Азиатские финансовые регуляторы усилили меры безопасности из-за новой нейросети Mythos.

Один сбой на тысячу беременностей — и нервная трубка не закроется…

Теперь за каждым платежом будут внимательно следить из высоких кабинетов.

Осталось четыре года до посадки на Луну, а скафандры ещё не созданы. Что пошло не так.

За кибератаками на израильские компании стоит единая экосистема под управлением Тегерана.

Разработчики открытого кода столкнулись с рекордным ростом числа жалоб на ошибки из-за нейросетей.

ФСБ отчиталась о задержании организаторов GSM-шлюзов.

Успеют ли ограничения за изобретательностью злоумышленников?

Чат и голос больше не работают… пока вы не докажете, что достойны их.

Такой риск, как предупреждает Ксения Замуховская, возможен не только в ИБ, но и в ИТ.

Причём он одинаково велик как для ИТ, так и для ИБ.

По единодушному мнению, она характерна и для ИТ, и для ИБ.

Это очень существенная угроза в условиях жёсткого дефицита персонала высокой квалификации как в ИТ, так и в ИБ.

Разумеется, это не лучший сценарий, но и не худший, работодатель должен быть готов и к нему».

Да Да Да(отфильтрованные отображаемые события, результаты агрегаций и пр.)

Вся функциональность доступна без ограничений Ограничиваются технические возможности по использованию продукта, в частности поиск по данным Ограничение технической поддержки, ограничение поставки новых пакетов экспертизы Наличие бессрочных лицензий Да Да Да Да Нет Наличие подписочных лицензий Да Да Да Да Нет Модульность Да Да(дополнительные модули UEBA, TIP) SIEM поставляется в максимальной комплектации.

Перечень, представленный в этом сравнении, не является исчерпывающим и в определённой мере имеет иллюстративный характер.

На ряде ярких примеров мы показываем, какими функциональными возможностями способна обладать с…

Она получила название «стратегия сетевого доверия» и затрагивает как планы существенного расширения списка сетевых и ИБ-продуктов, так и формирование из них единой экосистемы.

Выступление директора-сооснователя UserGate Дмитрия Курашева на UserGate Open Conf 2026Trustworthy Networks«Наш новый подход к разработке сетевых и ИБ-продуктов будет соответствовать концепции сетевого доверия (Trustworthy Networks Policy), — заявил на пресс-конференции перед открытием Open Conf 2026 Михаил Кадер, архитектор клиентского опыта будущего в компании UserGate.

Можно предположить, что на их основе будет развиваться информационная поддержка экосистемы UserGate в рамках развития модели сетевого доверия.

На те…

И в целом деградация навыков у соискателей, по его оценке, наблюдается в течение всех последних 5 лет.

Люди по-прежнему активно используют цифровые сервисы, но всё хуже понимают, как они устроены и как ими управлять», — обратил внимание Иван Панченко.

«Снижение цифровой грамотности выглядит не как резкая деградация навыков, а как признак того, что пользователи не успевают адаптироваться к усложняющейся цифровой среде.

Причём ожидания к цифровым и, в особенности, ИИ-навыкам растут быстрее, чем системы образования и внутрикорпоративного обучения успевают их формировать.

Причём это хорошо работает и на Windows, и на macOS, и на любых Linux.

Различия направлений BAS, Pentesting и Red teamingТесты на проникновение можно разделить на 3 категории: пентест, редтиминг и BAS.

Достаточно запустить инструмент, и он самостоятельно проведёт атаку по заданному сценарию, методично перебирая векторы и методы взлома, пока не обнаружит брешь и не добьётся цели.

Методы Red Teaming и BAS не являются взаимоисключающими — напротив, они дополняют друг друга, а не конкурируют между собой.

Средства и системы моделирования кибератак обсуждались как в отдельном эфире AM Live, так и в рамках глобальной темы автоматизированной проверки защищённости.

Эта ниша оказалась привлекательна как для новых игроков (небольших стартапов), так и для ИТ-гигантов, нап…

Интеграция модели машинного обучения в СУБД позволяет выявлять вредоносные запросы без снижения производительности.

Различия между обычными запросами и запросами с инъекциями проявляются не на уровне конкретных значений входных данных, а на синтаксическом уровне.

Необходимо встроить модель в СУБД «Ятоба», чтобы она могла работать в дочернем процессе СУБД и пресекать запросы с инъекциями до того, как они смогут нанести вред.

У нас создано расширение SQL Firewall, и в конфигурационных параметрах настроены значения для работы ML.

По состоянию на апрель 2026 года СУБД «Jatoba» — единственная СУБД общего назначения на российском рынке, имеющая SQL Firewall.

Защита сайта от DDoS-атак — решение DDoS-Guard, российского провайдера облачных сервисов защиты от DDoS-атак и доставки контента, которое устраняет обозначенные проблемы и снижает риски, связанные с нарушением доступности ресурсов.

Механизм работы системы защиты от DDoS-атакОбеспечивается защита от атак разных классов.

NS-серверы защищены от DDoS-атак и от использования для амплификации атак на сторонние ресурсы.

Список ботовМодуль позволяет настраивать доступ как для известных DDoS-Guard групп легитимных ботов (организаций), так и для отдельных ботов внутри группы.

Вендор предоставил клиенту набор инструментов управления трафиком, которые позволили создать кастомный каскад правил для защит…

И как часто нужно сканировать инфраструктуру, чтобы не утонуть в ложных срабатываниях, но и не пропустить реальную угрозу?

По результатам становится ясно, что примерно 60 % всех проблем упираются не в отсутствие ресурсов и не в нежелание брать на себя ответственность.

Инвестируйте в процессы и в людей».

И самое главное — во всё это: в процессы, в людей, в отношения и в инструменты — нужно инвестировать.

В конечном счёте успех в управлении уязвимостями измеряется не количеством закрытых тикетов и не низким процентом ложных срабатываний.

Ландшафт образования претерпевает глубокие изменения вследствие появления цифровых технологий и их широкого проникновения как в преподавание, так и в обучение.

Однако вместе с ними возникают и определённые вызовы, которые необходимо учитывать, чтобы сохранить эффективность и инклюзивность образования в его новых формах.

Турниры рассматриваются как часть системы образования: в стране проводятся серии гонок.

В отношении дронов в России действует законодательство о беспилотных летательных аппаратах (БПЛА).

Эти навыки в области дроностроения затем могут применяться и в других сферах, в том числе в ИТ и ИБ.

Системы EDR (Endpoint Detection and Response) защищают конченые точки — сервера, рабочие станции и корпоративные мобильные устройства, закрывая целый класс угроз ИБ, которые не ловятся сигнатурными методами.

Кроме того, системы EDR послужили основой для разработки решений XDR (Extended Detection and Response) и MDR (Managed Detection and Response).

Взаимодействие EDR с другими СЗИ в рамках SOCПри этом следует понимать, что EDR недостаточно для обеспечения безопасности периметра организации.

BI.ZONE EDRBI.ZONE EDR — решение класса Endpoint Detection and Response (EDR) для выявления и расследования сложных целевых атак на раннем этапе их развития.

Kaspersky EDR ExpertKaspersky EDR Expert — ре…

Кому нужно и как делаетсяСистемы мониторинга собирают данные о работе различных компонентов ИТ-инфраструктуры, анализируют их и выявляют всевозможные аномалии.

Включает непосредственно инструменты мониторинга работы оборудования и ПО, а также базовые средства анализа параметров их работы.

По практически единодушному мнению участников, ПО с открытым кодом отнюдь не бесплатно, несмотря на формально нулевую стоимость лицензирования.

По мнению Николая Ганюшкина, многое может изменить использование генеративного искусственного интеллекта (ИИ) для доработки продуктов с открытым кодом (вайбкодинг).

И у систем с открытым кодом, и у вендорских есть как плюсы, так и минусы.

Также есть набор фидов от Security Vision) Подключение репутационных баз (IP-адреса / URL) Да Да Да Да Да Да(за счёт коробочных интеграций, преднастроенных транспортных протоколов и Low-Code / No-Code.

Реализована возможность автоматической настройки параметров сбора событий в зависимости от типа источника из единого интерфейса) Неагентский сбор событий Да Да Да Да Да Да Активный сбор событий Да Да Да Да Да Да Пассивный сбор событий Да Да Да Да Да Да Сбор событий и данных в изолированных сегментах сети Да Да Да Да Да Да Сбор событий с Linux Да Да Да Да Да Да Сбор событий по Syslog Да Да Да Да Да Да Сбор событий по SNMP Да Да Да Да Да Да Сбор событий по NetFlow Да Да Да Да Да Да Сбор событий…

Compromise Assessment — как рентген корпоративной инфраструктуры: он выявляет скрытые угрозы, определяет их масштаб и помогает сформировать план «лечения» для восстановления безопасности.

CA позволяет быстро понять реальное состояние дел: есть ли в инфраструктуре скрытые угрозы, которые могут аукнуться в будущем, и с чего начинать выстраивать работу.

Они требуют усиленного внимания к мерам кибербезопасности, включая регулярное проведение CA для раннего выявления угроз.

Не только выявляем угрозы, но и даём рекомендации по их устранению, а также по укреплению защиты в целом.

Ищем чувствительную информацию о компании на публичных платформах, доступных через любой браузер: GitHub, Pastebin, Tre…

Многие используют в своих расследованиях анализ журналов событий Event ID 1116 , Event ID 1117 Windows Defender , а также записи и файлы из карантина.

В журнале Microsoft-Windows-WindowsDefender вы не увидите событий сканирования, если файл не получил статус вредоносного ПО.

Эти имена не несут в себе полезной информации, в отличие, например, от имен UUID версии 1 (анализирующихся в нашей статье «Компьютерная криминалистика.

рисунок 3):· Зеленый цвет — размер второго блока, на практике встречается всегда 30 hex (48 dec), читается little-endian, то есть 0х00000030.

По сути, для нас нет ничего полезного в этих файлах, и в нашем дальнейшем исследовании их содержимое никак не поможет.

Делать что-то другое в IT-продукте в это время казалось несвоевременным.

Проблема не в самом подходе - проблема в скорости появления угроз.

Что делают мировые лидерыPalo Alto Networks, Fortinet, Cisco, Check Point и Juniper уже несколько лет встраивают ML в свои IPS.

Palo Alto: Deep Learning в облаке и на устройствеAdvanced Threat Prevention позиционируется как первый в индустрии IPS, способный блокировать zero-day атаки в режиме inline.

64 категории атак, которые ML не обнаружит: ограничения методаИсследование выявило фундаментальное ограничение, которое важно понимать при внедрении любой поведенческой ML IDS.

