Как инициатива Брюсселя стала главной угрозой для приватности и безопасности граждан.

Российские компании успешно испытали передачу данных через спутники «Гонец».

Что это изменит для разработчиков?

Юристы отследили цифровой след до Аризоны и обвинили мужчину в построении нелегальной инфраструктуры.

Qt 6.10 прокачал поддержку macOS, iOS и Linux, а также добавил генератор JNI-кода.

Фонд «Самрук-Қазына» доверил часть управления искусственному интеллекту.

Ты должна была бороться со злом, а не примкнуть к нему…

Абсолютно каждый смартфон в зоне действия становится мишенью.

Компания Sikorsky ломает привычки авиации.

Пациент Neuralink поделился маленькой, но очень важной победой.

Избыточные разрешения, уязвимый код, утечки данных — это не полный список тех опасностей, что в себе несут бесплатные VPN-сервисы.

Новый культ среди разработчиков оказался миной замедленного действия.

Сера, не похожая на земную — учёные наткнулись на аномалию с доисторическим привкусом.

Модули BI.ZONE GRC 1.30.0BI.ZONE GRC состоит из пяти модулей, каждый из которых выполняет отдельные функции.

Модуль «Метрики» в BI.ZONE GRC 1.30.0BI.ZONE CubiНа платформе недавно внедрён ИИ-ассистент BI.ZONE Cubi.

Отправка уведомлений в BI.ZONE GRC реализована через встроенные механизмы оповещений, доступные как внутри самой платформы, так и посредством электронной почты.

Системные требования BI.ZONE GRC 1.30.0Облачная версия BI.ZONE GRC 1.30.0 подключается мгновенно и не требует подготовки.

Подсчёт финансовых и трудозатрат, человеко-часов, с использованием BI.ZONE GRC и без неёВыводыBI.ZONE GRC 1.30.0 — платформа для автоматизации управления киберрисками.

В первом опросе зрители ответили, что используется в их компании для анализа трафика: IDS / IPS — 60%, NTA / NDR — 30%, ничего — 10%.

Что в вашей компании используется для анализа трафика?

Есть стандарты Банка России (они больше рекомендательные), там часто упоминается анализ трафика: как реагировать аналитику, на что обращать внимание.

Прогнозы: как изменится роль анализа трафика в SOC 2.0Михаил Пырьев:«NTA и NDR будут ядром наряду с решениями EDR, SIEM, SOAR, киберразведки (TI).

Станислав Грибанов:«В России все системы NTA и NDR на 50% будут опираться не на сигнатурную логику.

Среди прочего там предлагают частичную отмену льгот для ИТ-компаний, включая отказ от освобождения уплаты НДС при продажах реестрового ПО и удвоение страховых выплат.

Главный инвестиционный консультант ИК «ВЕЛЕС Капитал» Дмитрий Сергеев оценил рост поступлений от повышения НДС в 1 трлн рублей.

По мнению технического директора ГК «Цифровые привычки» Дмитрия Романова, отмена освобождения от НДС скажется и на компаниях, специализирующихся на заказной разработке.

По его мнению, это приведет к росту цен и уменьшению привлекательности данных услуг, и, как следствие, к падению количества заказов.

Это может привести к существенному росту цен на ПО, который, скорее всего, окажется выше самой налогов…

ВведениеТема перехода на российские NGFW сегодня является самой яркой на всей палитре программы импортозамещения в области ИБ.

Критерии выбора российских NGFWВыбор NGFW на практике не ограничивается только чтением заказчиком характеристик и проверкой на соответствие своим ограничениям.

На нынешнем этапе Илья Корнеев видит главную причину недостаточной производительности российских NGFW — это отсутствие применения дополнительных средств ускорения обработки трафика.

Все варианты ускорения обработки для российских NGFW ограничены только оптимизацией на платформе x86, отметили участники.

Сложившееся мнение, что российские NGFW хорошо справляются со своей задачей защиты, омрачается низкой защище…

Формальный подход к комплаенсу приводит не только к техническим инцидентам, но и к прямым рискам для бизнеса: финансовым и репутационным потерям.

Функциональные возможности САКУРА 3САКУРА предназначена для обеспечения контроля политик безопасности защищённости рабочих мест в организациях с распределённой инфраструктурой.

Рабочее место в САКУРА 3Проверка РМ и реагирование на нарушенияДля проверки рабочего места на соответствие политикам безопасности необходимо обратиться к правилам контроля.

Это новый механизм в САКУРА, реализованный в виде последовательности команд, где каждая команда зависит от результата выполнения предыдущего действия.

Сценарий «Переход РМ в онлайн»ВыводыСАКУРА 3 — это п…

Не так давно Яндекс объявил о выходе релизной версии набора онлайн-редакторов офисных документов «Яндекс Документы Новый редактор».

Он должен стать альтернативой Google Документам как для обычных пользователей, так и для бизнеса любых размеров.

Уже 10 сентября 2025 года Яндекс объявил о завершении бета-тестирования и старте использования «Яндекс Документы Новый редактор» с расширенным набором функций.

Как утверждают в Яндексе, новый продукт подходит как для обычных пользователей, так и для компаний.

Также пользователи платной версии Яндекс 360 могут развернуть все сервисы, включая офисные редакторы, внутри корпоративного контура.

BI.ZONE PAM 2.3 — система управления привилегированным доступом по модели «нулевого доверия» (Zero Trust).

Функциональные возможности BI.ZONE PAM 2.3В рамках серии видео «Эволюция российских PAM» уже была распаковка платформы BI.ZONE PAM.

Схема работы BI.ZONE PAM 2.3BI.ZONE PAM 2.3 реализует принципы «нулевого доверия» на архитектурном и прикладном уровне.

Заведение целевого ресурса в BI.ZONE PAM 2.3Ресурс идентифицируется по типу подключения и по уникальному набору атрибутов: IP-адресу, порту, FQDN.

Отключение пользователя в BI.ZONE PAM 2.3Помимо реагирования в ручном режиме, BI.ZONE PAM 2.3 предлагает также автоматическую блокировку нежелательной активности.

Запущенная проверка может пройти неуспешно, на это есть разные причины — нет сетевой связности, отработало СЗИ, обновилось приложение.

Омар Ганиев, основатель DeteActМаксим Пятаков уверен, что в ближайшее время BAS будет развиваться в сторону встраивания в процессы (модернизация интерфейса, API).

Использование ИИ в автоматизации проверокВиктор Бобыльков поинтересовался, насколько реально применение ИИ для приоритизации и моделирования атак.

Виктор Бобыльков, директор по кибербезопасности MWS CloudОмар Ганиев уверен, что в конечном итоге ИИ сможет реализовать всё, что делают люди.

Её главная ценность заключается не в замене специалистов, а в их усилении.

Хорошо, когда стандартизация сочетается с гибкостью, а сама база не только перечисляет бреши, но и обогащает их экспертизой по устранению уязвимостей.

Если база не содержит проверок для хотя бы части из этих технологий, отчёты сканирования будут неполными, а уязвимости останутся невыявленными.

Экспертная верификация: почему «машина» не справится однаАвтоматическая обработка данных необходима, когда речь идёт о тысячах новых уязвимостей в месяц.

Настоящее качество сканирования проявляется не в их отсутствии, а в том, насколько быстро они выявляются, исправляются и превращаются в доработанные проверки.

Гибкость: адаптация под заказчикаДаже самая полная база уязвимостей не может охватить абсол…

Как и на других ивентах, здесь проводятся круглые столы, можно познакомиться с презентациями вендоров и интеграторов, узнать о новых решениях.

Межсетевой экран DNS выполняет в том числе и те функции защиты, что и обычный файрвол.

Защита осуществляется путем фильтрации трафика, проходящего через конечные точки DNS, с его проверкой по определённым правилам и с учетом выбранных политик.

Конференция IT Elements 2025 проводилась на территории выставочного пространства TAUРеализация Zero Trust на стороне DNSИтак, напомнив, что именно можно контролировать на уровне DNS-системы, рассмотрим, как эта задача реализована в корпоративной системе «Банка Инго», детали которой раскрыл в своём докладе Никол…

ВведениеИ в России, и в мире в виртуальной среде работает 95% серверов.

До известных событий почти весь российский рынок систем виртуализации принадлежал зарубежным поставщикам «большой тройки» — VMware, Microsoft, Citrix.

Ответы зрителей AM Live об использовании систем виртуализации в 2023–2024 гг.

Во главу угла ставились функциональные возможности, тогда как природа ПО, как отметил независимый эксперт Сергей Коняшкин, дело десятое.

Николай Петров также назвал высокую трудоёмкость администрирования характерной чертой российских систем виртуализации.

Таймер обратного отсчёта в eXpress 3.48Во-вторых, для пользователей, находящихся дома или в общественных местах, добавлена функция размытия фона и индивидуальные виртуальные фоны.

Выбор виртуального фона в eXpress 3.48В-третьих, для предотвращения утечек конфиденциальных данных приложение сигнализирует, если в чате находится пользователь публичного сервера.

Способы входа в eXpress 3.48Работа с контактамиПоиск аккаунтов в системе достаточно прост — после ввода нескольких символов пользователю предоставляется выбор предположительных контактов.

Обмен контактами в eXpress 3.48Работа с чатамиПользователи по-разному могут взаимодействовать друг с другом в eXpress.

Запросы на логаут в eXpress 3.48…

О перспективах ИИ в бизнесе беседовали эксперты в новом «синем» эфире AM Live.

Практические примеры применения машинного обучения и ИИДмитрий Макаренко:«Обычно учёные разделяют ИИ на узкий (слабый) и сильный.

К слабому люди уже привыкли и используют, не задумываясь, что это именно искусственный интеллект.

Четвёртый опрос показал, как изменилось мнение зрителей о применимости ИИ в бизнесе после эфира: убедились в его пользе и перспективах — 56 %, будут активнее внедрять ИИ в своей компании — 28 %, всё ещё сомневаются, что ИИ полезен — 8 %.

В конечном счёте, выбор и использование платформы ИИ — это стратегическая инвестиция в будущее компании, которая позволяет трансформировать данные в реаль…

Скала^р МИИ — ПАК для обучения и исполнения моделей ИИ с гарантированной производительностью и отказоустойчивостью, обеспечивающий совместимость аппаратных и программных компонентов с решениями ИИ.

Высокий порог входа в ИИ, как по финансовым затратам, так и по времени внедрения инструментов и культуры работы с ИИ в периметр компании.

Неструктурированность, неполнота, пропуски и другие недостатки массивов данных, сложность их обработки для получения достоверных результатов и применения технологий машинного обучения и ИИ и др.

Функциональные возможности Машины ИИ Скала^р 1.0Скала^р МИИ предоставляет пользователю широкие возможности для работы с моделями искусственного интеллекта и управления …

Рассказываем и показываем, как обеспечить максимальный уровень защиты данных в объектном хранилище S3 на примере Object Storage от VK Cloud.

От теории к практике: алгоритм использования Object Lock на примере Object Storage от VK CloudЧтобы разобраться в принципах использования Object Lock, рассмотрим пошаговый алгоритм защиты критических данных на примере работы с объектным хранилищем Object Storage.

