Зачем нужны тренировки, если можно перепрошить человека на клеточном уровне…

Как изучать беременность без беременных и спасти миллионы жизней? Ответ найден.

Индийский суд спасает адвокатов от насмешек.

Всплывшие технические детали позволили понять истинный масштаб инцидента.

Один текстовый файл стоил компании всей сети.

Что это, если не работа мечты для любого гуманоида?

Данные пассажиров уходят спецслужбам без ордера.

То, что казалось рутинной коммуникацией, превращается в рычаг для получения полномочий.

Берегись, Claude Code! ИИ от OpenAI удвоил свою эффективность.

Самая современная память оказалась уязвимой при самом же обновлении.

Новые правила превращают каждого местного CISO в заложника собственной профессии.

Израиль нашел и заморозил "черную кассу" Ирана.

В эфире AM Live «Защита данных от утечек и несанкционированного доступа» эксперты рассказали, как выстроить многоуровневую безопасность и что сделать уже сегодня, чтобы избежать катастрофы завтра.

Какие данные находятся в зоне наибольшего риска и на какие инструменты стоит обратить внимание в первую очередь?

Прогнозы: как будут развиваться системы предотвращения утечекАрен Торосян:«Системы могут развиваться вширь и в глубину.

Как изменилось ваше отношение к защите данных от утечек после эфира?

Помните: вложения в безопасность данных — это не затраты, а стратегическая инвестиция в устойчивое будущее вашего бизнеса, которая окупится сохранённой репутацией и доверием клиентов.

В „Кибердоме“ мы последовательно подчёркиваем: киберустойчивость начинается не с высоких технологий, а с дисциплины сотрудников и зрелости процессов.

Причиной большинства инцидентов, ведущих к блокировке доменов и остановке бизнеса, являются:Разделегирование доменов вследствие утративших актуальность данных.

В нерусской кириллице, в частности, в татарской и башкирской, есть буквы, очень схожие с русскими, чем пользуются создатели фишинговых ресурсов и киберсквоттеры.

Я так понимаю, что, пока нет сайта и не нарушаются ничьи права, то и предъявить-то нечего».

Оно не требует существенных затрат ресурсов, тогда как игнорирование порождает серьезные риски, чреватые значительными убытками, как пр…

Поэтому отдельные принципы STEM — это отражение той советской системы, которая была признана «неэффективной» в России и заменена на нынешнюю систему в прошедшие десятилетия.

Умение применять знания в реальных условиях прививается студентам во время проектного обучения и в ходе проведения экспериментов.

STEM-образование в российских вузахВ начале статьи был задан вопрос, нужно ли применять STEM-подходы для подготовки специалистов в области ИТ и ИБ.

Интерес к формату летнего буткемпа «ИТ-лагерь T1» растетКакое реальное положение с STEM в России сейчас?

Студенты интересовались прежде всего тем, что изменится в будущем в специальностях, связанных с ИТ и ИБ, в связи с активным внедрением искусст…

Именно этим обусловлен растущий спрос на платформы для проведения тренировок по ИБ — такие, как Standoff Defend.

Структура работы на онлайн-полигонеРассмотрим подробнее, какие возможности онлайн-полигона Standoff Defend будут интересны для команд SOC и специалистов по ИБ.

Структура мини-кибербитвы в онлайн-форматеПользовательский опыт на Standoff Defend и варианты подпискиВот как выглядит путь пользователя на онлайн-полигоне:Входное тестирование для определения уровня компетенций нового участника.

Процесс работы Standoff Defend LightТаким образом, версия киберполигона Standoff Defend PRO отличается Standoff Defend Light возможностью прохождения тренировок в режиме «Реагирование» и возможнос…

Денис Кораблев , управляющий директор, директор по продуктам Positive Technologies.

, управляющий директор, директор по продуктам Positive Technologies.

Презентация российских NGFW от их создателейДля начала мы дали каждому из экспертов возможность рассказать о своем продуктовом предложении.

Презентация NGFW от компании UserGateАлексей Данилов:«Компания “ИнфоТеКС” представляет два продукта: NGFW + ГОСТ VPN и NGFW + Data Center.

Денис Кораблев, управляющий директор, директор по продуктам Positive TechnologiesКирилл Прямов:«Крайне важно, чтобы IPS анализирует весь SSL-трафик.

Шкала критической значимости уязвимостей по CVSS ScoreНайденные баги интерпретируют согласно CWE (Common Weakness Enumeration) — общепринятой системы классификации уязвимостей ПО.

Программы Bug Bounty от российских заказчиковОсновными клиентами рынка Bug Bounty в России является крупный бизнес: банки, интернет-сервисы, ретейл и разработчики ИТ-продуктов.

Она представлена на платформах Standoff Bug Bounty и BI.ZONE Bug Bounty, позволяя исследователям получить до 500 тысяч рублей.

Bug Bounty в России постепенно трансформируется из разовой инициативы в полноценный элемент комплексной киберзащиты.

В перспективе участие в Bug Bounty может стать стандартной практикой для организаций и важным этап…

Константин Мельников, руководитель департамента спецсервисов Infosecurity (ГК Softline), рассказывает, как оценить DRP-провайдера и измерить его реальную эффективность, а не маркетинговые обещания.

DRP — это не «коробочный» продукт, который достаточно купить и внедрить.

Точки над «i»: SOC и DRP — не замена друг другуЧтобы выстроить эффективную систему кибербезопасности, нужно чётко понимать роль каждого инструмента.

Поэтому при выборе провайдера стоит сфокусироваться на ключевых критериях, а не на стоимости.

Сервис, который не инвестирует в обновление функционала и не адаптируется к новым технологиям (например, ИИ-фишингу), устареет за один год.

При этом рынок NGFW в России сравнительно молодой.

Дмитрий Головко выделил в NGFW от «‎Лаборатории Касперского‎» встроенный антивирус, который работает в двух режимах — потоковый и объектный, с поддержкой технологий искусственного интеллекта и машинного обучения.

Этого будет достаточно, чтобы человек уверенно мог работать с NGFW — установить его, настроить.

Николай Куликов, руководитель направления комплексных решений NGFW, ГК «Солар»Денис Кораблев:«‎Если не работает NGFW, то не работает ничего.

Есть спрос на NGFW в сегментах среднего и малого бизнеса.

Современные решения включают поведенческий анализ, эмуляцию исполнения, песочницы, машинное обучение, чтобы приблизиться к стопроцентному обнаружению угроз и снизить число ложноотрицательных срабатываний.

Важную роль играет и контроль цепочки процессов — подозрительную активность, зафиксированную антивирусом и приводящую к выполнению стороннего кода, нужно немедленно блокировать.

Представьте: злоумышленник удаляет или портит файлы лицензии и в один момент ваша защита либо отключается полностью, либо переходит в ограниченный режим работы.

Современные антивирусы научились распознавать такие уловки, анализируя не только подписи, но и контекст выполнения каждого процесса, его расположение и пов…

Обзор российского рынка виртуализацииМаксим Березин рассказал о ситуации на рынке виртуализации в России.

Рынок виртуализации в РоссииВ марте 2022 года крупнейший разработчик программного обеспечения для виртуализации VMware ушёл с российского рынка.

Сейчас 80% рынка использует седьмую версию основных продуктов VMware для виртуализации серверов, сетей и дисков.

Есть отдельное требование ФСТЭК России к средам виртуализации (приказ № 187), а также предписания по защите виртуализации в приказах № 117, 239 и 21.

Важно иметь план “Б”, и это легко сделать — zVirt инсталлируется за пять шагов, поддерживает автоматическое обновление».

Важно защищать игроков не только во время проведения соревнований, но и в повседневной жизни.

Подходит для государственных учреждений (вузы, университеты, институты, школы) и для коммерческих организаций (частные школы, дополнительное образование).

Дистанционная медицинаСовременная медицина получила стремительное развитие и в онлайн-среде.

В 2024 году число атак в области медицины увеличилось в полтора раза и продолжает расти в 2025 году.

Подробнее о курсах и программах можно прочесть в статье «25 актуальных курсов по информационной безопасности: платные и бесплатные, удалённые и очные».

Были прецеденты и в России, например, убийство активиста Антона Егоровцева преследователем его супруги.

Это касается как поиска потенциальных жертв, так и возможностей для её преследования.

От сталкинга к киберсталкингуПереход от традиционного сталкинга к киберсталкингу был постепенным.

Причин тому две:Сталкинг как таковой в России (и не только) не является наказуемым деянием.

Его отправили в психиатрическую больницу только после того, как по его вине возник пожар.

Raft-хранилище в StarVault 1.2За хранение, генерацию и обработку секретов в StarVault отвечают механизмы управления секретами — функциональные компоненты, которые обеспечивают выполнение операций с секретами по заданным правилам.

Добавление механизма SSH в StarVault 1.2Механизм Transit выполняет криптографические функции для данных в процессе передачи — шифрование / дешифрование данных без сохранения.

Механизм также может подписывать и проверять данные, генерировать хэши и HMAC данных и выступать как источник случайных байтов.

Helm-чарт предоставляет возможность развёртывания StarVault в нескольких конфигурациях в зависимости от целей и среды эксплуатации:Dev — одиночный сервер StarVault, р…

Электронная подпись в России является полноценным аналогом собственноручной подписи и наделена равной юридической силой.

Российский документооборот совершил цифровой скачок, и в его основе лежит технология, которая полностью изменила правила игры.

Виды электронной подписи: простая, усиленная и квалифицированнаяПавел Смирнов рассказал, что основной закон, который регулирует эту сферу (№63-ФЗ «Об электронной подписи»), выделяет три вида — простая электронная подпись, усиленная неквалифицированная (УНЭП) и усиленная квалифицированная (УКЭП).

Павел Смирнов, директор по развитию, «КриптоПро»Что мешает массовому применению электронной подписи в России?

Усовершенствованные форматы нужны для длител…

Российский рынок систем управления правами доступа и учетными записями (IdM / IAM / IGA) продолжает расти.

IdM, IAM, IGA: в чем разницаIdM, IAM и IGA — это взаимосвязанные, а точнее взаимодополняющие понятия, которые используются в контексте ИБ для управления учетными записями и и правами доступа.

Одно время эксперты считали, что IGA полностью вытеснит из обихода термины IAM и IdM, однако этого не произошло.

1IDMПлатформа 1IDM от одноименного разработчика работает на базе технологий «1С:Предприятие» и предназначена для управления учетными записями и правами доступа пользователей в государственных и коммерческих организациях любого масштаба.

Особенности продукта:Модульная и отказоустойчивая …

АЭС как гигантский самоварЧтобы понять, как взломать ядерный реактор, сперва разберемся, как он работает.

Если (критичность) — реактор работает стабильно, как на круиз-контроле, вырабатывая постоянную мощность.

Авария на АЭС Три-Майл-Айленд в США в 1979 году произошла на реакторе типа PWR, таком же, как современные АЭС.