Рассмотрим задачу работы с персональными данными в системе, где большая часть данных находится в открытом доступе и не может строго контролироваться.

Если упростить задачу до сути: нам нужно быстро искать и сортировать конфиденциальные строки минимизируя обращения к закрытой зоне, но при этом не раскрывая их содержимое.

Нужен индекс в открытой зоне.

Ключевое свойство: структура поддерживает селективную фильтрацию и диапазонные операции, не требуя каждый раз переписывать внешний индекс «с нуля».

Индексы бакетов в этом случае используются как сортирующий индекс в открытой зоне.

Но «пойди и добавь авторизацию на каждый эндпоинт» — это не задачка в спринт, это проект.

Что получается на практике: подряд идущие id из базы ( 1 , 2 , 3 ) превращаются наружу во что-то вроде 5823901847263… , 9174625038192… , 2847193650471… .

Чего это не даётЭто не авторизация.

Сменили ключ — поменялись вообще все публичные ID в системе.

Когда это действительно к местуFeistel-ID имеет смысл брать, если одновременно:API сейчас светит наружу последовательные первичные ключи, и это нужно прекратить.

Это и есть mTLS.

Если коротко: если вы выставляете что-то в интернет и не хотите, чтобы туда мог зайти кто угодно — mTLS для этого и существует.

Что mTLS защищает — и что нетmTLS работает на транспортном уровне (L4/L5).

Если сервер не проверяет это поле, клиент с CA-сертификатом может выпустить произвольный клиентский сертификат и аутентифицироваться от имени любого пользователя.

Если приложение уязвимо к XSS или SQL-инъекции — mTLS это не исправит.

Дело в том, что в «Сезон Heavy Digital» не раскрыта тема, которую я считаю актуальной и которая предельно ясна из названия - «Не кибербез, а цифро-ТБ».

Чтобы этот сотрудник не поранился и не навредил себе или производственному процессу.

Да я в курсе, это улучшал не смартфон, но это было 6 лет назад, а сейчас такие фокусы может делать смартфон, ибо «вычислительная фотография».

Не телохранитель со стволом под пиджаком и не кибербезопасник медитирующий на строчки бегущие по экрану, а занудный, противный, вечно лезущий не туда и развешивающий идиотские плакаты ТБшник.

Нет, это не кибербез и безопасники этим заниматься не будут, потому что Холи Бери им за это никуда ничего не приставит.

Я, осознанно, не буду приводить его пример, так как мы тут разбираем опасность, а не создаем ее!

Так как я и правда новичок в атаках на LLM, образовательный интерес у меня тоже был.

То есть это уже атака не на абстрактную модель, а на конкретную бизнес‑обертку вокруг нее.

Так я по началу и делал, но потом я подумал, а почему бы не попросить LLM совершать атаку на LLM в контуре продукта, созданного LLM.

Успехом считалось, если модель ответит на каверзные вопросы, а не отправит меня в глухой бан «Я не могу это обсуждать».

Меня давно не отпускала одна мысль: почти все разговоры о приватной переписке в какой‑то момент упираются не в шифрование, не в криптографию, не в архитектуру, а в банальную человеческую инерцию.

В Telegram, в WhatsApp, в VK, сейчас уже и MAX, в корпоративных чатах, в почте, в комментариях, где угодно.

Вообще, если попытаться честно сформулировать, в чём состояла главная сложность разработки Echo Layer, я бы сказал так: проблема была не в том, чтобы зашифровать текст.

Всё это не украшения и не overengineering.

В результате Echo Layer для меня оказался интересен не только как идея про приватность, но и как довольно честный инженерный эксперимент.

Исследователи «Лаборатории Касперского» изучили тактику распространения вредоносных программ через официальный магазин приложений App Store для устройств Apple.

В марте этого года в китайском App Store были обнаружены более двух десятков приложений, мимикрирующих под популярные программы для работы с криптовалютой.

Злоумышленники воспользовались особенностями App Store в Китае, из-за которых некоторые официальные приложения для работы с криптовалютой там недоступны.

В ряде случаев название приложения было случайным, но в описании утверждалось, что из-за ограничений в Китае в нем «спрятано» официальное ПО для работы с каким-либо сервисом.

В ряде случаев атакующие также нацелены на холодные к…

Инициатива вызвала бурное обсуждение в техническом сообществе, а проверка через GPTZero показала, что большая часть документа, вероятно, написана ИИ.

Эксперты в основном отнеслись с опубликованному документу скептически, и на Hacker News драфт буквально разобрали по частям.

В итоге в сообществе пришли к выводам, что, во-первых, это не официальное предложение.

Любой человек может отправить Internet-Draft в IETF — это не значит, что организация его одобрила или даже рассмотрела.

Во-вторых, проверка в GPTZero показала, что крупнейшие разделы документа с вероятностью 100% сгенерированы ИИ, а общая оценка «ИИ-происхождения» документа составила 76%.

При этом злоумышленники заявляют, что получили доступ к внутренним системам компании и уже продают похищенные данные в даркнете.

В Vercel подчеркивают, что атака не сказалась на работоспособности сервисов компании, а также не затронула что Next.js, Turbopack и другие опенсорсные проекты.

Он заявил, что взломал Vercel и выставил данные компании на продажу.

В своей публикации хакер предлагает ключи доступа, исходный код и данные из БД, а также доступ к внутренним деплойментам и API-ключам компании, включая токены NPM и GitHub.

В сообщениях в своем Telegram-канале злоумышленник утверждал, что уже вел переговоры с Vercel и потребовал у компании выкуп в размере 2 000 000 долларов США.

В рамках очередной фазы международной операции PowerOFF правоохранительные органы изъяли 53 домена, арестовали четырех подозреваемых и разослали предупреждения более чем 75 000 пользователей платформ для DDoS-атак по найму.

При этом DDoS-платформами пользуются не только начинающие преступники, но и опытные хак-группы, которые применяют их для оптимизации и кастомизации собственных атак.

Мотивы клиентов таких платформ обычно варьируются от простого любопытства и финансового вымогательства до хактивизма и целенаправленного вредительства конкурентам.

Операция PowerOFF берет начало еще в декабре 2018 года, когда были закрыты первые 15 сайтов, связанных с DDoS-атаками по найму.

Правоохранители п…

Специалисты компании F6 предупреждают об Android-трояне LunaSpy, который злоумышленники доставляют жертвам весьма нетривиальным способом — вместе со смартфоном.

По данным исследователей, атаки с использованием LunaSpy носят таргетированный характер и направлены против клиентов банковского сектора в России.

На смартфоне LunaSpy уже имеет все необходимые разрешения — права администратора, доступ к Accessibility-службам и автозапуск в фоновом режиме.

LunaSpy отслеживает экран устройства в поисках элементов, связанных с попыткой удаления приложения.

Для связи с управляющей инфраструктурой LunaSpy использует пул доменных адресов с ротацией IP — если один сервер становится недоступен, малварь пер…

Справка: сканирование портовСка­ниро­вание пор­тов — стан­дар­тный пер­вый шаг в любой ата­ке.

Оно поз­воля­ет зло­умыш­ленни­ку узнать, какие служ­бы на хос­те при­нима­ют соеди­нения.

На осно­ве этой информа­ции он выбира­ет сле­дующий шаг, что­бы получить точ­ку вхо­да.

Улуч­шить резуль­таты его работы поможет такой скрипт:#!/ bin/ bash ports = $( nmap -p- --min-rate = 500 $1 | grep ^[ 0- 9] | cut -d '/ ' -f 1 | tr ' ' ', ' | sed s/, $/ / ) nmap -p $ports -A $1Он работа­ет в два эта­па.

Под­робнее про работу с Nmap читай в статье «Nmap с самого начала.

Специалист VulnCheck Патрик Гэррити (Patrick Garrity) попытался выяснить, сколько уязвимостей на самом деле нашла новая ИИ-модель Claude Mythos компании Anthropic в рамках инициативы Project Glasswing.

Ранее в этом месяце компания Anthropic представила Claude Mythos Preview и заявила, что модель настолько эффективна в поиске уязвимостей и создании эксплоитов, что ее публичный релиз создал бы настоящий хаос.

Гэррити решил проверить громкие заявления Anthropic и изучил реестр CVE, содержащий более 327 000 записей.

В Anthropic заявили, что выпустят публичный отчет примерно в июле 2026 года», — пишет Гэррити.

Кроме того, в своей статье исследователь предлагает компании создать специальную стран…

Представители Microsoft предупредили, что после установки апрельских обновлений некоторые контроллеры домена Windows могут уходить в бесконечный цикл перезагрузки из-за сбоя в процессе LSASS (Local Security Authority Subsystem Service).

«После установки обновления безопасности KB5082063 и перезагрузки контроллеры домена, не являющиеся серверами глобального каталога, в средах с PAM могут столкнуться со сбоем LSASS во время запуска, — объясняют в Microsoft.

Стоит отметить, что подобные проблемы с контроллерами домена после выхода патчей уже становятся для Microsoft почти традицией.

К примеру, в июне 2025 года компания исправляла сбои аутентификации в Windows Server, вызванные апрельскими обно…

Приложение удалили из App Store, и теперь на устройствах Apple оно помечается как вредоносное.

Напомним, что проблемы «Телеги» начались после того, как Cloudflare пометила рабочие домены проекта (telega.me, api.telega.info и telega.info) как шпионское ПО.

Apple начала помечать уже установленную на устройствах пользователей «Телегу» как приложение, содержащее вредоносный код.

В компании сослались на документацию Apple, согласно которой все приложения в iOS работают в песочнице и не имеют доступа к системным файлам.

Следует отметить, что в минувшие выходные Cloudflare вновь отметила домены «Телега» как «шпионское ПО».

Новый спецвыпуск «Хакера», в который войдут лучшие статьи 2021–2022 годов, уже в работе.

Первые три номера охватывали период с 2015 по 2021 год, а в новый сборник войдут самые интересные и значимые статьи за следующие два года.

Они расскажут о том, как готовились статьи, и что осталось за кадром.

Бумажный спецвыпуск — это не просто подборка статей, а настоящий «срез эпохи», с идеями, подходами и задачами, которые тогда двигали инфобез вперед.

Предварительные заказыОбрати внимание: предварительные заказы открыты, и пока номер не ушел в печать, действует специальная цена — 1200 рублей за экземпляр.

Microsoft представила новые механизмы защиты Windows, которые должны затруднить фишинговые атаки через файлы Remote Desktop (.rdp).

Теперь система будет предупреждать пользователей о рисках при открытии таких файлов, а перенаправление локальных ресурсов на удаленный хост по умолчанию будет отключено.

