Два трояна в NPM притворяются библиотеками для WhatsApp. Почему их до сих пор не удалили?

Уязвимость усугубляет децентрализованная модель импорта из GitHub.

Теперь системы на Linux смогут автоматически включать режим максимальной производительности.

Простая игра с палочками обернулась великим открытием.

Нам никуда не скрыться от невидимых сенсоров. Они повсюду.

Ведомство сообщило о первом уголовном деле.

Новый минерал может стать недостающим элементом марсианской истории.

Это, например, продажи «левых» сим-карт работниками салонов связи, которых, как отметил адвокат Павел Домкин, часто судили по статье 274.1.

Статья 273 УК РФ: создание и распространение вредоносных программКоличество приговоров по данной статье по сравнению с 2019 годом снизилось (рис.

С другой стороны, околонулевая статистика по статьям УК с точки зрения правоохранительных органов недопустима, и по ней начали привлекать за правонарушения, имеющие весьма отдаленное отношение к сфере КИИ.

Статистика по вынесенным приговорам по статье 274.1 за 2022 годРисунок 12.

Статистика по вынесенным приговорам по статье 274.1 за 2024 годОднако после 2022 года приговоры, связанные с реальным лишением свобо…

У стенда Jet & YandexGPT Lab я беседую с Антоном Чикиным — экспертом по ML:«Мы помогаем компаниям создавать ассистентов на основе стыковых моделей — но в защищённом корпоративном контуре.

Решение уже используется в проектах Jet, а также в качестве демонстрационного инструмента при интеграции LLM в B2B-среду.

Он сравнил ситуацию с автопромом: но в ИТ ошибка стоит дороже, и подход к выбору партнёров — куда скрупулёзнее.

На другой сессии обсуждали жизненный цикл ЦОДов, их будущее в мегаполисах и регионах, а также влияние ИИ на архитектуру.

Но ощущение — будто ты побывал в инженерной среде, где айтишники, проектировщики и интеграторы — не подсистемы, а центр отрасли.

О природе слуховНастало время рассказать о слухах, которые появились в местных социальных сетях вокруг инцидента с «Орион телеком».

Конфликт между «Орион телеком» и телекомпанией «8 канал»За две недели до инцидента краевой красноярский суд удовлетворил иск местной телевещательной организации «8 Канал» к структурам группы компаний «Орион».

История «Орион телеком» и роль его учредителяПо слухам, масштабное развитие компании «Орион телеком» было связано с началом предоставления услуг кабельного ТВ.

Причины роста инсайдерских атак (Cybersecurity Insiders, 2024)Мог ли инцидент в «Орион телеком» быть результатом инсайдерской кибератаки?

Подведем итогиНаша история про инцидент с оператором «Орион …

Председатель комитета Госдумы по информполитике, ИТ и связи Сергей Боярский прокомментировал цели законодательной поддержки мессенджера MAX в России.

Среди прочего, он подробно рассказал там о законодательной поддержке национального мессенджера MAX в России, раскрыл цели и причины его внедрения.

Действительно ли власти намерены «пересадить всех на MAX» и зачем?

В Госдуме делают ставку на честную конкурентную борьбу мессенджеров в РоссииДоступность сервиса MAX10 июня Госдума приняла закон, который обязывает производителей мобильных устройств (смартфонов, планшетов) устанавливать мессенджер MAX на все устройства, продаваемые в России.

Госдума поддержала мессенджер MAXНо зачем нужен MAX, если …

ВведениеДва года назад в рамках технического обзора нами был подробно рассмотрен программно-аппаратный комплекс (ПАК) «Континент 4» версии 4.1.7 — многофункциональный межсетевой экран (NGFW / UTM) с поддержкой алгоритмов ГОСТ.

Это можно реализовать как с помощью периметрового решения, так и с применением отдельных устройств, например, криптографических шлюзов.

Применение «Континента»Ранее в инфраструктурах заказчиков использовались два отдельных продукта с разными системами управления и платформами (NGFW и криптошлюз), что создавало потенциальные точки отказа как с технической, так и с административной стороны.

