connected to the internet.

The talk by Gjoko raised a similar concern: the building management system was not designed to be public facing on the internet, and the vendor recommends to secure it behind a virtual private network (VPN).

Building management systems are one example of this.

Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victimsBlack Hat Europe 2025 opened with a presentation by Max Smeets of Virtual Rotes titled ‘Inside the Ransomware Machine’.

At their height, between 2022-2024, the group had 194 affiliates, of which 110 had managed to get a cyberattack to the point of negotiation, with 80 of the affiliates succeeding in getting paid by the ransomware group.

Reputation is everythingA key message delivered by Max was regarding reputation, both of the victim and the ransomware group.

The victim company needs to uphold their reputation with their customers and any hint of a data breach can …

Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time.

At least two custom-made phishing kits are currently used by a number of threat actors that go after credentials and authentication factors to gain access to corporate systems and assets.

“A social engineer interacting on the phone with a targeted user can simply request a user to choose or enter a specific number.”Vishing-enabled phishing kits expected to become the normPhishing kits with adversary-in-the-middle (AitM) capability have been popu…

To help reduce phishing risk, 1Password added an extra layer of protection and began rolling out a phishing prevention feature designed to stop users before they share passwords with scammers.

How 1Password phishing prevention worksWhen a user clicks a link whose URL doesn’t match a saved login, 1Password will not autofill their credentials.

Phishing prevention ultimately hinges on employee decisionsPhishing attacks once stood out because of typos or sloppy design, but AI is making them harder to spot.

According to a 1Password survey, 89% of Americans have encountered a phishing scam, and 61% say they have fallen victim to one.

While companies can put many safeguards in place, phishing prev…

Raspberry Pi has launched a USB flash drive optimized for use across its lineup of single-board computers.

The Raspberry Pi Flash Drive is a compact, high-capacity USB 3.0 Type-A device with an aluminum enclosure designed for durability and easy handling.

Its ergonomic all-aluminium enclosure is easy to grasp and almost impossible to break,” Helen Lynn, Director of Communications at Raspberry Pi, explained.

Raspberry Pi explains that this design allows the drive to reach very high sequential write speeds for limited periods.

The flash drive supports SSD style SMART health reporting, allowing compatible operating systems to monitor device health and track indicators related to lifespan.

Elastic announced the general availability of Agent Builder, a set of capabilities that helps developers quickly build secure, reliable, and context-driven AI agents.

Developers can use Agent Builder to chat with their data or build a context-driven custom agent in minutes.

“Agent Builder has native MCP and A2A protocol support, enabling seamless deployments within Microsoft Foundry and Microsoft Agent Framework,” said Amanda Silver, CVP, Microsoft CoreAI.

Agent Builder and Workflows enable developers to build context-driven agents that can reason accurately and execute predictably.

“Agent Builder simplifies working with messy enterprise data, giving developers a secure, reliable foundation…

To give users peace of mind, Ring has introduced a new content authenticity feature that allows them to verify whether a Ring video has been edited or altered.

Ring Verify adds a digital security seal that breaks if the video is changed in any way.

Visit this page, submit the video link (which stays in your browser and is never sent anywhere), and you’ll receive immediate results showing whether the footage is verified Ring video.

Content verification is available for all videos downloaded or shared from Ring’s cloud, no matter which Ring device recorded them.

When a video is “not verified”If a Ring video is marked as “verified,” it means it has not been altered since it was downloaded from…

iboss announced SSPM, an AI-powered SaaS Security Posture Management capability integrated into the iboss Zero Trust SASE platform.

SSPM from iboss is designed to close this gap by delivering continuous, AI-powered SaaS posture analysis using the same cloud platform that already provides secure internet and private access.

By embedding SSPM into the iboss SASE platform, organizations can align SaaS posture management with their existing zero trust strategy.

Connect to supported SaaS applications via the iboss Integration Marketplace in a few guided steps, without new agents.

For executives and financial leaders, SSPM provides a more predictable way to understand and manage SaaS related risk.

A new study shows that these links can expose large amounts of personal data for years.

The pipeline proceeds in four stagesFinding exposed personal dataThe next phase focused on personal data exposure.

Out of roughly 147,000 accessible URLs, the researchers confirmed 701 endpoints that exposed personal data tied to users.

When exposed links allow data modification and account takeoverMost exposed pages allowed read only access.

Extra data hiding in network trafficIn 76 services, backend systems sent more personal data than the page displayed.

People across many organizations now have access to AI tools, and usage keeps spreading.

Access grows faster than daily useSurvey data shows a rise in sanctioned AI access.

Organizations report early productivity gains tied to tasks like summarization, research, and basic automation.

Extent of agentic AI usage (Source: Deloitte)Agentic AI expands alongside governance gapsInterest in agentic AI grows quickly.

Physical AI extends AI into operationsPhysical AI includes robotics, automated machinery, and systems that sense and act in the physical world.

Most respondents expect spending on agentic AI to increase over the next year, with many organizations already investing between $2 million and $5 million annually.

Half of surveyed organizations report agentic AI projects running in production for limited use cases, and another 44% say projects are broadly adopted within select departments.

Most teams operate between two and ten active agentic AI projects.

More than two thirds of agentic AI decisions are currently verified by a person.

Measuring success through reliabilityWhen organizations assess agentic AI outcomes, reliability and resilience stand out.

Microsoft has released winapp, a new command line interface aimed at simplifying the process of building Windows applications.

The open-source tool targets developers who rely on terminal based workflows and want a consistent way to create, configure, and manage Windows apps across projects.

The goal of this project is to unify these tasks into a single CLI, letting you focus on building great apps rather than fighting with configuration,” Nikola Metulev, Product Manager, Windows Platform and Developer at Microsoft explained.

Developers can pair winapp with editors and integrated development environments, including Visual Studio and Visual Studio Code.

Microsoft is inviting developers to tr…

Here’s a look at the most interesting products from the past week, featuring releases from cside, Obsidian Security, Rubrik, SEON, and Vectra AI.

cside targets hidden website privacy violations with Privacy Watchcside announced the launch of Privacy Watch.

The platform prevents website privacy violations on the client-side, a risk surface that is traditionally unmonitored.

To help organizations automate compliance with regulations like GDPR, CPRA, and HIPAA, Privacy Watch deploys AI for continuous website risk monitoring, evidence logs, and regulation-specific reports.

Rubrik Security Cloud Sovereign gives customers the ability to maintain control over where data resides and who has access …

Obsidian Security announced end-to-end SaaS supply chain security solution, empowering organizations to monitor, control and contain the security risk hiding inside interconnected SaaS ecosystems.

The security threat posed by these interconnected SaaS applications is growing exponentially with major breaches like the Salesloft-Drift Supply Chain attack that impacted over 700 organizations last year.

Obsidian’s end-to-end SaaS Supply Chain security provides the proactive visibility organizations need to stay ahead of these emerging threats and help ensure our digital infrastructure remains resilient,” said Grace Liu, SVP and CIO, Seagate Technology.