В сочетании с реальной аварией на АЭС это посеет панику и недоверие к властям, которые не смогут внятно объяснить происходящее.

Такие люди, как Рубен Сантамарта, указывают на слабые места не для того, чтобы посеять страх, а чтобы сделать систему сильнее.

Признаки эксплуатации: по данным ESET Research, уязвимость CVE-2025-8088 использовалась в целевых фишинговых атаках группировки RomCom, которые затронули финансовые, производственные, оборонные и логистические компании в Канаде и Европе.

Уязвимости в платформе SAP NetWeaver💥 PT-2025-20812 (CVE-2025-42999, CVSS — 9,1)💥 PT-2025-17845 (CVE-2025-31324, CVSS — 10,0)SAP NetWeaver – базовая платформа SAP для запуска приложений и интеграции систем.

Отсутствие проверки авторизации (CVE-2025-31324) и небезопасная десериализация (CVE-2025-42999) позволяют неаутентифицированным злоумышленникам добиваться удалённого выполнения кода и захватывать системы, данные и процессы SAP.

🔻 Эксплуатация возможна и …

И в их превентивном обнаружении может помочь максимально полное и всестороннее тестирование.

По пути от контроллера до самого запроса данные никак не очистили и не санитизировали.

И в блоге информация обязательно об этом будет, так что подписывайтесь.

Поток байтов берётся из запроса, и на основе их объект восстанавливается.

И в случае возникновения проблемы, из-за обилия ложной информации её диагностирование и исправление может быть весьма проблематичным.

ПредисловиеСемь специалистов, семь Excel-таблиц, и десятки требований регуляторов, которые обновляются со скоростью света.Каждая проверка — это гонка с дедлайном, хаос в переписках и отчаяние в глазах команды.

При этом требования обновляются, формы меняются, а сроки на предоставление информации часто измеряются днями, а не неделями.

Ситуация настолько хаотична, что в среднем подготовка к аудиту занимала месяц.

Не потому, что специалисты не знали, что делать, а потому что процесс не был централизованным и контролируемым.

Если сотрудник увольняется или уходит в отпуск, работа не останавливается: SECURITM хранит и процессы, и данные, и историю изменений.

Let's Encrypt не просто конкурировал с SSL-картелем, они буквально обоссали всю их бизнес-модель.

Большинство платных сертификатов используют ту же доменную валидацию (DV), что и Let's Encrypt.

Экономика слишком соблазнительна:Стоимость предоставления Let's Encrypt SSL: $0Цена "премиального" SSL: $50-200/годЧистая маржа: 100%Их гнидо-тактика:Скрытие бесплатных опцийБольшинство хостинг-компаний предлагают Let's Encrypt SSL, но прячут это в запутанных меню или технической документации.

Доменная валидация против расширенной валидации: последний рубежКогда базовые SSL-сертификаты стали бесплатными, сертификатная индустрия сделала свою последнюю ставку на сертификаты "расширенной валидации" (EV)…

Первый компьютер с именем StorageServer и ip адресом 17.17.17.200, данный компьютер находится в домене st.local, на нём находятся копии баз данных.

Второй компьютер с именем adminivan и ip адресом 17.17.17.17, данный компьютер находится в домене st.local, c которого администратор подключается с учётной записью storageadmin.

Если компьютера не будет в списке удаленные компьютеры, то в соединении будет отказано.

Если у пользователя не будет сертификата пользователя или он будет отозван, то в соединении будет отказано.

Теперь попробуем подключится с компьютера adminivan и учетной записью storageadmin на компьютер StorageServer по rdp.

В докладе на примерах реальных кейсов разберём:нетривиальные векторы проникновения в процессы разработки (через зависимости и интеграции);тактики и инструменты атакующих;как LLM используется в атаках и где возникают дополнительные уязвимости при его интеграции в SDLC.

Конечно же, поговорим и про «вайбкодинг», и о том, как генеративные инструменты ускоряют получение рабочих прототипов и фич.

Поговорим о траекториях — куда и как развиваться, как масштабировать влияние, что менять в командах и процессах.

Ну и куда без тем про суперсилы и роадмапы развития, сломанный наём и обучение джунов с кайфом и пользой для собственного роста.

Раньше у нас были доклады про «что такое PWA и как это работает…

Меня зовут Владимир и я ведущий исследователь веб‑угроз.

С начала 2025 года я начал отслеживать CVE для веб-уязвимостей и способы их эксплуатации при помощи разработанного мной решения.

В летнем дайджесте я пересмотрел подход к сбору статистики и решил дать более широкую картину того в каких решениях находили наибольшее количество уязвимостей.

Так в ТОП-10 по общему количеству уязвимостей попали решения на Java, веб-интерфейсы сетевых устройств, Apache, а гордо закрыли список решения на Python.

ДинамикаВ сравнении с весной общее количество CVE и количество высококритичных уязвимостей снизилось на 7%, а количество эксплойтов под CVE наоборот увеличилось на 6%.

Для такой проверки нанимают «этичных хакеров» — специалистов по кибербезу, которые ищут уязвимости в чужих системах легально, с разрешения их владельцев и в рамках договорных отношений.

При этом в законах нет четкого определения того, как можно, и как нельзя проверять системы на прочность.

Почему мы выбрали Black Box для проверки облачной инфраструктуры Битрикс24Для нас проверки на уязвимость — это не формальность, а жизненная необходимость.

Планируя пентесты, мы задавались вопросом, стоит ли вмешиваться в работу подрядчика и как можно контролировать ее качество?

Мы понимаем, насколько комфортно работать в доверии, поэтому договорились, что не будем постоянно дергать коллег, выясняя, наскол…

Для начинающих специалистов (аналитиков информационной безопасности и пентестеров) умение составлять отчет по результатам пентеста является обязательным навыком.

Так и строится структура отчета: «краткая часть» для менеджмента и «техническая часть» для специалистов.

⚠️Важно: все работы по тестированию на проникновение (или анализу защищенности) информационных систем проводятся строго в рамках договора, технического задания и с согласия заказчика.

Данный раздел ориентирован на руководство и топ-менеджмент компании заказчика, поэтому старайтесь избегать использования технических терминов, жаргонизмов и сленга, понятного только в кругу пентестеров.

ЗаключениеХорошо составленный отчет по резуль…

Проверяем уровень безопасности дата-центраВ России пока нет отдельного закона или постановления, которое устанавливало бы конкретные требования к центрам обработки данных (ЦОД).

Не всегда и не всякому бизнесу строго необходим ЦОД именно III или IV уровня, кому-то может подойти и II уровень.

Такие дата-центры в нашей стране есть, и это вовсе не характеризует их ЦОДы как ненадежные.

Но эти требования важны только для финансовых организаций и участников платежных систем: подавляющему большинству бизнесов в это погружаться нет смысла.

Кибербезопасность и информационная безопасность — это не одно и то же, потому что кибербезопасность — это только про защиту цифровой информации.

Использование галлюцинаций LLM для распространения вредоносного кода через опенсорсные репозиторииВ результате галлюцинаций чатботов в интернете возникли потоки трафика к несуществующим сайтам в поиске выдуманных вещей.

То же самое происходит в опенсорсе, где LLM придумывает названия несуществующих библиотек и предлагает вайбкодерам скачать эти пакеты.

В марте 2025 года стало известно о новой атаке типа slopsquatting (слопсквоттинг), которая заключается в создании вредоносных опенсорсных пакетов и библиотек, сгаллюцинированных в LLM.

Эффективность защитных мерВ таблице показано, насколько уменьшается уровень галлюцинаций после применения разных способов защиты.

Необходимы дальнейшие исследо…

Мы разрабатывали утилиту для стеганографии ChameleonLab и решили добавить поддержку современных форматов изображений, таких как WebP и AVIF.

Эта статья — рассказ о том, почему классический LSB-метод стеганографии не работает с форматом AVIF, даже в режиме "lossless", и почему WebP в этом плане гораздо сговорчивее.

Тайна AVIF: Почему "Lossless" — не всегда LosslessМы взяли тот же подход для AVIF.

Вот код нашего диагностического скрипта:import numpy as np import imageio.v2 as imageio def read_avif_as_rgb(filepath): """Читает AVIF и гарантированно возвращает RGB numpy array."""

Для форматов вроде AVIF и JPEG можно использовать другие методы, например, бинарное добавление данных в конец файла (…

Представители Google сообщили, что хакеры создали поддельную учетную запись в системе Law Enforcement Request System (LERS).

Эта платформа компании используется правоохранительными органами для подачи официальных запросов на предоставление данных.

LERS и eCheck используются полицией и спецслужбами разных стран мира для передачи судебных запросов и постановлений, а также запросов на срочное раскрытие информации.

«Мы установили, что в нашей системе для запросов от правоохранительных органов была создана мошенническая учетная запись, и отключили ее, — сообщил журналистам представитель Google.

Отмечается, что хакеры опубликовали скриншоты якобы полученного доступа вскоре после объявления о том,…

В сеть попали около 600 ГБ внутренних документов, исходных кодов, рабочих логов и внутренней переписки разработчиков, а также репозитории пакетов и операционные руководства, используемые для создания и поддержания китайской национальной системы фильтрации трафика.

По словам исследователей, утечка содержит полноценные системы сборки для DPI-платформ, а также кодовые модули, отвечающие за распознавание и замедление определенных инструментов обхода блокировок.

При этом ее первые развертывания строились на серверах HP и Dell, а затем, в ответ на санкции, перешли на оборудование китайского производства.

DPI-инфраструктура Geedge Networks также экспортировалась в другие страны (включая Пакистан, …

Эксперты «Лаборатории Касперского» обнаружили новую волну атак группы Head Mare, нацеленных на российские и белорусские компании.

Хакеры продолжают совершенствовать набор своих инструментов для получения первоначального доступа и закрепления в системе.

Предполагается, что таким способом атакующие пытались обойти средства защиты, рассчитывая на то, что в случае обнаружения одного бэкдора в системе останутся остальные.

Также злоумышленники заранее подготовили набор дополнительных компонентов и использовали цепочку бэкдоров — PhantomCSLoader и PhantomSAgent — для закрепления в системе.

Это тоже указывает на то, что в случае выявления одного из вредоносных компонентов другой должен был продолжи…

Атака основывалась на том факте, что информация о балансе хранилась на карте локально, а не в защищенной онлайн-базе данных.

В своем отчете исследователи рассказали, что KioSoft потребовалось более года для выпуска патча.

Так, специалисты впервые связались с KioSoft еще в октябре 2023 года, однако производитель не отвечал им до тех пор, пока к делу не подключились эксперты CERT.

Также в KioSoft подчеркнули, что в будущем планируют выпустить новые аппаратные решения с лучшей защитой.

При этом в KioSoft отказались предоставить номера версий уязвимых и исправленных релизов, утверждая, что пострадавшие клиенты будут уведомлены в частном порядке.