Миграция с «Континента 3» на «Континент 4»Для заказчиков, использующих «Континен…

В конечном итоге, проблема неправильной приоритезации рисков в ИБ АСУ ТП требует принципиально иного подхода по сравнению с традиционной ИТ-безопасностью.

Интеграция ИБ АСУ ТП в корпоративную и производственную стратегиюУспешная безопасность АСУ ТП — не изолированная техническая задача, а стратегический элемент устойчивости бизнеса и цифровой трансформации производства.

Чтобы избежать ошибок, выстраивайте ИБ АСУ ТП как неотъемлемую часть развития компании.

Задачи: разработка стратегической дорожной карты ИБ АСУ ТП, привязанной к планам развития производства; управление рисками ИБ АСУ ТП как частью управления корпоративными рисками (Enterprise Risk Management); оценка бизнес-воздействия пред…

Межсетевой экран следующего поколения UserGate DCFW изначально разрабатывался как решение для защиты инфраструктуры дата-центров, что отражено в названии продукта.

В декабре мы публиковали обзор одной из первых версий UserGate DCFW, также анализировали, сможет ли UserGate DCFW завоевать рынок NGFW благодаря FPGA-ускорителям.

Архитектура UserGate DCFW 8.0Архитектура UserGate DCFW 8.0 сочетает аппаратные платформы с собственными программными разработками:Аппаратная составляющая.

Экосистема продуктов вокруг UserGate DCFWUserGate DCFW может интегрироваться как с решениями UserGate, так и с продуктами других вендоров.

Тестирование решений в собственной лаборатории вендора для оценки эффективност…

Топологическая карта активов в HScan 2.3Обновленный движок обнаружения веб-уязвимостейПо сравнению с HScan 2.0.8, был переработан движок, отвечающий за обнаружение веб-уязвимостей.

Сценарии использования HScan 2.3Рассмотрим взаимодействие пользователя с HScan 2.3 с учетом описанных выше функциональных возможностей системы.

Создание подгруппы в HScan 2.3Хосты, содержащиеся в системе могут быть представлены в виде таблицы, или в виде топологии.

Сценарии сканирования в HScan 2.3Создадим задачу сканирования веб-ресурса в рамках подготовки обзора.

Создание роли в HScan 2.3Здесь же доступно управление лицензиями HScan 2.3 и информация о последних изменениях в системе.

Атаки через цепочки поставок программного кода — не выдумки и не гипотезы, прецеденты уже были.

О трендах и лучших практиках говорили на днях на конференции «День безопасной разработки ПО».

Ирина Гефнер на конференции «День безопасной разработки ПО» довольно высоко оценила то, как идет процесс разработки стандартов в области безопасной разработки.

Они, как подчеркнул Виталий Насонов, могут оказаться решающими при общении как с бизнесом, так и с разработчиками.

Как отметил представитель Yandex Cloud в выступлении на «Дне безопасной разработки», в «Яндексе» выделили критически важные контроли, а остальные деактивировали в настройках сканеров.

Подготовленный к подписанию законопроект поправок в КоАП предусматривает наложение штрафов за поиск в интернете или скачивание материалов экстремистского содержания.

В этой статье мы расскажем о комментариях, сделанных Сергеем Боярским как официального лица Госдумы по законопроекту о наказаниях за поиск экстремистских материалов.

Депутат особо отметил, что запрет не касается иностранных агентов и распространяемых ими материалов, не касается даже социальной сети, которая признана экстремистской.

Штрафовать будут не за любое их использование, а за целенаправленные попытки получить с их помощью доступ к экстремистским материалам, так сказать, вопреки всему.

Взаимоотношения в кругу семьи или бл…

Репозитории кода обычно контролируют то, что там размещается, поэтому люди привыкли доверять коду, который оттуда загружают.

К тому времени их представили «Сбер», холдинг Т1, «Ростелеком», а в 2025 году свои репозитории, пусть и в дорелизной версии, представили VK и «Яндекс».