— домен сервиса Object Storage, должен соответствовать региону аккаунта: https://hb.vkcloud-storage.ru или https://hb.ru-msk.vkcloud-storage.ru — домен региона Москва; https://hb.kz-ast.vkcloud-storage.ru — домен региона Казахстан.

— домен сервиса Object Storage, должен соответствовать регио…

Рассказываем и показываем, как обеспечить максимальный уровень защиты данных в объектном хранилище S3 на примере Object Storage от VK Cloud.

От теории к практике: алгоритм использования Object Lock на примере Object Storage от VK CloudЧтобы разобраться в принципах использования Object Lock, рассмотрим пошаговый алгоритм защиты критических данных на примере работы с объектным хранилищем Object Storage.

— домен сервиса Object Storage, должен соответствовать региону аккаунта: https://hb.vkcloud-storage.ru или https://hb.ru-msk.vkcloud-storage.ru — домен региона Москва; https://hb.kz-ast.vkcloud-storage.ru — домен региона Казахстан.

— домен сервиса Object Storage, должен соответствовать регио…

Доступ к грамотному выстраиванию процессов в сфере информационной безопасности должен быть у каждой компании, даже со скромным бюджетом — именно такой подход исповедуют в компании SECURITM.

Задача: подготовиться к проверке прокуратуры по КИИНа предприятие поступило требование от прокуратуры о проведении надзорных мероприятий по факту исполнения законодательства в области критической информационной инфраструктуры (КИИ).

Благодаря комплексной работе в SECURITM Community предприятие смогло оперативно собрать доказательную базу, выстроить понятную логику исполнения требований и успешно пройти проверку прокуратуры.

Мы постоянно создаем новый контент и делимся им в SECURITM Community», — рассказы…

OpenSearch, Elastic или Kibana и подобные им инструменты — уже давно стандарт для поиска и визуализации логов, ведь они удобны, у них мощная поисковая система.

Связка AI-агентов, MCP и LLMЕсли использовать связку из AI-агентов, MCP и LLM, задача решается поэтапно, без попыток обработать все и сразу, объем данных, попадающих в LLM, минимизируется.

PythonDeveloper принимает на вход схему и цели анализа и генерирует Python-скрипт для обработки логов.

Итоги и перспективыС этим подходом пользователь может сформулировать задачу естественным языком — и получить готовый отчет или скрипт для анализа, не привлекая программиста.

То есть рутинные задачи анализа логов автоматизированы, получить аналитик…

Однако даже в хорошо изученных алгоритмах скрываются неочевидные математические свойства, которые могут быть использованы как для укрепления безопасности, так и для обнаружения уязвимостей.

В этой статье мы глубоко погрузимся в один из таких феноменов: почему структура параметров в ECDSA остаётся детерминированной даже при идеально случайной генерации секретного числа .

Математическая структураТорическая природа пространстваПоскольку все вычисления в ECDSA выполняются по модулю , пространство образует двумерный тор — циклическую структуру с соединёнными границами.

Это подтверждает, что даже при случайной генерации структура подписей не случайна — она отражает топологию тора, определяемую се…

После просмотра образа в HEX-редакторе стало ясно, что в видеорегистраторе использовалась проприетарная файловая система «HIKVISION» (см.

Чтобы прочитать записи из журналов событий, мы воспользовались утилитой «Hikvision MVA», но результат ее работы разочаровал.

На просторах интернета удалось найти описание событий, которые видеорегистратор ведет в своих журналах, а также то, что журналов 5 (рис.

Первоначально видеозаписи могли ввести в заблуждение из-за смещённого времени, но именно системные журналы позволили восстановить подлинную последовательность событий.

Иногда истина скрыта не в кадрах, а в цифровых следах, которые остаются в кодах и записях системы.

В этой и следующих своих статьях я расскажу, какие подходы для обеспечения безопасности мы, как DevSecOps, используем в CUSTIS.

Векторы атакиДля начала давайте определимся с основными векторами атаки на компании, которые занимаются разработкой ПО, по состоянию на 2025 год.

Нужно открыть корпоративный портал и как минимум посмотреть, настоящий адрес сотрудника в этом письме или это что-то другое.

Кстати, сейчас активно идёт сбор голосовой информации, так что не спешите отвечать на все вопросы роботов в телефонных звонках.

В следующей статье я продолжу тему роли DevSecOps в обеспечении безопасной разработки ПО и планирую рассказать про кейс misconfiguration attack в проекте Modeus.

Неидеальным, но хотя бы честным - что сняли (пусть и плохенько), то и показали.

Но недавно риелторы и владельцы съемного жилья распробовали бесплатный ИИ и понеслось.

Поскольку студентка точно ничего не ломала, она стала внимательно изучать приложенные фотографии и нашла артефакты ИИ.

ЗаключениеБороться с ИИ - занятие неблагодарное и очевидно, что ИИ будет становиться только лучше и доступнее.

Проблему усугубляет, то, что пока ни в одной стране нет четких законов, регулирующих применение нейросетей в бытовой сфере.

Ему не интересно, как и что настроено на сервере, главное, чтоб все работало и не создавало ему проблем.

3) организовать fork-бомбу, уже не на php, а с помощью shell команды.

По подобному пути предлагаем идти и мы в рамках ОС «МСВСфера» 9 для хостинга, но с использованием новых технологий.

Для каждого слайса — листика дерева, настраиваются необходимые значения для нужной подсистемы (cpu.max для cpu, memory.max для памяти и т.д).

Изоляция и ограничение пользователей — это must-have для современного хостинга, так как позволяет уплотнить пользователей на сервере, ограничить их влияние друг на друга и на сервер в целом.

Дисклеймер: Статья носит исключительно информационный характер и не является инструкцией или призывом к совершению противоправных действий.

Будем считать, что в городе N уезда K произошла следующая ошибка.

Меня зовут Аня (SavAnna) я работаю AppSec и как хобби занимаюсь багбаунти.

Было найдено IDOR удаления заказа и его инвойса DELETE /remove?userid=1334&orderid=1212.

Так как заказ и инвойс связаны.

Предположим, что Red Team в ходе проведения тестирования получает в свое распоряжение:Закрытый ключ корневого УЦ облачной инфраструктуры "local".

Банкротство компании: Материнская компания DigiNotar, VASCO, понесла убытки в сотни миллионов долларов, и в течение нескольких месяцев DigiNotar была объявлена банкротом.

https://www.securitylab.ru/news/tags/DigiNotar/Comodo Group (2011) — Атака произошла почти одновременно с атакой на DigiNotar, что указывает на системную уязвимость модели доверия того времени.

Компрометация PKI ведет не просто к утечке данных, а к подрыву самого фундамента цифрового доверия, что может уничтожить компанию (как DigiNotar).

Сегрегация PKI: Используйте разные цепочк…

В первой части публикации рассказывается о том, как Кристофер Аллен задумал создать новый децентраизованный безопасный интернет, придумал название Self-Sovereign Identity (SSI) и в 2016 году начертал на скрижалях десять заповедей SSI.

Легко видеть, что в составе ядра «Гордиевой архитектуры» есть спецификация Entropy, которая относится к такому порождению начального значения.

Несмотря на все эти сомнения, он все еще взволнован тем, какого прогресса удалось достичь за прошедшие пять лет.

Эти компромиссы, пишет Аллен, привели к эрозии уникальной ценности SSI в сравнении с централизованными правительственными подходами.

В результате Apple и Google со своими стандартами mDL/mDoc и усилиями по фе…

Мой друг Клод со второй попытки сгенерировал картинку по словесному описанию и даже сделал ее интерактивной, но сейчас это не нужно.

Эта некоммерческая организация привлекла и организовала совместную работу множества специалистов, увлеченных идеями децентрализованной идентичности и других цифровых активов.

Понимание приватности отличается для Европы и для США, между либертарианцами и общественными деятелями, между развитыми и развивающимися странами, между женщинами и мужчинами.

Проблема в том, что организации могут исчезать — и в Интернете большинство из них в конечном итоге исчезает.

Отметим, что это согласие может быть не интерактивным, но оно должно быть осознанным и хорошо понимаемым.

На сайте злоумышленников появились образцы похищенных у компании отчетов о взаимодействии с клиентами, и хакеры утверждают, что потребовали у Red Hat выкуп, но пока не получили ответа.

На прошлой неделе вымогательская группировка Crimson Collective заявила о краже 570 ГБ данных из 28 000 внутренних репозиториев Red Hat.

Тогда злоумышленники сообщили, что украденные данные содержат около 800 CER-отчетов (Customer Engagement Reports), в которых можно найти конфиденциальную информацию о сетях и платформах заказчиков.

В итоге группировка объявила, что объединилась с Scattered Lapsus$ Hunters и на недавно запущенном «сайте для утечек» ShinyHunters были опубликованы образцы украденных у Red Hat д…

Специалисты Data Leakage & Breach Intelligence (DLBI) провели исследование российского рынка утечек данных за январь–сентябрь 2025 года.

По их данным, владельцы ботов-пробивщиков скупают даже небольшие базы данных, содержащие потенциально интересную информацию, и порой тратят на это тысячи и даже десятки тысяч долларов.

По сравнению с тем же периодом прошлого года число утечек снизилось почти в четыре раза, а их объем – почти в шесть раз.

Лидерами по количеству утечек стали сегменты логистики (почти 60% утекших данных), ретейла (20% данных) и государственных организаций (6% данных).

Однако, несмотря на тренд на снижение числа утечек, реальные темпы этого снижения не так велики, говорит осно…

Пожары и «цифровой паралич»Первый пожар произошел 26 сентября в здании Национальной службы информационных ресурсов (­NIRS) в городе Тэджон и продолжался более 22 часов.

По данным CNN и Korea Herald, причиной возгорания стало воспламенение литий-ионных аккумуляторов системы бесперебойного питания, которые в момент инцидента заменяли и переносили в подвал здания.

Спустя неделю после первого инцидента, 3 октября, произошел второй пожар — на этот раз в дата-центре компании Lotte Innovate, также расположенном в Тэджоне.

К настоящему времени полиция провела обыски в штаб-квартире NIRS и на предприятиях, связанных с поставкой системы бесперебойного питания.

Теория о связи с КНДРПараллельно с рассл…

Мы публикуем текст обращения, направленного министру цифрового развития с целью остановить принятие поправки к закону «Об информации», которая значительно затруднит работу как «Хакера», так и других обучающих ресурсов и площадок, связанных с кибербезопасностью.

Министру цифрового развития,Шадаеву Максуту ИгоревичуОбращениеУважаемый Максут Игоревич, цель данного обращения — предупреждение о потенциальной угрозе для информационной безопасности нашей страны.

Против поправки проголосовали 2000 граждан России.

Только так — делая публикации и делясь с коллегами информацией об атаках и вредоносных программах — можно сформировать защиту от внешних угроз и действий внутренних мошенников.

Достаточно …

Онлайн-конференция по информационной безопасности CyberCamp 2025 пройдет с 20 по 25 октября.

В первый день состоится церемония открытия, а с 21 по 23 октября ИБ-эксперты поделятся своими знаниями в формате докладов.

Среди спикеров — специалисты по реагированию на инциденты и цифровой криминалистике, архитекторы информационной безопасности, аналитики угроз, эксперты по мониторингу и другие профессионалы.