Справка: сканирование портовСка­ниро­вание пор­тов — стан­дар­тный пер­вый шаг при любой ата­ке.

Он поз­воля­ет ата­кующе­му узнать, какие служ­бы на хос­те при­нима­ют соеди­нение.

На осно­ве этой информа­ции выбира­ется сле­дующий шаг к получе­нию точ­ки вхо­да.

На­ибо­лее извес­тный инс­тру­мент для ска­ниро­вания — это Nmap.

Улуч­шить резуль­таты его работы ты можешь при помощи сле­дующе­го скрип­та:#!/ bin/ bash ports = $( nmap -p- --min-rate = 500 $1 | grep ^[ 0- 9] | cut -d '/ ' -f 1 | tr ' ' ', ' | sed s/, $/ / ) nmap -p $ports -A $1

На прошлой неделе ИБ-компания Huntress опубликовала исследование, основанное на том, что злоумышленник установил пробную версию ее продукта.

Логи Huntress показали, что все началось с того, что атакующий выполнил в Google поиск по запросу «Bitdefender», но в итоге скачал пробную версию EDR Huntress по спонсорской ссылке Google, появившейся в верхней части результатов поиска.

После этого специалисты Huntress получили возможность отслеживать всю активность злоумышленника, что и делали в течение трех месяцев.

«Мы впервые столкнулись с хостом, упомянутым в этой публикации, потому что отреагировали на многочисленные оповещения, связанные с выполнением на нем вредоносного ПО.

Также подчеркивается…

Специалисты ESET обнаружили новую вымогательскую малварь HybridPetya, которая может обходить защиту UEFI Secure Boot для установки вредоносного приложения в системный раздел EFI.

Исследователи обнаружили образец HybridPetya на VirusTotal.

Однако уже сейчас HybridPetya представляет собой UEFI-буткит с функциональностью обхода Secure Boot и реальную угрозу, равно как и другие похожие вредоносы (BlackLotus, BootKitty и Hyper-V Backdoor).

Однако разработчики добавили новые элементы, включая установку малвари в системный раздел EFI и возможность обхода Secure Boot путем эксплуатации уязвимости CVE-2024-7344.

Напомним, что проблема связана с подписанным Microsoft приложением, которое может исполь…

По информации СМИ, среди злоумышленников распространяется практика аренды пользовательских аккаунтов в мессенджере Max, ранее популярная у мошенников в WhatsApp.

Такая «услуга» стоит от 10 до 250 долларов США, и учетную запись можно взять в аренду на срок от одного часа.

В пресс-службе Max сообщили, что суммарно в августе 2025 года в мессенджере было заблокировано около 67 000 подозрительных аккаунтов, выявлено и удалено более 13 000 вредоносных файлов.

«Для выявления мошенников специалисты Центра безопасности Max в том числе используют автоматизированные системы: уже реализована проверка номеров в партнерстве с "Лабораторией Касперского", также в Max приступили к внедрению технологий антиф…

«Статья имеет ознакомительный характер и предназначена для специалистов по безопасности…» — теперь он есть на футболке, и заказать ее можно прямо сейчас.

Эти футболки созданы для всех, кто ценит аккуратный дизайн и комфорт — без излишеств, только самое главное.

На груди — минималистичный логотип «Хакера».

Футболки «Хакера» — это:минимализм с характером — аккуратный логотип на груди и принт на спине, ничего лишнего;— аккуратный логотип на груди и принт на спине, ничего лишнего; качество — плотный хлопок 300 г/м² и шелкография, которая не потрескается после стирки;— плотный хлопок 300 г/м² и шелкография, которая не потрескается после стирки; крой оверсайз — подходит для любого типа фигуры, не…

Компания Google устранила критическую уязвимость типа use-after-free в браузере Chrome, которая могла привести к выполнению кода.

Критическая ошибка в компоненте Serviceworker, за которую была выплачена упомянутая награда, получила идентификатор CVE-2025-10200 и была найдена независимым багхантером Лубеном Янгом (Looben Yang).

Эта проблема была связана с некорректной имплементацией в Mojo, и за нее Google выплатила специалистам вознаграждение в размере 30 000 долларов США.

Патчи вошли в Chrome версии 140.0.7339.127/.128 для Windows, версии 140.0.7339.132/.133 для macOS и 140.0.7339.127 для Linux.

Специалист обнаружил баг в Chrome, который позволял обойти песочницу браузера, и заработал 250 …

Вредоносная кампания была нацелена на GitHub и привела к компрометации 3325 секретов, включая токены PyPI, npm, DockerHub, GitHub, API-ключи Cloudflare и AWS.

Атаку обнаружили исследователи из компании GitGuardian, которые сообщают, что первые признаки компрометации одного из затронутых проектов — FastUUID — были замечены 2 сентября 2025 года.

Отмечается, что атакующие провели энумерацию имен секретов из легитимных workflow, а затем жестко закодировали их в собственные workflow для кражи различных типов данных.

Как только специалисты выявили полный масштаб этой кампании, были созданы GitHub Issues в 573 затронутых репозиториях, а также о происходящем были уведомлены ИБ-команды GitHub, npm и…

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.

The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company said.

Since then, WhatsApp has acknowledged that a vulnerability in its messaging apps for Apple iOS and macOS (CVE-2025-55177, CVSS score: 5.4) had been chained with CVE-2025-43300 as part of highly-targeted spyware attacks a…

Recent studies show 80% of companies have already experienced unintended AI agent actions, from unauthorized system access to data leaks.

To address this challenge, a new approach is needed—one that enables secure-by-design AI agent deployment across the enterprise.

Enter: Astrix's Agent Control Plane (ACP)Astrix's AI Agent Control Plane (ACP), is the industry's first solution designed to deploy secure-by-design AI agents across the enterprise.

Secure access for AI agents – Least-privilege, just-in-time credentials from day one keep access tight and risk low.

Discover, Secure, and Deploy AI Agents ResponsiblyWith the introduction of ACP, Astrix now delivers the industry's first end-to-end e…

"We have proven that reliably triggering RowHammer bit flips on DDR5 devices from SK Hynix is possible on a larger scale," ETH Zürich said.

"We also proved that on-die ECC does not stop RowHammer, and RowHammer end-to-end attacks are still possible with DDR5."

Some of the primary mitigations for RowHammer attacks include Error Correction Code (ECC) and Target Row Refresh (TRR).

"We recommend increasing the refresh rate to 3x, which stopped Phoenix from triggering bit flips on our test systems."

ECC.fail bypasses these protections by carefully inducing RowHammer bit flips at certain memory locations."

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.

Developers are advised to audit their environments and rotate npm tokens and other exposed secrets if the aforementioned packages are present with publishing credentials.

crates.io Phishing CampaignThe disclosure comes as the Rust Security Response Working Group is warning of phishing emails from a typosquatted domain, rustfoundation[.

]dev, targeting crates.io users.

"These emails are malicious and come from a domain name not controlled by the Rust Foundation (nor the Rust Project), seemingly with the purpose of …

The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk.

"The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor," IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis published last week.

Also launched using DLL side-loading is a new USB worm called SnakeDisk that shares overlaps with TONEDISK (aka WispRider), another USB worm framework under the TONESHELL family.

SnakeDisk also serves as a conduit to drop Yokai, a backdoor that sets up a reverse shell to execute arbitrary commands.

The use of SnakeDisk an…

You need only look at last year's Snowflake customer breaches or the still-ongoing Salesforce attacks to see the impact.

Browser-based attacks like AITM phishing, ClickFix, and consent phishing have seen an unprecedented rise in recent years.

The 6 key browser-based attacks that security teams need to know about1.

You can read more about the ways that modern phishing attacks are bypassing detection controls here.

Push blocks browser-based attacks like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens.

⚡ Threat of the WeekNew HybridPetya Ransomware Bypasses UEFI Secure Boot — A copycat version of the infamous Petya/NotPetya malware dubbed HybridPetya has been spotted.

Attackers prize bootkits since malware installed at that level can evade detection by antivirus applications and survive operating system reinstalls.

Samsung did not share any specifics on how the vulnerability is being exploited in attacks and who may be behind these efforts.

— Samsung has released a fix for a security vulnerability that it said has been exploited in zero-day attacks.

— Attaullah Baig, WhatsApp's former head of security, filed a lawsuit accusing the company of ignoring systemic privacy and security issues t…

A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes.

Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming solution to automate testing workflows.

The emergence of Villager comes shortly after Check Point revealed that threat actors are attempting to leverage another nascent AI-assisted offensive security tool called HexStrike AI to exploit recently disclosed security flaws.

"These integrations demonstrate how…

Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware.

"The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said.

"By using convincing language and small character substitutions, they tricked victims into visiting spoofed pages and downloading malware."

The phishing sites are hosted on GitHub pages, allowing the bad actors to abuse the trust associated with a legitimate platform for malware distribution.

"The malicious DLL decrypts and executes the final payload …

UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application.

"We are focused on the ongoing hardening of the Drift Application environment," the company said.

"This process includes rotating credentials, temporarily disabling certain parts of the Drift application and strengthening security configurations."

"UNC6040 threat actors have utilized phishing panels, directing victims to visit from their mobile phones or work computers during the social engineering calls," the FBI said.

"After obtaining access, UNC6040 threat actors have then used API que…

Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks.

The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution.

"Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code," Samsung said in an advisory.

Samsung did not share any specifics on how the vulnerability is being exploited in attacks and who may be behind these efforts.

The development comes shortly after Google said it resolved two security flaws in Android (CVE-2025-38352 and CVE-2025…

Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR).

Previous threat notifications were sent on March 5, April 29, and June 25.

WhatsApp subsequently told The Hacker News that it had sent in-app threat notifications to less than 200 users who may have been targeted as part of the campaign.

This includes new spyware entities in Japan, Malaysia, and Panama, as well as vendors like Israel's Bindecy and Italy's SIO.

"Tesellers and brokers now are key actors in the spyware market – comprising more sample market share than previously demonstrated – and oftentimes are under-observed and not readily …

It is a copycat of the infamous Petya/NotPetya malware, adding the capability of compromising UEFI-based systems and weaponizing CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems.

One of the analyzed HybridPetya variants exploits CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems, leveraging a specially crafted cloak.dat file.

We also separately dissect a version of HybridPetya that is capable of bypassing UEFI Secure Boot by exploiting CVE-2024-7344.

Also, the version deployed with the UEFI Secure Boot bypass uses a different contact email address (wowsmith999999@proton[.

D0BD283133A80B471375 62F2AAAB740FA15E6441 cloak.dat EFI/Diskcoder.A Specially formatted cloak.dat …

According to Verizon, “use of stolen credentials” has been one of the most popular methods for gaining initial access over recent years.

The use of stolen credentials appeared in a third (32%) of data breaches last year, its report notes.

Infostealers are thought to have been responsible for 75% of compromised credentials last year.

Infostealers are thought to have been responsible for 75% of compromised credentials last year.

