Родительские настройки оказались бессильны против того, с чем сталкиваются дети на платформе.

Закон вынудил Meta пойти на риск для приватности пользователей.

Раскрыта 50-летняя загадка Джона Уилера о том, почему частицы одного вида абсолютно идентичны.

ChatGPT, Claude и Gemini дают опасные советы по кибербезопасности.

Нейросеть описывает целые сцены, которые человек видит или представляет.

Зная то, как злоумышленники могут атаковать нас, давайте разберемся в том, как работает перехват DNS и что можно сделать, чтобы защитить себя.

Loihi, TrueNorth и китайский Darwin Monkey показывают что нейроморфика масштабируется до миллиардов нейронов и при этом остается экономной.

Что несет миру виртуальный абьюзер, которым не занимались родители.

Мишустин утвердил новый срок.

Как “Великий файрвол” учится предсказывать неповиновение.

3,2% пользователей всё же преодолели 16-символьный барьер.

Победит тот кто первым научится криптографически доказывать что сигнал настоящий.

Архитектура MFA: принципы работы и уязвимые точкиМногофакторная аутентификация (MFA) строится вокруг идеи, что один признак недостаточен для надёжной проверки личности.

Рост атак на MFA: факторы и тенденцииMFA распространяется повсеместно, и это само по себе породило новый интерес злоумышленников.

Компания отметила, что фишинговая страница собирала пароли и токены, и что использование FIDO2‑ключей могло бы предотвратить атаку.

Массовое распространение MFA привело к тому, что злоумышленники сосредоточились на использовании «человеческих» слабостей, а не на взломе криптографии.

Поэтому одних паролей и СМС‑кодов для безопасности недостаточно: нужны фишинг‑устойчивые факторы, такие как FIDO2‑кл…

На практике же выясняется: рекламные цифры достигнуты в идеальных условиях лаборатории и не всегда совпадают с реальностью боевых сетей.

В этой статье мы разберём популярные мифы о NGFW и то, как обстоят дела в реальных проектах.

Например, антивирус на NGFW проверяет поток на лету и не умеет пересканировать файлы после обновления сигнатур.

Вывод: планируя закупку здесь и сейчас, следует ориентироваться на фактически доступные возможности устройства, а не на обещания из презентаций.

Или в качестве ловушек, например, отслеживать, кто подключается к известным серверам удалённого доступа, таким как Anydesk или ngrok.

Если несколько лет назад главным был вопрос «чем заменить?», то сегодня он трансформировался в «что выбрать для будущего?».

Константин Рябкин, руководитель направления серверных решений, директор департамента пресейла и контроля поставок «‎Инфосистемы Джет»Михаил Косцов поясняет, что в коммерческом секторе компании свободны в выборе оборудования в отличие от госсектора.

На сайтах вендоров выкладывается информация, что и как тестировалось, производители ПО и оборудования публикуют сертификаты.

Провели тестирование, и в течение 1–1,5 месяцев для заказчика было готово решение, которое до сих пор у него работает.

ВыводыРоссийский рынок серверов и ПАКов перестал быть полем для вынужденной замены…

Применение UserGate NGFW для контроля периметраВ этой архитектуре UserGate NGFW обеспечивает многоуровневую фильтрацию.

Применение UserGate NGFW для глубокого анализа веб-трафикаЗдесь UserGate NGFW работает в режиме пассивного мониторинга.

Применение UserGate NGFW в защищённых сетевых сегментахВнутри корпоративной сети создаётся особый, строго охраняемый сегмент — своего рода «чистая зона».

При выходе в интернет трафик попадал на L3-шлюз NGFW от Palo Alto, оттуда — на коммутатор (UserGate), затем обратно на NGFW, после чего уходил наружу.

Более того, теперь мы создали инструмент для автоматической переноски конфигураций как со старых версий UserGate NGFW, так и с продуктов других вендоров.

Но о дополнительном аудите технологий поддержки цифрового рубля со стороны ИБ-сообщества представитель ФСБ не упоминал.

Другие формы применения цифрового рубляВнедрение цифрового рубля не ограничится только розничным рынком.

Например, Анатолий Аксаков рассказал о своём участии в обсуждении результатов уже запущенного пилотного внедрения цифрового рубля в цепочку финансирования госпроектов в Чувашской республике.

Достаточно ли проверки безопасности цифрового рубля в таком объёме?

Так нужен ли аудит для цифрового рубля или и так всё хорошо?

Реализация полнотекстового поиска в СУБД PostgreSQL является амбициозной задачей.

Примеры, описанные выше, демонстрируют, что стандартные словари PostgreSQL не отвечают требованиям полнотекстового поиска с морфологией: слова с разными корнями (ЗАБЫ-ть и за-БИ-ть) могут считаться однокоренными, а однокоренные слова — разными.

Так как заказчику требовалась возможность полнотекстового поиска с морфологией на разных языках, в поставку были добавлены словари для 10 языков:английский;болгарский;греческий;латышский;литовский;немецкий;польский;русский;финский;эстонский.

В отличие от базовых словарей, которые превращают все наборы символов в слова, Hunspell-словари оставляют нераспознанные слова и с…

(мультивыбор)Что тормозит развитие аутсорсинга ИБ в России?

У регулятора правильная позиция — ему важно, чтобы задача по ИБ была выполнена, а инструмент можно выбрать при соответствии определённым параметрам.

Мария Шай добавила: из on-premise переезжает в сервис всё то, что в качестве защиты переходит в облако.

ВыводыАутсорсинг в сфере информационной безопасности в России окончательно перешёл из категории экзотики в разряд прагматичного инструмента для бизнеса.

Телепроект AM Live еженедельно приглашает экспертов отрасли в студию, чтобы обсудить актуальные темы российского рынка ИБ и ИТ.

В 2025 году, как и прежде, этот процесс сопровождается типичными ошибками, причём как на стратегическом уровне, так и в плоскости корпоративной культуры.

Для его успешного функционирования необходима зрелая система идентификации и авторизации (IAM), регулярная ревизия назначенных полномочий, постоянный мониторинг поведения пользователей и, что самое главное, тесное сотрудничество между ИБ, IT и бизнесом.

Они становятся «бутылочным горлышком», тормозят весь конвейер разработки и в конечном итоге либо игнорируются, либо саботируются.

ВыводыГлавная угроза современной кибербезопасности — не в технологиях, а в людях и процессах, которые ими управляют.

Эффективная защита строится не на закупке ре…

Позднее стало ясно, что в официальной церемонии в Ханое будет участвовать нынешний генеральный прокурор РФ Александр Гуцан.

Впервые договор ООН будет носить название вьетнамского города, что знаменует собой важную веху в развитии дипломатии Вьетнама и 47-летнее партнёрство Вьетнама и ООН.

Наша страна стремилась акцентировать, что в международной кибербезопасности нет первых и вторых, важно сотрудничество и совместная координация усилий для достижения общих целей.

Через принятие Ханойской Конвенции в ЕС рассчитывают на широкое распространение существующих моральных, этических и иных норм на международном уровне.

В совместном заявлении коалиции было отмечено, что в Конвенции не содержится чёт…

Здесь разговор уже не только о классических уязвимостях, но и о целенаправленных атаках на сами модели и данные — об этом много рассказывал Алексей Морозов.

Речь идёт об отравлении данных (Data Poisoning), что является частным примером атаки в парадигме т.н состязательного машинного обучения (Adversarial Machine Learning).

Отмечу также, что DDos-guard придерживается позиции сетевого нейтралитета.

Для меня же этот факт означал, что DDoS-Guard действительно обладает экспертизой международного уровня.

ВыводыМитап, организованный компанией DDoS-Guard на площадке Южного IT-парка, предоставил площадку для обсуждения ключевых трендов в сфере информационной безопасности.

На конференции Yandex Connect 2025 компания Яндекс представила масштабное обновление экосистемы «Яндекс 360».

Пресс-брифинг перед конференцией Yandex Connect 2025«Яндекс 360» по модели On-PremisesОдним из ключевых обновлений конца 2025 года стало открытие доступа ко всем основным сервисам «Яндекс 360» по модели on-premises.

Сервисы «Документы» и «Диск», объединяющие редакторы документов и таблиц, ранее уже были внесены в Единый реестр российского ПО и полностью готовы к применению on-premises.

Стандартная конфигурация при работе «Яндекс 360» по модели on-premises рассчитана на одновременную работу для 100 000+ пользователей.

Сейчас ассистент «Алиса Про» в экосистеме «Яндекс 360» работает в …

Схема прохождения запроса в «Гарда WAF 3.0»Архитектура «Гарда WAF 3.0»Продукт включает три функциональных модуля:Web Application Firewall .

Функциональные модули «Гарда WAF 3.0»Варианты интеграцийПользователям доступно три варианта развёртывания «Гарда WAF 3.0»:On-premise (на сервере заказчика).

Подключение двухфакторной аутентификации в «Гарда WAF 3.0»Программные модули «Гарда WAF 3.0»Меню «Гарда WAF 3.0» состоит из следующих основных разделов:«События».

Результаты сканирования в «Гарда WAF 3.0»Сценарии применения «Гарда WAF 3.0»Сценарии использования продукта вытекают из его основных функций.

Результат: внедрение межсетевого экрана «Гарда WAF 3.0» повышает стабильность и отказоустойчивост…

Автономный SOC — это не просто очередной инструмент в арсенале защитников, а фундаментально новая архитектура, построенная на триединстве больших данных, машинного обучения и автоматизации.

Если традиционный SOC полагается на скорость и экспертизу человека, то автономный стремится к непрерывному, масштабируемому и прогнозирующему реагированию.

Алексей Лукацкий рассказал, что в 2005 году, когда в России принимали законы о персональных данных, некорректно перевели термин «autonomous» как автоматизированный.

Сейчас, говоря об автономных SOC, многие считают, что это SOC с большим количеством автоматизации.

Николай Гончаров считает, что SOAR — базовая технология, которая позволяет вести автомати…

Какие продукты лучше всего подходят для МСБТема средств защиты для МСБ затрагивалась в недавнем эфире AM Live.

NANO Антивирус PRONANO Антивирус Pro — решение от российского разработчика «НАНО Секьюрити» для защиты домашних компьютеров и рабочих мест в малом и среднем бизнесе.

«Кибер Бэкап Малый Бизнес»«Киберпротект» — российский разработчик решений для защиты данных и восстановления рабочих сред, создания масштабируемых ИТ-инфраструктур и хранилищ, защищённого обмена файлами и предотвращения утечки данных.

Это делает FreeOTP универсальным решением как для персонального использования, так и для защиты бизнес-приложений.

Обучение сотрудников и бесплатные инструменты для защиты инфраструктурыМ…

Для бизнеса такие детали могут казаться несущественными, но именно они становятся стартовой точкой атаки.

Индекс кибербезопасности F6 собирает эти сигналы воедино и показывает, как выглядит ваша цифровая «оболочка» глазами злоумышленника.

Для них высокий Индекс — это не только защита, но и аргумент на переговорах: партнёры видят, что риски под контролем.

Это экономит ресурсы и позволяет вкладываться в действительно важное, а не в то, что только кажется проблемой.

Индекс кибербезопасности F6 даёт руководителю возможность увидеть эту картину целиком и понять, какие шаги действительно критически важны.

Развитие искусственного интеллекта в России и в мире17.16.

Правила есть как для structured generation, так и для обычных текстовых ответов.

ПНСТ 836-2023Чем интересен стандарт:Данный документ описывает применение технологий ИИ в целях защиты информации.

Раздел 6 - "Использование технологии ИИ в Э/Э/ПЭ системах, связанных с безопасностью"В разделе описывается схема классификации, показывающая применимость ИИ в задачах обеспечения безопасности учитывая разные контексты использования.

ВыводыРегулирование безопасности ИИ в России находится на начальной стадии – специализированного документа, посвященного исключительно этой теме, пока не существует.