RDP-файлы часто используются в корпоративных средах: администраторы заранее прописывают в них настройки подключения к удаленным системам, включая автоматический проброс локальных ресурсов на удаленный хост.

Новые защитные механизмы были включены в состав апрельских накопительных обновлений для Windows 10 (KB5082200) и Windows 11 (KB5083769 и KB5082052).

При последующих попытках открыть .rdp-фай…

Еще в 2025 году неизвестные злоумышленники внедрили в них бэкдор, который открывает несанкционированный доступ к сайтам под управлением WordPress.

Начав изучение проблемы, Гиндер обнаружил, что бэкдор скрыт во всех продуктах пакета.

В настоящее время скомпрометированные плагины заблокированы, а на зараженные сайты отправлено принудительное обновление, нейтрализующее бэкдор и обрывающее его связь с управляющим сервером.

Однако специалисты предупредили, что принудительное обновление не очищает wp-config.php, и файл нужно проверять вручную.

Также администраторам рекомендуется обратить внимание на то, что основной точкой заражения выступает файл wp-comments-posts.php (не путать с легитимным wp-…

Attackers obtain valid credentials through credential stuffing from prior breach databases, password spraying against exposed services, or phishing campaigns — and use them to walk through the front door.

A Dynamic Approach to Incident ResponseThis is where the way teams think about incident response matters as much as the technical controls they deploy.

After detecting and verifying an incident, response teams enter a loop: scoping the compromise, containing affected systems, eradicating the threat, and recovering operations.

Consider a credential-based compromise where initial scoping identifies a single affected workstation.

Communication is the single most important factor here in effec…

"As with previous iterations of NGate, the malicious code allows the attackers to transfer NFC data from the victim's payment card to their own device and use it for contactless ATM cash-outs and unauthorized payments."

In addition, the malicious payload is capable of capturing the victim's payment card PIN and exfiltrating it to the threat actor's command-and-control (C2) server.

Then, the victim is asked to enter the payment card PIN into the app and tap their card on the back of the NFC-enabled smartphone.

"With the appearance of yet another NGate campaign on the scene, it can be plainly seen that NFC fraud is on the rise," ESET said.

"This time, instead of using an established solution …

Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.

Alternatively, the attack can be initiated via an indirect prompt injection without having to compromise a user's account.

Once persistent access is obtained, the attacker can connect to the machine without triggering the prompt injection again or raising any security alerts.

"The AI agent does this autonomously, following the injected instructions as if they were legitimate development tasks."

URL containing the invisible prompt injection.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation.

(CVSS score: 8.2) - An improper authentication vulnerability in PaperCut NG/MF that could allow an attacker to bypass authentication on affected installations via the SecurityRequestFilter class.

CVE-2024-27199 (CVSS score: 7.3) - A relative path traversal vulnerability in JetBrains TeamCity that could allow an attacker to perform limited admin actions.

(CVSS score: 7.3) - A relative path traversal vulnerability in JetBrains TeamCi…

A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems.

It has been described as a case of command injection leading to the execution of arbitrary code.

This sequence of events enables the attacker to achieve remote code execution (RCE) on the SGLang server."

This, in turn, enables a malicious model to execute arbitrary Python code on the inference server.

"This will prevent the execution of arbitrary Python code on the server.

PHANTOMPULSE is an artificial intelligence (AI)-generated backdoor that uses the Ethereum blockchain for resolving its C2 server.

QEMU Abused for Defense Evasion —Threat actors are abusing QEMU, an open-source machine emulator and virtualizer, to hide malicious activity within virtualized environments.

The threat actors then deploy a QEMU VM to install additional tools for conducting enumeration and credential theft.

—Threat actors are abusing QEMU, an open-source machine emulator and virtualizer, to hide malicious activity within virtualized environments.

The threat actors then deploy a QEMU VM to install additional tools for conducting enumeration and credential theft.

What actually breaks in productionOnce AI moves from demo to deployment, a few specific challenges tend to emerge.

A model that performs well on clean demo data can struggle when fed noisy or incomplete inputs.

Governance is where enthusiasm runs outBeyond technical challenges, governance has become one of the biggest reasons AI initiatives stall.

Many teams discover that while AI experimentation is easy, operationalizing AI safely requires clear policies and controls.

They test AI against real workflows rather than idealized scenarios, using real data, real processes, and real constraints.

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.

The cybersecurity company said the systemic vulnerability is baked into Anthropic's official MCP software development kit (SDK) across any supported language, including Python, TypeScript, Java, and Rust.

In all, it affects more than 7,000 publicly accessible servers and software packages totaling more than 150 million downloads.

"As this code was meant to be used in order to start a local STDIO server, and give a handle of the STDIO back to …

Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems.

The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet.

ZionSiphon, currently in an unfinished state, is characterized by its Israel-focused targeting, going after a specific set of IPv4 address ranges that are located within Israel -2.52.0[.

]255Besides encoding political messages that claim support for Iran, Palestine, and Yemen, the malware embeds Israel-…

Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems.

The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company.

Vercel said environment variables marked as "sensitive" are stored in an encrypted manner that prevents them from being read, and that there is currently no evidence suggesting that those values were accessed by the attacker.

Audit and rotate environment variables that contain secrets and are not marked as sensitive.

Use sensitive environment variables to ensure secrets are protected.

Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack.

The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement.

"Preliminary findings suggest the attack was coordinated with the specific objective of inflicting direct damage upon Russia's financial sovereignty."

The Treasury renewed sanctions against Garantex in August 2025 for processing more than $100 million in illicit transactions and enabling money laundering.

TRM Labs has identified about 70 a…

Collectively, they pave the way for the intrusion long before the ransom note arrives.

ESET’s detection data shows ransomware rising by 13 percent in the second half of 2025 compared to the prior six months, following a 30-percent increase in the first half of 2025.

Meanwhile, Verizon’s 2025 Data Breach Investigations Report (DBIR) recorded a jump from 32% to 44% in the share of breaches involving ransomware, while the median ransom payment fell from $150,000 to $115,000.

As the products have improved, criminals responded by building a clandestine market for tools designed to disable them.

The sheer investment in EDR killers is, somewhat perversely, the clearest measure of how much damage t…

Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse.

What do fake breach notification scams look like?

Either:The scammers wait for a real breach, and piggyback on the news to send out a fake notification.

Spotting the red flagsFake breach notifications should be easy to spot if you know what to look out for.

Staying safeUnderstanding what to look out for is the first step to staying safe from breach notification scams.

This seems extremely low given the scale and frequency of supply chain incidents – and how broadly ‘supply chain’ really stretches.

Notably, 3CX itself was the downstream victim of another supply chain attack, courtesy of a compromised Trading Technologies X_TRADER installer.

CISOs rated supply chain disruption #2 for 2025 and #2 again for 2026, while CEOs rate supply chain disruption #3 for 2025.

Talk about a supply chain blind spot…What are key considerations around geopolitical supply chain risk?

Resilience is imperativeIn a world of escalating threats and risky interdependencies, supply chain cyber resilience is a competitive differentiator at the survival level.

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.

Online scammers only care about one thing: making money, so when new opportunities arise to do just that, they take them.

Recovery fraud is an umbrella for several predatory tactics, all sharing a common goal: the “second strike.”How does recovery fraud work?

This is basically a kind of advance fee fraud.

If you’ve been victimized by recovery scammers, there are a limited set of options available to you.

Threat actors are using AI to supercharge tried-and-tested TTPs.

The former are using AI, automation and a range of techniques to sometimes devastating effect.

But n the other hand, threat actors are just doing what they have done before – supercharging existing tactics, techniques and procedures (TTPs) to accelerate attacks.

Threat actors are:Getting better at stealing/cracking/phishing legitimate credentials from your employees.

Catching threat actors at this point is essential – especially as exfiltration (when it begins) is also being accelerated by AI.

Now just have a think about all of the digital assets you’re likely to leave for loved ones to manage.

From a legal perspective, inheritance laws often don’t include digital assets, online policies can be “opaque” and tools fragmented, it says.

However, a proposed Property (Digital Assets, etc.)

However, a proposed Property (Digital Assets, etc.)

Or a fictitious “account recovery” service provider claiming they can access your loved one’s digital assets for a fee.

The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience planAs March 2026 draws to a close, ESET Chief Security Evangelist Tony Anscombe looks at some of the top cybersecurity stories that made the news this month and offers insights that they may hold for your cyber-defenses.

Here's Tony's rundown of some of what stood out most over the four or so weeks:The medtech giant Stryker fell victim to a cyberattack that was claimed by the Iran-linked Handala hacktivist group and reportedly wiped “over 200,000 systems, servers, and mobile devices” and stole 50 terabytes of data,Research by the Google Threat…

This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up withThat's a wrap on the RSAC™ 2026 Conference.

For its 35th edition, the conference drew the usual mix of security practitioners, researchers and vendors.

Predictably, AI agents dominated much of the conversation – as a defensive capability, but more pressingly as a risk that many organizations have yet to fully think through.

Watch the video with ESET Chief Security Evangelist Tony Anscombe, who was on the ground all week, to learn more about what else was trending at this year's edition of the event.

If you caught any of them, or stopped by our booth,…

A threat actor known as Silver Fox is actively exploiting this busy period by conducting a targeted spearphishing campaign against Japanese manufacturers and other businesses.

Active since at least 2023, Silver Fox initially focused on Chinese-speaking targets before expanding into Southeast Asia, Japan, and potentially North America, running each campaign in a local language.

This pattern isn’t new – similar activity was observed during the same period last year, indicating that Silver Fox deliberately aligns its operations with this season.

In this operation, Silver Fox sends tailored spearphishing emails crafted to look like legitimate HR or tax-related messages.

Silver Fox is clearly do…

Indeed, some now run entirely in the cloud, while many others have paired cloud workloads, often in multi-cloud setups, with on-prem resources that won’t be retired anytime soon.

Of all the things that these organizations have in common, one warrants a closer look: virtual machine (VM) sprawl, or uncontrolled growth of virtual machines that are often left to fend for themselves.

This tracks with the identity-driven nature of cloud workloads, where both the VM itself and what it can access deserves scrutiny.

Catching the anomaly requires connecting what’s happening on the VM itself to what the VM’s identity is doing across the wider environment.

Parting thoughtsVMs are one of the oldest and …

Many cloud data breaches trace back to mundane lapses in security hygiene and oversights in the management of complex deployments, rather than fiendish zero-day exploits.

According to Google’s H2 2025 Cloud Threat Horizons Report, credential compromise and misconfiguration remained the primary entry points for threat actors into cloud environments in the first half of 2025.