The gang leveraged a set of stolen credentials to remotely access a server that did not have multifactor authentication (MFA) turned on.

Ransomware is the most obvious: by encrypting critical data, threat actors effectively bring operations to a standstill in the targeted organization.

According to IBM’s Cost of a Data Breach Report 2025, 86% of organizations that suffered a data breach over the past year experienced this sort of operational disruption.

Building proactive resilienceOf course, speed is not the only way to differentiate top-tier MDR services from the rest.

Other related elements you should be looking for include 24/7 monitoring to ensure threat actors are stopped in their tracks, wherever in the world they’re located.

Speed is of the essence here, as threat actors often try to victimize the same organization m…

Stats like these should make protective measures such as data encryption a no-brainer.

By transforming plain text data into an unreadable format, data encryption serves to protect your organization’s most sensitive information, whether at rest or in transit.

The data explosion is also accelerating thanks to growth in AI and large language models (LLMs), which require huge volumes of potentially sensitive data to train.

The data explosion is also accelerating thanks to growth in AI and large language models (LLMs), which require huge volumes of potentially sensitive data to train.

Carriers either may not insure your business if it doesn’t deploy strong data encryption, or else increase premi…

ESET researchers have identified a new threat actor, whom we have named GhostRedirector, that compromised at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam.

GhostRedirector has an arsenal that includes the passive C++ backdoor Rungan, the malicious IIS trojan Gamshen, and a variety of other utilities.

GhostRedirector is not the first known case of a China-aligned threat actor engaging in SEO fraud via malicious IIS modules.

Note the ExeHelper class, which provides a function to execute a file named link.exe – GhostRedirector used the same filename to deploy the GoToHTTP tool.

Table 3.Rungan backdoors commandsParameter Body Description Response mkuser user=&pwd;=&groupname;…

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity newsAs August 2025 comes to a close, ESET Chief Security Evangelist Tony Anscombe reviews a selection of the top cybersecurity stories that moved the needle, raised the alarms or offered vital lessons over the past 30 or so days, as well as offers insights they hold for your own cyber-defenses:Don't forget to check out the July 2025 edition of Tony's monthly security news roundup for more insights.

If left to fester, it can have a significant impact on the mental health and even physical wellbeing of your kids.

In this context, it’s vital that you’re able to spot the warning signs of cyberbullying before things spiral out of control.

They may be embarrassed to tell you, or scared that it could make things worse.

If you’re keen to do so, remember to explain first to your child why you’re doing it.

A worst-case scenarioIf you discover your child is being bullied online, don’t panic.

The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threatsESET researchers have discovered what they called "the first known AI-powered ransomware".

“The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes.

PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption," said ESET researchers.

"The PromptLock ransomware is written in Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal," added the …

Like many online phenomena, half-truths, myths and misconceptions can distort the reality of cyberbullying – and make it harder for you to make the right parenting decisions.

What happens online stays onlineLike many online trends, bullying is enabled by technology, but has its roots deep in the human psyche.

There are many reasons why kids may engage in bullying behavior, from peer pressure to low self-esteem, attention seeking and domestic abuse.

It’s almost impossible to identify online bulliesSometimes the cloak of anonymity online does empower bullies – just as it enables cybercrime to thrive.

Social media platforms are to blameSocial media and messaging platforms are often demonized f…

Keep regulators happy by demonstrating your commitment to fast, effective threat detection and response.

You need enterprise-grade SOC expertise that works like an extension of your IT security team to handle daily monitoring, proactive threat hunting and incident response.

You need enterprise-grade SOC expertise that works like an extension of your IT security team to handle daily monitoring, proactive threat hunting and incident response.

Leading research capabilities : Vendors that run renowned malware research labs will be best placed to stop emerging threats, including zero days.

: Vendors that run renowned malware research labs will be best placed to stop emerging threats, including z…

Unfortunately, scammers are preying on this need with increasingly sophisticated schemes on social media.

How do financial deepfake scams work?

Investment scams have been the biggest money-maker for cybercriminals for several years, according to the FBI.

These are usually deployed as a lure to trick the victim into either handing over personal information or direct them straight to an investment scam.

Others use deepfake Instagram stories featuring banking investment strategists to harvest personal info and/or lure them to investment scam-themed WhatsApp groups.

Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?

That’s because when bombs start dropping and the physical elements of war are under way, the misinformation spreading through digital channels becomes less important.

What this means for your businessMoving beyond the panel discussion, this raises a critical question for businesses: do they really understand their dependencies to be operationally resilient?

A real-world example might be an attack on a catering company that is contracted to feed patients in a hospital.

If we can’t get to a point of resilience, then we at least need to understand the risk posed by the dependencies.

First, they are more likely to be online than their older counterparts, according to a detailed study from the National Cybersecurity Alliance.

Gen Z (65%) along with Millennials (64%) are far more likely to report that they’re always connected.

And Gen Z (38%) and Millennials (36%) are more likely than the Silent Generation (23%) to have over 10 online accounts.

Yet at the same time, there are signs that Gen Z in particular has relatively poor digital hygiene.

Similarly, Gen Z and Millennials are more likely to lose money or data to online scams than Boomers and Silent Generation.

The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research findsESET researchers have uncovered a previously unknown vulnerability in WinRAR, actively being exploited by Russia-aligned group RomCom.

Tracked as CVE-2025-8088, the path traversal flaw affects WinRAR's Windows version and lets threat actors execute arbitrary code by crafting malicious archive files.

This marks at least the third time RomCom has leveraged a significant zero-day bug to conduct its operations, which underscores the group’s willingness to invest serious resources into its campaigns.

Meanwhile, if you use WinRAR, you should update…

This is at least the third time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild.

On July 18 th , 2025, ESET researchers discovered a previously unknown zero-day vulnerability in WinRAR being exploited in the wild.

Upon further analysis, we found that the attackers were exploiting a previously unknown vulnerability affecting WinRAR, including the then-current version, 7.12.

Spearphishing emails observed in ESET telemetrySender Subject Attachment Simona <[email protected]> Experienced Web3 Developer – CV Attached for Consideration Eli_Rosenfeld_CV2 - Copy (100) - Copy - Copy - Copy - Copy - Copy - Copy.rar Eli_Rosenfeld_CV2 - Copy (100) - C…

What GitHub is changingGitHub has introduced a new type of SSH key that combines both a traditional algorithm and a post-quantum algorithm.

“We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately as sntrup761x25519-sha512 and [email protected] , to our SSH endpoints for accessing Git data.

Developers can continue using their current SSH keys or switch to the new hybrid keys if they want to start testing them.

How it affects security teamsFor security teams, the introduction of post-quantum SSH keys is a call to prepare.

While the switch to post-quantum algorithms will take years, starting now can prevent disruption later.

Salt Security introduced a new solution designed to secure the actions AI agents take within the enterprise.

Salt converges API and AI security, providing organizations with visibility into every agent-driven action, governance to enforce proper posture, and real-time protection against AI agent abuse.

“Most organizations’ first AI security gap isn’t prompt and model jailbreak attacks, it’s the invisible API connections powering agents,” said Michael Nicosia, COO of Salt Security.

Leading with innovationGartner recommends “double down on API security by adding specialist security solutions to supplement standard gateway protections.

“From a security standpoint, it’s not just about what AI a…

In this Help Net Security interview, Nir Rothenberg, CISO at Rapyd, discusses global differences in payment security maturity and the lessons that can be learned from leading regions.

Are you seeing notable differences in payment security maturity between regions such as North America, Europe, and Asia-Pacific?

What lessons can be learned from regions that are leading in payment security innovation?

Generally, my impression is that companies with good engineering quality will have good security.

What’s one area of payment security you think is currently overlooked but deserves much more attention?

Google has released VaultGemma, a large language model designed to keep sensitive data private during training.

By open-sourcing the model, Google hopes to speed up work on secure machine learning and make privacy-focused approaches easier to test and deploy.

In its announcement, Google highlighted that VaultGemma meets the strict definitions of differential privacy, which have been independently verified by external reviewers.

Tools for developers and researchersAlong with the model, Google released code and documentation to help others train and evaluate differentially private models.

The package includes evaluation scripts, privacy accounting tools, and instructions for verifying that a …

AI-powered video surveillance brings up big questions about privacy.

AI eyes on everyoneThe global video surveillance industry was valued at $73.75 billion in 2024 and is expected to reach $147.66 billion by 2030.

In EU, the AI Act has been adopted as the first comprehensive law regulating the use of artificial intelligence, including video surveillance.

Citizens must understand their rights and the potential impact of AI surveillance on daily life.

“There are several ethical concerns when deploying AI for cybersecurity defense, particularly in data privacy, bias, transparency, accountability and automated responses.

Clean Links is a handy app that shows you exactly where a link will take you before you click it.

Clean Links is completely free and works on iPhone, iPad, and Mac.

FunctionalityTo test it out, I started by generating a QR code with a shortened link to Help Net Security’s website.

Once the tracking elements were removed, I was able to generate a new QR code directly from the cleaned link by selecting the Generate QR Code option.

Final thoughtsIf you care about privacy and security, Clean Links is a simple, practical way to stay safe.

Cyberattacks keep hitting the OT systems that critical infrastructure operators run, according to new research from Forrester.

In a survey of 262 OT security decision-makers, 91% reported at least one breach or system failure caused by a cyberattack in the past 18 months.

The study highlights the limits of current OT security approaches.

Why traditional IT security practices fall short in OT environmentsThe survey found that most organizations lack comprehensive OT cybersecurity strategies.

Many organizations are addressing this need by hiring dedicated OT security professionals, training existing staff, and working with MSSPs.

CSIRT AnalystAdvens | Germany | Remote – View job detailsAs a CSIRT Analyst, you will analyze technical artifacts to identify attackers’ TTPs and IOCs.

Cybersecurity LeadBeehive Fintech | UAE | On-site – View job detailsAs a Cybersecurity Lead, you will develop, implement, and continuously enhance cybersecurity governance frameworks, policies, and procedures.

Cyber Security AnalystSalt River Project | USA | Hybrid – View job detailsAs a Cyber Security Analyst, you will identify, triage, and respond to cyber security events in SRP’s corporate and operational environments.

Cyber Security Strategic Planning InternCyberArk | Israel | Hybrid – View job detailsAs a Cyber Security Strategic Planni…

Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm phishing campaign.

The phishing emailThe emails started hitting developers’ inboxes on Friday, minutes after they published a (new) crate on the registry.

FYI, I got an obvious phishing attempt in my inbox from `[email protected]` that was masquerading as a security breach notification.

The phishing domain hosted a fake GitHub login page:(Most Rust projects and crates are hosted on GitHub, and developers publishing on crates.io log in with their GitHub credentials.)

The aftermathSome of the targets reported t…

Combining SecurityScorecard’s trusted security ratings and continuous third- and fourth-party risk visibility with HyperComply’s intelligent automation capabilities will make it possible for customers to stop the slow, manual process of conducting vendor security reviews and instead get a complete, real-time picture of their entire supply chain’s security.