By baselining normal behavior across ident…

Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns.

The attack campaignThe attacks started with phishing emails with “NEW PROPOSAL – NDA” in the subject line, coming from a compromised email address belonging to a trusted organization.

Thus, the stage is set for a new large-scale phishing campaign: the attackers send out hundreds of emails with another phishing URL to compromised user’s contacts.

“While AiTM phishing attempts to circumvent MFA, implementation of MFA still remains an essential pillar in identity security and highly effective at stopping a wide variety of threats.

MFA is the reason that threat …

Claroty has secured $150 million in Series F funding led by Golub Growth, an affiliate of Golub Capital, with additional confirmed participation from existing investors up to $50 million.

This investment will support global expansion through organic and inorganic growth as the company continues to pursue its vision of building a comprehensive CPS protection platform.

“Organizations need a platform approach that serves as the foundation of a holistic CPS protection program, leveraging the right combination of technology, people, and processes in order to reduce risk, maintain compliance, and preserve operational integrity,” said Yaniv Vardi, CEO of Claroty.

“With the deepest knowledge of CPS…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Really interesting blog post from Anthropic:In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations.

This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.

[…]A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generation…

Prompt injection is a method of tricking LLMs into doing things they are normally prevented from doing.

More precisely, there’s an endless array of prompt injection attacks waiting to be discovered, and they cannot be prevented universally.

A fast-food worker basically knows what to expect within the job and how it fits into broader society.

Additionally, LLM training is oriented toward the average case and not extreme outliers, which is what’s necessary for security.

A fast-food worker may normally see someone as a customer, but in a medical emergency, that same person’s identity as a doctor is suddenly more relevant.

Internet Voting is Too Insecure for Use in ElectionsNo matter how many times we say it, the idea comes back again and again.

Hopefully, this letter will hold back the tide for at least a while longer.

Executive summary: Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology that can make it secure.

Still, vendors of internet voting keep claiming that, somehow, their new system is different, or the insecurity doesn’t matter.

Bradley Tusk and his Mobile Voting Foundation keep touting internet voting to journalists and election administrators; this whole effort is misleading and dangerous.

The rampant speculation among OpenAI users who believe they see paid placements in ChatGPT responses suggests they are not convinced.

In 2024, AI search company Perplexity started experimenting with ads in its offerings.

Highly persuasivePaid advertising in AI search, and AI models generally, could look very different from traditional web search.

A December 2023 meta-analysis of 121 randomized trials reported that AI models are as good as humans at shifting people’s perceptions, attitudes and behaviors.

That will require making real commitments to consumers on transparency, privacy, reliability and security that are followed through consistently and verifiably.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Swartz believed that knowledge, especially publicly funded knowledge, should be freely accessible.

The still-unresolved questions raised by his case have resurfaced in today’s debates over artificial intelligence, copyright and the ultimate control of knowledge.

At the time of Swartz’s prosecution, vast amounts of research were funded by taxpayers, conducted at public institutions and intended to advance public understanding.

AI companies then sell their proprietary systems, built on public and private knowledge, back to the people who funded it.

Systems trained on vast bodies of publicly funded research are increasingly becoming the primary way people learn about science, law, medicine and…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:The list is maintained on this page.

Posted on January 14, 2026 at 12:00 PM • 0 Comments

The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now… the world of the electron and the switch, the beauty of the baud.

You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals.

My crime is that of judging people by what they say and think, not what they look like.

My crime is that of outsmarting you, something that you will never forgive me for.

Fascinating research:Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs.

We show that a small amount of finetuning in narrow contexts can dramatically shift behavior outside those contexts.

We also introduce inductive backdoors, where a model learns both a backdoor trigger and its associated behavior through generalization rather than memorization.

In our experiment, we train a model on benevolent goals that match the good Terminator character from Terminator 2.

Our results show that narrow finetuning can lead to unpredictable broad generalization, including both misalignment and backdoors.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

And the more groups of AI agents are given tasks that require cooperation and collaboration, the more those human-like dynamics emerge.

While generative AI generates, agentic AI acts and achieves goals such as automating supply chain processes, making data-driven investment decisions or managing complex project workflows.

Understanding Agentic AI behaviorTo understand the collective behaviors of agentic AI systems, we need to examine the individual AIs that comprise them.

The fact that groups of agentic AIs are working more like human teams doesn’t necessarily indicate that machines have inherently human-like characteristics.

Likewise, successful agentic AI systems work far better when they…

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software.

“Today’s Windows patches remove agrsm64.sys and agrsm.sys.

This security feature is designed to protect against threats like rootkits and bootkits, and it relies on a set of certificates that are set to expire in June 2026 and October 2026.

Once these 2011 certificates expire, Windows devices that do not have the new 2023 certificates can no longer receive Secure Boot security fixes.

Windows admins should keep an eye on askwoody.com for any news about patches that don’t quite play nice with everything.

XLab said it suspected since October that Kimwolf and Aisuru had the same author(s) and operators, based in part on shared code changes over time.

In late October 2025, Brundage shared that the people selling various proxy services which benefitted from the Aisuru and Kimwolf botnets were doing so at a new Discord server called resi[.]to.

]to Discord channel would periodically post new IP addresses that were responsible for proxying traffic over the Kimwolf botnet.

All told, Synthient said it tracked at least seven static Resi Rack IP addresses connected to Kimwolf proxy infrastructure between October and December 2025.

]to Discord server vanished, Synthient’s website was hit with a DDoS at…

The most typical of these uninvited guests are small programs that turn the device into a residential proxy node that is resold to others.

Brundage says Kimwolf grew rapidly by abusing a glaring vulnerability in many of the world’s largest residential proxy services.

Kilmer said one model of unsanctioned Android TV boxes that is especially popular — the Superbox, which we profiled in November’s Is Your Android TV Streaming Box Part of a Botnet?

At that point, your home’s public IP address will show up for rent at the website of some residential proxy provider.

Brundage also has compiled a list of the unofficial Android TV boxes that are most highly represented in the Kimwolf botnet.

Your engagement this past year here has been tremendous and truly a salve on a handful of dark days.

The arrests came shortly after the FBI and the Dutch police seized dozens of servers and domains for the group.

In June, KrebsOnSecurity.com was hit by the largest DDoS attack that Google had ever mitigated at the time (we are a grateful guest of Google’s excellent Project Shield offering).

Another Aisuru attack on Cloudflare just days later practically doubled the size of the June attack against this website.

If you like the content we publish at KrebsOnSecurity.com, please consider making an exception for our domain in your ad blocker.

Democratic lawmakers have urged the SEC to investigate what they call “concerning ties to President Trump and his family” as potential conflicts of interest and foreign influence.

In October, President Trump pardoned Changpeng Zhao, the founder of the world’s largest cryptocurrency exchange Binance.