Примеры из конфига (agent.conf): Microsoft-Windows-Sysmon/Operational eventchannel Microsoft-Windows-Windows Firewall With Advanced Security/Firewall eventchannel C:\xampp\apache\logs\*.log syslog C:\logs\file-%Y-%m-%d.log syslog /var/log/vault/audit_vaut.json json /var/log/fortigate/audit.log syslog Command, Alias и Frequency: Мониторинг динамики — выполняет команду и читает вывод как лог (одна строка) или (многострочный).

Примеры: /var/log/secure syslog Original event: $(log) /var/log/app.json json { "time": "$(timestamp %Y-%m-%d %H:%M:%S)", "log": "$(json_escaped_log)" } /var/log/secure syslog BASE64: $(base64_log) command echo "Test output from 2025-10-23" Command re…

Что это такоеДля тех кто не знает - OSCP - это самая первая и известная прикладная сертификация по пентесту от создателей Kali Linux.

Здесь я хочу рассказать не только что это за зверь и с чем его едят, но и как к нему подготовиться.

Купил тогда пак на 90 дней лабы и на экзамен.

Да, у меня уже был годовой опыт джуна за плечами и я даже находил пару критических уязвимостей до этого.

Я имею ввиду нормальную еду не за компьютером, чтобы не только кушать, но и отдыхать.

В случае с этим материалом совпали три фактора: во‑первых, спикер оказался корифеем информационной безопасности в России, во‑вторых, я был в НИЯУ МИФИ по делам, а в‑третьих, отказать себе в возможности поговорить с профессором я не мог.

Кстати, ещё хочу вот что сказать в контексте киберполигона, где обычно представлен и в каком‑то виде Security Operations Center (SOC).

Я и в профессиональных чатах нахожусь, слежу за новостями.

Раньше они говорили, что это форумы для профессионалов, но при этом упрекали нас в обучении студентов в отрыве от практики.

Благодаря такому сотрудничеству в вузе мы могли внедрять передовые практики обучения и быть в курсе всех значимых событий и изменений в отрасли …

На днях вскрылись шокирующие детали: треть залов без камер, охрана на устаревших датчиках и серверы на Windows Server 2003.

Так, в 2016 году хакеры взломали аккаунты Марка Цукерберга в Twitter и Pinterest.

Это доказывает: проблема не в технологиях, а в психологии.

Соцсети, почта, банковские приложения — всё становится уязвимым из-за этой единой точки отказа, что и произошло со многими жертвами атаки на Twitter.

Истории Лувра, Цукерберга и Кудроу говорят об одном: уязвимость зарождается не в коде, а в голове.

⚙️ Начало раскопок: WebSocket и OpcodeМы принялись за работу и в первую очередь сосредоточились на проверке Opcode'ов в WebSocket.

Первым делом нашли некий список с номерами от 10, 100, 123 — сервер тестово отвечал, но это тупик — с ним ничего не получилось.

Тогда мы сменили тактику: что, если попробовать добавить в запрос параметры, которых изначально нет?

Мы начали методично изучать его методы, и не зря.

Но это было ровно до того момента, пока мы не добавили в запрос параметр query.

У кого просят контакты специалистов по ремонту и чистке?

К нему пришел в личные сообщения @Master Evgeniyyy и предлагал услуги по ремонту сломавшейся кофемашины — вопрос по починке также был в группе.

Он ссылается на все те же «Отзывы мастера» и использует те же ролики, что и предыдущий мошенник, и знакомые схемы обмана: общение в «личке», онлайн-диагностика и развод на деньги.

А попавшаяся в капкан очередная искательница мастера в Сети поведала администраторам группы о новом разводе мошенников.

География деятельности мошенников распространялась не только на Москву и область — она охватывает все регионы России и чаты русскоязычных жителей других стран.

Но вот такой нехитрый костыль позволяет всему этому колхозу работать...Так вот, для чего придумали ipv6 - в нем 128 бит, то есть целых 16 октетов.

Традиционно это должен делать провайдер, но традиционно же провайдер тоже не знает, "зачем ему ipv6?"

Нет подсети ipv6 - вы не пользуетесь ipv6, а если вы все не пользуетесь - никто и не пользуется.

Внутри у вас хорошо, а что снаружи - не видно, да и снаружи не видно что внутри.

- но те, кто его достанет через ipv6 - и так уже в ipv6, а остальным оно недоступно и не надо.

И, надеюсь, наш небольшой разбор познакомит вас с базовыми принципами проектирования безопасной инфраструктуры, а также поможет разобраться в основных услугах.

Colocation Выделенные серверы Облачные серверы и облако на базе VMware Managed Kubernetes, Container registry (CRaaS) S3, облачные базы данных Облачное хранилище Панель управления Безопасность данных и управление доступом Клиент Клиент Клиент Клиент Клиент Клиент Клиент Безопасность прикладного ПО Клиент Клиент Клиент Клиент Selectel Selectel Selectel Сетевая безопасность инфраструктуры клиента Клиент Клиент Клиент Клиент Selectel Selectel Selectel Безопасность операционной системы Клиент Клиент Клиент Selectel Selectel Selectel Sele…

В этой статье мы хотим вспомнить про канальный уровень и поговорить об атаках и мерах защиты, которые можно использовать на коммутаторах.

То есть хакеру нужно как минимум получить доступ на один из пользовательских узлов, например с помощью трояна.

В результате на каждом компьютере формируется ARP таблица, в которой зафиксированы соответствия МАС и IP адресов.

И DHCP…Протокол DHCP используется в сети для выдачи IP адресов и сетевых параметров, включая шлюз по умолчанию и DNS серверы.

Защититься от атак на DHCP можно с помощью защитных механизмов, используемых на коммутаторах.

И, как у любого другого направления в ИТ, у машинного обучения также есть проблемы с безопасностью и в этой статье мы рассмотрим десять наиболее распространенных рисков ИБ.

Для эффективного предотвращения необходимо убедиться, что обучающие данные тщательно проверены, прежде чем они будут использованы для обучения модели.

Это можно сделать, внедрив проверки достоверности данных и задействовав несколько средств маркировки данных для проверки точности маркировки данных.

Проверка входных данных для модели может предотвратить предоставление злоумышленниками вредоносных данных, которые могут быть использованы для изменения модели.

Атака на передачу данных для обученияАтаки с передачей данных для…

В бумажных спецвыпусках «Хакера» собраны лучшие статьи за 2015–2021 годы с комментариями авторов и редакторов.

Раньше эти материалы можно было только скролить, а теперь их можно подарить другу, поставить на полку рядом с техлитературой или просто открыть на случайной странице.

Внутри — материалы времен перехода «Хакера» в цифру, культовые темы, яркие обложки, комментарии авторов — все, что делало журнал особенным в те годы.

Второй спецвыпуск (2017–2019)Этот спецвыпуск вышел в 2024 году, в год 25-летия «Хакера», и тоже был допечатан по просьбам читателей.

Один том или вся трилогия, для коллекции или в подарок — решать тебе.

Аналитики ИБ-компании Zscaler подсчитали, что за период с июня 2024 по май 2025 года в Google Play было обнаружено 239 вредоносных приложений, которые в сумме загрузили более 42 млн раз.

Если в прошлом году Zscaler насчитала в официальном магазине приложений для Android около 200 вредоносов, то в новом году было обнаружено уже 239.

— банковский троян, периодически появляющийся в Google Play под видом полезных утилит и ворующий данные из приложений более чем 830 банков и криптовалютных платформ.

Android Void (Vo1d) — бэкдор для ТВ-приставок, работающих на старых версиях Android Open Source Project (AOSP), который заразил не менее 1,6 млн устройств.

Специалисты напоминают пользователям, что с…

Разработчики Cisco исправили критическую уязвимость в Unified Contact Center Express (UCCX), которая позволяла получить root-привилегии и полный контроль над системой.

Уязвимость скрывалась в компоненте Java Remote Method Invocation (RMI) Cisco Unified CCX и позволяла неаутентифицированному злоумышленнику удаленно выполнять произвольные команды с привилегиями root.

Из-за этого атакующий мог загрузить специально подготовленный файл через Java RMI, и в случае успеха получал возможность запускать произвольные команды на хосте и повышать привилегии.

Уязвимость позволяла неавторизованным злоумышленникам удаленно обходить аутентификацию, а также создавать и выполнять произвольные скрипты с правам…

В этой статье я рас­ска­жу, как написать на Python рас­ширение Burp для свя­зи меж­ду Burp и Acunetix.

Я пос­тавил цель — соз­дать инс­тру­мент, который поз­волит быс­тро и удоб­но собирать пол­ную информа­цию о тар­гете и уяз­вимос­тях в про­екте Burp.

Нач­нем с соз­дания интерфей­са для управле­ния клю­чами дос­тупа к Acunetix API, нас­тро­им переда­чу тар­гетов из Burp в Acunetix и обратно.

_build_ui ( ) def _build_ui ( self ) : self .

key_field , gbc ) gbc .

Анализ показал, что организация стала жертвой целевой атаки хакерской группы Cavalry Werewolf, целью которой был сбор конфиденциальной информации и данных о конфигурации сети.

Используя его, хакеры загрузили дополнительные инструменты через легитимную Windows-утилиту Bitsadmin.

Исследователи пишут, что группировка использует разнообразные точки входа — от скриптов (BAT.DownLoader.1138) до исполняемых файлов с бэкдорами.

Хакеры активно встраивают вредоносный код в легитимные приложения для сокрытия активности и часто используют Telegram API для управления зараженными системами.

Эксперты заключают, что Cavalry Werewolf проводит спланированные целевые атаки на российский госсектор с целью долг…

Исследователи Secure Annex нашли в каталоге расширений Visual Studio Code Marketplace для VS Code вредоносное расширение, обладающее базовыми функциями шифровальщика.

Сообщается, что расширение было опубликовано с названием susvsex автором под ником suspublisher18.

При этом в описании и README прямо описаны две ключевые функции расширения: выгрузка файлов на удаленный сервер и шифрование всех файлов на машине жертвы при помощи AES-256-CBC.

Комментарии в исходниках свидетельствуют о том, что как минимум часть кода написана не вручную, а сгенерирована автоматически.

Расширение активируется при любом событии (при установке или запуске VS Code), после чего вызывает функцию zipUploadAndEncrypt.

По данным СМИ, в Каменске-Уральском Свердловской области зафиксирован первый известный случай применения новой статьи 13.53 КоАП РФ, вводящей ответственность за умышленный поиск экстремистских материалов в интернете.

Протокол составили на 20-летнего сотрудника медицинского учреждения, однако мировой суд вернул документ на доработку из-за процессуальных нарушений и отсутствия доказательств умысла.

Барсуков отмечает, что на его подзащитного оказывали психологическое давление, вину он не признает, а также активно участвует в патриотических мероприятиях в своем учебном заведении.

В итоге мировой суд Каменска-Уральского удовлетворил ходатайство и вернул протокол МВД на доработку.

Речь идет приме…

Все программы созданы практикующими специалистами, ориентированы на реальные кейсы и актуальные технологии — от Kubernetes и Zero Trust до OSINT и пентестов.

Выбирай направление, учись у профессионалов и развивай свою карьеру в сфере кибербезопасности и DevOps.

Программа охватывает девять модулей и более 40 практических заданий: от SAST/DAST и Compliance as Code до Zero Trust и Chaos Engineering.

Рассматриваются подходы и технологии, включая TDD, а также инструменты для выявления ошибок и уязвимостей, повышающие надежность и безопасность ПО.

Записаться на курс: https://itsecurity.ru/catalog/bt45/CyberEd.

По данным Министерства юстиции США, они участвовали в атаках шифровальщика BlackCat (ALPHV) и вымогали у пострадавших миллионы долларов.

Им предъявлены обвинения в сговоре с целью вмешательства в межштатную коммерческую деятельность посредством вымогательства, фактическом вмешательстве в коммерческую деятельность и умышленное повреждение защищенных компьютеров.