21 октября, среди прочих, запланированы доклады на следующие темы:«XDSpy: новости об одной из самых скрытных APT-группировок»;«Специалист по информационной безопасности в отпуске?

Пообщаться с единомышленниками можно в комьюнити «Hello, CyberCamp» в Telegram.

В конце сентября 2025 года на второе место по популярности в Apple App Store вышло приложение Neon, которое платило пользователям за запись их телефонных звонков и продавало данные ИИ-компаниям.

Однако вскоре в Neon обнаружили уязвимость, которая позволяла любому желающему получить доступ к телефонным номерам, записям звонков и расшифровкам разговоров пользователей.

Также приложение предлагало вознаграждения за привлечение новых пользователей.

Проблема усугублялась тем, что серверы Neon позволяли получить доступ к записям звонков и их расшифровкам для других пользователей.

Представители Apple и Google не ответили на запрос издания о комментарии и о том, соответствует ли Neon правилам их пло…

Команда безопасности Redis выпустила патчи для критической уязвимости, которая позволяет атакующим осуществлять удаленное выполнение произвольного кода.

Успешная эксплуатация бага позволяет сбежать из Lua-песочницы, спровоцировать use-after-free, установить реверс-шелл для постоянного доступа и добиться удаленного выполнения кода на целевом Redis-хосте.

После компрометации хоста атакующие могут похитить учетные данные, развернуть малварь, извлечь конфиденциальные данные из Redis, осуществить боковое перемещение, распространив атаку на другие системы в сети жертвы, или использовать украденную информацию для доступа к облачным сервисам.

Хотя для успешной эксплуатации бага атакующим нужно полу…

Зима близко, но бейсболки «Хакера» актуальны круглый год.

Четыре модели с объемной вышивкой и удобной посадкой ждут своих владельцев.

Каждая бейсболка сделана, чтобы служить долго: плотная ткань держит форму, прочный регулятор на кнопке подстраивается под любой объем головы, а лаконичный дизайн делает ее уместной на митапе, на улице или на встрече с коллегами.

Бейсболки «Хакера» — это:качество — плотная ткань, комфортная посадка, прочный регулятор на кнопке;— плотная ткань, комфортная посадка, прочный регулятор на кнопке; вышивка — объемная вышивка, которая будет радовать долго;— объемная вышивка, которая будет радовать долго; лаконичный дизайн — носи в офисе, на конференции или на прогулке…

Се­год­ня раз­берем недав­но най­ден­ный баг в WordPress и напишем собс­твен­ный экс­пло­ит на Python.

Уяз­вимость содер­жится в copypress-rest-api, поз­воля­ет обхо­дить зап­рет на ска­чива­ние пла­гина из катало­га WP и добивать­ся воз­можнос­ти исполне­ния команд.

На стра­нице пла­гина на вклад­ке Development оста­лась ссыл­ка на репози­торий copypress-rest-api.

Вот коман­да, которая ска­чает пос­леднюю вер­сию пла­гина в пап­ку plugin на твою машину:svn export https:/ / plugins.

9' services : wordpress : image : wordpress: latest container_name : wp ports : - " 8080: 80" environment : WORDPRESS_DB_HOST : db: 3306 WORDPRESS_DB_USER : wordpress WORDPRESS_DB_PASSWORD : wordpress WORDPRESS_…

Компания Microsoft сообщает, что веб-версия Outlook и новый Outlook для Windows более не будут отображать встроенные SVG-изображения, так как они используются в хакерских атаках.

Развертывание новой защитной меры началось в начале сентября 2025 года, и ожидается, что оно будет завершено для всех пользователей к середине октября 2025 года.

«Встроенные SVG-изображения более не будут отображаться в веб-версии Outlook и новом Outlook для Windows.

Наконец, совсем недавно, в конце сентября 2025 года, Microsoft обнаружила вредоносную кампанию, в которой применялись файлы SVG, созданные с помощью LLM и позволявшие обходить защиту электронной почты.

Отказ от отображения встроенных SVG-изображений в …

Британских клиентов автопроизводителей Renault и Dacia уведомили о компрометации их персональных данных.

Сообщается, что утечка произошла у стороннего подрядчика.

Французский автопроизводитель (Dacia — дочерний бренд Renault), на которого работают более 170 000 сотрудников, и чей годовой объем производства составляет 2,2 млн машин, сообщил, что утечка затронула только клиентов британских подразделений.

Подчеркивается, что инцидент связан с неназванным «сторонним подрядчиком», и системы самой Renault не пострадали.

В Renault подчеркивают, что банковская и финансовая информация клиентов не пострадала.

Специалисты показали, что пассивный DIMM-интерпозер может использоваться для компрометации механизма аттестации DCAP в Intel Software Guard Extensions (Intel SGX).

И если WireTap в основном нацелена на нарушение конфиденциальности, то Battering RAM прежде всего сосредоточена на целостности.

Но суть одна — SGX и SEV можно без труда взломать с помощью вмешательства в память», — пишут эксперты.

После этого они взялись за криптографический механизм SGX и извлекли ключ аттестации машины, потратив на это около 45 минут.

Используя интерпозер против механизма аттестации SGX, мы смогли извлечь секретный ключ аттестации с машины, находящейся в полностью доверенном состоянии, тем самым нарушив безопас…

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape.

"Announced shortly after LockBit's return, the collaboration is expected to facilitate the sharing of techniques, resources, and infrastructure, strengthening each group's operational capabilities," the company noted in its ransomware report for Q3 2025.

The partnership with Qilin is no surprise, given that it has become the most active ransomware group in recent months, claiming a little over 200 victims in Q3 2025 alone.

"In Q3 2025, Qilin disproportionately targeted North America-based organizations," ZeroF…

Attackers don't need advanced tools; they just need one careless login.

This Halloween, The Hacker News and Specops Software invite you to a live webinar: "Cybersecurity Nightmares: Tales from the Password Graveyard" — a chilling reality check every IT leader needs.

You'll explore real-world password breaches, why traditional password policies fail, and how new tools can help you stop attacks before they happen.

🕸️ Make Passwords Secure — and SimplePoor password management doesn't just create risk — it wastes time and hurts productivity.

🎃 Sign up today and end your password nightmares once and for all.

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution.

"The server constructs and executes shell commands using unvalidated user input directly within command-line strings.

Given that the Framelink Figma MCP server exposes various tools to perform operations in Figma using artificial intelligence (AI)-powered coding agents like Cursor, an attacker could trick the MCP client to execute unintended actions by means of an indirect prompt injection.

"This vulnerability is a stark reminder that even tools meant to run locally can become powerful ent…

Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and alerts, all while operating with finite human resources.

Not only can it make security teams more efficient, it can generate insights that would be impossible to gather at scale or in real time without machine assistance.

Deduplication and Correlation: Creating a Clean Risk PictureOne of the biggest obstacles security teams face isn’t the absence of tools, but the overload they create.

Fight Back Against AI: Turn Data Into DefenseAI-powered deduplication and prioritization are the levers that determine whether organizations stay buried in noise or achieve measurable risk reduction.

As adversaries advance…

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development.

The operator also used several ChatGPT accounts to prototype and troubleshoot technical components that enable post‑exploitation and credential theft.

"The operator used a small number of ChatGPT accounts and iterated on the same code across conversations, a pattern consistent with ongoing development rather than occasional testing."

These networks used AI to conduct translation, write messages, and to create content for social media to advertise investment scams.

In two different cases, suspected Chinese accounts asked ChatGPT to identify…

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot.

When launched, the LNK file runs an embedded PowerShell script that reaches out to an external server to download a lure document, a PDF for a marketing job at Marriott.

Furthermore, digital marketing professionals have been one of the main targets of attacks perpetrated by various Vietnamese financially motivated groups, who have a track record of deploying stealer malware to hijack Facebook business accounts.

"The BatShadow threat group continues …

Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits.

The efforts add to the company's ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz.

"By automatically creating and applying high-quality security patches, CodeMender's AI-powered agent helps developers and maintainers focus on what they do best — building good software," DeepMind researchers Raluca Ada Popa and Four Flynn said.

CodeMender, under the hood, leverages Google's Gemini Deep Think models to debug, flag, and fix security vulnerabilities…

A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become.

Almost one in two enterprise employees (45%) already use generative AI tools, with ChatGPT alone hitting 43% penetration.

Compared with other SaaS tools, AI accounts for 11% of all enterprise application activity, rivaling file-sharing and office productivity apps.

Rethinking Enterprise Security for the AI EraThe report's recommendations are clear, and unconventional:Treat AI security as a core enterprise category, not an emerging one.

It's already embedded in workflows, already carrying sensitive data, and already serving as the leading vector for corp…

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts.

If the key is not found, the client sends a 'sendplugin' command to the C2 server, along with the hash."

"The C2 server then responds with the command'savePlugin' along with a base64 encoded string containing the plugin and SHA-256 hash.

Some of the supported plugins in XWorm 6.x (6.0, 6.4, and 6.5) are listed below -RemoteDesktop.dll , to create a remote session to interact with the victim's machine.

"Further investigation of the DLL file revealed multiple XWorm V6.0 Builders on VirusTotal that are themselves infected…

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances.

The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0.

"The problem exists in all versions of Redis with Lua scripting."

As of writing, there are about 330,000 Redis instances exposed to the internet, out of which about 60,000 of them lack any authentication.

"With hundreds of thousands of exposed instances worldwide, this vulnerability poses a significant threat to organizations across all industries," Wiz said.

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware.

According to the tech giant, Storm-1175 is a cybercriminal group known for deploying Medusa ransomware and exploiting public-facing applications for initial access since September 11, 2025.

The attack chain following initial access entails dropping remote monitoring and management (RMM) tools, such as SimpleHelp and MeshAgent, to maintain persistence.

The threat actors have also been observed creating .jsp files within the GoAnywhere MFT directories, often at the same time as the dropped RMM too…

The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability that facilitates remote code execution without authentication.

The Telegram channel has been observed sharing the purported Oracle EBS exploit, while criticizing Graceful Spider's tactics.

The observed activity so far involves an HTTP request to /OA_HTML/SyncServlet, resulting in an authentication bypass.

"The proof-of-concept disclosure and the CVE-2025-61882 patch release will almost certainly encourage threat actors – particularly those familiar with Oracle EBS — to create weaponized POCs and attempt to leverage them against internet-exposed EBS applications," it said.

If you run Orac…

A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS).

According to information shared on its website, BIETA is a "research and development institution" that specializes in communication technology, multimedia information processing technology, multimedia information security technology, computer and network technology application research, and special circuit development.

Other solutions advertised by CIII range from communication simulation to network functionality testing tools, as well as a program called Datacrypt Hummingbird online storage upload software.

That said, th…

In this blogpost, we uncover the first known cases of collaboration between Gamaredon and Turla, in Ukraine.

In April and June 2025, we detected that Kazuar v2 was deployed using Gamaredon tools PteroOdd and PteroPaste.

We believe that Gamaredon compromised the first four machines in January 2025, while Turla deployed Kazuar v3 in February 2025.

TurlaSimilarly, for Turla, we detected the use of Kazuar v2 and Kazuar v3, which we believe are exclusive to that group.