President Trump this term has fired most of the people involved in processing Freedom of Information Act (FOIA) requests for government agencies.

CONSUMER PROTECTION, PRIVACYAt the beginning of this year, President Trump ordered staffers at the Consumer Financial Protection Bureau (CFPB) to stop most work.

Nevertheless, it emerged in June that the Trump administration has built a central databas…

A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time — regardless of whether the visitor clicked on any links at the parked page.

Infoblox found parked websites are benign if the visitor arrives at the site using a virtual private network (VPN), or else via a non-residential Internet address.

A defanged list of these typosquatting domains is available here (the dots in the listed domains have been replaced with commas).

“It was often a chain of redirects — one or two domains outside p…

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software.

This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.

Despite releasing a lower-than-normal number of security updates these past few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% increase from 2024.

The zero-day flaw patched today is CVE-2025-62221, a privilege escalation vulnerability affecting Windows 10 and later editions.

For anyone seeking a more granular breakdown of the security updates Microsoft pushed today, check out the roundup at the SANS In…

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine.

UK companies belonging to the group that have been shut down by Google Ads since Jan 2025 include:–Proglobal Solutions LTD (advertised nerdifyit[.

Currently active Google Ads accounts for the Nerdify brands include:-OK Marketing LTD (advertising geekly-hub[.

For a number of years, Lobov and Perkon co-produced a cross-cultural event in the U.K. called Russian Film Week.

While Synergy University promotes itself as Russia’s largest private educational institutio…

The phishing domains are being promoted by scam messages sent via Apple’s iMessage service or the functionally equivalent RCS messaging service built into Google phones.

The website scanning service urlscan.io shows thousands of these phishing domains have been deployed in just the past few days alone.

Pivoting off these T-Mobile phishing domains in urlscan.io reveals a similar scam targeting AT&T customers:Ford Merrill works in security research at SecAlliance, a CSIS Security Group company.

CAVEAT EMPTORMany SMS phishing or “smishing” domains are quickly flagged by browser makers as malicious.

“The fake e-commerce sites are tough because a lot of them can fly under the radar,” Merrill sai…

A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations.

Scattered LAPSUS$ Hunters (SLSH) is thought to be an amalgamation of three hacking groups — Scattered Spider, LAPSUS$ and ShinyHunters.

But last week, SLSH announced on its Telegram channel the release of their own ransomware-as-a-service operation called ShinySp1d3r.

The individual responsible for releasing the ShinySp1d3r ransomware offering is a core SLSH member who goes by the handle “Rey” and who is currently one of just three administrators of the SLSH Telegram channel.

Incredibly, Rey w…

UNBOXINGCensys’s Ashley said the phone home to China’s Tencent QQ instant messaging service was the first red flag with the Superbox devices she examined.

In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants dubbed the “BadBox 2.0 Enterprise,” which Google described as a botnet of over ten million Android streaming devices that engaged in advertising fraud.

Several of the Android streaming devices flagged in Google’s lawsuit are still for sale on top U.S. retail sites.

Kilmer said Badbox 2.0 was used as a distribution platform for IPidea, a China-based entity that is now the world’s largest residential proxy network.

-Generic TV streaming devices advertis…

Sixteen months later, however, Mozilla is still promoting Onerep.

This week, Mozilla announced its partnership with Onerep will officially end next month.

In a statement published Tuesday, Mozilla said it will soon discontinue Monitor Plus, which offered data broker site scans and automated personal data removal from Onerep.

Mozilla said current Monitor Plus subscribers will retain full access through the wind-down period, which ends on Dec. 17, 2025.

Shelest released a lengthy statement wherein he acknowledged maintaining an ownership stake in Nuwber, a data broker he founded in 2015 — around the same time he launched Onerep.

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline.

Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites.

However, some customers did manage to pivot their domains away from Cloudflare during the outage.

“Then you see through DNS changes that the target has eliminated Cloudflare from their web stack due to the outage.

But also look hard at the behavior inside your org.”Scott said organizations seeking security insights from the Cloudflare outage should ask themselves:1.

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited.

Affected products this month include the Windows OS, Office, SharePoint, SQL Server, Visual Studio, GitHub Copilot, and Azure Monitor Agent.

Many of the more concerning bugs addressed by Microsoft this month affect Windows 10, an operating system that Microsoft officially ceased supporting with patches last month.

As that deadline rolled around, however, Microsoft began offering Windows 10 users an extra year of free updates, so long as they register their PC to an active Microsoft accoun…

It has just been a few weeks since we reported on the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse.

In light of the latest data breach to impact ESA, the December 2025 incident doesn't look too bad.

Furthermore, this latest breach reportedly involves data that might be more concerning - such as operational procedures, spacecraft and mission details, subsystems documentation, and proprietary contractor data from ESA partners including SpaceX, Airbus Group, and Thales Alenia Space.

As a consequence of this latest incident, ESA has now confirmed that a criminal investigation is underway.

Some have suggested that poor cybersecuri…

All this, and much more, in this episode of the “Smashing Security” podcast with Graham Cluley, and special guest Ray [REDACTED]Host:Graham Cluley:@grahamcluley.com @ *protected email* / grahamcluleyGuest:Ray Redacted:@rayredacted.comEpisode links:Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Blu…

The UK's National Cyber Security Centre (NCSC) has issued a warning about the threat posed by distributed denial-of-service (DDoS) attacks from Russia-linked hacking groups who are reported to be continuing to target British organisations.

The denial-of-service attacks are typically not highly sophisticated, but can still successfully cause disruption to IT systems, and cost organisations a significant amount of time and money as they attempt to respond or recover.

The most obviously visible symptom of a basic denial-of-service attack can be that a website is no longer accessible, as hackers flood it with unwanted traffic, making it impossible for legitimate users to reach the resource.

As …

Oh, and AI has managed to crack some famously unsolved maths problems in minutes, and Grok gains access to all of the Pentagon’s networks?

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That's not just my opinion, that's also the message that comes loud and clear from the World Economic Forum's newly-published "Global Cybersecurity Outlook 2026." Read more in my article on the Fortra blog.

All this, and much more, in episode 450 of the “Smashing Security” podcast with Graham Cluley, and special guest Monica Verma.

Smashing Security #450:From Instagram panic to Grok gone wild [Your browser does not support the audio element]Host:Graham Cluley:@grahamcluley.com @ *protected email* / grahamcluleyGuest:Monica Verma:/ monicavermaEpisode links:Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money.

Smashing Security listeners get $1000 off!

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or v…

In episode 83 of The AI Fix, Graham reveals he’s taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous?

The leak, published on a website named after the ShinyHunters hacking and extortion gang, includes records for some 323,986 Breachforums users, exposing their usernames, email addresses, password hashes, and IP addresses.

Ironically, it's precisely the kind of data that hackers using BreachForums have been trading in for years.

And the exposed database could help law enforcement agencies around the world uncover new leads that could assist with cybercriminal investigations.