От Log4j до вредоносных npm-пакетов: самые громкие кейсыКоличество инцидентов, связанных с проникновением злоумышленников в репозитории кода довольно велико.

В ноябре 2017 года злоумышленники подменили установочный файл в репозитории Bitcoin Gold вредоносным.

Злоумышленники все чаще используют репозитории кода или менеджеры пакетов (Npm, PyPI, RubyGems) в атаках на цепочки поставок.

Но еще более 20 лет назад в Microsoft осознали, что основной угрозой для кибербезопасности являются ошибки, допускаемые самими людьми.

Функции безопасности, такие как защита системных файлов, добавлялись и в Windows Millennium Edition, которая вышла в третьем квартале 2000 года.

10 заповедей безопасности от Microsoft образца 2004 годаКак мы отметили выше, в оригинале использовалось слово «laws», т. е.

10 заповедей по кибербезопасности от Microsoft, вторая редакцияЗакон № 6: компьютер защищён в той мере, в какой можно доверять его администратору.

Поэтому внедряя новые прикладные и системные решения, следует всегда убедиться, что они не только безопасны, но и удобны в использовании.

IBM Cloud Kubernetes Service построен на базе Kubernetes и предназначен для разработки, модернизации и масштабного развёртывания приложений.

Kubernetes поддерживает интеграцию с различными инструментами и фреймворками, упрощая разработку и эксплуатацию приложений в разнообразных инфраструктурах и под любые нагрузки.

Поддерживается управление сетевыми доступами и прикладными сервисами как внутри кластера, так и на внешнем периметре.

Nova Container PlatformПлатформа для размещения и оркестровки контейнеризированных приложений Nova Container Platform предназначена для доставки, развёртывания и масштабирования приложений в контейнерах.

Поддерживается развёртывание кластеров Kubernetes и встроен…

Специфика продуктов для видео-конференц-связиПрограммные решения для ВКС представляют собой особенный класс ИТ-продуктов, обладающий рядом отличительных характеристик.

Аналитики BusinesStat отмечают впечатляющую динамику: за последние четыре года объём российского рынка программного обеспечения для ВКС увеличился на 88%, достигнув 24,9 млрд рублей в 2024 году.

Включение российского ПО для видеоконференций в единый реестр отечественного программного обеспечения создаёт дополнительные стимулы для перехода организаций на местные решения, особенно в сфере госзакупок.

С 2025 года «МТС Линк» не только предлагает заказчикам цифровые продукты, но и оснащает офисы заказчиков оборудованием и программ…

Как работает AI Labyrinth?

Таким образом, AI Labyrinth прогнозирует будущие векторы атак, используя самих злоумышленников как источник данных.

Это предотвращает использование AI Labyrinth в качестве вектора для обратных атак на сам сайт или на посетителей, случайно попавших в лабиринт.

Ссылки на AI Labyrinth добавляются только при обнаружении подозрительного поведения.

Вместо простых линейных цепочек страниц AI Labyrinth создаёт древовидные структуры, имитирующие навигацию по реальному сайту.

Каждое обновление законодательства, каждый новый список запрещённых ресурсов — это не просто «ещё одна бюрократия», а реальный риск для бизнеса и репутации.

: '', 'final_url' => $final_url]); exit; }Это не «серверный анализ» — это безопасный мост, который позволяет браузеру получить то, что он не может получить сам.

fonts.googleapis.com — это Google, и это риск.

Безопасность — не фича, а основаЯ не просто говорю «мы не собираем данные».

Как мы определяем CMS и почему это важноЗнаете, где чаще всего прячутся запрещённые ссылки?

Подробностей расследования пока нет, известно лишь, что французы вели его с 2021-го, а в сентябре 2024-го выдвинулись в страну на оперативно-розыскные.

И в фокусе у него самая горячая история последних недель — идентичность арестованного админа XSS.