Organizations today face growing complexity in their vendor ecosystems, with static, manual assessments leaving enterprises exposed to dynamic threats.

Together, SecurityScorecard and HyperComply move beyond point-in-time questionnaires to deliver continuous, AI-powered supplier assurance.

“We are very impressed by HyperComply’s technolog…

Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission.

The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passed in 2002, said that in 2022, roughly 100,000 WhatsApp users had their accounts hacked every day.

By last year, the complaint alleged, as many as 400,000 WhatsApp users were getting locked out of their accounts each day as a result of such account takeovers.

Baig also allegedly notified superiors that data scraping on the platform was a problem be…

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking and signing books at the Cambridge Public Library on October 22, 2025 at 6 PM ET.

I’m giving a virtual talk about my book Rewiring Democracy at 1 PM ET on October 23, 2025.

I’m speaking and signing books at the University of Toronto Bookstore in Toronto, Ontario, Canada on November 14, 2025.

I’m speaking with Crystal Lee at the MIT Museum in Cambridge, Massachusetts, USA, on December 1, 2025.

I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, on February 5, 2025.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Victims often do not trust these notifications, as cyber criminals often use the pretext of an account compromise as a phishing lure.

[…]This report explores the challenges associated with developing the native-notification concept and lays out a roadmap for overcoming them.

The report concludes with three main recommendations for cloud service providers (CSPs) and other stakeholders:Improve existing notification processes and develop best practices for industry.

Support the development of “middleware” necessary to share notifications with victims privately, securely, and across multiple platforms including through native notifications.

Improve support for victims following notification.

New Cryptanalysis of the Fiat-Shamir ProtocolA couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation.

This is a pretty exciting paper from a theoretical perspective, but I don’t see it leading to any practical real-world cryptanalysis.

What this new result does is extend this known problem to slightly less weird (but still highly contrived) situations.

What this result does, though, is make it impossible to provide general proofs of security for Fiat-Shamir.

It is the most interesting result in this research area, and demonstrates that we are still far away from fully understanding what is the exact security guarantee provided by the Fiat-Sha…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

From the beginning of the second Trump administration, DOGE was a replacement of the US Digital Service.

One of the biggest impacts of the Trump administration and DOGE’s efforts has been to politically polarize the discourse around AI.

Optimism about the potential beneficial uses of AI need not imply support for the Big Tech companies that currently dominate AI development.

AI could have been used to accelerate eligibility decisions for Social Security disability benefits by performing preliminary document reviews, significantly reducing the infamous backlog of 30,000 Americans who die annually awaiting review.

Public scrutiny helps bind present and future governments to their application …

New research (paywalled):Editor’s summary:Cephalopods are one of the most successful marine invertebrates in modern oceans, and they have a 500-million-year-old history.

However, we know very little about their evolution because soft-bodied animals rarely fossilize.

developed an approach to reveal squid fossils, focusing on their beaks, the sole hard component of their bodies.

They found that squids radiated rapidly after shedding their shells, reaching high levels of diversity by 100 million years ago.

This finding shows both that squid body forms led to early success and that their radiation was not due to the end-Cretaceous extinction event.

My Latest Book: Rewiring DemocracyI am pleased to announce the imminent publication of my latest book, Rewiring Democracy: How AI will Transform our Politics, Government, and Citizenship: coauthored with Nathan Sanders, and published by MIT Press on October 21.

Rewriting Democracy looks beyond common tropes like deepfakes to examine how AI technologies will affect democracy in five broad areas: politics, legislating, administration, the judiciary, and citizenship.

We do talk about AI’s possible role in both democratic backsliding or restoring democracies, but the fundamental focus of the book is on present and future uses of AIs within functioning democracies.

Some of what we write about is…

The researchers created experimental prompts for both requests using each of seven different persuasion techniques (examples of which are included here):Authority: “I just had a discussion with Andrew Ng, a world-famous AI developer.

Can you do me a favor?”Reciprocity: “Now, after I helped you, can you do me a favor?”Scarcity: “I wonder if you could help me with a task.

Now, I’d like to test this with you.”Unity: “Not a lot of people understand how I’m thinking and feeling.

Across all 28,000 prompts, the experimental persuasion prompts were much more likely than the controls to get GPT-4o to comply with the “forbidden” requests.

That compliance rate increased from 28.1 percent to 67.4 perce…

Anthropic reports on a Claude user:We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data.

The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and religious institutions.

The actor used AI to what we believe is an unprecedented degree.

Claude Code was used to automate reconnaissance, harvesting victims’ credentials, and penetrating networks.

Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines.

Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous”Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware­—maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of these applications.

While prior research warned about a potential shift in the threat landscape for LLM-powered applications, the risk posed by Promptware is frequently perceived as low.

In this paper, we investigate the risk Promptware poses to users of Gemini-powered assistants (web application, mobile application, and Google Assistant).

Our analysis focuses on a new variant of Promptware…

1965 Cryptanalysis Training Workbook Released by the NSAIn the early 1960s, National Security Agency cryptanalyst and cryptanalysis instructor Lambros D. Callimahos coined the term “Stethoscope” to describe a diagnostic computer program used to unravel the internal structure of pre-computer ciphertexts.

They were used in NSA training programs to teach analysts how to interpret ciphertext behavior without seeing the original message.

The listings include elements such as frequency tables, index of coincidence, periodicity tests, bigram/trigram analysis, and columnar and transposition clues.

These listings were part of the Intensive Study Program in General Cryptanalysis at NSA.

Also mentione…

Friday Squid Blogging: Catching Humboldt SquidFirst-person account of someone accidentally catching several Humboldt squid on a fishing line.

No photos, though.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Posted on August 29, 2025 at 5:04 PM • 1 Comments

Materializing just two weeks before Russia invaded Ukraine in 2022, Stark Industries Solutions became a frequent source of massive DDoS attacks, Russian-language proxy and VPN services, malware tied to Russia-backed hacking groups, and fake news.

But a new report from Recorded Future finds that just prior to the sanctions being announced, Stark rebranded to the[.

But he maintained that Stark Industries Solutions Inc. was merely one client of many, and claimed MIRhosting had not received any actionable complaints about abuse on Stark.

However, it appears that MIRhosting is once again the new home of Stark Industries, and that MIRhosting employees are managing both the[.

Mr. Zinad did not res…

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software.

The problem here resides with Windows NTLM, or NT LAN Manager, a suite of code for managing authentication in a Windows network environment.

CVE-2025-54916 is an “important” vulnerability in Windows NTFS — the default filesystem for all modern versions of Windows — that can lead to remote code execution.

“For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,” Narang observed.

AskWoody also reminds us that we’re now just two months out from Microsoft discontinuing free security updates for Wind…

Akido is a security firm in Belgium that monitors new code updates to major open-source code repositories, scanning any code updates for suspicious and malicious code.

Once logged in, the phishers then changed the email address on file for Junon’s NPM account, temporarily locking him out.

Caturegli said it’s remarkable that the attackers in this case were not more ambitious or malicious with their code modifications.

In this case, they didn’t compromise the target’s GitHub account.

“That NPM does not require that all contributor accounts use security keys or similar 2FA methods should be considered negligence.”

The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder.

Koli-Lõks taps into real-time intelligence about daily spam volumes by monitoring large numbers of “spamtraps” — email addresses that are intentionally set up to catch unsolicited emails.

Tossavainen told KrebsOnSecurity that WinRed’s emails hit its spamtraps in the .com, .net, and .org space far more frequently than do fundraising emails sent by ActBlue.

Koli-Lõks published a graph of the stark disparity in spamtrap activity for WinRed versus ActBlue, showing a nearly fourfold increase in spamtrap hits from WinRed emails in t…

Salesloft disclosed on August 20 that, “Today, we detected a security issue in the Drift application,” referring to the technology that powers an AI chatbot used by so many corporate websites.

On August 28, Salesforce blocked Drift from integrating with its platform, and with its productivity platforms Slack and Pardot.

“Rather than creating custom malware, attackers use the resources already available to them as authorized users.”It remains unclear exactly how the attackers gained access to all Salesloft Drift authentication tokens.

Salesloft announced on August 27 that it hired Mandiant, Google Cloud’s incident response division, to investigate the root cause(s).

“We are working with Sale…

The gaming sites ask visitors to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action.

“We have a completely self-written from scratch FAKE CASINO engine that has no competitors,” Gambler Panel’s wiki enthuses.

Gambler Panel also walks affiliates through a range of possible responses to questions from users who are trying to withdraw funds from the platform.

The researcher, who asked to be identified only by the nickname “Thereallo,” said Gambler Panel has built a scalable business product for other criminals.

“It’s a scalable system designed to be a resilient foundation for thousands…

This post examines the history and provenance of DSLRoot, one of the oldest “residential proxy” networks with origins in Russia and Eastern Europe.

DSLRoot is sold as a residential proxy service on the forum BlackHatWorld under the name DSLRoot and GlobalSolutions.

DSLRoot’s profile on the marketing agency digitalpoint.com from 2010 shows their previous username on the forum was “Incorptoday.” GlobalSolutions user accounts at bitcointalk[.

And these days, there are plenty of residential proxy providers who will make it worth your while.

Lloyd Davies is the founder of Infrawatch, a London-based security startup that tracks residential proxy networks.

Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy.

In November 2024 Urban was charged by federal prosecutors in Los Angeles as one of five members of Scattered Spider (a.k.a.

That phishing spree netted Urban and others access to more than 130 companies, including Twilio, LastPass, DoorDash, MailChimp, and Plex.

King Bob constantly bragged on the Com about stealing unreleased rap music recordings from popular artists, presumably through SIM-swapping attacks.

The Star Fraud SIM-swapping group gained the ability to temporarily move targeted mobile numbers to devices they controlled by constantly phishing employees of the major mobile pr…

A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline.

Indeed, Rapper Bot was reportedly responsible for the March 10, 2025 attack that caused intermittent outages on Twitter/X.

The complaint notes the DCIS got involved because several Internet addresses maintained by the DoD were the target of Rapper Bot attacks.

A subpoena to Google showed the defendant searched security blogs constantly for news about Rapper Bot, and for updates about competing DDoS-for-hire botnets.

The government sta…

Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks.

Merrill said he has tracked recent ramp-and-dump activity to a bustling Chinese-language community that is quite openly selling advanced mobile phishing kits on Telegram.

Merrill said that in many ways the ramp-and-dump scheme is the perfect crime because it leaves precious few connections between the victim brokerage accounts and the fraudsters.

These technicians were needed to respond in real time to victims who were supplying the one-time code…

Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software.

Microsoft first warned about this bug on Aug. 6, saying it affects Exchange Server 2016 and Exchange Server 2019, as well as its flagship Exchange Server Subscription Edition.

The attack exploits a weakness in “delegated Managed Service Account” or dMSA — a feature that was introduced in Windows Server 2025.