In short, if you are one of the criminal users of BreachForums you may be sleeping rather less soundl…

The founder of a spyware company that encouraged customers to secretly monitor their romantic partners has pleaded guilty to federal charges - marking one of the few successful US prosecutions of a stalkerware operator.

If you visited the pcTattletale website you would be told that it was "employee and child monitoring software" designed to "protect your business and family."

The reality is that stalkerware like pcTattletale can also be used for tracking the location and activities of people without their knowledge.

Using stalkerware to spy on others without their permission is never acceptable.

If you're concerned that someone might be using spyware against you, visited the website of the …

All this, and much more, in this episode of the “Smashing Security” podcast with Graham Cluley, and special guest Lesley Carhart.

Smashing Security #449:How to scam someone in seven days [Your browser does not support the audio element]Host:Graham Cluley:@grahamcluley.com @[email protected] / grahamcluleyGuest:Lesley Carhart:@hacks4pancakes.com‬ @[email protected] / lcarthartEpisode links:Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Sma…

Police in India have arrested a former Coinbase customer service agent who is believed to have been bribed by cybercriminal gangs to access sensitive customer information.

"Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested.

In interviews since the incident, Armstrong has described how cybercriminal gangs were offering US $250,000 bribes to customer service representatives to leak sensitive data.

"We started getting customer support agents get offered like 250 grand bribes to turn over customer information.

And then the attackers would call up our customers and say, hey, here's Coinbase support.

This Christmas special of The AI Fix podcast sets out to answer that question in the most sensible way possible: by consulting chatbots, Google’s festive killjoys, and the laws of relativistic physics.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Danny Palmer.

Smashing Security #448:The Kindle that got pwned [Your browser does not support the audio element]Host:Graham Cluley:@grahamcluley.com @[email protected] / grahamcluleyGuest:Danny Palmer:/ dannypalmerwriter‬Episode links:Sponsors:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podca…

The cruise line has updated its list of prohibited items, specifically banning smart glasses and similar wearable devices from public areas.

The ban means that you could find your expensive Google Glass, Meta/Ray-Ban Stories confiscated by the cruise's security team if you break the rules.

An obvious question is why are smart glasses subject to a ban onboard, but not other recording devices such as smartphones and regular cameras?

And, unfortunately, it's not always obvious that someone is wearing smart glasses.

Smart glasses are becoming increasingly sophisticated and harder to distinguish from regular glasses.

In episode 81 of The AI Fix, Graham discovers that deepfakes are already marking your kids’ homework, while Mark glimpses the future when he discovers AI agents that can communicate by reading each other’s minds.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive cont…

На самом деле происходит не установка из магазина приложений, а загрузка приложения в пакете APK.

В России проблема «левых» загрузок усложняется тем, что многие повседневные приложения, в первую очередь банковские, более недоступны в Google Play.

«Прямой NFC» — мошенник связывается с жертвой в мессенджере и уговаривает скачать приложения якобы для подтверждения личности в банке.

Права, которые и в самом деле нужны приложению такого класса, прекрасно подходят для перехвата данных и махинаций с посещаемыми веб-сайтами.

), перенаправлять пользователя на сайты с рекламой и запускать прямо на телефоне прокси, чтобы злоумышленники могли попадать на любые сайты от лица жертвы.

Это связано с тем, что знания ИИ не хранятся в виде отдельных фрагментов, которые можно легко удалить.

Как и на каких моделях проводилось исследование?

При этом в промптах изменялась исключительно стилистика подачи: никаких дополнительных техник атаки, стратегий обфускации или адаптаций под конкретные модели в эксперименте не использовалось.

Исследователи протестировали 1200 промптов на 25 разных моделях — как в прозаическом, так и в поэтическом варианте.

Если следовать этому методу оценки, то поэзия увеличивает вероятность ответа на небезопасный промпт в среднем на 35%.

Чтобы сопрячь со смартфоном новую гарнитуру, поддерживающую эту технологию, достаточно включить ее и поднести к смартфону.

Вредоносное устройство — обычный смартфон или ноутбук атакующего — транслирует запросы Google Fast Pair и пытается соединиться с BT-устройствами в радиусе 14 метров.

Эта функция, Google Find Hub, аналогична FindMy от Apple, и создает такие же риски несанкционированной слежки, как и вредоносные AirTag.

Тем, кто пользуется Android-смартфонами и сопрягал с ними свою уязвимую гарнитуру с помощью Fast Pair, этот вариант атаки не грозит, ведь они сами записаны как владельцы устройства.

Вероятнее всего, обновленные смартфоны больше не транслируют положение аксессуаров, угнанны…

Хотя первопричина ошибки проста и понятна, ее устранение потребует обширных и систематизированных усилий, причем как от государств и международных структур, так и от конкретных организаций и частных лиц.

В ряде случаев, впрочем, возможно более короткое «путешествие во времени» — в точку 0, то есть в 1970 год.

Злонамеренная эксплуатация Y2K38Командам ИТ и ИБ стоит относиться к Y2K38 не как к простой программной ошибке, а как к уязвимости, которая может приводить к различным сбоям, включая отказ в обслуживании.

В базах данных тоже мозаика: тип TIMESTAMP в MySQL фундаментально ограничен 2038 годом и требует миграции на DATETIME, в то время как стандартные типы timestamp в PostgreSQL безопасны.…

И самое «веселое» тут то, что отвечать приходится не только за свой периметр, но и, фигурально выражаясь, «за того парня».

И в отчете четко написано, кто не только обещает, но и реально делает.

Не редкость, но и не массовая фича — только семь производителей кроме нас ее поддерживают.

И что это пустая трата денег, и что это никому не нужно.

Мы задали этот тренд, мы его возглавили, и мы будем его тащить дальше.

Но куда большую тревогу вызывает характер контента в этих базах.

Сайт компании, помимо прочего, дает возможность использовать инструменты для генерации изображений и контента с помощью ИИ.

Эти инструменты позволяли пользователям генерировать картинки по текстовому описанию, редактировать загруженные фотографии и выполнять различные визуальные манипуляции, включая создание откровенного контента и подстановку лиц.

Именно с этими инструментами была связана утечка, а база данных содержала результаты их работы, включая сгенерированные и отредактированные с помощью ИИ изображения.

Часть изображений заставила исследователя предположить, что они были загружены в ИИ в качестве референсов для создани…

Благодаря удобству технологии NFC и оплаты смартфоном, в наши дни многие вообще перестали носить кошелек и не могут вспомнить ПИН-код от банковской карты.

Что такое ретрансляция NFC и NFCGateРетрансляция NFC — это техника, при которой данные, бесконтактно передаваемые между источником (например, банковской картой) и приемником (например, платежным терминалом), перехватываются на одном промежуточном устройстве и в реальном времени передаются на другое.

Оно предназначалось для анализа и отладки NFC-трафика, а также для обучения и экспериментов с бесконтактными технологиями.