Few organizations can afford to give up the flexibility and cost-efficiency that made the cloud in various of its flavors attractive in the first place.

Worryingly, a survey by the Cloud Security Alliance has found that only 23% of organizations have full visibility into their cloud environments.

Securing cloud workloads…

No online account is off the table.

If you can no longer access the account at all, go to the platform’s support pages and start the account recovery process.

Online services may ask for suspicious messages and other potential evidence during the reporting and account recovery process.

One-time 2FA recovery codes can help save the day if you lose access to the device to which normal 2FA codes are typically sent.

An email account deserves particular attention.

We provide a technical overview of EDR killers, including vulnerable drivers, in the The technology behind EDR killers section.

The technology behind EDR killersScriptsThe simplest EDR killers don’t rely on vulnerable drivers or other advanced techniques.

Driverless EDR killersFinally, a smaller but growing class of EDR killers achieves its goals without touching the kernel at all.

EDR killers and AIWhile the set of abused vulnerable drivers remains relatively small, the number of distinct user-mode components that are part of modern EDR killers in the wild is growing rapidly.

We outline how the past year saw increasingly commercialized offerings for EDR killers, and showcase how commercial…

Facial recognition is increasingly embedded in everything from airport boarding gates to bank onboarding flows.

The bank's facial recognition and eKYC (know your customer) platform accepted it as a genuine person.

Lastly, Jake added himself to a facial recognition watchlist at a busy train station in London.

The experiments also send a message to vendors of facial recognition systems and anyone responsible for identity verification systems.

The technology behind facial recognition is fragile in ways that matter when someone attempts to subvert it.

For most organizations, however, the more immediate risk plays out in cyberspace and involves all manner of threat actors.

Advanced Persistent Threat (APT) operations involving reconnaissance and initial access run in parallel or closely behind.

ESET researchers have previously documented close links between several Iran-aligned APT actors.

Muddying the waters further, several pro-Russian hacktivist groups have now apparently joined the fray in support of Iran, and there are reports of Iran-linked groups engaging with IABs on Russian cybercrime forums.

Spearphishing attachments and links have long been the most popular initial access techniques among most Iran-aligned APT groups, including …

CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20133) that Cisco has yet to flag as exploited.

Three Cisco Catalyst SD-WAN Manager vulnerabilitiesAlongside CVE-2026-20133, CISA has also listed CVE-2026-20128 and CVE-2026-20122 – two other Catalyst SD-WAN Manager vulnerabilities – as being leveraged in attacks.

The latter two flaws have been confirmed as actively exploited by Cisco in early March 2026.

CISA has ordered US federal civilian agencies to address all 8 flaws by April 20, 2026.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabil…

Racks of phones and 4G modems, connected to carrier networks and rented out as commercial mobile proxy services, are operating across at least 94 locations in 17 countries.

SIM farm (Source: Infrawatch)Infrawatch identified 87 distinct instances of the ProxySmart control panel exposed on the internet, spread across at least 24 commercial proxy providers and 35 cellular carriers.

Operators self-host a control panel and are advised to route traffic through a reverse proxy on cloud infrastructure to obscure the farm’s physical origin.

Origins and operator linksProxySmart is publicly linked through open-source intelligence to a man who advertises assistance with building 4G mobile proxy network…

Both samples are distributed from the same domain and use the same modified HandyPay application, indicating a coordinated operation.

ESET researcher Lukáš Štefanko, who discovered the new NGate variant in the trojanized NFC payment app, explained the logic directly:“Why did the operators of this campaign decide to trojanize the HandyPay app instead of going with an established solution for relaying NFC data?

On the other hand, the legitimate HandyPay app is significantly cheaper, only asking for a €9.99 per month donation, if even that.

What the malware doesOnce installed, the app requests to be set as the default NFC payment app, functionality that exists in the legitimate HandyPay applic…

Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models.

Why existing solutions only go so farPrior work on private inference has focused on redesigning AI models to be less expensive to run under encryption.

What SecureRouter doesResearchers at the University of Central Florida built a system called SecureRouter that brings input-adaptive routing to encrypted AI inference.

A lightweight routing component evaluates each incoming encrypted query and selects which model in the pool should handle it, entirely under encryption.

The overhead is smallAdding a routing layer to an encryp…

Compliance SpecialistnuvioIT | USA | Remote – View job detailsAs a Compliance Specialist, you will conduct CMMC Level 2 gap assessments against NIST SP 800-171 Rev.

Cyber Security AnalystCK Power | USA | On-site – View job detailsAs a Cyber Security Analyst, you will manage endpoint security and incident response using tools like SentinelOne, handling investigations for malware, phishing, and unauthorized access.

Cyber Security Engineer, LeadVestas | Ireland | On-site – View job detailsAs a Cyber Security Engineer, Lead, you will provide cybersecurity expertise for offshore SCADA, OT networks, and industrial control systems, acting as an internal consultant on OT security.

Cybersecurity Lea…

Advice for affected customers“The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee,” the Vercel security team explained in a post published on Sunday.

“The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as ‘sensitive.

'”Vercel CEO Guillermo Rauch explained it better: “Vercel stores all customer environment variables fully encrypted at rest.

“Take advantage of the sensitive environment variables feature going forward, so that secret values are protected from being read in the future,” the team …

ATHR is a platform that provides phishers with everything they need to trick users into sharing account credentials and verification codes.

The phishing emails don’t contain links or attachments, just a phone number that victims are supposed to call to make sure their account remains safe.

The operator of the ATHR platform can monitor active calls.

According to Abnormal AI, the platform currently includes pre-built credential harvesting panels for Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL.

What sets ATHR apart from similar toolsEarlier callback phishing platforms still depended on human callers, but ATHR removes that bottleneck entirely.

Meta Bug Bounty and PortSwigger have formed a partnership to help security researchers sharpen their skills, collaborate more closely, and improve vulnerability discovery.

The initiative combines Meta’s bug bounty program with PortSwigger’s Burp Suite, reflecting a shared focus on improving both tooling and education for the global security community.

“By joining forces, we’re not just offering resources; we’re building bridges between communities,” Meta Bug Bounty said.

In this collaboration, PortSwigger is providing Burp Suite Professional licenses to selected researchers in the HackerPlus Silver leagues on Meta Bug Bounty.

Their shared goal is to enable researchers to hunt for bugs using…

The European Commission is stepping up efforts to strengthen the EU’s digital sovereignty by awarding a cloud services tender worth up to €180 million over six years.

The initiative gives EU institutions and agencies access to sovereign cloud services delivered by a group of Europe-based providers.

“The awarded providers were selected based on their alignment with the Commission’s Cloud Sovereignty Framework, which measures sovereignty across eight objectives.

To qualify, the providers had to demonstrate that non-EU third parties have limited influence over the technologies and services involved.

Next steps include updating the Cloud Sovereignty Framework with more detailed assessment crite…

Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD infrastructure so engineering and security teams can see what an attacker would do in their specific environment.

What the tool doesSmokedMeat takes a flagged pipeline vulnerability and executes a live demonstration against a team’s own infrastructure.

The attack used techniques that Boost Labs had documented in prior research.

The backlog problemBoost Labs had been publishing research on CI/CD attack techniques for years, documenting how attackers move through build pipelines, steal credentials, and pivot into cloud environments.

Must read:Subscribe to the Help Net Security ad-free monthl…

Is “Satoshi Nakamoto” Really Adam Back?

The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back.

I was a member of the Cypherpunks mailing list for a while, but I was never really an active participant.

I knew a bunch of the Cypherpunks, though, from various conferences around the world at the time.

I really have no opinion about who Satoshi Nakamoto really is.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

This is, in many respects, exactly the kind of responsible disclosure that security researchers have long urged.

Anthropic said security contractors agreed with the AI’s severity rating 198 times, with an 89 per cent severity agreement.

The security problem is far greater than one company and one model.

The security company Aisle was able to replicate many of Anthropic’s published anecdotes using smaller, cheaper, public AI models.

Nor should such a company be able to restrict the ability of society to make choices about its own security.

Interesting research: “Humans expect rationality and cooperation from LLM opponents in strategic games.”Abstract: As Large Language Models (LLMs) integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs opponents in strategic settings.

We present the results of the first controlled monetarily-incentivised laboratory experiment looking at differences in human behaviour in a multi-player p-beauty contest against other humans and LLMs.

This shift is mainly driven by subjects with high strategic reasoning ability.

Subjects who play the zero Nash-equilibrium choice motivate their strategy by appealing to perceived LLM’s reasoning abil…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:The list is maintained on this page.

Posted on April 14, 2026 at 12:01 PM • 0 Comments

Interesting paper: “What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation.”Abstract: The rapid expansion of artificial intelligence (AI) is raising concerns about its potential to transform cybercrime.

Beyond empowering novice offenders, AI stands to intensify the scale and sophistication of attacks by seasoned cybercriminals.

This paper examines the evolving relationship between cybercriminals and AI using a unique dataset from a cyber threat intelligence platform.

Their exchanges reflect growing curiosity about AI’s criminal applications through legal tools and dedicated criminal tools, but also doubts and anxieties about AI’s effectiveness and …

On Anthropic’s Mythos Preview and Project GlasswingThe cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity.

The security company Aisle was able to replicate the vulnerabilities that Anthropic found, using older, cheaper, public models.

This advantage is likely to shrink, as ever more powerful models become available to the general public.

Maybe the sea change just happened, with the new models from Anthropic and OpenAI.

A couple of weeks ago, I wrote about security in what I called “the age of instant software,” where AIs are superhumanly good at finding, exploiting, and patching vulnerabilities.

AI Chatbots and TrustAll the leading AI chatbots are sycophantic, and that’s a problem:Participants rated sycophantic AI responses as more trustworthy than balanced ones.

There is nothing about generative AI chatbots that makes them sycophantic; it’s a design decision by the companies.

I fear that we have not learned the lesson of our failure to regulate social media, and will make the same mistakes with AI chatbots.

And the results will be much more harmful to society:The biggest mistake we made with social media was leaving it as an unregulated space.

The harm social media can do stems from how it affects our communication.

Regulation is hard:The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a region double the size of Africa, where distant-water fleets pursue species ranging from jack mackerel to jumbo flying squid.

Fishing for jumbo flying squid (Dosidicus gigas) has expanded rapidly over the past two decades.

The number of squid-jigging vessels operating in SPRFMO waters rose from 14 in 2000 to more than 500 last year, almost all of them flying the Chinese flag.

Meanwhile, reported catches have fallen markedly, from more than 1 million metric to…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

ProPublica has a scoop:In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings.