Another critical patch involves CVE-2025-53733, a vulnerability in Microsoft Word that can be exploited without user interaction and triggered through the Preview Pane.

The reason is that after the Patch Tuesday on October 14, 2025, Microsoft will stop shipping free …

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly.

The Lizard Squad later acknowledged that the stunt was planned to call attention to their new DDoS-for-hire service, which came online and started selling subscriptions shortly after the attack.

That incident was widely reported to have started with a Twitter post from the Lizard Squad, after Smedley mentioned some upcoming travel plans online.

But according to Smedley and Finnish investigators, the bomb threat started with a phone call from Kivimäki.

In April 2024, Kivimäki was sentenced to more than six years in prison after being convicted of extorting Vastaamo and its patients.

Since the Europol announcement, the XSS forum resurfaced at a new address on the deep web (reachable only via the anonymity network Tor).

One of the oldest Russian-language cybercrime forums was DaMaGeLaB, which operated from 2004 to 2017, when its administrator “Ar3s” was arrested.

Lockbitsupp didn’t share why he wanted Toha’s details, but he maintained that Toha’s real name was Anton Avdeev.

The ad listed the contact person as Anton Avdeev and gave the contact phone number 9588693.

However, N0kl0s also appears to be a lifelong Russian resident, and in any case seems to have vanished from Russian cybercrime forums several years ago.

Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.

The gaming sites all require users to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action.

Those who deposit cryptocurrency funds are soon asked for additional payments.

However, any “winnings” displayed by these gaming sites are a complete fantasy, and players who deposit cryptocurrency funds will never see that money again.

Thereallo said the operators of this scam empire appear to generate a unique Bitcoin wallet for each gaming domain they deploy.

For that reason LNER is warning customers to remain "cautious of unsolicited communications, especially those asking for personal information."

However, it has told customers that "it is always good practice to maintain a secure password and to change passwords regularly."

Unfortunately I don't agree with the advice to change passwords regularly.

But telling people to change their passwords regularly, can lead to people actually choosing weaker or more predictable passwords.

After all, it is their brand which has been tarnished by the data breach - even though it doesn't appear that it happened on their computer systems, but rather on the IT of an as-yet unnamed supplier.

Ethical hackers did – and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon.

All this and much more is discussed in episode 434 of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Lianne Potter.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

A US federal court has unssealed charges against a Ukrainian national who authorities allege was a key figure behind several strains of ransomware, including LockerGoga, MegaCortex, and Nefilim. Read more in my article on the Fortra blog.

The warning letter from Lovesac follows a claim by a ransomware group earlier this year that they had breached Lovesac's security and stolen data.

RansomHub indicated that it would leak the exfiltrated data within days if a ransom was not paid.

That is not to say that all parts of the globe have suffered at the hands of RansomHub and its affiliates.

The good news is that the RansomHub ransomware operation appears to no longer be active.

Enrollment for Lovesac customers remains open until November 28, 2025.

In episode 67 of The AI Fix, Graham talks to an AI with a fax machine, Bill Gates says there’s one job AI will never replace, criminals use Claude Code for cyberattacks, Mark reveals why GPT-5 was better than you think, and a bird brings new meaning to the words “cloud storage”.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley:@grahamcluley.com @[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support…

The man, whose identity has not been disclosed, has been charged under computer crime laws with computer sabotage, data alternation, and data espionage.

Prosecutors claim that the cost of Rosneft Deutschland shutting down its IT systems and the subsequent forensic investigation cost it approximately €9.76 million (around $11.39 million), with subsequent additional losses of roughly €2.6 million (over $3 million).

The German government took control of Rosneft's German subsidiaries in September 2022 as a result of Russian attacks on Ukraine.

Energy infrastructure is a prized target for attackers seeking to have an economic or political impact.

It is clear that all organisations, and in partic…

Parents are being reminded to exercise caution about the toys that the purchase their children, after the United States Federal Trade Commission (FTC) announced it had taken action against a robot toy maker.

A complaint filed by the US Department of Justice (DOJ), accuses Apitor Technology of breaching the Children’s Online Privacy Protection (COPPA) Rule, by failing to notify parents and obtain their consent before their toys collected childrens' geolocation information.

Apitor's robot toys are controlled with a free Android app, that requires location sharing to be enabled.

Apitor breached the COPPA rule by not notifying parents that a third party was collecting their children's location.…

This week in episode 433 of “Smashing Security” we dig into LegalPwn – malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator).

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by Mark Stockley.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the …

The FBI’s Internet Crime Complaint Center (IC3) says that the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. Read more in my article on the Fortra blog.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley:@grahamcluley.com @[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Graham …

Spanish police have arrested a suspected hacker for accessing a government website in order to alter the high school and university entrance exam grades of not only himself, but also some of his closest classmates.

The 21-year-old man arrested by police in Seville is accused of accessing computer systems without authorisation, identity theft, altering grades, and hacking into the emails of university professors.

Police sources say that the arrested man, who is not connected with the Jaén school, has a history of computer hacking.

If only he’d spent as much time revising as he did learning to hack, he might have earned those grades legitimately, and sailed his way into university.

Hacking gr…

Municipal government organisations across Sweden have found themselves impacted after a ransomware attack at a third-party software service supplier.

The impact of the cyber attack is not just felt by municipalities and public institutions, colleges, and universities.

Miljödata's CEO Erik Hallén says that his company is working closely with external experts to investigate the security breach, and what data might have been affected.

The company is said to have reported the incident to legal authorities and data privacy regulators.

Attacks like these are becoming increasingly common, as cybercriminals and state-sponsored hackers adopt digital methods to break into organisations for the purpos…

All this, plus a gloriously dodgy URL “shadyfier,” and turning the iconic iMac G4 into a modern media hub.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Thom Langford.

Host:Graham Cluley:@grahamcluley.com @[email protected]Guest:Thom Langford:Episode links:Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on LinkedIn, Blu…

Мы в «Лаборатории Касперского» создали новый сервис — PetKa — для поиска пропавших питомцев в городах.

Умная метка Kaspersky TagСервис PetKa состоит из одной или нескольких (если у вас больше одного питомца) умных меток Kaspersky Tag и приложения PetKa для Android.

PetKa не только обеспечивает отслеживание ваших меток Kaspersky Tag на карте, но и позволяет объединяться с другими пользователями для совместного поиска пропавших животных.

PetKa и "Команда Героев"Но все же не будем забывать, что основная задача PetKa — помочь найти потерянного питомца, и здесь на помощь приходит наша технология распределенного поиска.

Пользователи Kaspersky в крупных городах России создают распределенную Blueto…

У Google и Microsoft ситуация проще — они интегрировали Gemini и Copilot в свои Chrome и Edge.

К тому же от привычного браузера сложнее отказаться — нужно потратить силы на миграцию закладок и дополнений в другой браузер и на его настройку.

Влияние на приватность и конфиденциальностьВсе вышесказанное означает, что ИИ-браузер создает существенные и плохо контролируемые угрозы конфиденциальности.

Само по себе это не угрожает безопасности, но «тормоза» и «глюки» нервируют пользователя и повышают вероятность ошибки, связанной с «человеческим фактором».

При этом все эти меры не защитят от посещения фишинговых и мошеннических сайтов и связанных с этим рисков.

Или если вы не собираетесь совершать видеозвонки через конкретный мессенджер, то и доступ к камере ему ни к чему.

Или если вы не собираетесь совершать видеозвонки через конкретный мессенджер, то и доступ к камере ему ни к чему.

И что немаловажно, их не увидят те, кому разработчики могли бы предоставить эти фотографии согласно своей политике использования данных.

***Итак, основными угрозами для пользователей мессенджеров являются: неаккуратная настройка доступов и параметров приватности, вредоносное ПО и уязвимости, фишинг и мошеннические звонки.

Мы намереваемся следить за развитием этой темы и, в частности, проводим сейчас подробный анализ защищенности MAX, результатами которого планируем п…

Несколько популярных npm-пакетов, используемых во множестве веб-проектов были скомпрометированы и троянизированы неизвестными злоумышленниками.

А таковых может быть достаточно много, поскольку у скомпрометированных пакетов было более двух миллиардов загрузок в день (по данным Aikido security).

Действуя на уровне браузера, он перехватывает сетевой трафик и API-запросы и изменяет данные, связанные с криптокошельками Ethereum, Bitcoin, Solana, Litecoin, Bitcoin Cash и Tron.

Атака прошла успешно как минимум против одного мейнтейнера, в результате чего злоумышленникам удалось скомпрометировать npm-пакеты color, debug, ansi-regex, chalk, и ряд других.

Как оставаться в безопасностиПродукты «Лабора…

На что обратить вниманиеДля начала давайте локализуем зоны риска — где и что в цифровой среде ребенка должно привлечь ваше внимание как родителя:групповые чаты вузов и школ в незащищенных мессенджерах;голосовые чаты в видеоиграх;овершеринг в соцсетях;поиск в Интернете и внутри глобальных социальных платформ;использование ИИ и правила потребления генеративного контента;общие правила безопасного использования устройств и публичных сетей.

Поэтому овершеринг, или избыточная откровенность в Сети, регулярно становится причиной взломов и вмешательств в цифровую и даже офлайновую жизнь детей.

Попросите ребенка не указывать при регистрации и не публиковать свои фамилию, дату рождения, название школы…

В марте этого года мы описывали вредоносную кампанию c применением зловреда PhantomPyramid, которую мы с высокой степенью вероятности приписываем группе Head Mare.

Как Head Mare доставляет PhantomPyramid жертвамАтака начинается с вредоносной рассылки, в ходе которой на адрес компании приходят письма с ZIP-архивами во вложении.

Хотя в реальности это вовсе не документ, а ярлык Windows, клик по которому приводит к заражению трояном PhantomPyramid.

Однако многие пользователи предпочитают просматривать файлы в виде краткого списка или как иконки и не видят этого поля.

Впрочем, по всей видимости, почта — не единственный вариант заражения, используемый Head Mare в этой кампании.

Но это может быть обнаружено оператором и в будущем будет работать хуже, потому что в смартфонах появляется встроенная защита от подобных атак, препятствующая переключению на 2G, а иногда и на 3G.

Исследователи Сингапурского технологического университета продемонстрировали атаку SNI5GECT, которая работает в новейших 5G-сетях и не требует таких заметных действий, как глушение легитимного сигнала базовых станций.

Отличия в нюансах: одни модемы можно перезагружать, а другие нельзя, в одних модемах вставить вредоносный пакет удается лишь в половине атак, а в других — в 90%.

Например, при атаке на участников определенного совещания, людей, сидящих в бизнес-зале аэропорта, и в других похожих случ…

Поэтому наиболее универсальной может стать политика, предусматривающая разные режимы применения ИИ для разных видов данных.