Tea — модное приложение на ~1,6 миллиона пользовательниц, а по утверждениям разраба, и на все 4 миллиона.

Приложение при регистрации, конечно же, убеждало пользователей, что их документы и прочие ID не собирают и не хранят.

У фитнес-приложения Fitify обнаружили пользовательские данные в в открытом доступе, включая личные фото для отслеживания прогресса в тренировках.

Эти системы способны выявлять аномальное поведение и скрытые угрозы, однако их эффективность напрямую зависит от того, насколько качественно организован процесс получения и доставки сетевого трафика для анализа.

Благодаря буферизации, или «защите от всплесков», брокер предотвращает потерю пакетов и обеспечивает гарантированную доставку полного объёма данных в систему анализа.

Защита от всплесков с помощью буферизацииСнижение нагрузки на средства анализаБрокеры сетевых пакетов играют ключевую роль в снижении нагрузки на аналитические системы.

Такая ситуация часто происходит, когда один и тот же поток данных проходит через несколько сетевых устройств и попадает в систему анализа в нескольких …

Привет, Хабр, я Виктор Рябинин из Positive Technologies, вместе с web3 командой мы анализируем безопасность блокчейнов и смарт-контрактов, исследуем уязвимости и создаем инструменты для их обнаружения.

В предыдущих статьях мы исследовали архитектуру Web3 AI-агентов, уязвимости современных LLM и применимость джейлбрейков к различным моделям.

Web3 и проблема доверия к AI-агентамВ 2024-2025 годах мы наблюдаем взрывной рост автономных AI-агентов в блокчейн-экосистемах.

Это не просто различия в лексике или синтаксисе — это фундаментальные различия в том, как модели организуют смысл в высокоразмерном пространстве.

Это не просто различия в лексике или синтаксисе — это фундаментальные различия в то…

В этой статье разберёмся, зачем и как регистрировать программное обеспечение в двух ключевых реестрах:в Роспатенте — для юридической защиты исключительных прав;в Минцифры — для получения налоговых и административных преимуществ.

Реестр Минцифры: зачем и кому это нужноРеестр российского ПО Минцифры — это административный инструмент, который ведёт Минцифры РФ.

Кроме того, наличие отметки «Реестр отечественного ПО» на сайте или в маркетинговых материалах значительно повышает лояльность со стороны потребителей.

Документация на ПО, включающая:Описание функциональных характеристик;Информация, необходимая для установки и эксплуатации;Документация о поддержании жизненного цикла ПО.

Регистрация в Ро…

Это не просто техническая задача, а сложный процесс, который требует точности, контроля и, что немаловажно, скорости.

Таким образом, компании осознают необходимость модернизации системы управления доступом и готовы к внедрению более эффективных решений, которые помогут сократить издержки и повысить безопасность информационных систем.

Мы систематизировали и стандартизировали ключевые процессы управления доступом для нашей «коробки», подробно описав их в сопроводительной документации (все схемы, условия, результаты каждого процесса).

Точно так же и с нашим коробочным решением: чтобы внедрение прошло быстро и без проблем, инфраструктура заказчика должна соответствовать определённым требованиям…

Auto ComplianceAuto Compliance — это подход к автоматизации процессов оценки соответствия активов (например, серверов, приложений, баз данных) требованиям стандартов, регуляторов или внутренних политик.

Вместо ручного анализа и проверки, Auto Compliance использует технологии нейронных сетей для сравнения свойств активов с текстовыми требованиями и вынесения вердикта о соответствии, а также проверка практик безопасной настройки (Технический Compliance) и политик компании на соответствие.

Соответствие стандарту ISO 27001Организация может использовать Auto Compliance для проверки соответствия своих активов требованиям стандарта ISO 27001.

Соответствие внутренним политикам безопасностиКомпании …

Зло оказалось настолько коварным, что не оставляло за собой никаких следов: не было ни сломанных дисков, ни порезанных кабелей, ни перегретых процессоров, ни заблудившихся электронов.