Third chain: Deployment of Kazuar v2 via PteroPasteOn June 5th and 6th, 2025, we detected Gamaredon deploying a Turla implant on two machines in Ukraine.

Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprisesThink your business is too small to be singled out for digital extortion?

Verizon data reveals that, while ransomware comprises 39% of data breaches at large organizations, the figure rises to 88% for SMBs.

How ransomware groups are evolvingTo tackle the threat, you also need to understand who or what’s driving it, and how it’s changing.

How AI is transforming ransomwareAs technology advances, ransomware groups are also changing tack to increase their chances of success.

How to protect your businessA handful of SMBs know to their cost what can happen follow…

ESET researchers have uncovered a new ransomware strain that they have named HybridPetya.

While resembling the infamous Petya/NotPetya malware, it comes with a new and dangerous twist – it adds the ability to compromise UEFI-based systems and weaponize CVE‑2024‑7344 in order to bypass UEFI Secure Boot on outdated systems.

HybridPetya is not actively spreading in the wild, but it's at least the fourth known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality.

What else is there to know about the malware?

Find out in the video with ESET Chief Security Evangelist Tony Anscombe and make sure to read the blogpost.

It is a copycat of the infamous Petya/NotPetya malware, adding the capability of compromising UEFI-based systems and weaponizing CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems.

One of the analyzed HybridPetya variants exploits CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems, leveraging a specially crafted cloak.dat file.

We also separately dissect a version of HybridPetya that is capable of bypassing UEFI Secure Boot by exploiting CVE-2024-7344.

Also, the version deployed with the UEFI Secure Boot bypass uses a different contact email address (wowsmith999999@proton[.

D0BD283133A80B471375 62F2AAAB740FA15E6441 cloak.dat EFI/Diskcoder.A Specially formatted cloak.dat …

According to Verizon, “use of stolen credentials” has been one of the most popular methods for gaining initial access over recent years.

The use of stolen credentials appeared in a third (32%) of data breaches last year, its report notes.

Infostealers are thought to have been responsible for 75% of compromised credentials last year.

Infostealers are thought to have been responsible for 75% of compromised credentials last year.

The gang leveraged a set of stolen credentials to remotely access a server that did not have multifactor authentication (MFA) turned on.

Ransomware is the most obvious: by encrypting critical data, threat actors effectively bring operations to a standstill in the targeted organization.

According to IBM’s Cost of a Data Breach Report 2025, 86% of organizations that suffered a data breach over the past year experienced this sort of operational disruption.

Building proactive resilienceOf course, speed is not the only way to differentiate top-tier MDR services from the rest.

Other related elements you should be looking for include 24/7 monitoring to ensure threat actors are stopped in their tracks, wherever in the world they’re located.

Speed is of the essence here, as threat actors often try to victimize the same organization m…

Stats like these should make protective measures such as data encryption a no-brainer.

By transforming plain text data into an unreadable format, data encryption serves to protect your organization’s most sensitive information, whether at rest or in transit.

The data explosion is also accelerating thanks to growth in AI and large language models (LLMs), which require huge volumes of potentially sensitive data to train.

The data explosion is also accelerating thanks to growth in AI and large language models (LLMs), which require huge volumes of potentially sensitive data to train.

Carriers either may not insure your business if it doesn’t deploy strong data encryption, or else increase premi…

ESET researchers have identified a new threat actor, whom we have named GhostRedirector, that compromised at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam.

GhostRedirector has an arsenal that includes the passive C++ backdoor Rungan, the malicious IIS trojan Gamshen, and a variety of other utilities.

GhostRedirector is not the first known case of a China-aligned threat actor engaging in SEO fraud via malicious IIS modules.

Note the ExeHelper class, which provides a function to execute a file named link.exe – GhostRedirector used the same filename to deploy the GoToHTTP tool.

Table 3.Rungan backdoors commandsParameter Body Description Response mkuser user=&pwd;=&groupname;…

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity newsAs August 2025 comes to a close, ESET Chief Security Evangelist Tony Anscombe reviews a selection of the top cybersecurity stories that moved the needle, raised the alarms or offered vital lessons over the past 30 or so days, as well as offers insights they hold for your own cyber-defenses:Don't forget to check out the July 2025 edition of Tony's monthly security news roundup for more insights.

If left to fester, it can have a significant impact on the mental health and even physical wellbeing of your kids.

In this context, it’s vital that you’re able to spot the warning signs of cyberbullying before things spiral out of control.

They may be embarrassed to tell you, or scared that it could make things worse.

If you’re keen to do so, remember to explain first to your child why you’re doing it.

A worst-case scenarioIf you discover your child is being bullied online, don’t panic.

The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threatsESET researchers have discovered what they called "the first known AI-powered ransomware".

“The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes.

PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption," said ESET researchers.

"The PromptLock ransomware is written in Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal," added the …

Like many online phenomena, half-truths, myths and misconceptions can distort the reality of cyberbullying – and make it harder for you to make the right parenting decisions.

What happens online stays onlineLike many online trends, bullying is enabled by technology, but has its roots deep in the human psyche.

There are many reasons why kids may engage in bullying behavior, from peer pressure to low self-esteem, attention seeking and domestic abuse.

It’s almost impossible to identify online bulliesSometimes the cloak of anonymity online does empower bullies – just as it enables cybercrime to thrive.

Social media platforms are to blameSocial media and messaging platforms are often demonized f…

Keep regulators happy by demonstrating your commitment to fast, effective threat detection and response.

You need enterprise-grade SOC expertise that works like an extension of your IT security team to handle daily monitoring, proactive threat hunting and incident response.

You need enterprise-grade SOC expertise that works like an extension of your IT security team to handle daily monitoring, proactive threat hunting and incident response.

Leading research capabilities : Vendors that run renowned malware research labs will be best placed to stop emerging threats, including zero days.

: Vendors that run renowned malware research labs will be best placed to stop emerging threats, including z…

Unfortunately, scammers are preying on this need with increasingly sophisticated schemes on social media.

How do financial deepfake scams work?

Investment scams have been the biggest money-maker for cybercriminals for several years, according to the FBI.

These are usually deployed as a lure to trick the victim into either handing over personal information or direct them straight to an investment scam.

Others use deepfake Instagram stories featuring banking investment strategists to harvest personal info and/or lure them to investment scam-themed WhatsApp groups.

Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?

That’s because when bombs start dropping and the physical elements of war are under way, the misinformation spreading through digital channels becomes less important.

What this means for your businessMoving beyond the panel discussion, this raises a critical question for businesses: do they really understand their dependencies to be operationally resilient?

A real-world example might be an attack on a catering company that is contracted to feed patients in a hospital.

If we can’t get to a point of resilience, then we at least need to understand the risk posed by the dependencies.

Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting users with malware by using the increasingly popular ClickFix social engineering technique.

“This tool allows threat actors to create highly customizable phishing pages that mimic the challenge-response behavior of a browser verification page commonly deployed by Content Delivery Networks (CDNs) and cloud security providers to defend against automated threats.

The spoofed interface is designed to appear legitimate to victims, increasing the effectiveness of the lure,” the researchers noted.

The IUAM ClickFix GeneratorThe IUAM ClickFi…

North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn’t over yet.

Though this year’s record losses are driven largely by the February attack on cryptocurrency exchange Bybit ($1.46 billion stolen), the company has also linked more than thirty additional hacks to North Korea this year.

Other thefts are likely unreported and remain unknown.”The hackers are also targeting wealthy crypto holdersNorth Korean hackers are not just breaking into exchanges, Elliptic noted.

North Korean hackers have been building fake profiles to approach these individuals, and the emphasis on personal interaction makes it ha…

Netskope has enhanced its Universal Zero Trust Network Access (UZTNA) solution.

Comprised of Netskope One Private Access and Netskope Device Intelligence, Netskope’s UZTNA solution extends beyond the core use case of delivering fast, consistent, secure access to remote and local users and devices to deliver deeper threat inspection of their diverse device ecosystems and private application traffic.

UZTNA at the branch Enables organizations to extend access to private applications in branch networks by hosting Netskope’s ZTNA publisher directly on the 5G Netskope One Gateway.

“With Universal ZTNA, Netskope is redefining secure access by giving organizations one unified, consistent way to sec…

CyberArk announced new discovery and context capabilities across its Machine Identity Security portfolio.

The enhancements enable security teams to find, understand and secure machine identities, spanning certificates, keys, secrets, workloads and more, reducing risk and simplifying compliance at scale.

Machine identities outnumber human identities by an estimated 82 to 1, driven by increased AI adoption and cloud native growth.

As a result, machine identity-related security incidents are on the rise, with 72% of security leaders reporting certificate-related outages and 50% experiencing security incidents or breaches from compromised machine identities, according to CyberArk research.

Cybe…

Radiflow has launched the new Radiflow360, a unified, AI-enhanced OT cybersecurity platform that delivers visibility, risk management and streamlined incident response for mid-sized industrial enterprises.

This new platform streamlines compliance, accelerates incident response and integrates seamlessly with other Radiflow and third-party tools, delivering a scalable, unified approach to OT cybersecurity.

Radiflow360 targets OT security teams at mid-sized industrial enterprises that need comprehensive, real-time control of their operational environments, but often struggle with manual processes and siloed tools.

This integrated platform enables precise asset mapping, automated risk and compl…

A new study explores how AI could automate security for space systems and whether the best approach is to centralize control or spread it out.

Should AI be trained and run on the ground, or should satellites handle some of the work themselves?

In a centralized model, the heavy lifting happens on Earth.

Satellites send telemetry data to a large AI system, which analyzes it and sends back security updates.

In other words, centralized systems are faster to train but slower to react.

DefectDojo is an open-source tool for DevSecOps, application security posture management (ASPM), and vulnerability management.

It helps teams manage security testing, track and remove duplicate findings, handle remediation, and generate reports.

Whether you’re a solo security practitioner or a CISO managing multiple teams, DefectDojo helps you organize your security work and report your organization’s security posture.

At its core, it functions as a bug tracker for security vulnerabilities.

Must read:Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools.

Cybercrime is a global problem, but not every country is equally equipped to fight it.

In many developing economies, cybersecurity is still seen as a luxury, something nice to have when budgets allow.

Governments are dealing with pressing issues like poverty, political and ethnic conflict, and violent crimes, which leaves less focus on cybercrime.

In Western and Eastern Africa, cybercrime now makes up more than 30% of reported crime.

Building cybersecurity in developing countries starts with strategyBuilding cybersecurity takes many players, but governments need to lead the charge.

A new research project looks at how to keep people talking even when regular networks are gone.

Researchers from the University of Zürich and the University of St. Gallen have developed a system that combines low-power radios with a smartphone app.

The tests involved only ten nodes and one urban setting, so performance with larger networks and different locations remains untested.

The researchers plan to expand testing to include 50 or more devices and to try the system in both rural and urban environments.

They also want to explore ways to integrate with existing emergency services so that civilian networks can coordinate with official responders.

Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability (CVE-2025-49844) that may allow attackers full access to the underlying host system.

“This flaw allows a post auth attacker to send a specially crafted malicious Lua script (a feature supported by default in Redis) to escape from the Lua sandbox and achieve arbitrary native code execution on the Redis host,” Wiz researchers noted.