Следствие утверждает, что в итоге обвиняемые стали партнерами в вымогательской схеме BlackCat, то есть взламывали корпоративные сети, похищали данные и развертывали шифровальщик.

Однако единственная выплата, которую действительно получили хакеры — 1,27 млн долларов, которые компания из Тампы перевела после атаки в мае 2023 года.

По д…

Наиболее инновационная часть PromptFlux — модуль Thinking Robot, который периодически обращается к Gemini за свежими техниками обхода антивирусного ПО.

Однако помимо экспериментальных угроз, в своем отчете аналитики GTIG перечисляют различную малварь с ИИ, которая уже используется в реальных атаках.

Использует установленные на зараженной машине CLI-инструменты с ИИ для поиска дополнительных секретов и выгрузки украденных данных в динамически создаваемые публичные GitHub-репозитории.

Генерирует код на лету для кражи и шифрования данных на Windows, macOS и Linux.

Другая китайская группировка выдавала себя за участника CTF-соревнований, чтобы обойти защитные фильтры ИИ и получить детали экспло…

Вмес­то нее исполь­зует­ся одно­разо­вый QR-код, который либо генери­рует­ся на экра­не бан­комата и ска­ниру­ется в мобиль­ном при­ложе­нии бан­ка, либо соз­дает­ся в при­ложе­нии и счи­тыва­ется аппа­ратом.

Они стро­ятся на экс­плу­ата­ции недос­татков в ПО бан­комата и его сетевом окру­жении.

В свою оче­редь, экс­плу­ата­ция уяз­вимос­тей ОС и ПО спо­соб­на при­вес­ти к выдаче денег — к при­меру, если в УПО есть недос­татки.

Сценарии логических атак на банкоматыВо вре­мя ана­лиза защищен­ности ИБ‑спе­циалис­ты по воз­можнос­ти находят все уяз­вимос­ти кон­крет­ного бан­комата, которые мож­но исполь­зовать в ата­ках.

Уяз­вимос­ти, которые будут упо­минать­ся далее, при­водят­ся с иден­тиф…

Разработчики Microsoft добавили в браузер Edge новый защитный механизм, работающий на базе машинного обучения.

Он будет обнаруживать страницы со scareware (вроде фальшивой техподдержки) и передавать информацию Defender SmartScreen для ускоренной блокировки.

Когда блокировщик замечает подозрительную активность (полноэкранный режим, громкие звуки, характерные для scareware элементы дизайна), он немедленно прерывает отображение страницы.

Однако теперь в Edge 142 появился новый механизм, который связывает локальный блокировщик scareware с облачным SmartScreen.

Это дает SmartScreen возможность оперативно проверить и добавить мошеннический сайт в глобальную базу, чтобы защитить пользователей Edge…

Вымогательская группировка Akira заявила о краже 23 ГБ данных у Apache OpenOffice, включая личную информацию сотрудников и финансовые документы.

Apache OpenOffice — популярный опенсорсный офисный пакет, который часто используется как альтернатива Microsoft Office.

30 октября 2025 года на сайте группировки Akira в даркнете появилось сообщение о взломе Apache OpenOffice.

Злоумышленники утверждали, что в общей сложности похитили 23 ГБ данных и документов, и пригрозили опубликовать их в открытом доступе.

Представители Apache Software Foundation сообщили СМИ, что уже проводят расследование этих заявлений хакеров, однако подчеркивается, что у организации попросту нет данных, о краже которых сообщ…

Злоумышленники атакуют сайты под управлением WordPress, эксплуатируя критическую уязвимость в плагине Post SMTP, который начитывает более 400 000 установок.

Post SMTP — один из наиболее популярных плагинов для отправки почты с WordPress-сайтов.

В результате любой желающий может прочитать хранящиеся в логах письма, среди которых — сообщения о сбросе паролей со ссылками для смены учетных данных администраторов.

Стоит отметить, что это уже вторая серьезная проблема, обнаруженная в Post SMTP за последние месяцы.

Этот баг тоже позволял читать логи и перехватывать письма для сброса паролей, причем даже пользователям с минимальными правами.

Эксперты Cyble и Seqrite Labs обнаружили шпионскую кампанию, нацеленную на оборонный сектор в России и Беларуси.

В частности, он проверяет, что в системе присутствует не менее 10 недавних LNK-файлов, а количество запущенных процессов превышает или равно 50.

После прохождения проверок скрипт показывает жертве PDF-приманку из папки logicpro, одновременно с этим закрепляясь в системе через запланированную задачу githubdesktopMaintenance.

Это дает злоумышленникам доступ к системным ресурсам через Tor с полным сохранением анонимности.

После установления соединения малварь собирает информацию о системе и генерирует уникальный .onion-URL hostname для идентификации скомпрометированной машины.

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East.

The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the "libimagecodec.quram.so" component that could allow remote attackers to execute arbitrary code, according to Palo Alto Networks Unit 42.

"This vulnerability was actively exploited in the wild before Samsung patched it in April 2025, following reports of in-the-wild attacks," Unit 42 said.

The development comes as Samsung disclosed in September 2025 that another flaw in the same library (CVE-…

The attackers managed to gain access to the network for several weeks in April 2025.

"The sharing of tools among groups has been a long-standing trend among Chinese threat actors, making it difficult to say which specific group is behind a set of activities."

The targeting of European organizations by a threat actor codenamed DigitalRecyclers in July 2025, using an unusual persistence technique that involved the use of the Magnifier accessibility tool to gain SYSTEM privileges.

The targeting of a Japanese company and a multinational enterprise, both in Cambodia, in June 2025 by a threat actor codenamed PlushDaemon by means of AitM poisoning to deliver SlowStepper.

Per HarfangLab, the operat…

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.

The threat actor has been found to publish a total of 12 packages, with the remaining three working as intended without any malicious functionality.

"Extension methods allow developers to add new methods to existing types without modifying the original code – a powerful C# feature that the threat actor weaponizes for interception," Pandya explained.

"This staggered approach gives the threat actor a longer window to collect victims before the delayed-activation malware triggers, while immediately disrupting industrial …

Hackers compromise credentials: Attackers snag these credentials through phishing, brute force attacks, third-party breaches, or exposed API keys.

Hackers aggregate and monetize credentials: Criminal networks dump stolen credentials into massive databases, then sell them on underground markets.

They aren’t picky – if your business credentials work on consumer sites, they'll use them.

Make it a priority to find your compromised credentials before the criminals use them.

This no-cost, no-registration check doesn’t display or save individual compromised credentials; it simply makes you aware of your level of risk.

Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments.

"Following this initial attack, the scammers directly contact the business owner, often through third-party messaging apps, to demand payment."

The threat actors warn of further escalation should the victim fail to pay the fee, risking potential damage to their public rating and reputation.

, where threat actors distribute malicious applications disguised as legitimate VPN services across platforms using social engineering lures that leverage …

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded.

Secure Annex researcher John Tuckner, who flagged the extension "susvsex," said it does not attempt to hide its malicious functionality.

As of November 6, Microsoft has stepped in to remove it from the official VS Code Extension Marketplace.

"The extension package accidentally included decryption tools, command and control server code, GitHub access keys to the C2 server, which other people could use to take over the C2."

The Vidar 2.0 samples have been found to use hard-…

A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities.

"InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link to a trojanized ESET installer, to multiple Ukrainian entities," ESET said in its APT Activity Report Q2 2025–Q3 2025 shared with The Hacker News.

InedibleOchotense is assessed to share tactical overlaps with a campaign documented by EclecticIQ that involved the deployment of a backdoor called BACKORDER and by CERT-UA as UAC-0212, which it describes as a sub-cluster within the Sandworm (aka APT44) hacking group.

While the email message …

Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362.

"This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service (DoS) conditions," the company said in an updated advisory, urging customers to apply the updates as soon as possible.

While successful exploitation of CVE-2025-20333 allows an attacker to execute arbitrary code as root using crafted HTTP requests, CVE-2025-20362 makes it possible to access a restri…

While Excel is a stalwart in each of the cyber, financial, and GRC domains, even it has its limits at these levels of complexity.

Initially launched as a crisis simulation management platform, it later incorporated breach & attack simulation to now holistic adversarial exposure management, providing a unique capability to assess both technical and human readiness.

Most typically, this might involve running a red team simulation on the first day, to test detective and preventative technical controls, and SOC response processes.

The tabletop exercise would then be run on the second day, and can potentially be tweaked to reflect findings and timings from the technical exercise.

And when your t…

Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world.

Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors.

The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political leverage.

For a full look at the most important security news stories of the week, keep reading.

The best way to stay ahead isn’t to panic, but to stay informed, keep learning, and stay alert.

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion.

According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide.

We believe independent analyst research like the Gartner Market Guide for Managed Detection and Response is a valuable resource for organizations assessing MDR providers.

For these organizations, MDR delivers human-led, enterprise-grade protection with proactive exposure management — without the complexity or cost of running it internally.

Join you…

The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware.

"This hidden environment, with its lightweight footprint (only 120MB disk space and 256MB memory), hosted their custom reverse shell, CurlyShell, and a reverse proxy, CurlCat," security researcher Victor Vrabie, along with Adrian Schipor and Martin Zugec, said in a technical report.

The activity cluster is assessed to be active since late 2023, operating with interests that are aligned with Russia.

"By isolating the malware and its execution environment within a VM, the attackers effectively bypassed many traditional host-based E…

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files.

"The malicious activity – carried out by a state-sponsored threat actor - was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call," the company said in a statement released this week.

The disclosure comes nearly a month after the company said an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service.

In September, it claimed that the threat actors accessed the backup files stored in the clo…

Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion.

This, in turn, is accomplished by using a hard-coded API key to send the query to the Gemini API endpoint.

PROMPTFLUX is assessed to be under development or testing phase, with the malware currently lacking any means to compromise a victim network or device.

It's currently not known who is behind the malware, but signs point to a financially motivated threat actor that has adopted a broad, geography- and industry-ag…

The cybersecurity community lost one of its luminaries with the passing of David Harley last week, at the age of 76.

On that forum, at the time working for the NHS as its computer security head, was a man named David Harley.

At a conference called ‘Infosec’ (sadly long defunct), I finally met David, in late 1999, and we hit it off immediately, sharing many more interests than just security.

Rest in peace my friend.”Says ESET Research Fellow Bruce P. Burrell:“I'm not quite sure when I first met David – probably though VIRUS-L/comp.virus in the late 80s or early 90s.

Here’s where you can learn more about the life and work of David Harley:

ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity ReportYesterday, the ESET research team released the latest issue of its APT Activity Report that summarizes and contextualizes the cyber-operations of some of the world's most notorious state-aligned hacking groups from April to September 2025.

The report documents how the groups targeted entities across sectors and geographies in an attempt to burrow deep into both government and corporate systems and siphon off intelligence, disrupt infrastructure or generate revenue.

One notable finding is that the notorious Russia-aligned group Sandworm deployed several data w…

ESET APT Activity Report Q2 2025–Q3 2025 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April through September 2025.

They illustrate the key trends and developments and contain only a small fraction of the cybersecurity intelligence data provided to customers of ESET APT reports.

During the monitored period, China-aligned APT groups continued to advance Beijing’s geopolitical objectives.

This surge in activity coincided with a rare instance of cooperation between Russia-aligned APT groups, as Gamaredon selectively deployed one of Turla’s backdoors.

Malicious activities described in ESET APT Activity Report Q2 …

One deceptive tactic that has gained traction recently involves tricking people into sharing their phone screens during a WhatsApp video call.

Screen sharing scam report from Brazil (source: Reddit)Here’s what you should know about the scam and how you can stay safe from it.

The callEverything starts with a WhatsApp video call from an unfamiliar number.

Once you oblige, any incoming text messages and WhatsApp verification codes become visible to them.

Never share your passwords, verification codes or any personal or financial data over the phone.

Think you could never fall for an online scam?

Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step aheadWhy do people fall for scams even when they should know better?

It’s a question that says more about human nature than about technology.