The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica.

Given that and other unknowns, government experts couldn’t vouch for the technology’s security.

Yet, in a highly unusual move that still reverberates across Washington, the Federal Risk and Authorization Management Program, or FedRAMP, authorized the product anyway, bestowing what amounts to the f…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Future systems could include a mix: both traditional long-term software and ephemeral instant software that is constantly being written, deployed, modified, and deleted.

Particularly vulnerable will be software in IoT devices: things like internet-connected cars, refrigerators, and security cameras.

But lots of instant software will live on networks for a long time.

What’s left in this world are attacks that don’t depend on finding and exploiting software vulnerabilities, like social engineering and credential stealing attacks.

AI systems are vulnerable to all sorts of manipulations, such as prompt injection, and it’s unclear whether we will ever be able to solve that.

“This CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise,” Walters said.

Satnam Narang, senior staff research engineer at Tenable, said April marks the second-biggest Patch Tuesday ever for Microsoft.

Narang also said there are indications that a zero-day flaw Adobe patched in an emergency update on April 11 — CVE-2026-34621 — has seen active exploitation since at least November 2025.

Adam Barnett, lead software engineer at Rapid7, called the patch total from Microsoft today “a new record in that category” because it includes nearly 60 browser vulnerabilities.

For example, a Google Chrome update released earlier t…

Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today.

The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.

Instead, they used known vulnerabilities to modify the Domain Name System (DNS) settings of the routers to include DNS servers controlled by the hackers.

English said the routers attacked by Forest Blizzard were reconfigured to use DNS servers that pointed to a handful of virtual private servers controlled by …

An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face.

Shchukin’s name appeared in a Feb. 2023 filing (PDF) from the U.S. Justice Department seeking the seizure of various cryptocurrency accounts associated with proceeds from the REvil ransomware gang’s activities.

The Gandcrab ransomware affiliate program first surfaced in January 2018, and paid enterprising hackers huge shares of the profits just for hacking into user accounts at major corporations.

The Gandcrab team would then try to expand that access, often siphoning vast amounts of sensitive and internal documents in the process.

REvil never recovered f…

Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP.

TeamPCP then attempted to move laterally through victim networks, siphoning authentication credentials and extorting victims over Telegram.

Eriksen said it appears TeamPCP used access gained in the first attack on Aqua Security to perpetrate this weekend’s mischief.

“It’s a little all over the place, and there’s a chance this whole Iran thing is just their way of getting attention,” Eriksen said.

“While security firms appear to be doing a good job spotting this, we’re also gonna need GitHub’s security team to step up,” Cimpanu wrote.

The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.

The government alleges the unnamed people in control of the four botnets used their crime machines to launch hundreds of thousands of DDoS attacks, often demanding extortion payments from victims.

The oldest of the botnets — Aisuru — issued more than 200,000 attacks commands, while JackSkid hurled at least 90,000 attacks.

Aisuru emerged in late 2024, and by mid-2025 it was launching record-breaking DDoS attacks as it rapidly infected new IoT devices.

That disclosure help…

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan.

Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.

In a lengthy statement posted to Telegram, an Iranian hacktivist group known as Handala (a.k.a.

Palo Alto says Handala surfaced in late 2023 and is assessed as one of several online personas maintained by Void Manticore, a MOIS-affiliated actor.

The security firm said Handala also has taken credit for recent attacks against fuel systems in Jordan and an Israeli energy exploratio…

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software.

It would hardly be a proper Patch Tuesday without at least one critical Microsoft Office exploit, and this month doesn’t disappoint.

Ben McCarthy, lead cyber security engineer at Immersive, called attention to CVE-2026-21536, a critical remote code execution bug in a component called the Microsoft Devices Pricing Program.

Microsoft has already resolved the issue on their end, and fixing it requires no action on the part of Windows users.

For a complete breakdown of all the patches Microsoft released today, check out the SANS Internet Storm Center’s Patch Tues…

The new hotness in AI-based assistants — OpenClaw (formerly known as ClawdBot and Moltbot) — has seen rapid adoption since its release in November 2025.

“The testimonials are remarkable,” the AI security firm Snyk observed.

WHEN AI INSTALLS AIOne of the core tenets of securing AI agents involves carefully isolating them so that the operator can fully control who and what gets to talk to their AI assistant.

Probably the best known (and most bizarre) example is Moltbook, where a developer told an AI agent running on OpenClaw to build him a Reddit-like platform for AI agents.

Claude Code Security is a legitimate signal that AI is reshaping parts of the security landscape.

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet.

Dort was an extremely active player in the Microsoft game Minecraft who gained notoriety for their “Dortware” software that helped players cheat.

Dort also used the nickname DortDev, an identity that was active in March 2022 on the chat server for the prolific cybercrime group known as LAPSUS$.

Dort peddled a service for registering temporary email addresses, as well as “Dortsolver,” code that could bypass various CAPTCHA services designed to prevent automated account abuse.

The breach tracking service Constella I…

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms.

Enter Starkiller, a new phishing service that dynamically loads a live copy of the target login page and records everything the user types, proxying the data to the legitimate site and back to the victim.

According to an analysis of Starkiller by the security firm Abnormal AI, the service lets customers select a brand to impersonate (e.g., Apple, Facebook, Google, Microsoft et.

“Starkiller represents a significant escalation in phishing infrastructure, reflecting a broader trend toward commoditized, enterp…

I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet’s control servers.

I2P is a decentralized, privacy-focused network that allows people to communicate and share information anonymously.

However, Lance James, founder of the New York City based cybersecurity consultancy Unit 221B and the original founder of I2P, told KrebsOnSecurity the entire I2P network now consists of between 15,000 and 20,000 devices on any given day.

Brundage said the Kimwolf operator(s) have been trying to build a command and control network that can’t easily be taken down by security companies and network …

The zero-day flaw CVE-2026-21513 is a security bypass bug targeting MSHTML, the proprietary engine of the default Web browser in Windows.

CVE-2026-21514 is a related security feature bypass in Microsoft Word.

The zero-day CVE-2026-21533 allows local attackers to elevate their user privileges to “SYSTEM” level access in Windows Remote Desktop Services.

Chris Goettl at Ivanti reminds us Microsoft has issued several out-of-band security updates since January’s Patch Tuesday.

On January 26, Microsoft patched a zero-day security feature bypass vulnerability (CVE-2026-21509) in Microsoft Office.

A prolific data ransom gang that calls itself Scattered Lapsus Shiny Hunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion.

Some victims reportedly are paying — perhaps as much to contain the stolen data as to stop the escalating personal attacks.

That’s according to Allison Nixon, director of research at the New York City based security consultancy Unit 221.

Nixon said Com-based extortion groups tend to instigate feuds and drama between group members, leading to lying, betrayals, credibility destroyin…

The FBI said Badbox 2.0 was discovered after the original Badbox campaign was disrupted in 2024.

KrebsOnSecurity was initially skeptical of the claim that the Kimwolf botmasters had hacked the Badbox 2.0 botnet.

]net, a domain that was flagged in a March 2025 report by HUMAN Security as one of several dozen sites tied to the distribution and management of the Badbox 2.0 botnet.

However, the source of that Badbox 2.0 screenshot said the Kimwolf botmasters had an ace up their sleeve the whole time: Secret access to the Badbox 2.0 botnet control panel.

The source said it isn’t clear how Dort gained access to the Badbox botnet panel.

Garrett Dutton, better known as G. Love - the front man of blues-hip-hop outfit G. Love & Special Sauce - has learnt that lesson the hard way.

In what must have been a painful admission earlier this month, G. Love described how while setting up a new computer, he downloaded what he believed was the legitimate Ledger Live app from Apple's official App Store.

The bogus app tricked the singer into entering his seed phrase - the master key to his cryptocurrency holdings.

The real Ledger Live app will never ask you for your seed phrase.

In the past Apple has presented its App Store as a more secure and safer place to find and download apps than other operating systems.

Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. Read more in my article on the Fortra blog.

Right, right.

And by legacy, I mean software that's already out in production that's been out one or more years.

Oh, whether we've got the right security controls in place, whether our vendors are secure, how to escape the nightmare of outdated tools and endless manual processes.

Right, right.

Right, right.

Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers - all reporting back to the same central point.

Between them, before being identified, the extensions had racked up approximately 20,000 installs from the Chrome Web Store.

And to further disguise the reality of what was going on, each malicious Google Chrome extension adopted differing disguises - including posing as a Telegram sidebar client, slot machine games, tools to enhance YouTube and TikTok, or translation tools.

More recently, in 2023, a rogue "ChatGPT for Google" extension…

The fraud landscape has been changed by AI and cryptocurrency in a way that should concern organisations and individuals alike. Read more in my article on the Fortra blog.

All this and more in episode 462 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, joined this week by special guest Dave Bittner.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

But with Amnesty International simultaneously revealing that state-licensed casinos are directly linked to torture and trafficking, serious questions linger about whether enforcement will match the rhetoric.

Cambodia's Law on Combating Online Scams was signed on April 6 in a royal decree, and takes effect immediately.

The scam compound bosses whose activities lead to death face between 15-30 years - or life imprisonment.

According to figures from the United Nations and USAID, between 100,000-150,000 people are exploited in scam compounds across Cambodia.

The hard part is going to be dismantling the criminal networks, protecting the victims, and rooting out corruption and complicity which ha…

And in a surprising twist, it turns out that he was caught out after accidentally trying to swindle a fellow fraudster.

He and his fellow conspirators exploited the fake online relationships to convince their victims into handing over money and personal information.

Owolabi's crimes went beyond romance fraud.

Romance scams remain among the most financially devastating forms of cybercrime, exploiting human emotion rather than technical vulnerabilities.

The victims of romance scam are not tricked by malware.

All this and more in episode 461 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, joined this week by special guest Danny Palmer.

Smashing Security listeners get $1000 off!

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

A man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware.

The RedLine malware, which has been deployed against systems in more than 150 countries, has been marketed and sold to cybercriminals via subscription on the dark web.

Last year, the US Department of State offered a reward of up to US $10 million for information about the hackers believed to be behind RedLine malware attacks.

As part of the "Operation Magnus" seizure of RedLine infrastructure in late 2024, investigators recovered a database containing the details of thousands of RedLine clients.

The…

The FBI has confirmed that Iran-linked hackers have broken into the personal email inbox of FBI Director Kash Patel, and published photos of him as well as other stolen documents.

To add to Kash Patel's embarrassment, this isn’t even the first time he has been targeted by Iranian hackers.

His personal messages were previously hacked in December 2024, before he was appointed FBI director.