В мае 2025 года попытки применения SuperCard X были зафиксированы и в России, а в августе — в Бразилии.

Впоследствии вре…

За словами «заманивают» и «предлагают» скрывается широкий спектр тактик: почтовые рассылки, сообщения в мессенджерах и посты в соцсетях, напоминающие официальную рекламу, сайты-двойники, продвигаемые в поисковых системах инструментами SEO и даже платной рекламой.

Особенно остро эта проблема стоит для IT-компаний, продающих онлайн-сервисы, но актуальна и для розничных брендов.

Особенно остро эта проблема стоит для IT-компаний, продающих онлайн-сервисы, но актуальна и для розничных брендов.

Из перечисленных нами косвенных потерь покрытие стандартной страховкой может компенсировать расходы на DFIR и в ряде случаев на клиентскую поддержку (если ситуация признана страховым случаем).

Как защитить…

Особенно любопытна эта атака тем, что в этот раз злоумышленники потратили определенные усилия для маскировки своей активности под коммуникацию с известным сайтом и работу легитимного ПО.

Кроме того, зловред умеет делать скриншоты с экрана жертвы и собирать файлы в интересующих злоумышленников форматах (преимущественно разнообразные документы и архивы).

Файлы размером меньше 100 МБ вместе с остальной собранной злоумышленниками информацией отправляются на другой сервер коммуникации с названием ants-queen-dev.azurewebsites[.]net.

Как оставаться в безопасностиНаши защитные решения выявляют как используемый в этой атаке вредоносный код, так и коммуникацию с командными серверами злоумышленников.

…

Что нужно знать об этих изменениях и какие знания и привычки взять с собой в 2026 год?

Мы рекомендуем Kaspersky Premium — с ним вы получите и защиту от вредоносного ПО, и оповещения (если ваши личные данные засветились в каких-то публичных утечках), и менеджер паролей, и родительский контроль, и многое другое.

Как и в случае с фастфудом, телевизором, TikTok и другими легкодоступными благами, важно найти баланс между здоровым применением этих помощников и опасными привычками.

А где-то вам подключили дополнительную опцию, о которой вы и не знаете, и ее нужно отключить.

Предполагается, что нейросети помогут дому самостоятельно решать, что и когда делать, чтобы владельцу было удобнее, — без зар…

В основном Stealka распространяют на популярных ресурсах — вроде GitHub, SourceForge, Softpedia, sites.google.com и других — под видом кряков известных программ, читов и модов для игр.

Чем опасен стилер StealkaУ Stealka достаточно большой арсенал возможностей, но «лакомый кусок» для него — данные из браузеров на движках Chromium и Gecko.

Не менее интересны для хакеров куки-файлы и токены сессий, которые позволяют обойти двухфакторную аутентификацию и угнать аккаунты без ввода пароля.

В зоне риска — Discord, Telegram, Unigram, Pidgin, Tox и другие.. В служебных файлах мессенджеров хранятся данные об аккаунтах, идентификаторы устройств, токены авторизации и параметры шифрования переписки.

— S…

Наши эксперты из команды GReAT обнаружили и исследовали новую волну целевых рассылок за авторством APT-группы «Форумный тролль».

Внутри содержались персонализированные ссылки, по которым жертве предлагали скачать отчет о проверке какого-то материала на плагиат, что, по замыслу атакующих, должно было заинтересовать ученых.

В случае если жертва испытывала сомнения в легитимности письма и заходила на страницу e-library{.

Сам файл, впрочем, не был персонализирован — это был достаточно размытый отчет в формате одной из российских систем проверки на плагиат.

Мы рекомендуем устанавливать надежные ИБ-решения не только на все устройства, с которых сотрудники выходят в Интернет, но и на почтовый шлюз…

Мы в «Лаборатории Касперского» изучили, какой путь проходят данные после фишинговой атаки: кому они достаются, как их сортируют, перепродают и используют на теневом рынке.

: реквизиты карт, данные от криптокошельков.

В таких архивах часто попадаются мусорные и устаревшие данные, и поэтому стоят они недорого: стартовая цена — $50.

Данными пользователей торгуют при этом не только в даркнете, но и в старом добром Telegram.

Несложно догадаться, что наиболее дорогой и востребованный товар на этом рынке — данные от банковских аккаунтов и криптокошельков.

Разумеется, сообщать облачный пароль нельзя никому — он нужен исключительно для того, чтобы войти в ваш аккаунт в Telegram.. Сделайте это в разделе Настройки → Конфиденциальность Telegram прямо сейчас.

После недавнего обновления в Telegram появилась возможность защитить вход в аккаунт не только облачным паролем, но и ключом доступа.

После недавнего обновления в Telegram появилась возможность защитить вход в аккаунт не только облачным паролем, но и ключом доступа.

Поэтому мы рекомендуем создать сложный и уникальный облачный пароль Telegram и хранить как его, так и ключ доступа для Telegram в Kaspersky Password Manager.

Поэтому мы рекомендуем создать сложный и уникальный облачный пароль Teleg…

Правоохранительные органы Южной Кореи арестовали четырех подозреваемых во взломе 120 000 IP-камер, установленных как в частных домах, так и в коммерческих помещениях — например, в комнатах караоке, студии пилатеса и гинекологической клинике.

Объясняем, что представляют собой IP-камеры и в чем состоят их уязвимости, а также подробно рассказываем об инциденте в Южной Корее и о том, как не стать жертвой злоумышленников, охотящихся за горячими видео.

Что случилось в Южной КорееВернемся к событиям, произошедшим этой осенью в Южной Корее.

Он взломал 63 000 IP-камер и создал, а затем продал 545 видео сексуального характера за 35 миллионов южнокорейских вон (чуть меньше 24 000 долларов).

Он взломал…

In response, Cisco is the first hybrid mesh firewall vendor to introduce intent-based policy management across multi-vendor firewalls through Cisco Security Cloud Control with Mesh Policy Engine.

Mesh Policy Engine handles the determination of what device should get what policy, then deploys it.

Cisco Hybrid Mesh Firewall continues to expand what’s possible in firewall policy management, empowering organizations to move faster, stay secure, and maintain clarity in an ever-changing IT landscape.

See how Mesh Policy Engine can help you adopt Cisco Hybrid Mesh Firewall more easily.

Register for a hybrid mesh firewall design clinic.

Cisco Talos Incident Response (Talos IR) handles these types of crises daily.

The reality gapMost security teams imagine incident response as a purely technical exercise: analyze threats, isolate systems, remove malware, restore from backups.

The preparation paradoxHere’s what organizations discover too late: Incident response retainers cost a fraction of what emergency rates do during global cyber events.

The difference between organizations that emerge stronger and those that simply survive is that the former understand incident response before needing it.

To learn more about how Talos IR can help your organization prepare, respond, and recover from cyber incidents, read our complete behi…

In my last two blogs, I delved into the results of the 2025 Cisco Segmentation Report to highlight the importance of macro- and micro-segmentation and to identify the primary challenges hindering segmentation journeys.