In this episode of Unlocked 403, Becks is joined by Alena Košinárová, a software engineer at ESET who has a knack for unraveling the human side of cybersecurity, to unpack the psychology that keeps social engineering so effective.

They also discuss how our publicly available information, such as our own social media posts, only makes things easier for scammers, as well as how you can guard against social eng…

Preparation is the key to effective incident response (IR).

If everyone in the incident response team knows exactly what to do, there’s more chance of a swift, satisfactory and low-cost resolution.

Gather information and understand scopeThe first step is to understand exactly what just happened and set to work on a response.

Isolate and containWhile outreach to relevant third parties is ongoing, you’ll need to work fast to prevent the spread of the attack.

Because successful incident response isn’t just a matter for IT.

As Windows 10 PCs no longer receive security updates automatically, what are your options if you or your business still uses Windows 10?

As Windows 10 PCs no longer receive security updates automatically, what are your options if you or your business still uses Windows 10?

Cybercriminals are distributing information-stealing malware using TikTok videos disguised as free activation guides for Windows, Spotify, Netflix and other software.

Meanwhile, China has accused the U.S. National Security Agency (NSA) of carrying out a "premeditated" cyberattack targeting China’s National Time Service Center (NTSC).

Don't forget to check out the September 2025 edition of Tony's monthly security news roun…

Effective protection combines ongoing family communication, human and technical controls, and a clear remediation plan if something does still go wrong.

Loneliness : Social isolation can make relationship-based scams, such as dating scams, devastatingly effective.

: Social isolation can make relationship-based scams, such as dating scams, devastatingly effective.

Also, if your parent’s or grandparent’s bank offers special protections for older customers, use them.

The bottom line is, scams targeting seniors are rising in cost, frequency and sophistication.

Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scamsCan you tell what’s real online?

It's become increasingly difficult as advances in AI and deepfake technology can help anyone create eerily convincing videos, images, and audio.

Businesses aren't spared either, as synthetic voices and videos are being used to trick employees into wiring corporate money to criminals.

This video closes out our series of videos marking Cybersecurity Awareness Month, so don't miss out on the other instalments in the series that looked at the human element in cybersecurity, authentication, software patching, the ransomware threat and …

He was subsequently found out to be a North Korean worker who had tricked the firm’s HR team into gaining remote employment with the firm.

Thousands of North Korean workers may have found employment in this way.

According to ESET researchers, the WageMole group is linked to another North Korean campaign it tracks as DeceptiveDevelopment.

WageMole steals these developer identities to use in its fake worker schemes.

Contain the threatIf you think you have identified a North Korean worker in your organization, tread carefully at first to avoid tipping them off.

According to Canalys, revenue from managed security services is predicted to grow 15% annually this year.

Ransomware detections from June 2024 to May 2025 (source: ESET Threat Report H1 2025)Why is MDR a good fit for MSPs?

This is why many MSPs are turning to MDR services delivered by a trusted partner.

Customer support : High-quality, localized customer service is important to ensure you can provide the best possible MDR experience to your clients.

: High-quality, localized customer service is important to ensure you can provide the best possible MDR experience to your clients.

Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failuresIn the remote and hybrid work era, employee use of unsanctioned hardware and software (known as shadow IT) has become an acute problem that results in security gaps along with potential data loss and compliance issues.

The stakes grow further as employees increasingly use generative AI tools for productivity and convenience while their employers lose control over how sensitive corporate data is stored or shared.

Watch the video with ESET Chief Security Evangelist Tony Anscombe to learn how IT teams can get a grip on the problem.

Make sure to watch other videos marking Cybersecurity…

This name was coined in a 2020 blogpost by ClearSky, and overlaps with campaigns like DeathNote or Operation North Star.

Soon after, it was seen in the wild, and since then in multiple attacks attributed to Lazarus’ Operation DreamJob campaigns, which makes it the attacker’s payload of choice for already three years.

The targeted sectors, located in Europe, align with the targets of the previous instances of Operation DreamJob (aerospace, defense, engineering).

In recent years, multiple campaigns affecting the aerospace sector (including UAV technology specifically) have been attributed to North Korea-aligned APT groups, with Operation North Star (a campaign presenting some overlap with Ope…

A threat is bornDetected by ESET products mainly as MSIL/Spy.Agent.AES, SnakeStealer first appeared in 2019.

(source: MalwareBazaar)Malware-as-a-service: A profitable 'business model'Like many other modern threats, SnakeStealer follows the malware-as-a-service (MaaS) model.

SnakeStealer topping detection charts (source: ESET Threat Report H1 2025)Key featuresSnakeStealer may not break new ground, but it’s polished, reliable, and easy to deploy.

Evasion: In order to stay under the radar, SnakeStealer can terminate processes associated with security and malware analysis tools and check for virtual environments.

In order to stay under the radar, SnakeStealer can terminate processes associated …

Ransomware rages on and no organization is too small to be targeted by cyber-extortionists.

How can your business protect itself against the threat?

Before you go, learn here about ESET's discovery of the world's first AI-driven ransomware PromptLock.

Also, stay tuned for more videos marking Cybersecurity Awareness Month, a campaign celebrated annually in many parts of the world, including in the US, Canada, Australia and across Europe.

In the meantime, why not learn about ESET's cybersecurity awareness training?

Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection.

The advanced ClickFix page (Source: Push Security)“This is an incredibly slick example – it almost looks like Cloudflare shipped a new kind of bot check service,” the researchers noted.

ClickFix’s riseThe ClickFix technique was named after the initial pretext used by the attackers: the malicious pages would show a fake error message and would instruct users to copy and run some code to fix the problem.

Malicious ads and highly-ranked pages surfaced by Google Search are currently the top delivery vector for …

Tufin announced Tufin Orchestration Suite (TOS) R25-2.

With the R25-2 release, Tufin builds on this foundation, strengthening its unified control plane with four major advancements: improved topology accuracy, enhanced cloud compliance and automation, streamlined SASE policy control, and refined AI-driven insights with TufinAI.

Stronger cloud compliance and automationAs enterprises expand across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), their security teams face mounting pressure to maintain security policy consistency and compliance.

Streamlined SASE policy controlAs SASE architectures become central to enterprise connectivity, managing security policies …

Which brings us to the question, when will those EOL on-premises versions of Windows Exchange Server really disappear?

Not all versions reached EOL; Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021 still have several years of support.

This document provides security recommendations and mitigations to harden on-premises and often EOL Exchange Server systems as cloud or upgrade alternatives are in progress.

On October Patch Tuesday, Microsoft released a fix for CVE-2025-59287 in 7 KBs for Windows Server versions 2012 through 2025.

The remote code execution vulnerability in Windows Server Update Service (WSUS) carries a CVSS 3.1 of 9.8 and a Critical severity.

Postman announced several updates bringing key enterprise features to its platform, so customers can build AI-ready APIs that meet the most critical enterprise specifications.

As software increasingly shifts from applications to AI agents, the enterprise challenge has become clear: these agents are only as capable as the APIs that inform them.

APIs deliver the context that fuels intelligence, yet most organizations lack the governance, visibility, and consistency required to make their APIs trustworthy for AI systems.

Together, these capabilities make Postman the enterprise control plane for the modern API ecosystem: public or private, human, or AI.

As AI systems continue to evolve from too…

Where that connection is missing, our work often involves redefining value streams, clarifying ownership and reshaping incentives so that business outcomes drive technology priorities, not the other way around.

In practice, this means embedding security architects into product, project and infrastructure teams and treating security KPIs (e.g.

Infrastructure automation promises efficiency but can also accelerate mistakes.

On infrastructure automation projects, we use an automation assessment model that classifies each process by risk, recurrence, and reversibility.

A technology has durable value when it improves core business outcomes, integrates well into existing processes and the organisa…

A new study shows that steady, mandatory phishing training can cut risky behavior over time.

Why long-term training mattersPhishing still kicks off most cyberattacks, and awareness training is standard practice.

The study followed more than 1,300 employees across 20 companies over a 12-month period to find out what works when phishing simulations are repeated regularly and backed by mandatory training.

When someone took an unsafe action, such as clicking a malicious link, the system assigned a short mandatory training session before the person could return to work.

“In contrast with other research in the area, a key contribution of ours was a mandatory training after each failed phishing at…

The latest analysis from cyber insurer Coalition shows that outdated privacy laws are driving a surge in web privacy claims, with small and midsize businesses now common targets.

The Meta Pixel, for example, was cited in 43 percent of all web privacy claims.

Old laws, new interpretationsThe research found that nearly three-quarters of web privacy claims cited the California Invasion of Privacy Act (CIPA) of 1967.

According to the researchers, four law firms accounted for 72 percent of all web privacy claims.

Small businesses, big exposureThe researchers found that 59 percent of web privacy claims were reported by companies with less than $100 million in revenue.

Healthcare leaders continue to treat cybersecurity as a technical safeguard instead of a strategic business function, according to the 2025 US Healthcare Cyber Resilience Survey by EY.

The study, based on responses from 100 healthcare executives, outlines six areas where hospitals and health systems must act to close resilience gaps that threaten patient care and operations.

While 65% of executives said they have the authority to allocate funds, many still face moderate to severe cyber incidents.

Building a sustainable cyber workforceWhile 52% of respondents said that training and upskilling personnel help address cyber challenges, yet many still prioritize funding tools over staffing.

Comp…

Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Barracuda Networks, Bitdefender, Forescout, and Komodor.

Forescout eyeSentry platform delivers continuous, cloud-based exposure managementeyeSentry continuously discovers, contextualizes, and prioritizes risk across every connected device, managed or unmanaged.

By pinpointing their most critical risks early and often, security teams can act decisively before threats escalate, all from the convenience of the cloud.

It eliminates disruptive context switching, allowing security teams to transition effortlessly between vulnerability assessments, incident reviews and more.

1touch.io Kontxtual pr…

Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to root.

The good news is that there is currently no evidence of the vulnerabilities being leveraged by attackers.

CVE-2025-20358 and CVE-2025-20354 fixed, along with other flawsCisco UCCX is a contact-center software solution designed for small to medium-sized deployments (up to about 400 agents).

CVE-2025-20358 stems from missing authentication for a critical function: communication between the CCX Editor and an affected Unified CCX server.

They affect C…

Ping Identity announced “Identity for AI,” a new solution designed to secure the world of AI agents.

Identity for AI will help enterprises engage the agentic commerce channel, secure the autonomous workforce, and protect against adversarial AI threats.

“AI agents are changing how business gets done,” said Andre Durand, CEO of Ping Identity.

“With Identity for AI, we give organizations the guardrails to innovate responsibly and with confidence through enterprise-grade identity management.

Further capabilities around agent visibility, governance, privileged-access management and threat protection are expected to roll out throughout 2026.

Team Cymru announced RADAR, a new real-time discovery module designed to give threat analysts visibility into all internet-facing infrastructure, whether known or unknown, without waiting on asset inventories, third-party scans, or compliance-oriented tools.

“Our RADAR solution is about giving defenders the power to investigate external infrastructure in real time — their own or anyone else’s – and take action immediately,” said Joe Sandar, CEO, Team Cymru.

Cyber threat analysts and intelligence teams often face a disadvantage when assessing risk exposure due to unknown internet-facing resources.

RADAR returns the advantage by delivering:Passive discovery of connected IPs, domains, and expo…

Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed).

“[The incident] was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call.

SonicWall detected suspicious activity – specifically, the downloading of backup firewall configuration files – in early September 2025.

On September 17, the company disclosed that attackers had brute-forced their way into its cloud backup service.

However, several weeks later it confirmed that all backup files had been compromised.

Prowler launched Prowler Lighthouse AI, an intelligent security assistant and MCP Server, that brings autonomous AI directly into DevSecOps workflows.

Cloud security at AI speedProwler’s agentic AI automation ensures that detection, prioritization, and remediation happen at AI speed by reducing dwell time, preventing cascading breaches, and enabling security teams against AI-enhanced adversaries.