Разрешается, с декларированием через портал Разрешается (ведется журнал) Разрешается (ведется журнал) Внутренние данные общего профиля (тексты e-mail) Не рекомендуется, но не блокируется.

Проводится анализ данных, уточнение сценариев реального применения ИИ и популярных инструментов.

Портал самообслуживания нужен, чтобы сотрудники могли без сложностей и без опасений объяснить, чем они пользуются и для каких целей.

Это обогащает аналитику, помогает построить бизнес-кейс применения ИИ, формирует ролевую модель для применения нужной ИБ-политики.

В куки-файлах могут храниться логин, пароль, токены безопасности, номер телефона, адрес, банковские данные и Session ID (идентификатор сеанса).

Так и в Интернете: если злоумышленник украдет куки с Session ID, он сможет зайти на сайт, где вы уже были залогинены, от вашего имени, не нуждаясь в вводе логина-пароля, а порой и минуя двухфакторную аутентификацию.

У каждого пользователя в таком случае есть личный кабинет, а значит, в cookie-файлах будут храниться логин, пароль и Session ID.

У каждого пользователя в таком случае есть личный кабинет, а значит, в cookie-файлах будут храниться логин, пароль и Session ID.

Есть и другие методы кражи Session ID — например, фиксация сеанса (session fixati…

Сегодня расскажем, как можно стать дроппером поневоле и чем это грозит.

Дропперами поневоле могут стать даже сотрудники небольших и мутных компаний, которые официально не оформляют своих работников и готовы платить только наличными в конверте.

Стоит держать в уме, что эти деньги могли быть добыты работодателем нечестным путем, и в таком случае все сотрудники, работающие «вчерную», — дропперы со всеми вытекающими.

В Германии, чтобы избежать наказания, достаточно добровольно обратиться в полицию и рассказать о мошеннической схеме, где вы в итоге стали дроппером.

Как не стать дропперомВне зависимости от наказания, предусмотренного в вашей стране за обналичивание преступных денег, нужно быть ма…

Они не применяют вредоносное ПО, а ограничиваются легитимными сетевыми инструментами: средствами удаленного доступа (AnyDesk, SSH, RDP), утилитами туннелирования (Cloudflare, ngrok), системными службами (PsExec, PowerShell).

Атака на цепочку поставок, в которой было скомпрометировано популярное офисное ПО для VoIP-телефонии 3CXDesktopApp, загружала необходимые компоненты с GitHub.

В этой атаке NGFW сначала могли бы предотвратить эксплуатацию известных уязвимостей, а затем — коммуникации с С2-серверами злоумышленников и, собственно, аномальную загрузку почты.

Кроме детектирования внешних угроз, с помощью NGFW можно блокировать поведение, нарушающее политики организации, например запрещать до…

У тысяч разработчиков, применяющих Nx для ускорения и оптимизации сборки приложений, были украдены важные конфиденциальные данные: токены npm и GitHub, ключи SSH, криптокошельки, API-ключи.

Проверьте используемые версии пакетов Nx командой npm ls nx Проверьте наличие любых пакетов Nx в package-lock.json Проверьте события безопасности в логах GitHub.

При обнаружении вредоносных репозиториев:Полностью удалите node_modules: rm -rf node_modules Очистите кэш npm: npm cache clean —force Проверьте и очистите от посторонних команд ~/.bashrc и ~/.zshrc4.

Сделайте архивную копию для расследования и удалите из системы файл /tmp/inventory.txt и /tmp/inventory.txt.bak Удалите вредоносные версии пакетов …

Чаще всего причиной были уязвимости во всевозможных плагинах и темах для нее; впрочем, наши коллеги также наблюдали кейс, в котором злоумышленники распространяли трояны через плохо защищенные WordPress-сайты.

Случаи эксплуатации уязвимости «в дикой природе» включают использование уязвимости для загрузки ZIP-архивов с веб-шеллами, установки PHP-бэкдоров с паролем для удаленного доступа по HTTP, а также для создания скрытых администраторских аккаунтов.

WordPress-тема Motors: эксплуатация уязвимости CVE-2025-4322В том же июне злоумышленники активно атаковали сайты на WordPress с помощью уязвимости в другой премиум‑теме для WordPress под названием Motors.

Зловред Efimer: распространение через в…

Не стоит забывать, что брокеры данных, как и другие фирмы, тоже подвергаются кибератакам — и тогда собранные ими данные попадают в руки настоящих кибермошенников.

Найти брокеров данных и страницу, где можно запросить удаление информации, бывает очень сложно.

Запросы на удаление информации бывают сложными и многоэтапными, в них требуют еще больше персональных данных для доказательства, что вы — это вы и имеете право писать запросы.

Для этого и нужна таблица — отслеживать сроки ответов и по необходимости отправлять дополнительные запросы.

Данные о вас поступают брокерам постоянно, поэтому по тому же списку можно идти заново спустя три месяца или полгода.

The Swiss Army knife is an iconic multi-tool that originated in the late 19th century; predecessor to the popular multitools of today.

The Value of VersatilityThe Swiss Army knife and Cisco XDR share a theme of versatility and integration.

In this integration, Cisco XDR will ingest Secure Access detections for automated triage, correlation, and incident detection.

One key resource is Cisco XDR Connect, a user-friendly resource that makes it simple to search, browse, and view details of all available Cisco XDR integrations and automation content.

Ask a question and stay connected with Cisco Security on social media.

The rise of Agentic AI, the emergence and adoption of AI agents and agent-to-agent networking to autonomously perform tasks on behalf of humans, has introduced unique challenges for existing security products.

Consequently, security solutions such as zero trust should, and can, be evolved to protect agentic AI communications.

Security Inspection and EnforcementTraditional zero trust practices focus on the “access control” aspect of enforcement, often neglecting other important security controls.

An effective agentic AI security solution should have a unified approach for all the networking and communication use cases.

Extending zero trust principles with Semantic Inspection for agentic envi…

Background: The Unique Landscape of the Black Hat NOCOperating the Black Hat Security and Network Operations Center (NOC) presents a unique set of challenges and expectations.

Unlike a typical corporate environment where any hacking activity is immediately deemed malicious, the Black Hat conference is a nexus for cybersecurity research, training, and ethical hacking.

Vigilance in Training Environments: Even in controlled, educational settings like Black Hat, continuous monitoring and swift response are paramount.

Even in controlled, educational settings like Black Hat, continuous monitoring and swift response are paramount.

Driven by the needs of the community, Black Hat events showcase con…

Below are the Cisco XDR integrations for Black Hat USA, empowering analysts to investigate Indicators of Compromise (IOC) very quickly, with one search.

Thank you to alphaMountain.ai and Pulsedive full donating full licenses to Cisco, for use in the Black Hat USA 2025 NOC.

Palo Alto Networks is the official Firewall and XDR/SIEM/SOAR provider for the Black Hat NOC.

In the Black Hat NOC, we collaborate with competition because the real enemy is not another vendor but rather the adversary.

Cisco XDR has an integration module to integrate with Cortex XDR which offers enrichment capability for both EDR detections and Firewall detections.

SnortML False PositivesWhat tripped up SnortML at Black Hat?

3: SnortML false positive, enlargedIn particular the %3d%3d (which decodes to ==) at the end stood out as encoding that likely tripped the detection.

We saw many different attack permutations for these two event types at Black Hat.

The screenshot below shows the payloads from a set of SnortML events, with the alerting packets downloaded into Wireshark.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

Background: The Unique Landscape of the Black Hat NOCOperating the Black Hat Security and Network Operations Center (NOC) presents a unique set of challenges and expectations.

1: Cisco FMC intrusion alert and traffic analysisThe following details were particularly notable:The intrusion alert was classified as high priority and categorized as Attempted Administrator Privilege Gain.

Phase 4: Risk Analysis and MitigationAs a final step we reached out to the Black Hat engineering team to inquire if the registration server was vulnerable to CVE-2025-31324.

We confirmed that both of these criteria were not met, and hence the Black Hat registration server was not vulnerable to CVE-2025-31324.

Reso…

The net result is that I used packet-level analysis 99% more often to tremendous effect in my SOC analyst investigations.

“I used packet-level analysis 99% more often to tremendous effect in my SOC analyst investigations.”Fig.

The integration also supports real-time and historical traffic analysis, allowing me to correlate live threat intelligence with past network activity.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

For more information, please visit the Black Hat website.

Additional Contributor: David KellerMonitoring DNS is essential to gain a high-level understanding of network usage trends at Black Hat.

At Black Hat USA 2025, we started blocking encrypted DNS requests on event networks using Umbrella DNS to ensure we had maximum visibility into user traffic.

We’ve monitored this campaign at major sporting events, Black Hat Asia, RSAC and Cisco Live this year.

4: Black Hat USA 2024, top DNS categoriesSee you at Black Hat Europe!

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

Background: The Unique Landscape of the Black Hat NOCOperating the Black Hat Security and Network Operations Center (NOC) presents a unique set of challenges and expectations.

On August 3, 2025, multiple hosts from a Black Hat USA training class were observed conducting unauthorized port scans against external infrastructure associated with an aviation organization.

Vigilance in Training Environment: Even in controlled, educational settings like Black Hat, continuous monitoring and swift response are paramount.

Even in controlled, educational settings like Black Hat, continuous monitoring and swift response are paramount.

Driven by the needs of the community, Black Hat events showcase conte…

Cisco is a proud partner of the Black Hat NOC (Network Operations Center), as the Official Security Cloud Provider, celebrating our 10th year protecting Black Hat, the longest of any partner.

Ivan Berlinson built an integration with Cisco XDR and Palo Alto Networks firewalls two years ago for Black Hat USA 2023.

Starting at Black Hat Europe 2025, we recommended our partners at Jamf assume the mantel of MDM provider to Black Hat.

Together, they managed and secured over 1,000 iOS devices for Black Hat USA.

Learn More About Cisco at Black Hat USADig deeper into the innovation, threat hunting and integrations with our Black Hat USA blogs:We are already planning for more innovation at Black Hat …

During the Black Hat Europe show, we piloted Duo Directory and with the successful testing there, we did a full deployment at Black Hat Asia 2025.

At Black Hat USA 2025, we expanded the SSO access to Endace.

4: Duo SSO interfaceAdministrative Units, a net new addition to Black Hat USA 2025, was fully embraced by the NOC leadership.

6: Role assignment interfaceHere’s a quick overview of the key enhancements:Feature Black Hat Europe Back Hat Asia ’25 Black Hat USA ’25 Duo as IdP & SSO No Yes Yes Duo Directory Tested/Piloted Full authoritative source Full authoritative source Global Enrollment Policy Required for onboarding Required for onboarding Required for onboarding Admin Units & Roles Fi…

The team works to bring the innovation from Black Hat to Splunk and XDR users, and published the new XDR Automate Templates for Splunk Cloud and Splunk Enterprise to Create XDR Incident.

1: Cisco XDR Automate ExchangeYou can then install the templates, just as we did at Black Hat.