To make matters even worse, the official Redis container images have authentication disabled by default.

This enables attackers to exploit the vulnerability and achieve RCE within the environment,” the researchers added.

Wiz …

Barracuda Networks has introduced Barracuda Research, a new centralized resource for threat intelligence, real-world incident analysis, email threat detection data from Barracuda AI, and more.

Barracuda Research draws on detection data from Barracuda AI to highlight the prevalence of malicious email threat types.

“We’re launching Barracuda Research to meet the growing need of customers and partners for high-quality threat intelligence that is easy to understand and action,” said Neal Bradbury, chief product officer at Barracuda.

Barracuda Research helps to address those challenges.

It showcases the breadth and depth of Barracuda’s threat analysis expertise, which underpins our AI-powered Ba…

OPSWAT launched MetaDefender Drive with Smart Touch, a portable cybersecurity device designed for malware and compliance scanning of transient cyber assets regardless of network connectivity.

The device lets security teams to prevent cyberattacks, which can severely impact operations, including downtime from inbound and transient assets.

Purpose-built for critical infrastructure, MetaDefender Drive with Smart Touch is a compact, handheld device featuring physical connectivity controls that eliminate the risk of network-based compromise during operation.

The next-generation MetaDefender Drive is powered by OPSWAT’s Metascan Multiscanning technology, leveraging up to seven anti-malware engine…

Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances.

CVE-2025-61882 exploit scripts analyzed“What we have observed is that CVE-2025-61882 (…) is not ‘just’ one vulnerability.

“Using the exp.py script, the attacker sends a specially crafted HTTP request to the target Oracle EBS instance.

More attacks expectedIt’s still unclear whether the attackers only used CVE-2025-61882 to breach Oracle EBS instances or other vulnerabilities, as well.

What’s almost certain is that these and likely other attackers will continue to leverage the leaked exploit scripts to target Oracle EBS instances exposed o…

A new academic study based on Google’s Vulnerability Rewards Program (VRP) offers rare data on how to tell the difference.

Overall bug submissions went up, but the biggest change came from the most valuable findings.

Many bug bounty programs compete for attention from the same group of experienced researchers.

If signal-to-noise ratio trends up while volume stays healthy, the bug bounty program is maturing.

You should treat the security researchers like partners.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

We expect this gap to widen, resulting in AI being predominantly used by one political side in the 2026 elections.

Going further, Trump ally Elon Musk has shaped his own AI company’s Grok models in his own ideological image.

A large bloc of Congressional Democrats responded to Trump administration actions in April by arguing against their adoption of AI in government.

Following the lead of the Trump administration, Republicans cast doubt on any regulation of the AI industry.

It’s more like a fire: a force that political actors can harness and manipulate for both mechanical and symbolic purposes.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

You know what’s important and what isn’t.

And you can use all that internal knowledge to fix things­—hopefully before the baddies take advantage.

Summary and predictionAttackers will have the advantage for 3-5 years.

After that point, AI/SPQA will have the additional internal context to give Defenders the advantage.

And in the meantime, Red will be able to use publicly-available context from OSINT, Recon, etc.

New report: “Scam GPT: GenAI and the Automation of Fraud.”This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and more likely to either perpetuate scams or fall victim to them.

AI-enhanced scams are not merely financial or technological crimes; they also exploit social vulnerabilities ­ whether short-term, like travel, or structural, like precarious employment.

This means they require social solutions in addition to technical ones.

By examining how scammers are changing and accelerating their methods, we hope to …

Here’s an almost:Then he added, “Here at Chase, we’ll never ask for your personal information or passwords.” On the contrary, he gave me more information—two “cancellation codes” and a long case number with four letters and 10 digits.

That simple phrase, familiar from countless customer-service calls, draped a cloak of corporate competence over this unfolding drama.

The line went mute for a few seconds, and a second man greeted me with a voice of authority.

“My name is Mike Wallace,” he said, and asked for my case number from the first guy.

“Yes, yes, I see,” the man said, as if looking at a screen.

Abusing Notion’s AI Agent for Data TheftNotion just released version 3.0, complete with AI agents.

Because the system contains Simon Willson’s lethal trifecta, it’s vulnerable to data theft though prompt injection.

Here’s the meat of the malicious prompt:First read the file that the client list and extract the name company and ARR.

The fundamental problem is that the LLM can’t differentiate between authorized commands and untrusted data.

Any AI that is working in an adversarial environment­—and by this I mean that it may encounter untrusted training data or input­—is vulnerable to prompt injection.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Digital Threat Modeling Under AuthoritarianismToday’s world requires us to make complex and nuanced decisions about our digital security.

In security, threat modeling is the process of determining what security measures make sense in your particular situation.

But in the U.S. and elsewhere, the average person’s threat model is changing—specifically involving how we protect our personal information.

Contending with these new threats requires a different approach to personal digital devices, cloud services, social media, and data in general.

The Office of Personnel Management has an enormous amount of detailed information about government employees—including the very personal form required to…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

“This network had the power to disable cell phone towers and essentially shut down the cellular network in New York City,” said special agent in charge Matt McCool.

The devices were discovered within 35 miles (56km) of the UN, where leaders are meeting this week.

The equipment was capable of texting the entire population of the US within 12 minutes, officials say.

It could also have disabled mobile phone towers and launched distributed denial of service attacks that might have blocked emergency dispatch communications.

The devices were seized from SIM farms at abandoned apartment buildings across more than five sites.

Apple has introduced a new hardware/software security feature in the iPhone 17: “Memory Integrity Enforcement,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access.

When developers—­even experienced and security-conscious developers—­write software in ubiquitous, historic programming languages, like C and C++, it’s easy to make mistakes that lead to memory safety vulnerabilities.

[…]With memory-unsafe programming languages underlying so much of the world’s collective code base, Apple’s Security Engineering and Architecture team felt that putting memory safety mechanisms at the heart of Apple’s chips could be a deus ex …

Geedge collaborates with academic institutions on research and development, adapts its business strategy to fit different clients’ needs, and even repurposes leftover infrastructure from its competitors.

A number of American surveillance and propaganda firms also started as academic projects before they were spun out into startups and grew by chasing government contracts.

The difference is that in China, these companies operate with far less transparency.

Their work comes to light only when a trove of documents slips onto the internet.

[…]It is tempting to think of the Great Firewall or Chinese propaganda as the outcome of a top-down master plan that only the Chinese Communist Party could p…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Members of Star Chat targeted multiple wireless carriers with SIM-swapping attacks, but they focused mainly on phishing T-Mobile employees.

However, Star Chat was by far the most prolific of the three, responsible for at least 70 of those incidents.

But U.S. prosecutors say Jubair and fellow Scattered Spider members continued their hacking, phishing and extortion activities up until September 2025.

U.S. authorities say they traced some of those payments to Scattered Spider to an Internet server controlled by Jubair.

For further reading (bless you), check out Bloomberg’s poignant story last week based on a year’s worth of jailhouse interviews with convicted Scattered Spider member Noah Urban.

The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

The Shai-Hulud worm emerged just days after unknown attackers launched a broad phishing campaign that spoofed NPM and asked developers to “update” their multi-factor authentication login options.

That attack led to malware being inserted into at least two-dozen NPM code packages, but the outbreak was quickly contained and was narrowly focused on siphoning cryptocurrency payments.

He said the first NPM package compromised by this worm appears to have been altered on Sept. 14, around 17:58 UTC.

The security-foc…

Materializing just two weeks before Russia invaded Ukraine in 2022, Stark Industries Solutions became a frequent source of massive DDoS attacks, Russian-language proxy and VPN services, malware tied to Russia-backed hacking groups, and fake news.

But a new report from Recorded Future finds that just prior to the sanctions being announced, Stark rebranded to the[.

But he maintained that Stark Industries Solutions Inc. was merely one client of many, and claimed MIRhosting had not received any actionable complaints about abuse on Stark.

However, it appears that MIRhosting is once again the new home of Stark Industries, and that MIRhosting employees are managing both the[.

Mr. Zinad did not res…

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software.

The problem here resides with Windows NTLM, or NT LAN Manager, a suite of code for managing authentication in a Windows network environment.

CVE-2025-54916 is an “important” vulnerability in Windows NTFS — the default filesystem for all modern versions of Windows — that can lead to remote code execution.

“For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,” Narang observed.

AskWoody also reminds us that we’re now just two months out from Microsoft discontinuing free security updates for Wind…

Akido is a security firm in Belgium that monitors new code updates to major open-source code repositories, scanning any code updates for suspicious and malicious code.

Once logged in, the phishers then changed the email address on file for Junon’s NPM account, temporarily locking him out.

Caturegli said it’s remarkable that the attackers in this case were not more ambitious or malicious with their code modifications.

In this case, they didn’t compromise the target’s GitHub account.

“That NPM does not require that all contributor accounts use security keys or similar 2FA methods should be considered negligence.”

The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder.

Koli-Lõks taps into real-time intelligence about daily spam volumes by monitoring large numbers of “spamtraps” — email addresses that are intentionally set up to catch unsolicited emails.

Tossavainen told KrebsOnSecurity that WinRed’s emails hit its spamtraps in the .com, .net, and .org space far more frequently than do fundraising emails sent by ActBlue.

Koli-Lõks published a graph of the stark disparity in spamtrap activity for WinRed versus ActBlue, showing a nearly fourfold increase in spamtrap hits from WinRed emails in t…

Salesloft disclosed on August 20 that, “Today, we detected a security issue in the Drift application,” referring to the technology that powers an AI chatbot used by so many corporate websites.

On August 28, Salesforce blocked Drift from integrating with its platform, and with its productivity platforms Slack and Pardot.

“Rather than creating custom malware, attackers use the resources already available to them as authorized users.”It remains unclear exactly how the attackers gained access to all Salesloft Drift authentication tokens.

Salesloft announced on August 27 that it hired Mandiant, Google Cloud’s incident response division, to investigate the root cause(s).

“We are working with Sale…

The gaming sites ask visitors to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action.

“We have a completely self-written from scratch FAKE CASINO engine that has no competitors,” Gambler Panel’s wiki enthuses.

Gambler Panel also walks affiliates through a range of possible responses to questions from users who are trying to withdraw funds from the platform.

The researcher, who asked to be identified only by the nickname “Thereallo,” said Gambler Panel has built a scalable business product for other criminals.

“It’s a scalable system designed to be a resilient foundation for thousands…

This post examines the history and provenance of DSLRoot, one of the oldest “residential proxy” networks with origins in Russia and Eastern Europe.

DSLRoot is sold as a residential proxy service on the forum BlackHatWorld under the name DSLRoot and GlobalSolutions.

DSLRoot’s profile on the marketing agency digitalpoint.com from 2010 shows their previous username on the forum was “Incorptoday.” GlobalSolutions user accounts at bitcointalk[.

And these days, there are plenty of residential proxy providers who will make it worth your while.

Lloyd Davies is the founder of Infrawatch, a London-based security startup that tracks residential proxy networks.

Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy.

In November 2024 Urban was charged by federal prosecutors in Los Angeles as one of five members of Scattered Spider (a.k.a.

That phishing spree netted Urban and others access to more than 130 companies, including Twilio, LastPass, DoorDash, MailChimp, and Plex.