For DevSecOps teams, the new MCP Server embeds cloud security context within agentic workflows by integrating with popular tools such as Cursor, Claude Code, or Visual Studio.

Powered by advanced AI reasoning, Lighthouse AI interprets queries in plain English, retrieves relevant context Prowler dat…

Roughly 40 percent of all APT activity tracked during this period came from groups tied to Moscow.

Another actor, InedibleOchotense, impersonated ESET itself in phishing campaigns that delivered a trojanized installer carrying the Kalambur backdoor.

Iran adopts internal phishing tacticsIran-aligned activity remained steady, making up nearly 8 percent of observed campaigns.

North Korea mixes espionage with profitNorth Korean groups remained active in espionage and financially motivated operations, with roughly 14 percent of global activity attributed to them.

ESET also noted North Korean actors extending operations into Uzbekistan, suggesting a widening scope beyond traditional targets.

Faking Receipts with AIOver the past few decades, it’s become easier and easier to create fake receipts.

Decades ago, it required special paper and printers—I remember a company in the UK advertising its services to people trying to cover up their affairs.

Then, receipts became computerized, and faking them required some artistic skills to make the page look realistic.

The software works by scanning receipts to check the metadata of the image to discover whether an AI platform created it.

Yet another AI-powered security arms race.

The Department of Justice has indicted thirty-one people over the high-tech rigging of high-stakes poker games.

In a typical legitimate poker game, a dealer uses a shuffling machine to shuffle the cards randomly before dealing them to all the players in a particular order.

As set forth in the indictment, the rigged games used altered shuffling machines that contained hidden technology allowing the machines to read all the cards in the deck.

Because the cards were always dealt in a particular order to the players at the table, the machines could determine which player would have the winning hand.

Collectively, the Quarterback and other players in on the scheme (i.e., the cheating team) used …

Scientists Need a Positive Vision for AIFor many in the research community, it’s gotten harder to be optimistic about the impacts of artificial intelligence.

Meanwhile, particularly in the United States, public investment in science seems to be redirected and concentrated on AI at the expense of other disciplines.

None of us should accept this as inevitable, especially those in a position to influence science, government, and society.

National labs are building AI foundation models to accelerate scientific research.

Third, we should responsibly use AI to make society and peoples’ lives better, exploiting its capabilities to help the communities they serve.

Cybercriminals Targeting Payroll SitesMicrosoft is warning of a scam involving online payroll systems.

Criminals use social engineering to steal people’s credentials, and then divert direct deposits into accounts that they control.

Sometimes they do other things to make it harder for the victim to realize what is happening.

I feel like this kind of thing is happening everywhere, with everything.

As we move more of our personal and professional lives online, we enable criminals to subvert the very systems we rely on.

AI Summarization OptimizationThese days, the most important meeting attendee isn’t a person: It’s the AI notetaker.

Welcome to the world of AI summarization optimization (AISO).

Optimizing for algorithmic manipulationAI summarization optimization has a well-known precursor: SEO.

AI summarization optimization follows the same logic on a smaller scale.

AI summarization optimization illustrates how quickly humans adapt communication strategies to new technologies.

Friday Squid Blogging: Giant Squid at the SmithsonianI can’t believe that I haven’t yet posted this picture of a giant squid at the Smithsonian.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Posted on October 31, 2025 at 5:06 PM • 0 Comments

Listen to the Audio on NextBigIdeaClub.comBelow, co-authors Bruce Schneier and Nathan E. Sanders share five key insights from their new book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship.

The Brazilian city councilor who used AI to draft a bill did not ask for anyone’s permission.

The U.S. federal judge who used AI to help him interpret law did not have to check with anyone first.

It’s likely that even the thousands of disclosed AI uses in government are only the tip of the iceberg.

They used AI to make personalized robocalls to voters, write frequent blog posts, and even generate podcasts in the candidate’s voice.

Starting with 72 toxins, the researchers used three open source AI packages to generate a total of about 75,000 potential protein variants.

Many of the AI-designed protein variants are going to end up being non-functional, either subtly or catastrophically failing to fold up into the correct configuration to create an active toxin.

One thing that was very clear is that there were huge variations in the ability of the four screening programs to flag these variant designs as threatening.

Three of the software packages were updated in response to this performance, which significantly improved their ability to pick out variants.

In all cases, there was also a cluster of variant designs that wer…

Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it had been.

Then they used the new quantum-safe ratchet to implement a parallel secure messaging system.

Now, when the protocol encrypts a message, it sources encryption keys from both the classic Double Ratchet and the new ratchet.

It then mixes the two keys together (using a cryptographic key derivation function) to get a new encryption key that has all of the security of the classical Double Ratchet but now has quantum security, too.

The Signal engineers have given this third ratchet the formal name: Sparse Post Quantum Ratchet, or SPQR for short.

Good Wall Street Journal article on criminal gangs that scam people out of their credit card information:Your highway toll payment is now past due, one text warns.

You owe the New York City Department of Finance for unpaid traffic violations.

The texts are ploys to get unsuspecting victims to fork over their credit-card details.

The gangs behind the scams take advantage of this information to buy iPhones, gift cards, clothing and cosmetics.

Criminal organizations operating out of China, which investigators blame for the toll and postage messages, have used them to make more than $1 billion over the last three years, according to the Department of Homeland Security.

An electric ladder to a second-floor window, an angle grinder to get into the room and the display cases, security guards there more to protect patrons than valuables—seven minutes, in and out.

There were security lapses:The Louvre, it turns out—at least certain nooks of the ancient former palace—is something like an anopticon: a place where no one is observed.

Professional jewelry thieves were not impressed with the four.

Here’s Larry Lawton:“I robbed 25, 30 jewelry stores—20 million, 18 million, something like that,” Mr. Lawton said.

But then their value drops considerably—so the end result is that most of the worth of those items disappears.

Nor does it require a target to click on a malicious link or show any of the telltale signs (such as overheating or a short battery life) of remote monitoring.

Its secret is shrewd use of the antiquated telecom language Signaling System No.

7, known as SS7, that phone carriers use to route calls and text messages.

Any entity with SS7 access can send queries requesting information about which cell tower a phone subscriber is nearest to, an essential first step to sending a text message or making a call to that subscriber.

But First Wap’s technology uses SS7 to zero in on phone numbers and trace the location of their users.

Friday Squid Blogging: “El Pulpo The Squid”There is a new cigar named “El Pulpo The Squid.” Yes, that means “The Octopus The Squid.”As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Posted on October 24, 2025 at 5:07 PM • 0 Comments

Part Four of The Kryptos SculptureTwo people found the solution.

They used the power of research, not cryptanalysis, finding clues amongst the Sanborn papers at the Smithsonian’s Archives of American Art.

This comes as an awkward time, as Sanborn is auctioning off the solution.

There were legal threats—I don’t understand their basis—and the solvers are not publishing their solution.

Posted on October 24, 2025 at 7:01 AM • 0 Comments

Cloudflare responded by redacting Aisuru domain names from their top websites list.

One Aisuru botnet domain that sat prominently for days at #1 on the list was someone’s street address in Massachusetts followed by “.com”.

Other Aisuru domains mimicked those belonging to major cloud providers.

Sometime in the past 24 hours, Cloudflare appears to have begun hiding the malicious Aisuru domains entirely from the web version of that list.

However, downloading a spreadsheet of the current Top 200 domains from Cloudflare Radar shows an Aisuru domain still at the very top.

The 2012 indictment targeting the Jabber Zeus crew named MrICQ as “John Doe #3,” and said this person handled incoming notifications of newly compromised victims.

Two sources familiar with the Jabber Zeus investigation said Rybtsov was arrested in Italy, although the exact date and circumstances of his arrest remain unclear.

Further searching on this address in Constella finds the same apartment building was shared by a business registered to Vyacheslav “Tank” Penchukov, the leader of the Jabber Zeus crew in Ukraine.

Nevertheless, the pilfered Jabber Zeus group chats provided the basis for dozens of stories published here about small businesses fighting their banks in court over six- and se…

Experts say the Aisuru botmasters recently updated their malware so that compromised devices can more easily be rented to so-called “residential proxy” providers.

From a website’s perspective, the IP traffic of a residential proxy network user appears to originate from the rented residential IP address, not from the proxy service customer.

“I just checked, and in the last 90 days we’ve seen 250 million unique residential proxy IPs,” Kilmer said.

Brundage says that by almost any measurement, the world’s largest residential proxy service is IPidea, a China-based proxy network.

That 2022 story named Yunhe Wang from Beijing as the apparent owner and/or manager of the 911S5 proxy service.

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services.

On October 16, the Financial Transactions and Reports Analysis Center of Canada (FINTRAC) imposed a $176,960,190 penalty on Xeltox Enterprises Ltd., more commonly known as the cryptocurrency payments platform Cryptomus.

Sanders found at least 56 cryptocurrency exchanges were using Cryptomus to process transactions, including financial entities with names like casher[.

Their inquiry found that the street address for Cryptomus parent Xeltox Enterprises was listed as the home of at…

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.

Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues.

Earlier this week, KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession, each bearing the name of different Zendesk customers, such as CapCom, CompTIA, Discord, GMAC, NordVPN, The Washington Post, and Tinder.

In the example below, replying to any of the junk customer sup…

October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems.

To execute these flaws, an attacker would social engineer a target into previewing an email with a malicious Microsoft Office document.

Speaking of Office, Microsoft quietly announced this week that Microsoft Word will now automatically save documents to OneDrive, Microsoft’s cloud platform.

If you’re reluctant or unable to migrate a Windows 10 system to Windows 11, there are alternatives to simply continuing to use Windows 10 without ongoing security updates.

One option is to pay for another year’s worth of security updates through Microsoft’s Extended Security Updates (ESU)…

Traces from the recent spate of crippling Aisuru attacks on gaming servers can be still seen at the website blockgametracker.gg, which indexes the uptime and downtime of the top Minecraft hosts.

In the following example from a series of data deluges on the evening of September 28, we can see an Aisuru botnet campaign briefly knocked TCPShield offline.

“The outbound and cross-bound DDoS attacks can be just as disruptive as the inbound stuff,” Dobbin said.

“The Aisuru attacks on the gaming networks these past seven day have been absolutely huge, and you can see tons of providers going down multiple times a day,” Coelho said.

However, Forky has posted on Telegram about Botshield successfully m…

“Contact us to negotiate this ransom or all your customers data will be leaked,” the website stated in a message to Salesforce.

Nobody else will have to pay us, if you pay, Salesforce, Inc.”Below that message were more than three dozen entries for companies that allegedly had Salesforce data stolen, including Toyota, FedEx, Disney/Hulu, and UPS.

The Scattered Lapsus$ Hunters claim they will publish data stolen from Salesforce and its customers if ransom demands aren’t paid by October 10.

Google catalogs Scattered Lapsus$ Hunters by so many UNC names (throw in UNC6240 for good measure) because it is thought to be an amalgamation of three hacking groups — Scattered Spider, Lapsus$ and ShinyHu…

Members of Star Chat targeted multiple wireless carriers with SIM-swapping attacks, but they focused mainly on phishing T-Mobile employees.

However, Star Chat was by far the most prolific of the three, responsible for at least 70 of those incidents.

But U.S. prosecutors say Jubair and fellow Scattered Spider members continued their hacking, phishing and extortion activities up until September 2025.

U.S. authorities say they traced some of those payments to Scattered Spider to an Internet server controlled by Jubair.

For further reading (bless you), check out Bloomberg’s poignant story last week based on a year’s worth of jailhouse interviews with convicted Scattered Spider member Noah Urban.

The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

The Shai-Hulud worm emerged just days after unknown attackers launched a broad phishing campaign that spoofed NPM and asked developers to “update” their multi-factor authentication login options.

That attack led to malware being inserted into at least two-dozen NPM code packages, but the outbreak was quickly contained and was narrowly focused on siphoning cryptocurrency payments.

He said the first NPM package compromised by this worm appears to have been altered on Sept. 14, around 17:58 UTC.