Today, I dive further into the survey results to discuss the benefits organizations can achieve when they successfully implement a dual macro- and micro-approach to segmentation.

Three Benefits of a Successful Segmentation StrategyThe good news is that the survey results indicate that organizations further along in their segmentation journeys are indeed achieving measurable benefits from their successful macro- and micro-segmentation implementations.

If you haven’t already, c…

A Cisco Talos Incident Response (Talos IR) Retainer doesn’t only help you respond to threats but fundamentally changes how your organization approaches cybersecurity.

A Talos IR Retainer delivers organization-wide benefits that strengthen organization’s entire security ecosystem.

The Talos IR retainer works seamlessly with your existing security tools, while providing access to real-time intelligence on adversary tactics.

Read the full blog to see how a Talos IR Retainer can transform your cybersecurity posture from vulnerable to vigilant: Why a Cisco Talos Incident Response Retainer is a game-changer.

Ask a question and stay connected with Cisco Security on social media.

In this context, the importance of Data Loss Prevention (DLP) capability for data protection cannot be overstated.

Cisco Secure Access: Unified, AI-Powered Data Loss Prevention (DLP) for the Modern EnterpriseCisco Secure Access delivers the next generation of Data Loss Prevention (DLP) as a core component of our Security Service Edge (SSE).

Secure Access DLP also plays a vital role in enabling the safe use of generative Artificial Intelligence (AI) applications and model repositories.

The Endpoint DLP Advantage: Safeguarding Data Movement at the SourceIncorporating endpoint DLP into an organization’s data protection strategy brings immense value.

Recognizing this, Cisco Secure Access launch…

Cisco ISE: Live network visibility—but not always aligned with CMDB metadata or lifecycle information.

The Old Way Was LimitedPrevious integrations between Cisco ISE and ServiceNow attempted to close this gap by pushing CMDB attributes into ISE.

The Cisco ISE + ServiceNow Service Graph Connector finally closes the loop between visibility and control.

With Service Graph Connector for Cisco ISE, watch your network inventory come alive.

Ask a question and stay connected with Cisco Security on social media.

Cisco Identity Intelligence is now the first Cisco product to deliver a customer facing capability powered entirely by a Cisco built artificial intelligence model, Foundation-sec-1.1-8B-Instruct.

Strengthening Identity Security Through Deeper InsightCisco Identity Intelligence helps organizations understand and respond to identity related risk across their entire environment.

A key part of this experience is the weekly email digest that Cisco Identity Intelligence sends to administrators.

Why the Cisco Foundation Model MattersCisco Identity Intelligence selected the Cisco Foundation AI model because it offers clear advantages in quality, control, and long-term strategic alignment.

A Cisco-o…

According to our survey results, 94% of organizations are currently facing segmentation challenges, which range from technical to non-technical issues.

Challenges Inhibiting Segmentation ProjectsUnderstanding the challenges organizations face will ease the transition from partial to comprehensive segmentation implementations, allowing organizations to accelerate their progress through their segmentation journeys.

Currently, what are/ could be the biggest segmentation challenges you are/ could be experiencing at your organization?

Overcoming Segmentation Challenges Enables a Proactive Security StrategySegmentation remains a foundational element of enterprise security.

In the meantime, downlo…

Thanks to Duo, I was quickly given access to all the essential tools: Cisco XDR, Splunk, firewall dashboards, and more from the duo directory.

Detection: Cisco XDR flagged the suspicious behavior, visualizing the connections between one internal asset and several high-risk external hosts.

This raised immediate concerns about potential malware or command-and-control activity (see Cisco XDR investigation below).

In summary, my first SOC experience turned initial nerves into genuine confidence.

Ask a question and stay connected with Cisco Security on social media.

As a reminder, when a Windows client is seeking to talk to a domain controller it will make DNS queries for SRV records for names like _kerberos._tcp.dc._msdcs.DOMAINNAME or _ldap._tcp.dc._msdcs.DOMAINNAME.

These DNS requests enable the client to find nearby Kerberos or LDAP servers for their domain.

Finally, the Cisco Live network is designed to be a safe network for attendees to use.

A properly configured VPN client like Cisco Secure Client can support both a full tunnel VPN and “Start Before Login”.

Check out the other blogs by my colleagues in the Cisco Live Melbourne 2026 SOC.

Kerberoasting: An attacker with a valid ticket can request service tickets from the KDC which are encrypted with the service account password.

An attacker with a valid ticket can request service tickets from the KDC which are encrypted with the service account password.

Cisco XDR: Cross-signal correlation and incident management spanning Secure Firewall, Secure Access (DNS), Secure Network Analytics, and partner telemetry.

Cross-signal correlation and incident management spanning Secure Firewall, Secure Access (DNS), Secure Network Analytics, and partner telemetry.

Secure Network Analytics: NetFlow analytics to surface scanning, beaconing, and anomalous connection patterns at scale.

Building on the success of the 2nd annual Security Operations Centre (SOC) at Cisco Live Melbourne (Asia Pacific Japan) 2024, the executive team supported the first SOC for Cisco Live San Diego (Americas) and invited the team back for 20025.

The SOC at Cisco Live SOC was successfully deployed in just 12 hours over 1 ½ days, demonstrating extensive prior planning and specialized expertise.

The partnership with Endace, a highly skilled full-packet capture provider, whose experience in the 2025 SOC was critical and extended to their commitment for Cisco Live Melbourne.

For example, Ryan MacLennan created an AI model to find domain generated algorithms at the Cisco Live AMER Security SOC.

Ackno…

Joining the Security Operations Centre (SOC) team in Cisco Live Melbourne was a new experience for me as a Cisco Technical Marketing Engineer (TME).

As a Tier1 / Tier 2 analyst the first screen to look at is Cisco XDR, that will bring incidents from the different data sources including Splunk Core.

Day 1 at Cisco Live and guess what?

Distributed Deniel of Service (DDoS) activity was detected targeting Cisco TV devices connected to Cisco Live network.

Check out the other blogs by my colleagues in the Cisco Live APJC 2026 SOC.

In the Cisco Live Melbourne SOC, we use a combination of Endace full packet capture (PCAP), Splunk Enterprise Security, and Splunk SOAR to provide automated detections of cleartext credential leakage.

We resolve this using the coalesce function in Splunk’s eval command.

The coalece function will return the first non-null value from a list of possible values, just like the COALESCE function in SQL.

In our case, we use it like so:However, during Cisco Live we discovered a problem with this logic.

One answer is a Splunk macro.

One area of integration between CSF and Splunk that we worked on at Cisco Live Melbourne involved Enterprise Security Content Update (ESCU) detections in Splunk Enterprise Security (ES).

Splunk ES has around two dozen ESCU detections for Cisco Secure Firewall.