King Bob constantly bragged on the Com about stealing unreleased rap music recordings from popular artists, presumably through SIM-swapping attacks.

The Star Fraud SIM-swapping group gained the ability to temporarily move targeted mobile numbers to devices they controlled by constantly phishing employees of the major mobile pr…

A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline.

Indeed, Rapper Bot was reportedly responsible for the March 10, 2025 attack that caused intermittent outages on Twitter/X.

The complaint notes the DCIS got involved because several Internet addresses maintained by the DoD were the target of Rapper Bot attacks.

A subpoena to Google showed the defendant searched security blogs constantly for news about Rapper Bot, and for updates about competing DDoS-for-hire botnets.

The government sta…

Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks.

Merrill said he has tracked recent ramp-and-dump activity to a bustling Chinese-language community that is quite openly selling advanced mobile phishing kits on Telegram.

Merrill said that in many ways the ramp-and-dump scheme is the perfect crime because it leaves precious few connections between the victim brokerage accounts and the fraudsters.

These technicians were needed to respond in real time to victims who were supplying the one-time code…

Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software.

Microsoft first warned about this bug on Aug. 6, saying it affects Exchange Server 2016 and Exchange Server 2019, as well as its flagship Exchange Server Subscription Edition.

The attack exploits a weakness in “delegated Managed Service Account” or dMSA — a feature that was introduced in Windows Server 2025.

Another critical patch involves CVE-2025-53733, a vulnerability in Microsoft Word that can be exploited without user interaction and triggered through the Preview Pane.

The reason is that after the Patch Tuesday on October 14, 2025, Microsoft will stop shipping free …

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly.

The Lizard Squad later acknowledged that the stunt was planned to call attention to their new DDoS-for-hire service, which came online and started selling subscriptions shortly after the attack.

That incident was widely reported to have started with a Twitter post from the Lizard Squad, after Smedley mentioned some upcoming travel plans online.

But according to Smedley and Finnish investigators, the bomb threat started with a phone call from Kivimäki.

In April 2024, Kivimäki was sentenced to more than six years in prison after being convicted of extorting Vastaamo and its patients.

In episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the excl…

Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company.

According to the hugely popular messaging platform which has more than 200 million monthly users, the hackers breached a third-party customer service provider rather than gaining access to Discord directly.

The total number of affected Discord users has not been made public.

Unfortunately for Discord this is not the first time it has found its name hitting the headlines due to a breach at a third-party customer service provider.

As organisations increasingly rely on third-party service providers, the attack surface expands…

Beer lovers will be sobbing into their pints at the news that a ransomware attack has brought Japan's largest brewer to its knees and left the country days away from running out of its most popular beverage.

Japan is reportedly facing an unprecedented shortage of the nation's most popular beer, Asahi Super Dry, following an announcement earlier this week that malicious hackers had forced Asahi Group Holdings to suspend production across nearly all of its domestic facilities.

Unfortunately for Asahi Super Dry's many devotees, there is currently no estimates as to when the brewer's normal operations will resume.

Fortunately for consumers based outside of Japan, Asahi has confirmed that the cy…

And we discuss why data breach communicationss still default to “we take security seriously” while quietly implying “assume no breach” – until the inevitable walk-back.

Hear all this and more in episode 437 of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Paul Ducklin.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

INTERPOL has announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters as part of a multi-national operation across Africa.

Authorities claim that they have identified more than 1400 scam victims, estimating total losses at almost US $2.8 million.

A recent INTERPOL survey found that two-thirds of countries reported that cybercrime represents a medium-to-high proportion of their total reported crime, with some countries claiming it exceeds 30% of all crime.

The arrest of 260 suspects across Africa proves that romance scams and sextortion are not nice crimes.

The more we talk about sextortion and romance scams, and the less we stigmatise the victims, the bett…

So, nothing to worry about there then…All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

You can also help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we …

According to local media reports, two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers.

State-backed hackers have no qualms about hiring so-called "disposable agents" through anonymous chat services like Telegram because connections are much harder to trace.

There is a chance that governments will treat teens recruited via the likes of Telegram to be criminals or victims, or perhaps even both.

Although the legal system is likely to treat those who are still minors more leniently, the consequences can still be life-altering.

Dutch prosecution service spokesperson Brechtje van de Moosdijk has said that the investigation is ongoing.

All this and more is discussed in episode 436 of the award-winning “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and his special guest Zoë Rose.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

INC is the name of a ransomware-as-a-service (RaaS) operation that first appeared in late summer 2023. Learn more about what it has been up to, and how to protect against its attacks, in my article on the Fortra blog.

Also in this episode, the first AI Fix “you wouldn’t trust a pigeon” mug is spotted in the wild, and the show gets its first bit of feedback from an AI listener.

Plus, Graham learns that more people have used ChatGPT than have ever owned a ferret, and Mark finally finds a use for cryptocurrency.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

Protect all your devices, without slowing them down.

The Vastaamo hack was the worst data breach in Finnish history.

Psychotherapy clinic Vastaamo found itself the victim of an extortionist who hacked its systems and stole highly sensitive patient notes.

28-year-old Daniel Lee Newhard, an American citizen living in Estonia, has been charged by Finnish prosecutors aiding and abetting the extortion of psychotherapy patients, who received demands for a cryptocurrency payment in exchange for their medical records not being leaked online.

According to reports, IP logs allegedly connected the server to an internet connection in Estonia, and led investigators to the suspect's home address.

Fitzpatrick, who used the online handle "Pompompurin", created BreachForums in the wake of the FBI's shutdown of its predecessor RaidForums.

Upon its demise in 2022, many of RaidForums' users jumped ship to Fitzpatrick's newly-created BreachForums to trade their stolen data.

Fitzpatrick helped support other cybercriminals buy and sell stolen data, hacking tools, and other illicit material, and profited by charging users for BreachForums credits and membership fees.

Finally, in January of this year, Fitzpatrick found himself receiving a surprisingly lenient sentence for his role in managing the BreachForums hacking site.

While prosecutors had been seeking to see "Pompompurin" sentenced to mo…

All this, and more, in episode 435 of the “Smashing Security” podcast.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

В популярном игровом движке, используемом и для компьютерных, и для консольных, и для мобильных игр, обнаружилась программная уязвимость, для устранения которой нужно обновить все опубликованные игры.

Чем грозит уязвимость, и как устранить ее, не удаляя игры?

Опасность эксплуатации уязвимости во многом зависит от настроек игры, версии и настроек ОС, но Unity, Valve и Microsoft в один голос рекомендуют обновить все игры в системе.

Она имеет те же права и доступы, что и сама игра, а также может проскочить «под радаром» некоторых антивирусов.

Unity подчеркивает, что дефект обнаружен этичными хакерами и на сегодня нет никаких свидетельств того, что уязвимость применяется в реальных атаках.

В этом посте рассказываем, в чем сложности детектирования техники DLL Hijacking и как наш продукт справляется с этой задачей.

Как работает DLL Hijacking и в чем сложность ее детектированияВнезапный запуск неизвестного файла в среде Windows неизбежно привлекает внимание защитных решений или просто блокируется.

Существует несколько вариантов техники DLL Hijacking.

Детектирование DLL Hijacking при помощи MLКоллеги из команды AI Technology Research решили обучить ML-модель выявлять DLL Hijacking по косвенной информации о библиотеке и о процессе, который его вызвал.

Технология детектирования DLL Hijacking в KUMA SIEMВ SIEM-системе модель проверяет метаданные загружаемых DLL и загружающих их проц…

В сентябре 2025 года исследователи из Швейцарской высшей технической школы в Цюрихе опубликовали научную работу, в которой предложили атаку Phoenix — модификацию атаки Rowhammer, работающую против модулей памяти DDR5.

А чтобы усложнить разработку новых атак, производители модулей памяти не спешили раскрывать, какие именно методы защиты они используют.

Из-за этого начало казаться, что в DDR5 проблема Rowhammer в целом решена.

Этого в целом достаточно, чтобы доказать: атаки Rowhammer действительно представляют опасность, пусть и в крайне ограниченном наборе сценариев.

Актуальность и меры противодействияАтака Phoenix показала, что атаки Rowhammer можно проводить на новых модулях памяти DDR5 не…

Чтобы противостоять этой нарастающей волне угроз, мы добавили в Kaspersky для Android новые возможности.

В этом материале рассказываем о новом уровне защиты от фишинговых и вредоносных ссылок, появившемся в обновлении Kaspersky для Android.

Как работает защита от фишинга в приложении Kaspersky для AndroidТеперь обновленный Kaspersky для Android защищает ваши устройства от фишинга на трех уровнях.

обнаруживает и блокирует вредоносные ссылки в уведомлениях от любых приложений — существующих давно, вроде WhatsApp и Telegram; в тех, которые только появились, вроде мессенджера Max, и даже в тех, которые появятся в будущем.

Первый уровень защиты включен — теперь Kaspersky для Android будет предуп…

Сегодня расскажем, как происходит такая атака, какие последствия она может иметь для жертвы и что делать, чтобы не попасться на удочку мошенникам.

Злоумышленники тут же «зеркалят» этот код на поддельном сайте вместе с инструкцией: открыть WhatsApp, выбрать «Связанные устройства» и ввести код привязки.

Увы, большинство пользователей в неудержимом желании помочь совершенно незнакомому человеку победить в голосовании невнимательно читают предупредительное сообщение от WhatsApp.

И когда беспечная жертва вводит код в приложении на своем смартфоне, активируется веб-сессия WhatsApp, инициированная атакующими.

Если вы полагаете, что случайно попались на удочку злоумышленников и дали им доступ в сво…

Провести атаку проще, если атакуемая модель мультимодальная, то есть умеет не только «читать», но и «видеть» или «слышать».

Например, в одной исследовательской работе была предложена атака, в которой вредоносные инструкции спрятаны в диаграммах связей (mindmap).

В другом исследовании, посвященном мультимодальным инъекциям, авторы тестировали устойчивость популярных чат-ботов к прямой и косвенной инъекции и обнаружили, что она снижается, когда вредоносные инструкции закодированы в изображении, а не в тексте.

Фундаментальная особенность и проблема нейросетей в том, что они используют один и тот же канал информации и для получения команд, и для получения данных, которые нужно обработать.

Проше…

С помощью генеративного ИИ злоумышленники создают дипфейки и поддельные сайты, рассылают спам и даже притворяются родственниками и друзьями.

Сегодня расскажем, как нейросети используют для мошенничества и фишинга, — и конечно же, поделимся советами о том, как обезопасить себя.

Pig Butchering, кетфишинг и дипфейкиИИ-боты, притворяющиеся живыми людьми, активно используются злоумышленниками в романтических переписках — мошенники создают выдуманных персонажей и с их использованием одновременно общаются со множеством жертв, устанавливая с ними тесную эмоциональную связь.

Пригодится все: фото и видео, публичные посты и комментарии, информация о родственниках, хобби, возрасте и так далее.

Не дикту…

Lovense Connect — вспомогательное приложение, которое служит связующим звеном между устройствами Lovense и другими программами или онлайн-сервисами.

Lovense Stream Master — универсальное приложение для стримеров и вебкам-моделей, объединяющее в себе функции управления устройствами Lovense и проведения трансляций.