The security-foc…

Materializing just two weeks before Russia invaded Ukraine in 2022, Stark Industries Solutions became a frequent source of massive DDoS attacks, Russian-language proxy and VPN services, malware tied to Russia-backed hacking groups, and fake news.

But a new report from Recorded Future finds that just prior to the sanctions being announced, Stark rebranded to the[.

But he maintained that Stark Industries Solutions Inc. was merely one client of many, and claimed MIRhosting had not received any actionable complaints about abuse on Stark.

However, it appears that MIRhosting is once again the new home of Stark Industries, and that MIRhosting employees are managing both the[.

Mr. Zinad did not res…

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software.

The problem here resides with Windows NTLM, or NT LAN Manager, a suite of code for managing authentication in a Windows network environment.

CVE-2025-54916 is an “important” vulnerability in Windows NTFS — the default filesystem for all modern versions of Windows — that can lead to remote code execution.

“For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,” Narang observed.

AskWoody also reminds us that we’re now just two months out from Microsoft discontinuing free security updates for Wind…

Akido is a security firm in Belgium that monitors new code updates to major open-source code repositories, scanning any code updates for suspicious and malicious code.

Once logged in, the phishers then changed the email address on file for Junon’s NPM account, temporarily locking him out.

Caturegli said it’s remarkable that the attackers in this case were not more ambitious or malicious with their code modifications.

In this case, they didn’t compromise the target’s GitHub account.

“That NPM does not require that all contributor accounts use security keys or similar 2FA methods should be considered negligence.”

The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder.

Koli-Lõks taps into real-time intelligence about daily spam volumes by monitoring large numbers of “spamtraps” — email addresses that are intentionally set up to catch unsolicited emails.

Tossavainen told KrebsOnSecurity that WinRed’s emails hit its spamtraps in the .com, .net, and .org space far more frequently than do fundraising emails sent by ActBlue.

Koli-Lõks published a graph of the stark disparity in spamtrap activity for WinRed versus ActBlue, showing a nearly fourfold increase in spamtrap hits from WinRed emails in t…

Salesloft disclosed on August 20 that, “Today, we detected a security issue in the Drift application,” referring to the technology that powers an AI chatbot used by so many corporate websites.

On August 28, Salesforce blocked Drift from integrating with its platform, and with its productivity platforms Slack and Pardot.

“Rather than creating custom malware, attackers use the resources already available to them as authorized users.”It remains unclear exactly how the attackers gained access to all Salesloft Drift authentication tokens.

Salesloft announced on August 27 that it hired Mandiant, Google Cloud’s incident response division, to investigate the root cause(s).

“We are working with Sale…

Critical infrastructure is once again in the spotlight, as it is revealed that several UK water suppliers have reported cybersecurity incidents over the last two years. Read more in my article on the Fortra blog.

South Korean police have uncovered a hacking operation that stole sensitive data from massage parlours and blackmailed their male clientele.

In reality, the hackers only had the customers' details, and did not have access to any video footage of what happened in the privacy of the massage parlours.

Victims are said to have paid amounts ranging from 1.5 million to 47 million Korean Won (approximately USD $1,000 to $32,000) each.

In all, the gang is said to have attempted to extort nearly 200 million Korean Won (approximately US $105,000) through the scheme.

Police believe that the hackers started collecting customer details from massage parlours in Seoul, Gyeonggi, and Daegu in January 2022,…

All this and more is discussed in episode 442 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Dave Bittner.

Smashing Security listeners get $1000 off!

Drata – The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

The UK Information Commissioner’s Office (ICO) has levied a fine of £200,000 (US $260,000) against a sole trader who sent almost one million spam text messages to people across the country - many of whom were already struggling with debt.

The ICO says that the spam campaign targeted people "at greater risk of harm," particularly those facing financial hardship.

Many of the spam messages made promises to "freeze interest and charges" or "write off debts."

Cases like these highlight a growing problem with small-scale but highly automated text spam operations.

And if you receive a spam text message forward it to the UK's spam reporting service at 7726.

49 people have reportedly lost family members or colleagues after the UK government leaked details of thousands of Afghan citizens who helped the British military during the Afghan war.

The death threats and intimidation by the Taliban continue, as research shared by the charity Refugee Legal Support reveals.

“I have suffered serious harm as a result of the Afghan data breach.

My father was brutally beaten to the point that his toenails were forcibly removed, and my parents remain under constant and serious threat.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

If you, or your company, value controlling the spread of your profile data you should take steps now.

Visit LinkedIn > Settings & Privacy > Data Privacy > “Data for Generative AI Improvement".

Oh, and US-based LinkedIn users?

I'm afraid that you have already been subject to AI training data collection for some time.

More and more tech companies are showing an "anything goes" attitude when it comes to training their AI systems.

All this and more is discussed in episode 441 of “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Danny Palmer.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

In episode 74 of The AI Fix, we meet Amazon’s AI-powered delivery glasses, an AI TV presenter who doesn’t exist, and an Ohio lawmaker who wants to stop people from marrying their chatbot.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

All this and more is discussed in episode 440 of “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

In episode 73 of The AI Fix, AI now writes more web content than humans and more books by ex-British prime ministers than ex-British prime ministers.

Also in this episode, Graham discovers that LLMs show all the characteristics of pathological gambling, and Mark explains why AI training is like eating a prawn buffet.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining …

Specifically, prosecutors allege that Bolton improperly retained and transmitted classified information to members of his family, via an AOL account.

Which, if found to be true, would be a serious security breach in itself.

But what makes the situation worse is that it is alleged that Iranian hackers gained access to Bolton's personal AOL account, downloaded the sensitive documents, and threatened to extort Bolton.

One has to wonder what layers of security Bolton had enabled on his AOL account.

John Bolton has pleaded not guilty to charges of sharing classified information.

Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group.

404 Media says that it has reviewed spreadsheets posted to the hacking group's Telegram channel containing the alleged personal data of 680 DHS officials, over 170 FBI email addresses, and more than 190 Department of Justice officials.

Bounties have allegedly been offered to shoot ICE and CBP officers, according to a DHS press release.

Now the hackers who posted the details of ICE, DHS, and CBP staff to Telegram have suggested that they may dox IRS officials next.

In 2016, a group called Crackas With Attitude, published the personal inform…

In a significant crackdown against online cybercriminals, German authorities have successfully dismantled a network of fraudulent cryptocurrency investment sites that has targeted millions of unsuspecting people across Europe.

In tandem, scammers at call centres pressure those who engage with the fraudulent investment sites to make further "investments".

In the case of the domains seized by Operation Heracles, the sites specifically targeted German-speaking individuals.

BaFin warns that the online trading fraud sites are particular dangerous because of their professional execution.

That sobering statistic underlines just how widespread and pernicious online investment fraud has become.

Обычно это все сразу: и сам компьютер, и мышь, и веб-камера с клавиатурой.

Конечно, от такого письма не по себе станет любому человеку, и многие люди действительно начинают беспокоиться за собственную жизнь.

Мошенники требуют срочно связаться по адресу электронной почты, указанному в письме, и дать разъяснения — тогда, возможно, санкции не последуют.

Когда испуганная жертва связывается со злоумышленниками, те предлагают «оплатить штраф» для «досудебного закрытия уголовного дела» — которого, разумеется, и в помине нет.

И совершенно неважно, что в Европоле нет президента, да и имя настоящего исполнительного директора Европола совершенно другое.

При этом проекты по внедрению SD-WAN не только быстро окупаются, но и продолжают приносить дополнительные выгоды и увеличенную эффективность по мере обновления и выхода новых версий решения.

Оптимизированные алгоритмы перенаправления трафикаЭта классическая функция SD-WAN и одно из основных конкурентных преимуществ технологии.

Чтобы такое событие не нарушило бизнес-процессы, любую смену политики в Kaspersky SD-WAN можно запланировать на конкретное время.

Есть и другие, например настройка политик безопасности при подключении к консольному порту CPE и поддержка сетей большого масштаба с 2000+ CPE и балансировкой нагрузки между несколькими оркестраторами.

О том, как все эти новшества повышают …

Группа ученых из Калифорнийского университета в Сан-Диего и Мэрилендского университета в Колледж-Парке обнаруживает, что над миром нависла невообразимая опасность, источник которой затаился в космосе.

Шестеро исследователей установили на крыше университета в прибрежном районе Ла-Хойя в Сан-Диего, Южная Калифорния, обычную геостационарную спутниковую ТВ-антенну — такие можно приобрести у любого провайдера спутникового телевидения или в магазинах электроники.

Геостационарные спутники, используемые для телевидения и связи, располагаются на орбите над экватором и движутся с той же угловой скоростью, что и Земля.

Провайдеры Wi-Fi на борту пассажирских самолетов на вопросы Wired в связи с инциден…

Наибольшей заботой о пользователях отличились Pinterest и Quora, а внизу рейтинга оказались TikTok и Facebook*.

Facebook* и YouTube планируют делать и то и другое.

Отказаться в настройках от этой перспективы можно в Pinterest, X, Quora и LinkedIn.

За группой лидеров в середине горячей десятки мы неожиданно встречаем Facebook*, YouTube и LinkedIn, предлагающие значительное количество настроек приватности.

Довести публичность до минимума лучше всего получится в Pinterest, Facebook* и TikTok, а хуже всего с этим в LinkedIn и X.ВыводыИдеала среди соцсетей найти не удалось.

В частности, они детально описали две кампании, целью которых являются атаки на разработчиков и руководителей из криптоиндустрии, — GhostCall и GhostHire.

Кампании GhostCall и GhostHire сильно отличаются друг от друга, однако зависят от общей инфраструктуры управления, почему наши эксперты и объединили их в рамках одного доклада.

Кампания GhostCallЦелями кампании GhostCall в основном являются руководители разнообразных организаций.

Инструменты, используемые злоумышленниками в кампании GhostHire, и их индикаторы компрометации также можно найти в посте в блоге Securelist.

Как защититься от атак типа GhostCall и GhostHireХотя целями GhostCall и GhostHire являются конкретные разработчики и руко…

Что такое ForumTroll и как они действуютВ марте наши технологии выявили волну заражений российских компаний ранее неизвестным сложным вредоносным ПО.

В частности, нашли еще несколько атак той же группы на организации и частных лиц в России и Беларуси.

Но самое интересное — нашим исследователям удалось идентифицировать его как коммерческое шпионское ПО Dante, разработанное итальянской компанией Memento Labs, ранее известной как HackingTeam.

Подробнее о том, что умеет Dante и по каким признакам наши эксперты поняли, что это именно оно, можно прочитать в блоге Securelist.

Кроме того, детали этого исследования, равно как и информация о группе ForumTroll и шпионском ПО Dante, которую мы получим …

И переписку, и данные о самом факте общения могут использовать в рекламе, в обучении ИИ, могут передать правоохранительным органам и спецслужбам.

Они решили сравнить популярные соцсети и мессенджеры, отсортировав их по убыванию приватности, в результате чего получился Social Media Privacy Ranking 2025.

Защита от чужаковПоказывать незнакомым людям минимум информации о пользователе критически важно для приватности и даже физической безопасности.

Сбор данных для рекламы и других целейИнформацию о пользователях, их социально-демографическом профиле и предпочтениях в той или иной мере собирают все платформы.

Discord, лидируя в общем зачете благодаря ограниченному сбору данных и отсутствию штрафо…

Почти 90% публично доступных серверов в Интернете работают на базе Linux, а общая доля Linux на рынке всех серверов превышает 62%.

Именно этого нам удалось добиться с помощью технологии Universal Linux Kernel Module, которая помогла закрыть разрыв между возможностями атаки и защиты.

Итак, давайте рассмотрим, как атакуют Linux и как этому противостоять?

Исторически решения EPP и EDR опираются на стандартные механизмы Linux для получения событий безопасности и их обработки.

Защита из ядраЧтобы сочетать высокую производительность и широкую функциональность EPP и EDR, в Kaspersky Endpoint Security for Linux внедрена принципиально новая технология Universal Linux Kernel Module.