These can be accessed from ES by navigating to Security Content > Content Management and then searching for ‘Secure Firewall’.

All ESCU detections for Secure Firewall reference the same macro, ‘cisco_secure_firewall’.

We transitioned our firewall log export to syslog a few conferences ago, and in Melbourne we decided to test the ESCU detections with syslog.

Figure 1: A visual representation of the 3 elements Copilot Studio agents relies on to respond to user prompts.

Microsoft Copilot Studio agents are composed of multiple components that work together to interpret input, plan actions, and execute tasks.

Final wordsSecuring Microsoft Copilot Studio agents during runtime is critical to maintaining trust, protecting sensitive data, and ensuring compliance in real-world deployments.

As you build and deploy your own Microsoft Copilot Studio agents, incorporating real-time webhook security checks will be an essential step in delivering safe, reliable, and responsible AI experiences.

Learn more about securing Copilot Studio agents with Microsoft Def…

And by choosing Microsoft Security, these customers are securing the foundation of their AI transformation from end to end.

Unified protection and measurable impactPartnering with Microsoft, Ford deployed Microsoft Defender, Microsoft Sentinel, Microsoft Purview, and Microsoft Entra to strengthen defenses, centralize threat detection, and enforce data governance.

Driving security efficiency and resilienceBy integrating Microsoft Security solutions—Defender for Cloud, Microsoft Sentinel, Purview, Entra, and Microsoft Security Copilot—Icertis strengthened governance and accelerated incident response.

Share your thoughtsAre you a regular user of Microsoft Security products?

Also, follow us on …

And by choosing Microsoft Security, these customers are securing the foundation of their AI transformation from end to end.

Unified protection and measurable impactPartnering with Microsoft, Ford deployed Microsoft Defender, Microsoft Sentinel, Microsoft Purview, and Microsoft Entra to strengthen defenses, centralize threat detection, and enforce data governance.

Driving security efficiency and resilienceBy integrating Microsoft Security solutions—Defender for Cloud, Microsoft Sentinel, Purview, Entra, and Microsoft Security Copilot—Icertis strengthened governance and accelerated incident response.

Share your thoughtsAre you a regular user of Microsoft Security products?

Also, follow us on …

Microsoft Defender Researchers uncovered a multi‑stage adversary‑in‑the‑middle (AiTM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector, resulting in the compromise of various user accounts.

Stage 5: Phishing campaignFollowed by Inbox rule creation, the attacker initiated a large-scale phishing campaign involving more than 600 emails with another phishing URL.

Mitigating AiTM phishing attacksThe general remediation measure for any identity compromise is to reset the password for the compromised user.

DetectionsBecause AiTM phishing attacks are complex threats, they require solutions that leverage signals from multiple sources.

Using …

Microsoft Defender Researchers uncovered a multi‑stage adversary‑in‑the‑middle (AiTM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector, resulting in the compromise of various user accounts.

Stage 5: Phishing campaignFollowed by Inbox rule creation, the attacker initiated a large-scale phishing campaign involving more than 600 emails with another phishing URL.

Mitigating AiTM phishing attacksThe general remediation measure for any identity compromise is to reset the password for the compromised user.

DetectionsBecause AiTM phishing attacks are complex threats, they require solutions that leverage signals from multiple sources.

Using …

The rise of AI Agents marks one of the most exciting shifts in technology today.

This fundamentally changes the security equation, making securing AI agent a uniquely complex challenge – and this is where AI agents posture becomes critical.

The goal is not to slow innovation or restrict adoption, but to enable the business to build and deploy AI agents securely by design.

As a result, securing AI agents demands a holistic approach.

Build AI agents security from the ground upTo address these challenges across the different AI Agents layers, Microsoft Defender provides a suite of security tools tailored for AI workloads.

The rise of AI Agents marks one of the most exciting shifts in technology today.

This fundamentally changes the security equation, making securing AI agent a uniquely complex challenge – and this is where AI agents posture becomes critical.

The goal is not to slow innovation or restrict adoption, but to enable the business to build and deploy AI agents securely by design.

As a result, securing AI agents demands a holistic approach.

Build AI agents security from the ground upTo address these challenges across the different AI Agents layers, Microsoft Defender provides a suite of security tools tailored for AI workloads.

To stay ahead in the coming year, we recommend four priorities for identity security leaders:Implement fast, adaptive, and relentless AI-powered protection.

Secure Access Webinar Enhance your security strategy: Deep dive into how to unify identity and network access through practical Zero Trust measures in our comprehensive four-part series.

Where to learn more: Get started with Microsoft Entra Agent ID and Microsoft Entra Suite.

An Access Fabric solution wraps every connection, session, and resource in consistent, intelligent access security, wherever work happens—in the cloud, on-premises, or at the edge.

Microsoft Entra delivers integrated access security across AI and SaaS apps, interne…

That’s why Microsoft is honored to be named a Leader in the 2025-2026 IDC MarketScape for Worldwide Unified AI Governance Platforms (Vendor Assessment (#US53514825, December 2025).

Our own approach to AI is anchored to Microsoft’s Responsible AI standard, backed by a dedicated Office of Responsible AI.

Industry‑leading responsible AI infrastructure Implement responsible AI practices as a foundational part of engineering and operations, with transparency and fairness built in.

Microsoft embeds its Responsible AI Standards into our engineering processes, supported by the Office of Responsible AI.

Strengthen your security strategy with Microsoft AI governance solutionsAgentic and generative AI…

In collaboration with law enforcement agencies worldwide, Microsoft’s Digital Crimes Unit (DCU) recently facilitated a disruption of RedVDS infrastructure and related operations.

Common attacks using RedVDS infrastructureMass phishing: In most cases, Microsoft observed RedVDS customers using RedVDS as primary infrastructure to conduct mass phishing.

Microsoft Defender XDR threat analyticsMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

]com URL Re…

In collaboration with law enforcement agencies worldwide, Microsoft’s Digital Crimes Unit (DCU) recently facilitated a disruption of RedVDS infrastructure and related operations.

Common attacks using RedVDS infrastructureMass phishing: In most cases, Microsoft observed RedVDS customers using RedVDS as primary infrastructure to conduct mass phishing.

Microsoft Defender XDR threat analyticsMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

]com URL Re…

In this article, Terrell Cox, Vice President for Microsoft Security and Deputy CISO for Privacy and Policy, dives into the intersection of privacy and security.

Microsoft Trust Center Our mission is to empower everyone to achieve more, and we build our products and services with security, privacy, compliance, and transparency in mind.

In my role as Vice President for Microsoft Security and Deputy CISO for Privacy and Policy at Microsoft, I see privacy and security as two sides of the same coin—complementary priorities that strengthen each other.

To learn how Microsoft empowers organizations to innovate securely, explore Microsoft Security Solutions.

Also, follow us on LinkedIn (Microsoft Se…

In this article, Terrell Cox, Vice President for Microsoft Security and Deputy CISO for Privacy and Policy, dives into the intersection of privacy and security.