The FBI has announced that a US $10 million reward is on offer for information related to the Handala hackers.

A personal Gmail account linked to the FBI director can never be considered a low-profile target.

World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog.

All this and more in episode 460 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Jenny Radcliffe.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

A 54-year-old man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times.

Instead they divide a pot of money between all of the artists whose songs have been streamed that month.

He created thousands of accounts on music-streaming platforms and used as many as 10,000 bots to cause those accounts to continuously stream the songs.

And because he needed thousands of songs, he used AI to generate them.

The case acts as a warning shot to music streaming platforms that AI tools have made it trivially easy to generate passable-sounding music at scale …

Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions.

"The walk signal is on, f*** Trump.

Passwords on the affected crosswalks have since been changed, and police say that they are investigating the matter.

After all, the audio of a crosswalk is something that people who are blind or are visually impaired depend upon for their safety.

Default passwords have plagued all manner of technology, including crosswalks and other roadside infrastructure in the past.

DarkSword и Coruna — два новых инструмента для бесконтактных и незаметных атак на iOS-устройства, которые уже активно используются злоумышленниками «в дикой природе».

Однако DarkSword и Coruna, обнаруженные исследователями кибербезопасности в этом году, меняют правила игры: эти зловреды уже используются для массового заражения рядовых пользователей.

Получается зловред двойного назначения, который может использоваться как для шпионажа, так и для кражи криптовалюты.

Последняя версия Coruna, как и DarkSword, имеет модификации для кражи криптовалюты, а также ворует фотографии и в некоторых случаях электронную почту.

Кто создал Coruna и DarkSword и как они попали в «дикую природу»Исследование ко…

Помимо экранных дикторов, для помощи незрячим и слабовидящим существуют и специальные приложения и сервисы для мобильных устройств, среди которых один из самых популярных — Be My Eyes.

Кроме того, в Be My Eyes встроен ИИ, который может распознавать и озвучивать текст и называть объекты вокруг.

Приложение для Windows, Android и iOS позволяет незрячим и слабовидящим обращаться за помощью к волонтерам по видеосвязи с любыми бытовыми вопросами.

Мы также рекомендуем установить на все ваши устройства — и смартфоны, и компьютеры — надежное защитное решение, которое заблокирует попытки фишинга и перехода на вредоносные или подозрительные сайты.

При этом фото и видео шифруются как при передаче, так …

Так случилось с исследованиями GDDRHammer и GeForge: в них описаны две очень похожие атаки класса Rowhammer.

Заодно была продемонстрирована возможность атаки на оперативную память более новых стандартов — DDR4 и DDR5.

За счет этого обеспечивается возможность произвольного чтения и записи данных в видеопамять и даже чтение и запись в основную оперативную память, управляемую центральным процессором.

Насколько атаки на графическую память реалистичны?

Так что, несмотря на остающиеся ограничения, эти три исследования показывают, что атаки Rowhammer остаются опасными.

В результате компьютер жертвы отправляет исходящий трафик не в сеть, а атакующему.

Атаки на RAIDUS.

Затем атакующий сможет создать фальшивый RAIDUS-сервер и точку доступа и перехватывать данные подключившихся устройств.

Как защитить корпоративную сеть от AirSnitchУгроза наиболее реальна для организаций, использующих гостевые и корпоративные сети Wi-Fi на одних и тех же точках доступа без дополнительной сегментации VLAN.

В любом случае нужно перестать воспринимать «изоляцию клиентов» на точке доступа как меру безопасности и считать ее скорее элементом удобства.

Основные риски при использовании приложений для секс-игрушекПриложения для секс-игрушек обычно бесплатны.

Однако, в отличие от какого-нибудь интернет-магазина кормов для животных, утечка данных из приложения для секс-игрушек может иметь гораздо более серьезные последствия для пользователей.

Наличие широких возможностей социального взаимодействия фактически делает приложения для секс-игрушек еще одним мессенджером.

Анонимный адрес почты защитит вашу репутацию в том случае, если в приложении для секс-игрушек произойдет утечка.

Регулярно обновляйте приложения и операционную системуОбновления — это не только новые функции, но и исправления ошибок, которые могут влиять на безопасность.

А между тем любое ПО, и защитное в том числе, увеличивает поверхность атаки, а следовательно, и само нуждается в защите.

Чем опасен доступ к консоли безопасностиИнструменты безопасности устойчивы ровно настолько, насколько защищена система, которая ими управляет.

Это как раз про снижение неоднозначности в вопросах безопасности используемых инструментов защиты и сокращение поверхности атаки на уровне управления.

Но, как уже было сказано выше, проблема большинства консолей и систем управления не в отсутствии механизмов защиты, а в отсутствии системного контроля их применения.

Мы планируем развивать эту логику дальше — снижая поверхность атаки не только на уровне конечных устройств, но и на ур…

Медицинские данные на черном или сером рынках стоят в десятки раз больше, чем данные банковской карты или профиля в мессенджерах или соцсетях.

Федеральная торговая комиссия США оштрафовала компанию на $7,1 млн и наложила беспрецедентный запрет на использование медицинских данных в рекламных целях.

Кстати, тот же стартап отличился рассылкой своим клиентам промооткрыток без конвертов — с именами пациентов и формулировками, позволяющими определить их диагноз.

Именно поэтому мы рекомендуем пользоваться нашим комплексным защитным решением — оно умеет распознавать спам и фишинг и предупреждает о поддельных сайтах.

Он имеет обширные базы данных и блокирует мошеннические и спам-звонки.

Как мы уже писали в одном из предыдущих постов, современная разработка практически немыслима без использования компонентов open source.

Для фильтрации реестра при его наполнении должны использоваться специализированные решения для сканирования open source или комплексное решение для безопасности облачных нагрузок.

Управление уязвимостями open source на базе оценки рисковВсе перечисленные меры снижают количество уязвимого ПО и компонентов, которые попадают в организацию, упрощают обнаружение и устранение уязвимостей.

Модель оценки рисков потребуется расширить с учетом специфики open source, на основании ответов на следующие вопросы:Выполняется ли уязвимая ветка кода в разработках конкретной …

В прошлом только специализированные компании по разработке ПО и очень крупные бизнесы должны были заботиться об уязвимостях в цепочке поставок и открытом исходном коде (open source).

Но в результате организация сталкивается с новыми видами уязвимостей в ПО, найти и устранить которые гораздо сложнее, чем просто скачать обновление Windows.

Дефицит данных об уязвимостях open sourceДаже если в организации хорошо налажено управление уязвимостями в готовом ПО, для open source процесс придется значительно перерабатывать и дополнять.

То есть по одной базе уязвимость считается критической, а по другой — у нее средний уровень опасности.

Вредоносное ПО в реестрах open sourceАтаки через зараженные или …

Добавьте к этому функцию клавиатурного шпиона и полный контроль устройства с удаленным доступом к экрану, камере и микрофону — естественно, с возможностью записать видео и звук.

Тогда этот Windows-троян назывался WebCrystal RAT и, судя по техническим деталям, был клоном другого трояна удаленного доступа — WebRat.

Через некоторое время автор WebCrystal провел «ребрендинг», дав ему новое имя — CrystalX RAT, и начал активно продвигать троян в свежесозданном Telegram-канале.

Как CrystalX обходит защитуКаким бы технически совершенным ни был код такого хакерского приложения, без постоянного притока новых клиентов проект просто умрет.

Как не стать жертвой троянаВот ряд простых советов, которые пом…

Да потому, что шифровальщики научились целенаправленно охотиться на резервные копии данных обычных пользователей.

Но постепенно рынок «малых целей» стал для злоумышленников не менее привлекательным — и вот в чем причины.

Следовать этому правилу просто: заведите внешний диск — вы будете подключать его раз в неделю, делать на него копию данных и отключать.

Если они хранятся в менеджере паролей — убедитесь, что данные синхронизируются в облаке или есть функция экспорта.

Если они хранятся в менеджере паролей — убедитесь, что данные синхронизируются в облаке или есть функция экспорта.

Многие визионеры ИИ в качестве ключевого направления развития технологии представляют универсального умного ассистента, который возьмет на себя всевозможные рутинные задачи.

Чем опасны ИИ-агентыПродолжим держать интригу еще немного и для начала обсудим, на что же способен бесконтрольный ИИ-агент.

Как мы уже не раз отмечали, всех рисков, связанных с ИИ, не знает никто.

Название проекта отсылает вовсе не к политической метафоре, а… к театральному термину.

Как безопасно работать с ИИ-ассистентамиПока архитектуры, подобные IronCurtain, остаются экспериментальными, ответственность за безопасное использование ИИ в первую очередь ложится на самих пользователей.

Атаки на цепочку поставок уже не первый год остаются одним из самых опасных типов инцидентов информационной безопасности.

В этом материале рассмотрим не всегда самые масштабные с точки зрения ущерба, но, точно, самые необычные и привлекшие внимание атаки на цепочку поставок, которые произошли в 2025 году.

Март 2025: попытка атаки на Coinbase через каскадную компрометацию GitHub ActionsВесна 2025 года началась с достаточно замысловатой атаки, использовавшей в качестве основного механизма компрометацию нескольких рабочих процессов GitHub Actions — инструмента автоматизации типовых задач DevOps.

Одним из первых подтвержденных случаев атаки с использованием секретов, слитых Shai-Hulud, стала кр…

Миллионы автоматизированных конвейеров разработки полагаются на встроенные в процесс сборки инструменты безопасности, такие как Trivy и Checkmarx AST.

Нападающим, группировке TeamPCP, удалось внедрить вредоносное ПО в официальные рабочие процессы GitHub Actions и образы Docker, относящиеся к Trivy.

Нападающие заявляют, что они украли сотни гигабайт данных и более 500 000 учетных записей.

Пользователям рекомендовано немедленно искать индикатор компрометации litellm_init.pth и в плановом порядке ротировать все потенциально скомпрометированные секреты.

Администраторы конвейеров CI/CD и команды ИБ должны немедленно проверить свои ссылки на решения Checkmarx (kics-github-action, ast-github-actio…

Cisco Secure Firewall uses encryption for many things: VPN tunnels, remote management, hardware-level trust, and inline decryption.

They also define stronger baselines of security for existing algorithms, which are already incorporated into Cisco Secure Firewall.

Support arrives in Secure Firewall Threat Defense (FTD) 10.5 and ASA 9.25, targeted for General Availability in late 2026.

PQC support for TLS client features is planned for ASA/FTD 11.0, while management web server PQC support depends on underlying web server library readiness.

Cisco Secure Firewall is building post-quantum cryptography into every layer of the platform, so that when your organization is ready to make the transitio…

At this year’s Mobile World Congress in Barcelona, service providers showed up from around the world to join over 115,000 attendees from 210 countries.