Атака, названная Mic-E-Mouse, в теории позволит подслушивать переговоры в «секретных» помещениях, если атакующему каким-то образом удастся перехватить данные, поступающие от мыши.

Электронная схема мыши сравнивает «соседние» кадры и за счет этого определяет, на какое расстояние и в какую сторону была перемещена мышь.

Соответственно, мышь, передающая данные с частотой 4000 герц, в теории может «захватывать» звуковой диапазон с частотой максимум до 2000 герц.

Звук речи вызывает вибрации воздуха, которые передаются на столешницу, а со столешницы — на мышь, подключенную к ПК.

На компьютере установлена вредоносная программа, которая перехватывает данные с мыши и отправляет их на сервер злоумышле…

Отключаем обучение DeepSeek на ваших данныхПервым делом — уже традиционная при настройке любых чат-ботов операция по отключению обучения на ваших данных.

Хотя разработчики DeepSeek и утверждают, что они научили чат-бота не выдавать персональные данные другим пользователям, гарантий, что этого никогда не произойдет, нет.

Увы, это работает далеко не всегда и не со всеми языками.

Выбор языка интерфейса не влияет на язык вашего общения с DeepSeek — вы можете переписываться с чат-ботом на любом поддерживаемом им языке.

Управляем чатами DeepSeekВсе ваши беседы с DeepSeek собраны в левой боковой панели — как в веб-версии, так и в приложении.

Поэтому исследователи решили исходить из предпосылки, что у атакующего будет полная свобода действий: он будет иметь полный доступ и к софту, и к железу сервера, при этом конфиденциальные данные, которые они пытаются добыть, содержатся, например, на запущенной на этом сервере виртуальной машине.

Например, применение детерминированного шифрования — алгоритма, в котором определенная последовательность данных на входе всегда дает одну и ту же последовательность зашифрованных данных на выходе.

Далее запускают собственную программу в том же диапазоне памяти и запрашивают у системы TEE расшифровку ранее перехваченной информации.

Ее обход теоретически позволяет не только считывать зашифрованные да…

Полностью удалить как собственные GPT, так и свой аккаунт в ChatGPT и связанные с ним персональные данные.

Как использовать временные чаты в ChatGPTВременные чаты в ChatGPT по задумке напоминают режим инкогнито при поиске в браузере.

В приложениях ChatGPT для macOS и Windows для активации временного чата нажмите на выбор модели ИИ, и в нижней части открывшегося окна появится переключатель «Временный чат».

Надеемся, что собранный нами подробный гайд по настройкам приватности и безопасности в ChatGPT поможет вам в этом нелегком деле.

Это поможет обеспечить надежную защиту вашей учетной записи как в ChatGPT, так и в других сервисах.

Сегодня мы расскажем, чем наличие таких скрытых ссылок вредит вашему бизнесу, как злоумышленники внедряют их на легитимные ресурсы и как защитить свой сайт от такой неприятности.

Почему скрытые ссылки представляют угрозу для вашего бизнесаВ первую очередь скрытые ссылки на сомнительные ресурсы могут существенно навредить репутации вашего сайта и понизить его рейтинг, что незамедлительно отразится на поисковой выдаче.

Еще одна причина понижений позиции сайта в поисковой выдаче связана с тем, что скрытые ссылки, как правило, ведут на ресурсы с низким доменным рейтингом и нерелевантным для вашего бизнеса содержанием.

У вашего сайта есть некоторая репутация, которая оказывает влияние на рейтинг…

Наши эксперты исследовали очередную кампанию по рассылке вредоносных писем, проводимую Librarian Likho, и новые инструменты, используемые этой APT-группой.

В июньской публикации в блоге Securelist мы уже исследовали их инструментарий и пришли к выводу, что отличительной чертой группировки является то, что она не использует собственные вредоносные бинарные модули.

Разумеется, полностью отказаться от использования легитимного программного обеспечения они не смогли, однако в новой кампании они также обзавелись своими собственными разработками.

Чем известна группа Librarian LikhoLibrarian Likho — это APT-группа, специализирующаяся на кибератаках, целью которых являются организации в Российской …

Наши эксперты обнаружили кампанию по рассылке мошеннических писем от имени известных авиакомпаний и аэропортов.

На первом этапе они присылают жертве достаточно безобидное письмо от имени отдела закупок крупной авиакомпании или аэропорта, в котором анонсируют старт некой партнерской программы на 2025–2026 годы и приглашают к взаимовыгодному сотрудничеству.

Письма не содержат вредоносных вложений и ссылок, да и в документах нет никакого подвоха, поэтому базовые защитные механизмы не всегда блокируют эту переписку.

Как защитить компанию от мошенниковВ идеале следует использовать решения, которые вообще не допустят мошеннические, фишинговые и вредоносные письма до почтовых ящиков сотрудников.

Е…

It’s no longer enough to simply filter spam; organizations need a comprehensive, cloud-scale email security platform that fortifies existing investments, is simple to deploy, and provides robust, end-to-end protection.

Cisco Secure Email Threat Defense at the forefront of innovationBacked by over two decades of email gateway expertise, Secure Email Threat Defense brings the next wave of email security to your organization — it’s now a gateway solution!

With this new deployment mode, Email Threat Defense can now operate as a standalone email security gateway, providing organizations with even more flexibility in how they defend against evolving email threats.

A new licensing tier to simplify…

The New AI Connectivity ChallengeAI is driving rapid transformation and innovation across every industry.

Inside AI data centers, ultra-high performance is essential to efficiently feed XPU clusters.

Cisco Catalyst SD-WAN offers an on-demand, high-performance, and data center-agnostic network fabric that streamlines and accelerates access to AI data centers and Neocloud.

Cisco SD-WAN: On-Demand Access to GPU as-a-Service PlatformsTogether, this solution empowers rapid, cost-optimized, and secure access to next-generation AI infrastructure, ensuring innovation is never bottlenecked by the network.

How Enterprises Win With AI-Ready ConnectivityInstant AI Workload AccessSlash deployment times …

Scale security services efficiently and profitably with Cisco’s AI-powered management platformEarlier this year, we launched Cisco Security Cloud Control.

Now Cisco is introducing foundational, multi-customer management capabilities to Security Cloud Control designed specifically for the modern managed service provider (MSP).

This aligns with Cisco’s commitment to provide a platform-based operating model that streamlines every aspect of your security services business.

Get in touch with your Cisco representative to explore how the new multi-customer management capabilities in Cisco Security Cloud Control can align your operations with your growth strategy and unlock new levels of profitabil…

SE Labs awards Cisco Firewall dual AAA ratings for unmatched protection accuracy and performanceSE Labs named Cisco Secure Firewall the Best Next-Generation Enterprise Firewall of 2025.

“Behind every AAA rating is engineering excellence focused on solving real problems,” said Shaila Shankar, Senior Vice President of Engineering, Cisco Security Business Group.

“Enterprises shouldn’t have to choose between security and performance,” said Peter Bailey, Senior Vice President and General Manager of Cisco Security Business Group.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagramX

Recognizing these challenges, Cisco has launched a groundbreaking solution: the Cisco Secure Firewall 6100 Series.

Let’s dive deeper into what makes the Cisco Secure Firewall 6100 Series a game-changer.

1: Cisco Secure Firewall 6100 SeriesAdvanced Software Capabilities: The Heart of Secure FirewallingThe Cisco Secure Firewall 6100 Series isn’t just about hardware.

With the Secure Firewall 6100 Series, Cisco is not just addressing these needs—it’s redefining what’s possible.

Discover how the Cisco Secure Firewall 6100 Series can transform your organization’s security posture.

Advanced Threat Detection with Splunk Enterprise Security 8.2The Splunk Threat Research Team (STRT) along with Cisco Talos has developed targeted threat detections specifically for Cisco Secure Firewall integration.

Key Detection Examples:Cisco Secure Firewall — BITS Network ActivityThis detection identifies potentially suspicious use of the Windows BITS service by leveraging Cisco Secure Firewall’s built-in application detectors.

Using Splunk Compliance Essentials app, you can continually monitor the compliance posture across various control frameworks like CMMC, FISMA, RMF, DFARS, and even OMB M-21-31.

Call to ActionLeverage the Cisco Firewall Promotional Splunk OfferStarting August 2025,…

Identity is the new perimeter, and with Cisco Identity Intelligence, Secure Access brings continuous, adaptive access decisions to every user, device, and application.

The Blind Spot: Static View of Identity, Behavior, and Posture in a Dynamic WorldMost SSE platforms assume a user is just a login.

Cisco Identity Intelligence: Leverage User Trust Level to Reduce RiskCisco Secure Access integrates with Cisco Identity Intelligence (CII) to make SSE identity-focused, risk-aware and self-adjusting.

In September of this year, Cisco extended Secure Access integration with CII beyond user trust levels being visible in the Secure Access dashboard.

The administrator may enable, for all ZTNA-protected…

“If I could change one thing about my organization’s segmentation approach, it would definitely be to further automate and integrate our segmentation tools and processes.

This change would have significant impact on effectiveness and efficiency.” UK, IT, telecoms, and technology, 2025 Cisco Segmentation ReportSegmentation is a complex and evolving technology that bridges multiple layers of the IT stack.

The responses in the 2025 Cisco Segmentation Report make clear that in an era where 84% of organizations suffered a breach in the past year, segmentation has become the foundation of resilience.

The 2025 Cisco Segmentation Report is helping Cisco align our segmentation product strategies to …

Cisco Secure Firewall 1220, leveraging the power of its Snort3 engine, recently underwent rigorous testing, adhering to NetSecOPEN standards, demonstrating its exceptional capabilities in both performance and security efficacy.

The testing was conducted by an approved NetSecOPEN test lab, ensuring adherence to stringent industry standards for network security performance.

The Device Under Test (DUT) was a Secure Firewall tested using the latest software version, vulnerability database, and Snort update.

Loading Time for Secure Web Pages (HTTPS): On average, it takes as little as 2.159 milliseconds for the first part of a secure web page to start loading when tested with 16,000 requests per …

When we analyze many of the breaches that have taken place, there is a common theme we can use to elevate our defensive game.

Lateral movement (Tactic TA0008) tends to be leveraged as high as 70% of cyber breaches.

Even with layers, we are never going to provide 100% security effectiveness 100% of the time.

Again, no defensive capability will ever provide 100% efficacy 100% of the time but restricting this tactic significantly improves our chances.

I am challenging organizations to invest time solving the lateral movement risk that exists.

Let’s Agree on a Standard Taxonomy for SegmentationThe first step is to standardize how we talk about segmentation.

Given the rapid evolution of segmentation, its various types and the use of jargon by vendors, segmentation is in desperate need of an established taxonomy.

Fortunately, the TechRxiv paper does a great job of organizing segmentation taxonomy, separating terms into three buckets:How Segments are Delineated : The way segments are defined is a critical differentiation between segmentation types.

The Infrastructure Over Which Segmentation is Deployed : Segmentation also differs based on the underlying infrastructure.

How Enforcement is Implemented: The way segmentation is enforced…

That trust has become the foundation of McLaren’s digital resilience, especially as the team faces ever more complex and high-stakes security challenges.

That is when Cisco’s latest tech, including Wi-Fi 6E, rolled out across the McLaren Technology Centre and at race venues.

In Formula 1, every millisecond matters, and every piece of data counts, no matter where in the world team is racing.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagramX

The opportunity for defendersImplement remote access to SharePoint over a VPN or, even better, zero trust access (ZTA) — Zero trust access hides the FQDN of these systems from the internet.

— Zero trust access hides the FQDN of these systems from the internet.

Enable signatures for intrusion prevention systems and web application firewalls — SNORT: SID 65092, SID 65183.

Once we identify these systems with CVEs, we quickly remove external access to these systems instantly based on exposure.

Couple this with campus based zero trust and ZTA to the application with workload/application segmentation and we have a recipe for success.