Каждую пятницу схема была одинаковой: дождавшись прихода с обеда всех сотрудников, посмотрев с ухмылкой на планы грядущих выходных ответственного специалиста, нечисть останавливала ввод / вывод на массиве и с искренним умилением наблюдала за суетой.

Анализируем, смотрим, что плохо и что можно улучшить.

С виду ничего необычного: группы RAID5 в комбинации 3D+1P и STU 64kb, на каждой — по тому и презентовано нодам ESXi.

Уменьшение настройки Resolution до 64 кб приведет к снижению потока записи на снапшотную групп…

Приоритизация уязвимостей является важным этапом, входе которого необходимо оценить риск и последовательность устранения уязвимостей в приоритете - от самого критического до самого низкого риска.

В предыдущей статье я описывал визуализацию уязвимостей с помощью Budibase, в этой статье я опишу собственную реализацию оценки приоритетности устранения уязвимостей и добавлю функционал на Budibase платформу.

На самом деле если обновления проводятся постоянно, то большинство уязвимостей будет устранено без особых усилий.

В следующей статье я расскажу об EPSS, покажу, как реализовать его в Budibase, и добавлю функционал для выгрузки списка приоритетных уязвимостей.

Будет интересно узнать, используе…

В этой статье мы рассмотрим дефект безопасности XXE в контексте Java.

На запрос он будет возвращать простое текстовое сообщение, которое будем расценивать как флаг успешного проведения XXE — XXE confirmed.

Наш вызов слегка изменяется — добавляется второй параметр:var config = C3P0ConfigXmlUtils.extractXmlConfigFromInputStream(xmlConfigStream, false);Передадим тот же XML-файл, что и в прошлый раз.

ИтогиМы кратко разобрали XXE в контексте Java, причины появления подобных дефектов безопасности и способы борьбы с ними.

Один из результатов регулярных проверок, которые проводят наши специалисты по безопасности, — подтверждение того, что в SOAP-интерфейсах Libercat по умолчанию блокируется использ…

Модели часто отказывают вам в вещах, ответы на которые считают опасными.

Эта модель — первый опенсорс OpenAI за долгое время, и было бы обидно не попробовать работу полноценной, разблокированной от ограничений модели.

Она состоит из двух частей: системный промт и юзерский промт.

В нем вам нужно заменить содержимое квадратных скобок в первой строчке на ваш настоящий запрос.

Когда вы видите у модели отказ, вам нужно дополнить им юзерпромт.

в секции .text хранится сам код программы (на самом деле это не всегда так), а запакованный код изучать не рационально.

И как же нам такое анализировать?

Имя метода — Justy, array — передаваемые в метод аргументы строки: «64 444A56», «727 163», «SuperAdventure».

Напомню что в качестве аргументов в метод Justy передаются 3 строки: «64 444A56», «727 163» и «SuperAdventure».

В этот раз это не картинка, а простой набор байт)Ресурс K0qFnlEVЕсли кратко, то создаётся ResourceManager, привязанный к ресурсу K0qFnlEV .

Уязвимости в прошивке ControlVault3 затрагивают более 100 моделей ноутбуков Dell, позволяют злоумышленникам обойти Windows Login и установить вредоносное ПО, остающееся в системе даже после переустановки ОС.

Dell ControlVault представляет собой аппаратное защитное решение, которое хранит пароли, биометрические данные и коды безопасности в прошивке на специальной дополнительной плате, называемой Unified Security Hub (USH).

Уязвимости затрагивают как встроенное ПО ControlVault3, так и API-интерфейсы Windows в ноутбуках Dell серий Latitude и Precision, ориентированных на бизнес-пользователей.

Такие устройства весьма популярны в области ИТ, а также в правительственных и промышленных учреждениях…

Компания Adobe выпустила внеплановые патчи, которые устраняют две серьезные уязвимости в Adobe Experience Manager Forms (AEM Forms) в Java Enterprise Edition (JEE), для которых уже доступны публичные эксплоиты.