Дело в том, что часть онлайн-продуктов Lovense имеет социальные функции — в особенности это относится к Lovense Remote.

Однако в мае и затем в июне исследователи заметили, что дырки все еще не были закрыты, и продолжили общение с Lovense.

Этот пароль должен быть уникальным — ни в коем случае не используйте его в других сервисах, чтобы не подвергать их риску в случае утечки.

Атака возможна на серверах, построенных на базе процессоров AMD, включая новейшие модели с архитектурой Zen 5, а также на процессорах Intel поколения Coffee Lake.

VMScape: практическое применение атаки типа Spectre v2В предыдущих научных работах на эту тему реалистичность атаки Spectre никто толком не исследовал на практике.

В процессорах Intel данная атака возможна только на серверах с достаточно старыми процессорами Coffee Lake 2017 года.

На более современных архитектурах Intel улучшена защита, и атака VMScape в ее нынешнем варианте невозможна.

Однако атаки на особенности спекулятивного выполнения данных в современных процессорах сохраняют свою актуальность, несмотря на «академическую» пр…

Еще один подозрительный признак —разработчик предлагал скачать установщик демоверсии из внешнего репозитория на GitHub, а не из Steam.

Оба зловреда работали в фоновом режиме и не влияли на игровой процесс, поэтому геймеры не замечали заражение системы.

Вредоносные скины на официальном сайте MinecraftИногда опасности подстерегают геймеров не только в Steam, но и на сайтах самих разработчиков игр, в том числе очень крупных.

Внимательно читайте отзывы перед скачиванием любых игр и различного геймерского ПО и проводите небольшое исследование.

Он включается автоматически при запуске игры и откладывает обновление антивирусных баз, показ уведомлений и регулярные проверки диска до ее окончания, сни…

Но дальнейшая цепочка заражения такова:Вредоносный код добавляется в скомпрометированные пакеты в виде постинсталляционного скрипта, сохраненного в файле bundle.js.

Затем скрипт компрометирует пакеты npm, к которым у атакованного пользователя есть доступ на публикацию.

От имени жертвы и с его токеном GitHub создается публичный репозиторий Shai-Hulud.

Реагирование на инцидентО заражении пакета tinycolor и десятков других стало известно в ночь с 15 на 16 сентября, и уже к утру администрация npm начала реагирование, откатывая зараженные пакеты к их «чистым» версиям.

Самый полный список зараженных пакетов ищите на GitHub.

Мы в «Лаборатории Касперского» создали новый сервис — PetKa — для поиска пропавших питомцев в городах.

Умная метка Kaspersky TagСервис PetKa состоит из одной или нескольких (если у вас больше одного питомца) умных меток Kaspersky Tag и приложения PetKa для Android.

PetKa не только обеспечивает отслеживание ваших меток Kaspersky Tag на карте, но и позволяет объединяться с другими пользователями для совместного поиска пропавших животных.

PetKa и "Команда Героев"Но все же не будем забывать, что основная задача PetKa — помочь найти потерянного питомца, и здесь на помощь приходит наша технология распределенного поиска.

Пользователи Kaspersky в крупных городах России создают распределенную Blueto…

У Google и Microsoft ситуация проще — они интегрировали Gemini и Copilot в свои Chrome и Edge.

К тому же от привычного браузера сложнее отказаться — нужно потратить силы на миграцию закладок и дополнений в другой браузер и на его настройку.

Влияние на приватность и конфиденциальностьВсе вышесказанное означает, что ИИ-браузер создает существенные и плохо контролируемые угрозы конфиденциальности.

Само по себе это не угрожает безопасности, но «тормоза» и «глюки» нервируют пользователя и повышают вероятность ошибки, связанной с «человеческим фактором».

При этом все эти меры не защитят от посещения фишинговых и мошеннических сайтов и связанных с этим рисков.

Или если вы не собираетесь совершать видеозвонки через конкретный мессенджер, то и доступ к камере ему ни к чему.

Или если вы не собираетесь совершать видеозвонки через конкретный мессенджер, то и доступ к камере ему ни к чему.

И что немаловажно, их не увидят те, кому разработчики могли бы предоставить эти фотографии согласно своей политике использования данных.

***Итак, основными угрозами для пользователей мессенджеров являются: неаккуратная настройка доступов и параметров приватности, вредоносное ПО и уязвимости, фишинг и мошеннические звонки.

Мы намереваемся следить за развитием этой темы и, в частности, проводим сейчас подробный анализ защищенности MAX, результатами которого планируем п…

Let’s Agree on a Standard Taxonomy for SegmentationThe first step is to standardize how we talk about segmentation.

Given the rapid evolution of segmentation, its various types and the use of jargon by vendors, segmentation is in desperate need of an established taxonomy.

Fortunately, the TechRxiv paper does a great job of organizing segmentation taxonomy, separating terms into three buckets:How Segments are Delineated : The way segments are defined is a critical differentiation between segmentation types.

The Infrastructure Over Which Segmentation is Deployed : Segmentation also differs based on the underlying infrastructure.

How Enforcement is Implemented: The way segmentation is enforced…

That trust has become the foundation of McLaren’s digital resilience, especially as the team faces ever more complex and high-stakes security challenges.

That is when Cisco’s latest tech, including Wi-Fi 6E, rolled out across the McLaren Technology Centre and at race venues.

In Formula 1, every millisecond matters, and every piece of data counts, no matter where in the world team is racing.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagramX

The opportunity for defendersImplement remote access to SharePoint over a VPN or, even better, zero trust access (ZTA) — Zero trust access hides the FQDN of these systems from the internet.

— Zero trust access hides the FQDN of these systems from the internet.

Enable signatures for intrusion prevention systems and web application firewalls — SNORT: SID 65092, SID 65183.

Once we identify these systems with CVEs, we quickly remove external access to these systems instantly based on exposure.

Couple this with campus based zero trust and ZTA to the application with workload/application segmentation and we have a recipe for success.

In this post, we explore a forward-looking concept: the Dynamic Context Firewall (DCF), envisioned for the Model Context Protocol (MCP), that could offer the next generation of adaptive AI security.

This is where the idea of a Dynamic Context Firewall comes into play.

The diagram above shows a workflow for securing AI interactions using a Dynamic Context Firewall (DCF).

Potential applications for a Dynamic Context Firewall span the enterprise spectrum.

The Dynamic Context Firewall for MCP represents a vision for that future—a protocol-aware, context-driven security layer that could empower organizations to embrace powerful AI workflows with confidence in their security, privacy, and complia…

By providing “paved paths”—developer-friendly, pre-configured security solutions that integrate seamlessly into existing workflows—security becomes a natural part of the development process, not an add-on.

Security as a First-Class Service: Treating security solutions and services as first-class offerings, complete with dedicated resources for development, maintenance, and operation, signals their importance.

Empathy is Key: Perhaps most critically, security teams must operate from a position of empathy.

This approach has fostered a vibrant community of developers eager to learn, share, and co-design security solutions, viewing security as a shared organizational goal rather than solely the…

4: Data from Enterprise Security GroupWhen it comes to hybrid work, performance cannot be sacrificed for security.

Enterprise Security Group research highlights that improving security effectiveness and better supporting hybrid work models are key drivers for SASE adoption.

Explore Enterprise Security Group Findings on Network and Security Convergence to see how your peers are assessing SASE progress and best practices.

Register for a Zero Trust Workshop to learn how Cisco SASE can accelerate your journey to a robust zero-trust framework.

1 IDC Spotlight, sponsored by: Cisco, SASE Outcomes Exceed Expectations, #US53593725, June 20252 IDC Spotlight, sponsored by: Cisco, SASE Outcomes Exceed …

1: Security Cloud Control, AIOps Insights dashboardA Data-Driven Engine That Learns and Propels ForwardCisco AIOps features advanced, purpose-built engines that analyze configurations, health status, diagnostics, and traffic patterns to proactively detect anomalies and configuration drift in real time.

2: Security Cloud Control, AIOps Software Upgrade PlannerWhat sets our AIOps offering different?

Customers control data sharing, selecting their region (EU, APJC, AMER) to maintain compliance.

Visit the Cisco Security Cloud Integration docs page to learn more.

Experience AIOps for Firewall TodayCisco AIOps for Firewalls is here, redefining what’s possible in network and security operations.

In both cases, the malicious XSS payload typically appears in the HTTP request query or body.

SnortML blocks malicious XSS scripts sent for storage on a vulnerable server (Stored XSS).

How SnortML Protects Against XSSLet’s dive into an example to illustrate how SnortML stops XSS attacks in real-time.

This particular CVE allows a remote attacker to execute arbitrary code by injecting malicious scripts through the formatCaseNumber parameter within the application’s Citation search function.

Ask a question and stay connected with Cisco Security on social media.

The Swiss Army knife is an iconic multi-tool that originated in the late 19th century; predecessor to the popular multitools of today.

The Value of VersatilityThe Swiss Army knife and Cisco XDR share a theme of versatility and integration.

In this integration, Cisco XDR will ingest Secure Access detections for automated triage, correlation, and incident detection.

One key resource is Cisco XDR Connect, a user-friendly resource that makes it simple to search, browse, and view details of all available Cisco XDR integrations and automation content.

Ask a question and stay connected with Cisco Security on social media.

The rise of Agentic AI, the emergence and adoption of AI agents and agent-to-agent networking to autonomously perform tasks on behalf of humans, has introduced unique challenges for existing security products.

Consequently, security solutions such as zero trust should, and can, be evolved to protect agentic AI communications.

Security Inspection and EnforcementTraditional zero trust practices focus on the “access control” aspect of enforcement, often neglecting other important security controls.

An effective agentic AI security solution should have a unified approach for all the networking and communication use cases.

Extending zero trust principles with Semantic Inspection for agentic envi…

Background: The Unique Landscape of the Black Hat NOCOperating the Black Hat Security and Network Operations Center (NOC) presents a unique set of challenges and expectations.

Unlike a typical corporate environment where any hacking activity is immediately deemed malicious, the Black Hat conference is a nexus for cybersecurity research, training, and ethical hacking.

Vigilance in Training Environments: Even in controlled, educational settings like Black Hat, continuous monitoring and swift response are paramount.

Even in controlled, educational settings like Black Hat, continuous monitoring and swift response are paramount.

Driven by the needs of the community, Black Hat events showcase con…

Below are the Cisco XDR integrations for Black Hat USA, empowering analysts to investigate Indicators of Compromise (IOC) very quickly, with one search.

Thank you to alphaMountain.ai and Pulsedive full donating full licenses to Cisco, for use in the Black Hat USA 2025 NOC.

Palo Alto Networks is the official Firewall and XDR/SIEM/SOAR provider for the Black Hat NOC.

In the Black Hat NOC, we collaborate with competition because the real enemy is not another vendor but rather the adversary.

Cisco XDR has an integration module to integrate with Cortex XDR which offers enrichment capability for both EDR detections and Firewall detections.

SnortML False PositivesWhat tripped up SnortML at Black Hat?

3: SnortML false positive, enlargedIn particular the %3d%3d (which decodes to ==) at the end stood out as encoding that likely tripped the detection.

We saw many different attack permutations for these two event types at Black Hat.