In this post, we explore a forward-looking concept: the Dynamic Context Firewall (DCF), envisioned for the Model Context Protocol (MCP), that could offer the next generation of adaptive AI security.

This is where the idea of a Dynamic Context Firewall comes into play.

The diagram above shows a workflow for securing AI interactions using a Dynamic Context Firewall (DCF).

Potential applications for a Dynamic Context Firewall span the enterprise spectrum.

The Dynamic Context Firewall for MCP represents a vision for that future—a protocol-aware, context-driven security layer that could empower organizations to embrace powerful AI workflows with confidence in their security, privacy, and complia…

By providing “paved paths”—developer-friendly, pre-configured security solutions that integrate seamlessly into existing workflows—security becomes a natural part of the development process, not an add-on.

Security as a First-Class Service: Treating security solutions and services as first-class offerings, complete with dedicated resources for development, maintenance, and operation, signals their importance.

Empathy is Key: Perhaps most critically, security teams must operate from a position of empathy.

This approach has fostered a vibrant community of developers eager to learn, share, and co-design security solutions, viewing security as a shared organizational goal rather than solely the…

According to IDC’s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year increase.

Read IDC’s latest research, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond, to dive deep into the future of cloud security—and what it means for chief information security officers (CISOs), security architects, and product leaders.

The role of the CISO is evolving to align security with business prioritiesIn 37% of organizations, CISOs now have ownership over cloud security management.

Learn moreRead IDC’s full whitepaper, The Next Era of Cloud Security: Cloud-Native Application Protection Pl…

Because, at this moment in history, those of us who understand critical infrastructure security have a responsibility to act.

DORA was similarly adopted to bolster the digital resilience of financial entities operating within the EU.

The release of the Microsoft Digital Defense Report provides the latest intelligence on the cyberthreat landscape and actionable recommendations for organizations worldwide.

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

To help security teams better face the growing challenges, generative AI offers transformative capabilities that can bridge critical gaps.

In a newly released e-book from Microsoft, we share multiple scenarios that showcase how Microsoft Security Copilot, powered by generative AI, can empower security analysts, accelerate incident response, and improve operational inefficiencies.

Key statistics on the realities of today’s security operations center (SOCs).

Learn more with Microsoft SecurityTo learn more about Microsoft Security solutions, visit our website.

1 “Generative AI and Security Operations Center Productivity: Evidence from Live Operations,” page 2, Microsoft, November 20242 Cyberse…

To help security teams better face the growing challenges, generative AI offers transformative capabilities that can bridge critical gaps.

In a newly released e-book from Microsoft, we share multiple scenarios that showcase how Microsoft Security Copilot, powered by generative AI, can empower security analysts, accelerate incident response, and improve operational inefficiencies.

Key statistics on the realities of today’s security operations center (SOCs).

Learn more with Microsoft SecurityTo learn more about Microsoft Security solutions, visit our website.

1 “Generative AI and Security Operations Center Productivity: Evidence from Live Operations,” page 2, Microsoft, November 20242 Cyberse…

Microsoft and OpenAI jointly investigated the threat actor’s use of the OpenAI Assistants API.

Instead, it uses OpenAI Assistants API to fetch commands, which the malware then decrypts and executes locally.

First, the backdoor queries the vector store list from OpenAI using the OpenAI Assistants API and the hardcoded API key.

Reading message from OpenAIThe message retrieved from OpenAI using thread ID and message ID might look like this:Figure 12.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

5 Generative AI Security Threats You Must Know About A definitive guide to unifying security across cloud and AI applications.

For a deeper dive into critical threats and practical guidance on mitigation, read the full Microsoft guide: 5 Generative AI Security Threats You Must Know About.

Redefining security for the generative AI eraAs generative AI becomes foundational, security leaders must evolve their strategies.

To understand the top AI-powered cyberthreats and how to mitigate them, get the e-book: 5 Generative AI Security Threats You Must Know About.

1 Microsoft Digital Defense Report 20252Accelerate AI transformation with strong security: The path to securely embracing AI adoption in…

Security teams are left managing a constellation of users, infrastructure, and tools scattered across hybrid environments or even multivendor ecosystems.

ITDR for the modern enterpriseSuccessful identity security practices understand that seams in protection are the real enemy of identity security.

While both identity and security teams play critical roles in ITDR, it is just one piece of their overall charter and goal.

For instance, identity security posture recommendations are essential but only one piece of broader security hardening.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Security teams are left managing a constellation of users, infrastructure, and tools scattered across hybrid environments or even multivendor ecosystems.

ITDR for the modern enterpriseSuccessful identity security practices understand that seams in protection are the real enemy of identity security.

While both identity and security teams play critical roles in ITDR, it is just one piece of their overall charter and goal.

For instance, identity security posture recommendations are essential but only one piece of broader security hardening.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

AI has fundamentally changed the equation, impacting the speed, scale, and sophistication of cyberattacks in ways that render many traditional defensive assumptions obsolete.

Steps to strengthen resilience and response across your organizationThe acceleration we are witnessing—cyberattack speed, operational scale, and technical sophistication—demands an equivalent acceleration in our response.

We are architects of organizational resilience in an era where cyberthreats move at machine speed and span continents.

Learn more with Microsoft SecurityTo learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the l…

AI has fundamentally changed the equation, impacting the speed, scale, and sophistication of cyberattacks in ways that render many traditional defensive assumptions obsolete.

Steps to strengthen resilience and response across your organizationThe acceleration we are witnessing—cyberattack speed, operational scale, and technical sophistication—demands an equivalent acceleration in our response.

We are architects of organizational resilience in an era where cyberthreats move at machine speed and span continents.

Learn more with Microsoft SecurityTo learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the l…

Security Store is the gateway for customers to easily discover, buy, and deploy trusted security solutions and AI agents from leading partners—all verified by Microsoft Security product teams to work seamlessly with Microsoft Security products.

Security Store: Your gateway to stronger securityReleased to public preview on September 30, 2025, Microsoft Security Store brings together a diverse catalog of security solutions and AI-powered agents from Microsoft and leading partners—all in one unified experience.

The Security Store is the place to discover, buy, and deploy security solutions and agents that work with Microsoft Security products, helping organizations strengthen their security.

F…

Security Store is the gateway for customers to easily discover, buy, and deploy trusted security solutions and AI agents from leading partners—all verified by Microsoft Security product teams to work seamlessly with Microsoft Security products.

Security Store: Your gateway to stronger securityReleased to public preview on September 30, 2025, Microsoft Security Store brings together a diverse catalog of security solutions and AI-powered agents from Microsoft and leading partners—all in one unified experience.

The Security Store is the place to discover, buy, and deploy security solutions and agents that work with Microsoft Security products, helping organizations strengthen their security.

F…

We also provide threat detections to help contain and prevent Blob Storage threat activity with Microsoft Defender for Cloud’s Defender for Storage plan.

How Azure Blob Storage worksAzure Storage supports a wide range of options for handling exabytes of blob data from many sources at scale.

Attack techniques that abuse Blob Storage along the attack chainReconnaissanceThreat actors enumerate Blob Storage to identify publicly exposed data and credentials that they can leverage later in the attack chain.

Enterprises often use Azure Data Factory and Azure Synapse Analytics to copy and transform data from Azure Blob Storage.

To hear stories and insights from the Microsoft Threat Intelligence com…

We also provide threat detections to help contain and prevent Blob Storage threat activity with Microsoft Defender for Cloud’s Defender for Storage plan.

How Azure Blob Storage worksAzure Storage supports a wide range of options for handling exabytes of blob data from many sources at scale.

Attack techniques that abuse Blob Storage along the attack chainReconnaissanceThreat actors enumerate Blob Storage to identify publicly exposed data and credentials that they can leverage later in the attack chain.

Enterprises often use Azure Data Factory and Azure Synapse Analytics to copy and transform data from Azure Blob Storage.

To hear stories and insights from the Microsoft Threat Intelligence com…

Survey shows Android users’ confidence in scam protectionsGoogle and YouGov3 surveyed 5,000 smartphone users across the U.S., India, and Brazil about their experiences.

The findings were clear: Android users reported receiving fewer scam texts and felt more confident that their device was keeping them safe.

Android users were 58% more likely than iOS users to say they had not received any scam texts in the week prior to the survey.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

As an extra safeguard, Google Messages also helps block suspicious links in messages that are determined to be spam or scams.

What's worse, many plaintext HTTP connections today are entirely invisible to users, as HTTP sites may immediately redirect to HTTPS sites.

To address this risk, we launched the “Always Use Secure Connections” setting in 2022 as an opt-in option.

We now think the time has come to enable “Always Use Secure Connections” for all users by default.

For more than a decade, Google has published the HTTPS transparency report, which tracks the percentage of navigations in Chrome that use HTTPS.

Since HTTP navigations remain a regular occurrence for most Chrome users, a naive approach to warning on all HTTP navigations would be quite disruptive.

To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity.

Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.

An overwhelming 85% of all participants found the event useful for learning how AI can be applied to security workflows.

This positive feedback highlights that AI-centric CTFs can play a vital role in speeding up AI education and adoption in the security community.

We are committed to advancing the AI cybersecurity frontier…

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service .

The block will expire shortly after those requests stop.

In the meantime, solving the above CAPTCHA will let you continue to use our services.This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests.

If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible.

Learn more Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very qu…

At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos.

Pixel Camera attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

Google Photos attaches Content Credentials to JPEG images that already have Content Credentials and are edited using AI or non-AI tools, and also to any images that are edited using AI tools.

Building a More Trus…

Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics.

Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification.

This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar.

With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads.

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the hi…

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts.

Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and distribute provenance.

With an estimated value exceeding $12 trillion, open source software has never been more integral to the global economy.

For publishers and maintainers of open source packages, OSS Rebuild can...

If you're a developer, enterprise, or security researcher interested in OSS security, we invite you to follow along and get involved!

Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures.

This is particularly useful for Advanced Protection users, since in 2023, plaintext HTTP was used as an exploitation vector during the Egyptian election.

JavaScript Optimizations and Security Advanced Protection reduces the attack surface of Chrome by disabling the higher-level optimizing Javascript compilers inside V8.

Javascript optimizers can be disabled outside of Advanced Protection Mode via the “Javascript optimization & security” Site Setting.

We…

Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approachGoogle has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle.

From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level.

Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article.

Moving forwardOur comprehensive prompt injection security strategy strengthens the overall security framework for Gemini.

The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

To safeguard Chrome’s users, and preserve the integrity of the Chrome Root Store, we are taking the following action.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described in this blog post by installing the corresponding root CA certificate as a locally-trusted root on the platform Chrome is running (e.g., install…

Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems.

In 2019, using the same physical assumptions – which consider qubits with a slightly lower error rate than Google Quantum AI’s current quantum computers – the estimate was lowered to 20 million physical qubits.

Normally more error correction layers means more overhead, but a good combination was discovered by the Google Quantum AI team in 2023.

Another notable error correction improvement is using "magic state cultivation", proposed by the Google Quantum AI team in 2024, to reduce the workspace required for certain basic quantum operations.

These algorithms can already be deployed to d…

To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users.

Advanced Protection gives users:Best-in-class protection, minimal disruption: Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Defense-in-depth: Once a user turns on Advanced Protection, the system prevents accidental or malicious disab…

Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.

Now, Google Play Protect live threat detection will catch apps and alert you when we detect this deceptive behavior.

We’ve made Google Play Protect’s on-device capabilities smarter to help us identify more malicious applications even faster to keep you safe.

Google Play Protect now uses a new set of on-device rules to specifically look for text or binary patterns to quickly identify malware families.

This update to Google Play Protect is now available globally for all Android…

Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data.

Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts.

Chrome has always worked with Google Safe Browsing to help keep you safe online.

Standard Protection users will also benefit indirectly from this feature as we add newly discovered dangerous sites to blocklists.

Beyond tech support scams, in the future we plan to use the capabilities described in this post to help detect other popular scam types, such as package tracking scams and unpaid toll scams.

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers.

This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources.

Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1).

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1…