Microsoft Trust Center Our mission is to empower everyone to achieve more, and we build our products and services with security, privacy, compliance, and transparency in mind.

In my role as Vice President for Microsoft Security and Deputy CISO for Privacy and Policy at Microsoft, I see privacy and security as two sides of the same coin—complementary priorities that strengthen each other.

To learn how Microsoft empowers organizations to innovate securely, explore Microsoft Security Solutions.

Also, follow us on LinkedIn (Microsoft Se…

To further help organizations before, during, and after a cyber incident, we’re excited to introduce new proactive incident response services designed to help organizations build resilience and minimize disruption.

Microsoft Incident Response Strengthen your security with intelligence-driven incident response from Microsoft.

Incident response plan development : We assist organizations in developing their own incident response plan, using lessons from real-world incidents.

Cyber range : Microsoft Incident Response delivers simulations that provide high-fidelity, hands-on experience in a controlled environment.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the lat…

To further help organizations before, during, and after a cyber incident, we’re excited to introduce new proactive incident response services designed to help organizations build resilience and minimize disruption.

Microsoft Incident Response Strengthen your security with intelligence-driven incident response from Microsoft.

Incident response plan development : We assist organizations in developing their own incident response plan, using lessons from real-world incidents.

Cyber range : Microsoft Incident Response delivers simulations that provide high-fidelity, hands-on experience in a controlled environment.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the lat…

These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation.

What’s Domain Control Validation?

Domain Control Validation is a security-critical process designed to ensure certificates are only issued to the legitimate domain operator.

Sunsetted methods relying on email:Sunsetted methods relying on phone:Sunsetted method relying on a reverse lookup:For everyday users, these changes are invisible - and that’s the point.

These changes push the ecosystem toward standardized (e.g., ACME), modern, and auditable Domain Control Validation methods.

Partnership with ArmOur goal is to raise the bar on GPU security, ensuring the Mali GPU driver and firmware remain highly resilient against potential threats.

We partnered with Arm to conduct an analysis of the Mali driver, used on approximately 45% of Android devices.

This approach allowed us to roll out the new security policy broadly while minimizing the impact on developers.

This effort spans across Android and Android OEMs, and required close collaboration with Arm.

The Android security team is committed to collaborating with ecosystem partners to drive broader adoption of this approach to help harden the GPU.

We built on Gemini's existing protections and agent security principles and have implemented several new layers for Chrome.

To further bolster model alignment beyond spotlighting, we’re introducing the User Alignment Critic — a separate model built with Gemini that acts as a high-trust system component.

A flow chart that depicts the User Alignment Critic: a trusted component that vets each action before it reaches the browser.

The User Alignment Critic runs after the planning is complete to double-check each proposed action.

Looking forwardThe upcoming introduction of agentic capabilities in Chrome brings new demands for browser security, and we've approached this challenge with the same ri…

Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle.

Over the last few years, we’ve launched industry-leading features to detect scams and protect users across phone calls, text messages and messaging app chat notifications.

To help combat these types of financial scams, we launched a pilot earlier this year in the UK focused on in-call protections for financial apps.

The UK pilot of Android’s in-call scam protections has already helped thousands of users end calls that could have cost them a significant amount of money.

We’ve also started to pilot this protection with more app types, including peer-to-peer (P2P) payment apps.

Secure by DesignWe built Quick Share’s interoperability support for AirDrop with the same rigorous security standards that we apply to all Google products.

Secure Sharing Channel: The communication channel itself is hardened by our use of Rust to develop this feature.

On Android, security is built in at every layer.

On Android, security is built in at every layer.

Secure Sharing Using AirDrop's "Everyone" ModeTo ensure a seamless experience for both Android and iOS users, Quick Share currently works with AirDrop's "Everyone for 10 minutes" mode.

Our first rust memory safety vulnerability...almost: We'll analyze a near-miss memory safety bug in unsafe Rust: how it happened, how it was mitigated, and steps we're taking to prevent recurrence.

Our First Rust Memory Safety Vulnerability...AlmostWe recently avoided shipping our very first Rust-based memory safety vulnerability: a linear buffer overflow in CrabbyAVIF.

Unsafe Review and TrainingOperating system development requires unsafe code, typically C, C++, or unsafe Rust (for example, for FFI and interacting with hardware), so simply banning unsafe code is not workable.

Dmytro Hrybenko for leading the effort to develop training for unsafe Rust and for providing extensive feedback on …

Survey shows Android users’ confidence in scam protectionsGoogle and YouGov3 surveyed 5,000 smartphone users across the U.S., India, and Brazil about their experiences.

The findings were clear: Android users reported receiving fewer scam texts and felt more confident that their device was keeping them safe.

Android users were 58% more likely than iOS users to say they had not received any scam texts in the week prior to the survey.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

What's worse, many plaintext HTTP connections today are entirely invisible to users, as HTTP sites may immediately redirect to HTTPS sites.

To address this risk, we launched the “Always Use Secure Connections” setting in 2022 as an opt-in option.

We now think the time has come to enable “Always Use Secure Connections” for all users by default.

For more than a decade, Google has published the HTTPS transparency report, which tracks the percentage of navigations in Chrome that use HTTPS.

Since HTTP navigations remain a regular occurrence for most Chrome users, a naive approach to warning on all HTTP navigations would be quite disruptive.

To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity.

Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.

An overwhelming 85% of all participants found the event useful for learning how AI can be applied to security workflows.

This positive feedback highlights that AI-centric CTFs can play a vital role in speeding up AI education and adoption in the security community.

We are committed to advancing the AI cybersecurity frontier…

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service .

The block will expire shortly after those requests stop.

In the meantime, solving the above CAPTCHA will let you continue to use our services.This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests.

If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible.

Learn more Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very qu…

At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos.

Pixel Camera attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

Google Photos attaches Content Credentials to JPEG images that already have Content Credentials and are edited using AI or non-AI tools, and also to any images that are edited using AI tools.

Building a More Trus…

Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics.

Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification.

This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar.

With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads.

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the hi…

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts.

Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and distribute provenance.

With an estimated value exceeding $12 trillion, open source software has never been more integral to the global economy.

For publishers and maintainers of open source packages, OSS Rebuild can...

If you're a developer, enterprise, or security researcher interested in OSS security, we invite you to follow along and get involved!

Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures.

This is particularly useful for Advanced Protection users, since in 2023, plaintext HTTP was used as an exploitation vector during the Egyptian election.

JavaScript Optimizations and Security Advanced Protection reduces the attack surface of Chrome by disabling the higher-level optimizing Javascript compilers inside V8.

Javascript optimizers can be disabled outside of Advanced Protection Mode via the “Javascript optimization & security” Site Setting.

We…

Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approachGoogle has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle.

From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level.

Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article.

Moving forwardOur comprehensive prompt injection security strategy strengthens the overall security framework for Gemini.