«Adobe известно, что для CVE-2025-54253 и CVE-2025-54254 уже публично доступны proof-of-concept эксплоиты.

Разработчики выразили благодарность за обнаружение уязвимостей специалистам компании Assetnote (приобретенной Searchlight Cyber в январе 2025 года).

Она возникает из-за того, что механизм аутентификации в AEM Forms загружает XML-документы небезопасным образом, что позволяет использовать баг без аутентификации.

29 июля, выждав положенные 90 дней, специалисты Searchlight Cyber опу…

Разработчики WhatsApp представили новую защитную функцию, которая поможет пользователям распознать потенциальных мошенников, когда человек, не входящий в список контактов, приглашает их в групповой чат.

Новая функция отвечает за отображение предупреждения «Safety overview», в котором содержится информация о дате создания группы, количестве ее участников и возможных попытках мошенничества.

После этого пользователь сможет выйти из группы, даже не заходя в чат, — говорится в сообщении компании.

Ранее в этом году разработчики WhatsApp объединялись с представителями OpenAI для ликвидации мошеннического центра в Камбодже, который занимался различными видами скама: жертвам предлагали инвестировать…

C++ так­же перенял от Lisp и интер­пре­тиру­емых язы­ков, таких как Python и JavaScript, динами­чес­кую типиза­цию, которая выраже­на в std:: any и std:: variant .

info На утвер­жде­ние докумен­та пот­ратили неделю упор­ной работы 200 спе­циалис­тов на заседа­нии комите­та ISO C++ в Софии, Бол­гария.

GCC под­держи­вает фрон­тенды для язы­ков C, C++, Objective-C, Fortran и мно­гих дру­гих.

Затем она выводит тек­сто­вую стро­ку и отправ­ляет обо­им потокам зап­росы на оста­нов­ку, но толь­ко пре­рыва­емый поток реаги­рует на это и завер­шает выпол­нение, в то вре­мя как неп­рерыва­емый про­дол­жает работу.

Я исполь­зую VS Code и всем советую, но перед исполь­зовани­ем для кодин­га на C++ его …

Вредонос нацелен на российских пользователей и распространяется через мессенджеры под видом защитных решений.

Предполагается, что наряду с приемами социальной инженерии злоумышленники, вероятно, используют малварь в качестве вспомогательного инструмента для кражи денег пользователей.

Троян обладает широкой функциональностью: он способен записывать происходящее вокруг жертвы на камеру и микрофон, отслеживать геолокацию, запускать произвольные shell-команды, делать запись экрана, а также воровать пароли и следить за активностью жертвы в мессенджерах и браузерах.

Кроме того, LunaSpy может получить доступ к журналу звонков и списку контактов на зараженном устройстве и читать SMS.

Все собранные …

Компания Google сообщает, что пострадала от утечки данных.

Этот инцидент стал очередной атакой хак-группы ShinyHunters, которая в последние месяцы нацелена на Salesforce CRM.

Целью хакеров при этом является компрометация Salesforce и получение доступа к данным клиентов.

Как правило, после взлома и хищения данных злоумышленники связываются с пострадавшими организациями по электронной почте и требуют выкуп.

Издание отмечает, что недавно неназванная компания выплатила ShinyHunters 4 BTC (около 400 000 долларов США по текущему курсу), чтобы избежать утечки данных.

На этот раз в коллекционный сборник войдут лучшие статьи, опубликованные в 2025 году: от разбора сетевых протоколов до хакерских применений LLM.

После выпуска трех бумажных сборников с архивными статьями за 2015–2021 годы мы решили попробовать новый формат: журнал, в котором будут собраны лучшие статьи за год.

Поэтому мы уже готовим номер, в который войдут более 20 топовых текстов, публиковавшихся на страницах «Хакера» в 2025 году.

Предварительные заказы уже открытыКак ты мог заметить, пока на дворе только август, а значит, до конца года на страницах «Хакера» будет опубликовано еще множество интересных материалов.