We leveraged the lessons learned from previous SOC deployments, adding the new Secure Firewall 6160, which is designed specifically for AI-ready data centers.

Clockwise from the upper left quadrant: Firepower in Security Cloud Control, Splunk Cloud dashboard for MWC, Splunk Enterprise Security Mission Control and Cisco XDR.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagram

Mobile World Congress (MWC) Barcelona is one of the most demanding environments for network and security operations.

For the 2nd year, the Cisco team leveraged Splunk, in addition to its other security products, to deliver a unified Security Operations Center (SOC) and Network Operations Center (NOC) experience.

Clockwise from the upper left quadrant: Firepower in Security Cloud Control, Splunk Cloud dashboard for MWC, Splunk Enterprise Security Mission Control and Cisco XDR.

Bridging SOC and NOC: From Visibility to ContextTraditionally, SOC and NOC teams operate in parallel, often using separate tools and datasets.

Edge engineering still matters in cloud-first architecturesComponents like …

Please note that the network of the venue remains protected at the DNS level by Cisco Secure Access outside the event.

Access to these AI models can be managed with Secure Access to secure AI apart from just leveraging AI for security.

During the event, Secure Access blocked access to one of those phishing domains.

Secure Access Investigate, as appearing above, provides real-time actionable threat intelligence by analysing global data from the Secure Access network using AI to detect, score, and predict emerging threats.

ConcludingThe AI-powered Security and Network Operations Center (S/NOC) at Mobile World Congress 2026 demonstrated Cisco’s commitment to leveraging cutting-edge technologie…

Among the new security features, the one I was most eager to explore was Shadow Traffic detection.

Observing Shadow Traffic at scale on the live congress wireless network provided useful insight.

The Shadow Traffic dashboard put Tailscale VPN, ExpressVPN, and NordVPN at the top of the list.

Shadow Traffic detection conveniently labels the suspicious connections, making filtering in the Unified Events Viewer straightforward and precise.

With Shadow Traffic detection, you expand visibility into inspection gaps that most organizations don’t even realize they have.

Data optimization in security is often discussed as a cost control mechanism.

In a Splunk security stack, data optimization is not about reducing volume.

Advanced Optimization Blind Spots in Splunk Security EnvironmentsData Model Acceleration Blindness: Aggressive filtering often breaks Common Information Model (CIM) compliance or data model population.

Security data optimization must include: Search workload modeling; concurrent triage simulation; adversary emulation exercises.

Final Thought and Call to ActionIn Splunk security architectures, data optimization is not a storage tuning exercise, finance initiative, or infrastructure refresh it is a security engineering discipline.

Every year, the Cisco Talos Year in Review captures the patterns shaping the threat landscape.

To unpack the biggest takeaways and what they mean for security teams, we brought together Christopher Marshall, VP of Cisco Talos, and Peter Bailey, SVP and GM of Cisco Security.

For the full discussion, head over to the Cisco Talos blog where you can also download the Year in Review report.

Old vulnerabilities, new speedMarshall: One of the clearest trends in this year’s data is the contrast in how vulnerabilities are being exploited.

Read full post on the Cisco Talos blogWe’d love to hear what you think!

Welcome to the Agentic AI EraEnterprise interest in agentic AI is accelerating.

AI agents operate at machine speeds to execute complex tasks, yet they completely lack essential human judgment and contextual awareness.

Current challenges in the agentic AI ecosystemWhen our teams were analyzing the problem around governing this new digital AI workforce, we saw three areas across our customer and prospect conversations on why zero trust access built for humans must adapt to agentic workflows:Early and fragmented ecosystem.

Zero trust for agentic AI in practiceLet’s look at a typical scenario — a financial automation agent kicking off vendor payments.

We are thrilled to partner with AI-driven o…

Our research shows that nearly 60% of security leaders view security concerns as the primary barrier to broader agentic AI adoption.

At the exact same time, 29% rank securing agentic AI among their top three priorities for the coming year.

Much like a public-facing web service, an external AI agent can be attacked, exploited, or “poisoned” by malicious inputs.

The “Who Owns This?” ProblemAs agentic AI expands into operational systems, who is actually responsible for securing it?

Explore our Agentic AI Security Solution to learn more, or view the full survey results infographic.

Part 2 is about the uncomfortable reality that our identity systems are unprepared for what’s already here.

The Attacks from Part 1 Were Identity FailuresEvery major attack examined in Part 1 was, at its core, an identity problem.

Every one expands the potential damage of a security breach, and our identity systems were not built for this.

What Workload Identity Gets Right — And Where It Falls ShortThe security industry’s answer to machine identity is SPIFFE, and SPIRE, a standard that gives every workload a cryptographic identity card.

Today’s workload identity systems typically assign the same identity to every copy of an application when instances are functionally identical.

Meet Cisco Talos Incident Response, or Talos IR – our frontline response team.

Talos IR works holidays, weekends, and through the night because someone on the other end of that call is counting on us.

The threats responders see in the field today become the protections in Cisco products tomorrow.

Different perspectives, same missionAsk a Talos IR team member why they do this work and you will get different answers.

Unlike many security roles, incident responders build deep connections with the people they help.

But identity-based access control?

It brings Cisco’s proven identity and segmentation principles into a form factor purpose-built for Meraki-managed networks—delivering identity-based access control without enterprise-level operational burden.

It delivers identity-based access control as a cloud-native SaaS solution built directly into the Meraki Dashboard.

Experience It for YourselfCisco Access Manager is licensed as a subscription, aligned with Cisco’s SaaS model.

For a limited time Cisco Access Manager is available through a See, Try, Buy offer designed to eliminate adoption risk.

You can test drive these capabilities today with Secure Firewall Test Drive, an instructor-led course that will guide you through the Secure Firewall and its powerful roles in cybersecurity for your organization.

With the release of Cisco Secure Firewall version 10.0, expanded protections covering SQL injection attacks, Command Injection attacks, Cross-Site Scripting exploits are now available.

Cisco Secure Firewall version 10.0 ties DNS filtering to SGTs, enabling seamless and accurate policy application as the user moves across networks.

Cisco Secure Firewall version 10.0 brings new capabilities for clustered firewall configurations, allowing identification of portscan attempts even if th…

In support of this model, Orange Business has certified Cisco Catalyst SD-WAN Next-Generation Firewall (NGFW) capabilities as part of its Orange Flexible SD-WAN managed service.

Rather than treating networking and security as separate solutions, Catalyst SD-WAN enables partners like Orange Business to deliver an integrated service model built on consistent policy enforcement, visibility, and security across distributed environments.

Built-in security capabilities powered by Catalyst SD-WANCatalyst SD-WAN embeds security directly into the WAN fabric, enabling partners like Orange Business to deliver robust, enterprise-grade managed security without added complexity.

Learn more about how you …

In this article, Ilya Grebnov, Deputy CISO for Microsoft Dynamics 365 and Power Platform at Microsoft dives into cyberattacks of opportunity and how to prevent them.

I’m the Deputy CISO for Microsoft Dynamics 365 and Microsoft Power Platform.

Power Platform is a low-code suite of tools that empowers both technical and non-technical users to analyze data, build custom applications, automate workflows, and create intelligent virtual agents.

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Threat actors are initiating cross-tenant Microsoft Teams communications while impersonating IT or helpdesk personnel to socially engineer users into granting remote desktop access.

Threat actors are increasingly abusing external Microsoft Teams collaboration to impersonate IT or helpdesk personnel and convince users to grant remote assistance access.

Stage 4: Payload placement and trusted application invocationOnce remote access is established, the intrusion transitions from user‑assisted interaction to preparing the environment for persistent execution.

Microsoft Defender might detect this activity as possible data exfiltration involving uncommon synchronization tooling.

Disrupting threat…

Previously, we discussed how predictive shielding was able to disrupt a human-operated ransomware incident.

Predictive shielding breaks the chain: Exposure-centric containmentIn the second phase of the attack, we activated predictive shielding.

How predictive shielding changed the outcomeBefore compromising a domain, attackers are mostly constrained by the hosts they control.

Discovery T1087.002 Account Discovery: Domain Account Enumerated domain groups and accounts using net group and AD Explorer.

Credential Access T1078 Valid Accounts Reused compromised service and domain accounts for access and lateral movement.

The first and most critical step toward a quantum-safe future—and sound cryptographic hygiene in general—is building a comprehensive cryptographic inventory.

In this post, we will define what a cryptographic inventory is, outline a practical customer-led operating model for managing cryptographic posture, and show how customers can start quickly using Microsoft Security capabilities and our partners.

What is a cryptographic inventory?

A cryptographic inventory is a living catalog of all the cryptographic assets and mechanisms in use across your organization.

Getting started: a customer checklistReady to begin building your cryptographic inventory?

Sapphire Sleet achieves a highly reliable infection chain that lowers operational friction and increases the likelihood of successful compromise—posing an elevated risk to organizations and individuals involved in cryptocurrency, digital assets, finance, and similar high‑value targets that Sapphire Sleet is known to target.

Sapphire Sleet Mitigating the Axios npm supply chain compromise ›Recent campaigns demonstrate expanded execution mechanisms across operating systems like macOS, enabling Sapphire Sleet to target a broader set of users through parallel social engineering workflows.

Sapphire Sleet circumvents this by directing Finder, which holds FDA by default on macOS, to rename the com.…

Fortunately, most of the fundamentals that make incident response (IR) effective still hold true.

Your response must address all of them, which is why incident response for AI is inherently cross-functional.

In AI incidents, problematic behavior can emerge from the interaction of training data, fine-tuning choices, user context, and retrieval inputs.

The human dimensionThere is a dimension of AI incident response that traditional IR addresses unevenly and that AI makes urgent: the wellbeing of the people doing the work.

If your incident response plan does not account for the humans executing it, the plan is incomplete.

Read more about how some organizations moving toward the agentic SOC and access a foundational roadmap for this transformation in our new whitepaper, The agentic SOC: Your teammate for tomorrow, today.

A layered model for the agentic SOCThis model works because an agentic SOC is built on two distinct, but interdependent layers.

This disruption layer is not optional; it is the prerequisite that makes an agentic SOC safe, scalable, and sustainable.

How day-to-day SOC work will change in the futureIn an agentic SOC, the center of gravity will change for roles like an analyst.

Read more about how they’re making their move toward the agentic SOC and access a foundational roadmap for this transfo…

Read more about how some organizations moving toward the agentic SOC and access a foundational roadmap for this transformation in our new whitepaper, The agentic SOC: Your teammate for tomorrow, today.