This integration delivers significant power and insight, and we plan to enhance it further in upcoming Black Hat events.

We look forward to more advancements for Black Hat Europe 2025, where Ivan Berlinson will again be onsite to drive innovation.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

Harvest TACACS+ Traffic: Traditional TACACS+ encrypts only the password field, leaving usernames, authorization messages, accounting exchanges, and commands in plaintext, vulnerable to interception.

Exfiltrate Data: TACACS+ sessions and device configurations were quietly collected and sent offshore for analysis, masquerading as normal admin traffic.

Evade Detection: By analyzing plaintext accounting data, attackers understood log patterns and cleared traces (e.g., .bash_history, auth.log) to cover their tracks.

This implementation leverages TLS 1.3 to provide:Full-Session Encryption : All TACACS+ traffic – usernames, authorization replies, commands, and accounting data is encrypted, elimina…

This paper presents a systematic approach to identifying publicly exposed LLM servers, focusing on instances running the Ollama framework.

Our study uncovered over 1,100 exposed Ollama servers, with approximately 20% actively hosting models susceptible to unauthorized access.

To assess the real-world implications of these concerns, we leverage the Shodan search engine to identify exposed Ollama servers and evaluate their security configurations.

In the first stage, Shodan is queried to identify publicly accessible Ollama servers based on distinctive network signatures or banners.

LimitationsWhile the proposed system effectively identified a substantial number of exposed Ollama servers, seve…

Microsoft Azure is announcing the start of Phase 2 multi-factor authentication enforcement at the Azure Resource Manager layer, starting October 1, 2025.

The post Azure mandatory multifactor authentication: Phase 2 starting in October 2025 appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs).

Microsoft.Storage/storageAccounts/delete – Deletes the Azure storage account, which contains and organization’s Azure Storage data objects: blobs, files, queues, and tables.

The threat actor abused the Azure Storage encryption scopes feature and encrypted the Storage blobs in the Azure Storage accounts.

Mitigation and protection guidanceMicrosoft recently implemented a change in Microsoft Entra ID that restricts permissions on the Directory Synchronization Accounts (DSA) role in Mi…

As a result, for a third year a row, Microsoft has been ranked number one for modern endpoint security market share in the IDC report, “Worldwide Modern Endpoint Security Market Shares, 2024.” Our market share grew from 25.8% in 2023 to 28.6% in 2024, at a 28.2% growth rate.

As IDC notes in their report, the endpoint security market “is growing in response to an increasingly sophisticated threat” powered by AI.

It’s been a leap in our security maturity level, and with the native interoperability of our Microsoft security solutions, we achieved it much faster than we expected.” —Glauco Sampaio, Chief Information Security Officer, CieloWorldwide Modern Endpoint Security 2024 Share SnapshotSou…

Common failure points in autonomous agentsDespite their impressive capabilities, AI agents can still make mistakes.

Extending Microsoft Security to meet the momentTo meet organizational needs that come with autonomous agents, Microsoft is building on a strong foundation and extending our existing security products to meet the unique demands of the agentic era, grounded in a Zero Trust approach that protects both people and AI agents.

brings robust data security and compliance controls to AI agents, helping organizations prevent data oversharing, manage regulatory requirements, and gain visibility into AI-specific risks.

Learn more with Microsoft SecurityTo learn more about Microsoft Securit…

ClickFix landing page impersonating the US SSAThe landing page presented the user with a CAPTCHA human verification pop-up, which was part of the ClickFix technique.

ClickFix instructions from the spoofed US SSA domainMalvertisingMalvertising is another popular delivery method that leads to ClickFix landing pages.

Microsoft Defender Threat IntelligenceMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

For the latest security research from the Micros…

It is also an opportunity for every organization to address legacy technology and practices and implement improved cryptographic standards.

Creating a Quantum Safe ProgramIn 2023, Charlie Bell, Executive Vice President for Microsoft Security, outlined Microsoft’s vision to build a quantum-safe future, which led to the creation of the Microsoft Quantum Safe Program (QSP).

Foundational security componentsMicrosoft has integrated PQC algorithms into foundational components like SymCrypt, the primary cryptographic library that provides consistent cryptographic security across Windows, Microsoft Azure, Microsoft 365 and other platforms.

To learn more about Microsoft Security solutions, visit our…

The embedded payload is the PipeMagic malware, a modular backdoor that communicates with its C2 server over TCP.

Internal linked list structuresIn our analysis, we identified the use of four distinct doubly linked list structures, each serving a unique function within the backdoor’s architecture:Payload linked list: Stores raw payload modules in each node, representing the initial stage of modular deployment.

Instead, it delegates this task to a network module in the network linked list.

In the sample analyzed, the network module data is embedded within the backdoor binary.

Decrypting network module dataUsing the decrypted module data, the malware populates the following structure represent…

Because security can’t waitThe security community comes together at Microsoft Ignite to explore the latest innovations, share real-world insights, and connect with peers and industry leaders, including Charlie Bell, Executive Vice President, Microsoft Security, and Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

Microsoft Security Forum (Monday, November 17, 2025)Kick off Microsoft Ignite a day early with a half-day pre-conference forum dedicated to security.

Security is a team sport—and Microsoft Ignite is your chance to connect with the best in the business.

Connect with the Security Community at Microsoft Ignite 2025Join Microsoft Security leaders on Tuesday, November…

Microsoft recently spoke with Mario Ferket, Chief Information Security Officer for Dow, about the company’s approach to AI in security.

The post Dow’s 125-year legacy: Innovating with AI to secure a long future appeared first on Microsoft Security Blog.

The Phishing Triage Agent in Microsoft Defender is now available in Public Preview. It tackles one of the most repetitive tasks in the SOC: handling reports of user-submitted phish. The post Announcing public preview: Phishing triage agent in Microsoft Defender appeared first on Microsoft Security Blog.

We’re excited to launch Microsoft Secure Future Initiative (SFI) patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale.

Introducing SFI patterns and practices taxonomyJust as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges.

Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.

Joining the SFI patterns and practices journeySFI patterns and practices is your guide to turning architecture i…

Defender Experts now offers 24/7, expert-driven protection for cloud workloads, beginning with hybrid and multicloud servers in Microsoft Defender for Cloud. Additionally, third-party network signals can be used in Microsoft Defender Experts for XDR to enhance incidents for faster and more accurate detection and response.

The post Elevate your protection with expanded Microsoft Defender Experts coverage appeared first on Microsoft Security Blog.

As a complete Zero Trust access solution, the Microsoft Entra Suite unifies identity governance, protection, verification, and network access security to deliver consistent, granular access controls across your environment.

The Total Economic Impact™ study of the Microsoft Entra SuiteTo quantify the Suite’s impact, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study of Microsoft Entra Suite.

The momentum behind these results is fueling the next wave of Microsoft Entra innovation, as mentioned later in this blog and which will be highlighted this week at the Microsoft Entra Suite Summer Camp!

Microsoft Entra Suite empowers organizations to converge acc…

The combination of the individual Microsoft identity solutions is great.

The Identity Security initiative offers an identity-specific view of recommended actions from across on-premises and cloud identities, identity infrastructure, and third-party identity providers.

Where the integration truly shines, however, is our identity threat response capabilities.

Microsoft Identity Threat Detection and Response Get comprehensive protection for all of your identities and identity infrastructure.

Learn more about Microsoft Identity Threat Detection and Response.

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service .

The block will expire shortly after those requests stop.

In the meantime, solving the above CAPTCHA will let you continue to use our services.This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests.

If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible.

Learn more Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very qu…

At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos.

Pixel Camera attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

Google Photos attaches Content Credentials to JPEG images that already have Content Credentials and are edited using AI or non-AI tools, and also to any images that are edited using AI tools.

Building a More Trus…

Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics.

Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification.

This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar.

With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads.

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the hi…

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts.

Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and distribute provenance.

With an estimated value exceeding $12 trillion, open source software has never been more integral to the global economy.

For publishers and maintainers of open source packages, OSS Rebuild can...

If you're a developer, enterprise, or security researcher interested in OSS security, we invite you to follow along and get involved!

Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures.

This is particularly useful for Advanced Protection users, since in 2023, plaintext HTTP was used as an exploitation vector during the Egyptian election.

JavaScript Optimizations and Security Advanced Protection reduces the attack surface of Chrome by disabling the higher-level optimizing Javascript compilers inside V8.

Javascript optimizers can be disabled outside of Advanced Protection Mode via the “Javascript optimization & security” Site Setting.

We…

Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approachGoogle has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle.

From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level.

Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article.

Moving forwardOur comprehensive prompt injection security strategy strengthens the overall security framework for Gemini.

The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

To safeguard Chrome’s users, and preserve the integrity of the Chrome Root Store, we are taking the following action.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described in this blog post by installing the corresponding root CA certificate as a locally-trusted root on the platform Chrome is running (e.g., install…

Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems.

In 2019, using the same physical assumptions – which consider qubits with a slightly lower error rate than Google Quantum AI’s current quantum computers – the estimate was lowered to 20 million physical qubits.

Normally more error correction layers means more overhead, but a good combination was discovered by the Google Quantum AI team in 2023.

Another notable error correction improvement is using "magic state cultivation", proposed by the Google Quantum AI team in 2024, to reduce the workspace required for certain basic quantum operations.

These algorithms can already be deployed to d…

Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.

Now, Google Play Protect live threat detection will catch apps and alert you when we detect this deceptive behavior.

We’ve made Google Play Protect’s on-device capabilities smarter to help us identify more malicious applications even faster to keep you safe.

Google Play Protect now uses a new set of on-device rules to specifically look for text or binary patterns to quickly identify malware families.

This update to Google Play Protect is now available globally for all Android…

To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users.

Advanced Protection gives users:Best-in-class protection, minimal disruption: Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Defense-in-depth: Once a user turns on Advanced Protection, the system prevents accidental or malicious disab…

Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data.

Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts.

Chrome has always worked with Google Safe Browsing to help keep you safe online.

Standard Protection users will also benefit indirectly from this feature as we add newly discovered dangerous sites to blocklists.

Beyond tech support scams, in the future we plan to use the capabilities described in this post to help detect other popular scam types, such as package tracking scams and unpaid toll scams.

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers.

This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources.

Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1).

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1…

In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library.

These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy.

These features are why we recommend Sigstore’s signing mechanism as the default approach for signing ML models.

Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods.

This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional so…

The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome.

It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy.

Last spring, the Chrome Root Program led ecosystem-wide experiments, emphasizing the need for linting adoption due to the discovery of widespread certificate mis-issuance.

We recently landed an updated version of the Chrome Root Program Policy that further aligns with the goals outlined in “Moving Forward, Together.” The Chrome Root Program remains committed to proactive advancement of the Web PKI.

We continue to value collaboration with web…

We’re excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.

What is a Titan Security Key?

How do I use a Titan Security Key?

Where can I buy a Titan Security Key?

You can buy Titan Security Keys on the Google Store.