The screenshot below shows the payloads from a set of SnortML events, with the alerting packets downloaded into Wireshark.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

Background: The Unique Landscape of the Black Hat NOCOperating the Black Hat Security and Network Operations Center (NOC) presents a unique set of challenges and expectations.

1: Cisco FMC intrusion alert and traffic analysisThe following details were particularly notable:The intrusion alert was classified as high priority and categorized as Attempted Administrator Privilege Gain.

Phase 4: Risk Analysis and MitigationAs a final step we reached out to the Black Hat engineering team to inquire if the registration server was vulnerable to CVE-2025-31324.

We confirmed that both of these criteria were not met, and hence the Black Hat registration server was not vulnerable to CVE-2025-31324.

Reso…

The net result is that I used packet-level analysis 99% more often to tremendous effect in my SOC analyst investigations.

“I used packet-level analysis 99% more often to tremendous effect in my SOC analyst investigations.”Fig.

The integration also supports real-time and historical traffic analysis, allowing me to correlate live threat intelligence with past network activity.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

For more information, please visit the Black Hat website.

Microsoft Defender XDR threat analyticsMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Hunting queriesMicrosoft Defender XDRAdvanced hunting allows you to view and query all the data sources available within the unified Microsoft Defender portal, which include Microsoft Defender XDR and various Microsoft security services.

After onboarding to the Microsoft Sentinel data lake, auxiliary log tables are no longer available in Microsoft Defender adva…

Building on the momentum of our initial launch of the Microsoft Secure Future Initiative (SFI) patterns and practices, this second installment continues our commitment to making security implementation practical and scalable.

This next set of SFI patterns and practices articles include practical, actionable guidance built by practitioners, for practitioners, in the areas of network, engineering systems, and security response.

More about SFI patterns and practicesJust as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges.

Like design patterns in software…

In one recent case, Microsoft joined mid-incident while a threat actor still had active control of the environment.

The customer wasn’t even aware Microsoft’s IR team was on deck.

Within 30 minutes, Adrian’s team had surfaced threat intelligence from Defender and other telemetry sources that no one else had uncovered.

It wasn’t just a faster response.

It changed the customer’s perception of what Microsoft Incident Response could deliver.

Possible GoAnywhere MFT exploitationLook for suspicious PowerShell commands indicative of GoAnywhere MFT exploitation.

These commands are also detected with the Defender for Endpoint alert Possible exploitation of GoAnywhere MFT vulnerability.

These commands are also detected with the Defender for Endpoint alert Possible exploitation of GoAnywhere MFT vulnerability.

]41ReferencesLearn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

Possible GoAnywhere MFT exploitationLook for suspicious PowerShell commands indicative of GoAnywhere MFT exploitation.

These commands are also detected with the Defender for Endpoint alert Possible exploitation of GoAnywhere MFT vulnerability.

These commands are also detected with the Defender for Endpoint alert Possible exploitation of GoAnywhere MFT vulnerability.

]41ReferencesLearn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

We are excited to announce that Microsoft has been named a Leader in the IDC MarketScape: Worldwide Extended Detection and Response Software 2025 Vendor Assessment (doc #US52997325, September 2025).

Read the complete IDC MarketScape: Worldwide XDR Software 2025 report.

Driving AI innovation in cybersecurityMicrosoft also stands out for its use of AI in cybersecurity through Microsoft Security Copilot.

—IDC MarketScape: Worldwide XDR Software 2025 reportPreemptive posture that reduces riskIn their report, IDC shared that one key Microsoft strength lies in its ability to unify proactive defense with intelligent response.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) f…

The kit is just one of the many resources available on the Microsoft Cybersecurity Awareness site.

Be Cybersmart Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.

And for students pursuing the field of cybersecurity, the Microsoft Cybersecurity Scholarship Program and educational opportunities like Microsoft Elevate are here to help.

During Cybersecurity Awareness Month, weekly editions are distributed, along with timely updates on emerging threats, including breaches and attacks.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The kit is just one of the many resources available on the Microsoft Cybersecurity Awareness site.

Be Cybersmart Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.

And for students pursuing the field of cybersecurity, the Microsoft Cybersecurity Scholarship Program and educational opportunities like Microsoft Elevate are here to help.

During Cybersecurity Awareness Month, weekly editions are distributed, along with timely updates on emerging threats, including breaches and attacks.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Sentinel started as a cloud-native security information and event management (SIEM) and expanded to also include a unified security data lake in July.

Today, it is expanding into an agentic platform with the general availability of Sentinel data lake, and the public preview of Sentinel graph and Sentinel Model Context Protocol (MCP) server.

Together, Sentinel and Security Copilot give security teams the visibility, automation, and scale they need to stay ahead of cyberthreats.

Microsoft and partner-created Security Copilot agents are available to discover, buy, and deploy in the Security Store today.

Learn more with Microsoft SecurityTo learn more about Microsoft Security solutions, visit o…

To empower customers in becoming Frontier, we’re excited to announce the launch of the reimagined Microsoft Marketplace, your trusted source for cloud solutions, AI apps and agents.

By offering a comprehensive catalog across cloud solutions and industries, Microsoft Marketplace accelerates the path to becoming a Frontier Firm.

With today’s announcement, we are excited to share:The new Microsoft Marketplace, a single destination to find, try, buy and deploy cloud solutions, AI apps and agents.

“With Microsoft Marketplace, we reduced configuration time of AI apps from nearly 20 minutes to just 1 minute per instance.

Microsoft Marketplace is a seamless extension of the Microsoft Cloud, uniting…

Processing proceeds only if the current clipboard data differs from both the last clipboard entry and the last replaced clipboard data, the length of the clipboard data exceeds 25 characters, and the oD() function does not return true.

During analysis, the C2 server did not supply a folder list; however, it is capable of exfiltrating files back to the C2 server.

]ru Domain C2 server figmacat[.

]ru Domain C2 server digichat[.

]ru Domain C2 server diggimax[.

Processing proceeds only if the current clipboard data differs from both the last clipboard entry and the last replaced clipboard data, the length of the clipboard data exceeds 25 characters, and the oD() function does not return true.

During analysis, the C2 server did not supply a folder list; however, it is capable of exfiltrating files back to the C2 server.

]ru Domain C2 server figmacat[.

]ru Domain C2 server digichat[.

]ru Domain C2 server diggimax[.

DART swiftly addressed the two security incidents by executing a comprehensive set of actions aimed at restoring control, containing cyberthreats, and reinforcing long-term resilience.

To investigate and remediate the incidents, Microsoft deployed proprietary forensic tools across critical infrastructure, enabling root cause analysis and operational recovery.

DART is made up of highly skilled investigators, researchers, engineers, and analysts who specialize in handling global security incidents.

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

DART swiftly addressed the two security incidents by executing a comprehensive set of actions aimed at restoring control, containing cyberthreats, and reinforcing long-term resilience.

To investigate and remediate the incidents, Microsoft deployed proprietary forensic tools across critical infrastructure, enabling root cause analysis and operational recovery.

DART is made up of highly skilled investigators, researchers, engineers, and analysts who specialize in handling global security incidents.

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses.

Phishing campaign tactics and payloadOn August 18, Microsoft Threat Intelligence detected a phishing campaign leveraging a compromised small business email account to distribute malicious phishing emails intended to steal credentials.

SVG code containing decoy business performance chartSecond, the payload’s functionality was also hidden using a creative use of business terms.

]svg File name File name of SVG attachment 08/18/2025 08/18/2025Learn moreFor the latest security research from the Microsoft Threat Inte…

To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity.

Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.

An overwhelming 85% of all participants found the event useful for learning how AI can be applied to security workflows.

This positive feedback highlights that AI-centric CTFs can play a vital role in speeding up AI education and adoption in the security community.

We are committed to advancing the AI cybersecurity frontier…

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service .

The block will expire shortly after those requests stop.

In the meantime, solving the above CAPTCHA will let you continue to use our services.This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests.

If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible.

Learn more Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very qu…

At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos.

Pixel Camera attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

attaches Content Credentials to any JPEG photo capture, with the appropriate description as defined by the Content Credentials specification for each capture mode.

Google Photos attaches Content Credentials to JPEG images that already have Content Credentials and are edited using AI or non-AI tools, and also to any images that are edited using AI tools.

Building a More Trus…

Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics.

Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification.

This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar.

With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads.

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the hi…

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts.

Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and distribute provenance.

With an estimated value exceeding $12 trillion, open source software has never been more integral to the global economy.

For publishers and maintainers of open source packages, OSS Rebuild can...

If you're a developer, enterprise, or security researcher interested in OSS security, we invite you to follow along and get involved!

Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures.

This is particularly useful for Advanced Protection users, since in 2023, plaintext HTTP was used as an exploitation vector during the Egyptian election.

JavaScript Optimizations and Security Advanced Protection reduces the attack surface of Chrome by disabling the higher-level optimizing Javascript compilers inside V8.

Javascript optimizers can be disabled outside of Advanced Protection Mode via the “Javascript optimization & security” Site Setting.

We…

Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approachGoogle has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle.

From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level.

Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article.

Moving forwardOur comprehensive prompt injection security strategy strengthens the overall security framework for Gemini.

The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

To safeguard Chrome’s users, and preserve the integrity of the Chrome Root Store, we are taking the following action.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described in this blog post by installing the corresponding root CA certificate as a locally-trusted root on the platform Chrome is running (e.g., install…

Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems.

In 2019, using the same physical assumptions – which consider qubits with a slightly lower error rate than Google Quantum AI’s current quantum computers – the estimate was lowered to 20 million physical qubits.

Normally more error correction layers means more overhead, but a good combination was discovered by the Google Quantum AI team in 2023.

Another notable error correction improvement is using "magic state cultivation", proposed by the Google Quantum AI team in 2024, to reduce the workspace required for certain basic quantum operations.

These algorithms can already be deployed to d…

To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users.

Advanced Protection gives users:Best-in-class protection, minimal disruption: Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Defense-in-depth: Once a user turns on Advanced Protection, the system prevents accidental or malicious disab…

Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.

Now, Google Play Protect live threat detection will catch apps and alert you when we detect this deceptive behavior.

We’ve made Google Play Protect’s on-device capabilities smarter to help us identify more malicious applications even faster to keep you safe.

Google Play Protect now uses a new set of on-device rules to specifically look for text or binary patterns to quickly identify malware families.

This update to Google Play Protect is now available globally for all Android…

Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data.

Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts.

Chrome has always worked with Google Safe Browsing to help keep you safe online.

Standard Protection users will also benefit indirectly from this feature as we add newly discovered dangerous sites to blocklists.

Beyond tech support scams, in the future we plan to use the capabilities described in this post to help detect other popular scam types, such as package tracking scams and unpaid toll scams.

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers.

This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources.

Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1).

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1…

In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library.

These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy.

These features are why we recommend Sigstore’s signing mechanism as the default approach for signing ML models.

Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods.

This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional so…

The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome.

It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy.

Last spring, the Chrome Root Program led ecosystem-wide experiments, emphasizing the need for linting adoption due to the discovery of widespread certificate mis-issuance.

We recently landed an updated version of the Chrome Root Program Policy that further aligns with the goals outlined in “Moving Forward, Together.” The Chrome Root Program remains committed to proactive advancement of the Web PKI.

We continue to value collaboration with web…