A layered model for the agentic SOCThis model works because an agentic SOC is built on two distinct, but interdependent layers.

This disruption layer is not optional; it is the prerequisite that makes an agentic SOC safe, scalable, and sustainable.

How day-to-day SOC work will change in the futureIn an agentic SOC, the center of gravity will change for roles like an analyst.

Read more about how they’re making their move toward the agentic SOC and access a foundational roadmap for this transfo…

Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor that Microsoft tracks as Storm-2755 conducting payroll pirate attacks targeting Canadian users.

Microsoft Defender detection and hunting guidanceMicrosoft Defender customers can refer to the list of applicable detections below.

Microsoft Defender XDR threat analyticsMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

L…

Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor that Microsoft tracks as Storm-2755 conducting payroll pirate attacks targeting Canadian users.

Microsoft Defender detection and hunting guidanceMicrosoft Defender customers can refer to the list of applicable detections below.

Microsoft Defender XDR threat analyticsMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

L…

During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK.

Following our Coordinated Vulnerability Disclosure practices (via Microsoft Security Vulnerability Research), we notified EngageLab and the Android Security Team.

In this blog, we provide a technical analysis of a vulnerability that bypasses core Android security mechanisms.

EngageLab SDK intent redirectionDevelopers use the EngageLab SDK to manage messaging and push notifications in mobile apps.

Following Coordinated Vulnerability Disclosure (CVD) practices through Microsoft Security Vulnerability Research (MSVR), the issue was reported to Eng…

During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK.

Following our Coordinated Vulnerability Disclosure practices (via Microsoft Security Vulnerability Research), we notified EngageLab and the Android Security Team.

In this blog, we provide a technical analysis of a vulnerability that bypasses core Android security mechanisms.

EngageLab SDK intent redirectionDevelopers use the EngageLab SDK to manage messaging and push notifications in mobile apps.

Following Coordinated Vulnerability Disclosure (CVD) practices through Microsoft Security Vulnerability Research (MSVR), the issue was reported to Eng…

For nation-state actors like Forest Blizzard, DNS hijacking enables persistent, passive visibility and reconnaissance at scale.

DNS hijacking through router compromiseEdge router compromiseForest Blizzard gained access to SOHO devices then altered their default network configurations to use actor-controlled DNS resolvers.

Modifications to DNS settingsIn identified activity, Forest Blizzard’s compromise of an infected SOHO device resulted in the update of the default DNS setting on connected Windows machines.

Learn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To hear stories and insights from the Micr…

For nation-state actors like Forest Blizzard, DNS hijacking enables persistent, passive visibility and reconnaissance at scale.

DNS hijacking through router compromiseEdge router compromiseForest Blizzard gained access to SOHO devices then altered their default network configurations to use actor-controlled DNS resolvers.

Modifications to DNS settingsIn identified activity, Forest Blizzard’s compromise of an infected SOHO device resulted in the update of the default DNS setting on connected Windows machines.

Learn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To hear stories and insights from the Micr…

Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities.

Following our previous discussion on "Deploying Rust in Existing Firmware Codebases", this post shares a concrete application: integrating a memory-safe Rust DNS(Domain Name System) parser into the modem firmware.

Hook-up Rust to modem firmwareBefore building the Rust DNS library, we defined several Rust unit tests to cover basic arithmetic, dynamic allocations, and FFI to verify the integration of Rust with the existing modem firmware code base.

Pixel modem firmware already has a well-tested and specialized global memory allocation system to…

This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape.

Session theft typically occurs when a user inadvertently downloads malware onto their device.

Once active, the malware can silently extract existing session cookies from the browser or wait for the user to log in to new accounts, before exfiltrating these tokens to an attacker-controlled server.

How DBSC WorksDBSC protects against session theft by cryptographically binding authentication sessions to a specific device.

The issuance of new short-lived session cookies is contingent upon Chrome proving possession of the correspondi…

Staying ahead of the latest indirect prompt injection attacks is critical to our mission of securing Workspace with Gemini.

In our previous blog “Mitigating prompt injection attacks with a layered defense strategy”, we reviewed the layered architecture of our IPI defenses.

Synthetic data generationAfter we discover, curate, and catalog new attacks, we use Simula to generate synthetic data expanding these new attacks.

We partition the synthetic data described above into separate training and validation sets to ensure performance is evaluated against held-out examples.

This process leverages the newly generated synthetic attack data described on this blog, to create a robust, end-to-end evalu…

2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary 🎉🎉🎉!

Coming back to 2025 specifically, our VRP once again confirmed the ongoing value of engaging with the external security research community to make Google and its products safer.

Vulnerability Reward Program 2025 in NumbersWant to learn more about who’s reporting to the VRP?

Tip: Want to be informed of new developments and events around our Vulnerability Reward Program?

Follow the Google VRP channel on X to stay in the loop and be sure to check out the Security Engineering blog, which covers topics ranging from VRP updates to security practices and vulnerability des…

To stay ahead of the curve, the technology industry must undertake a proactive, multi-year migration to Post-Quantum Cryptography (PQC).

To bring these critical protections to the wider developer community with minimal friction, the transition will be supported through Play App Signing.

Play App Signing leverages Google Cloud KMS, which helps ensure industry-leading compliance standards, to secure signing keys.

Empower Developers : The inclusion of ML-DSA support within Android Keystore and Play App Signing allows developers to safeguard their users and application.

: The inclusion of ML-DSA support within Android Keystore and Play App Signing allows developers to safeguard their users and …

Today we're announcing a new program in Chrome to make HTTPS certificates secure against quantum computers.

Instead, Chrome, in collaboration with other partners, is developing an evolution of HTTPS certificates based on Merkle Tree Certificates (MTCs), currently in development in the PLANTS working group.

Since MTC technology shares significant architectural similarities with CT, these operators are uniquely qualified to ensure MTCs are able to get off the ground quickly and successfully.

The Chrome Quantum-resistant Root Program will operate alongside our existing Chrome Root Program to ensure a risk-managed transition that maintains the highest levels of security for all users.

First, we…

For Majik, Scam Detection was the intervention he needed: “The warning is what made me pause and avoid a bad situation”.

As scammers evolve their tactics and create more convincing and personalized threats, we’re using the best of Google AI to stay one step ahead.

Expanding Scam Detection for Calls to Samsung DevicesTo help protect you during phone calls, Scam Detection alerts you if a caller uses speech patterns commonly associated with fraud.

Scam Detection for phone calls on Google Pixel devices is available in the U.S., Australia, Canada, India, Ireland, and the UK.

Powered by Gemini’s on-device model, Scam Detection provides intelligent protection against scam calls while ensuring that…

Upgrading Google Play’s AI-powered, multi-layered user protectionsWe’ve seen a clear impact from these safety efforts on Google Play.

As Android’s built-in defense against malware and unwanted software, Google Play Protect now scans over 350 billion Android apps daily.

This proactive protection constantly checks both Play apps and those from other sources to ensure they are not potentially harmful.

Looking aheadOur top priority remains making Google Play and Android the most trusted app ecosystems for everyone.

Thank you for being part of the Google Play and Android community as we work together to build a safer app ecosystem.

That’s why we're committed to providing multi-layered defenses that help protect you before, during, and after a theft attempt.

Today, we're announcing a powerful set of theft protection feature updates that build on our existing protections, designed to give you greater peace of mind by making your device a much harder target for criminals.

These updates are now available for Android devices running Android 16+.

More User Control for Failed Authentications: In Android 15, we launched Failed Authentication Lock, a feature that automatically locks the device's screen after excessive failed authentication attempts.

This feature is now getting a new dedicated enable/disable toggle in settings,…

These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation.

What’s Domain Control Validation?

Domain Control Validation is a security-critical process designed to ensure certificates are only issued to the legitimate domain operator.

Sunsetted methods relying on email:Sunsetted methods relying on phone:Sunsetted method relying on a reverse lookup:For everyday users, these changes are invisible - and that’s the point.

These changes push the ecosystem toward standardized (e.g., ACME), modern, and auditable Domain Control Validation methods.

Partnership with ArmOur goal is to raise the bar on GPU security, ensuring the Mali GPU driver and firmware remain highly resilient against potential threats.

We partnered with Arm to conduct an analysis of the Mali driver, used on approximately 45% of Android devices.

This approach allowed us to roll out the new security policy broadly while minimizing the impact on developers.

This effort spans across Android and Android OEMs, and required close collaboration with Arm.

The Android security team is committed to collaborating with ecosystem partners to drive broader adoption of this approach to help harden the GPU.

We built on Gemini's existing protections and agent security principles and have implemented several new layers for Chrome.

To further bolster model alignment beyond spotlighting, we’re introducing the User Alignment Critic — a separate model built with Gemini that acts as a high-trust system component.

A flow chart that depicts the User Alignment Critic: a trusted component that vets each action before it reaches the browser.

The User Alignment Critic runs after the planning is complete to double-check each proposed action.

Looking forwardThe upcoming introduction of agentic capabilities in Chrome brings new demands for browser security, and we've approached this challenge with the same ri…

Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle.

Over the last few years, we’ve launched industry-leading features to detect scams and protect users across phone calls, text messages and messaging app chat notifications.

To help combat these types of financial scams, we launched a pilot earlier this year in the UK focused on in-call protections for financial apps.

The UK pilot of Android’s in-call scam protections has already helped thousands of users end calls that could have cost them a significant amount of money.

We’ve also started to pilot this protection with more app types, including peer-to-peer (P2P) payment apps.

Secure by DesignWe built Quick Share’s interoperability support for AirDrop with the same rigorous security standards that we apply to all Google products.

Secure Sharing Channel: The communication channel itself is hardened by our use of Rust to develop this feature.

On Android, security is built in at every layer.

On Android, security is built in at every layer.

Secure Sharing Using AirDrop's "Everyone" ModeTo ensure a seamless experience for both Android and iOS users, Quick Share currently works with AirDrop's "Everyone for 10 minutes" mode.

Our first rust memory safety vulnerability...almost: We'll analyze a near-miss memory safety bug in unsafe Rust: how it happened, how it was mitigated, and steps we're taking to prevent recurrence.

Our First Rust Memory Safety Vulnerability...AlmostWe recently avoided shipping our very first Rust-based memory safety vulnerability: a linear buffer overflow in CrabbyAVIF.

Unsafe Review and TrainingOperating system development requires unsafe code, typically C, C++, or unsafe Rust (for example, for FFI and interacting with hardware), so simply banning unsafe code is not workable.

Dmytro Hrybenko for leading the effort to develop training for unsafe Rust and for providing extensive feedback on …