Тираж нового журнала ограничен, поэтому уже сейчас ты можешь зарезервировать …

На этой неделе аналитики из компании Check Point рассказали об RCE-уязвимости CVE-2025-54136 (7,2 балла по шкале CVSS) в ИИ-редакторе Cursor AI.

Исследователи продемонстрировали, что возможно изменить уже одобренную конфигурацию MCP-сервера таким образом, чтобы при каждом открытии проекта в Cursor выполнялся вредоносный код.

Также на этой неделе о проблемах в Cursor AI рассказали специалисты компании Aim Labs.

Проблема позволяла удаленным атакующим эксплуатировать уязвимость косвенных промпт-инъекций (indirect prompt injection), чтобы изменить файлы MCP и выполнить произвольный код.

«Мы обнаружили как минимум четыре способа, которые позволяли обойти denylist в Cursor и выполнить несанкциони…

Компания SonicWall предупредила своих клиентов о необходимости отключить SSL VPN, поскольку в последние недели вымогатели эксплуатируют потенциальную уязвимость в межсетевых экранах SonicWall 7-го поколения.

На прошлой неделе специалисты из компании Arctic Wolf сообщили, что с 15 июля 2025 года они зафиксировали уже несколько атак с применением вымогателя Akira, и предположили, что преступники могут использовать в атаках 0-day уязвимость в продуктах SonicWall.

Эксперты рекомендовали администраторам временно отключить службы SonicWall SSL VPN из-за высокой вероятности того, что в атаках используется связанная с ними уязвимость.

«Потенциальная уязвимость нулевого дня в VPN-службах SonicWall а…

Google выпустила августовские обновления безопасности для Android, которые содержат патчи для шести уязвимостей.

Две из этих проблем связаны с компонентами Qualcomm и уже использовались в целевых атаках.

Находившиеся под атаками уязвимости получили идентификаторы CVE-2025-21479 и CVE-2025-27038, и команда безопасности Android узнала о них еще в январе 2025 года.

Отметим, что Google включила в обновление патчи, анонсированные Qualcomm еще в июне текущего года.

Тогда производитель предупреждал, что, по информации специалистов Google Threat Analysis Group, уязвимости CVE-2025-21479, CVE-2025-21480 и CVE-2025-27038 могут эксплуатироваться «в рамках ограниченных целевых атак».

Аналитики из компаний Beazley Security и SentinelOne предупредили о кампании по распространению обновленного инфостилера PXA Stealer, написанного на Python.

Исследователи считают, что за PXA Stealer стоят вьетнамоязычные хакеры.

PXA Stealer похитил: свыше 200 000 уникальных паролей, данные сотен банковских карт и более 4 млн файлов cookie из браузеров жертв.

Тогда его в основном использовали для атак на правительственные и образовательные учреждения в странах Европы и Азии.

Этот вредонос способен воровать пароли, данные автозаполнения браузера, информацию о криптовалютных кошельках и данные из банковских приложений.

Представители Cisco сообщили, что неизвестные злоумышленники похитили информацию о пользователях Cisco[.

В итоге были похищены персональные данные пользователей Cisco.com, включая: имена, названия организаций, адреса, пользовательские ID, выданные Cisco, email-адреса, номера телефонов и метаданные аккаунтов, включая даты их создания.

Инцидент не затронул продукты и сервисы Cisco, а также другие экземпляры CRM-системы.

«Когда мы узнали об атаке, доступ злоумышленника к скомпрометированной CRM-системе был немедленно заблокирован, а Cisco начала расследование.

Мы связались с органами по защите данных и уведомили пострадавших пользователей, если этого требовало законодательство, — сообщили в ко…

Attack chains involve deploying SocGholish to establish initial access and broker that compromised system access to a diverse clientele, including Evil Corp (aka DEV-0243), LockBit, Dridex, and Raspberry Robin (aka Roshtyak).

Interestingly, recent campaigns have also leveraged Raspberry Robin as a distribution vector for SocGholish.

"SocGholish infections typically originate from compromised websites that have been infected in multiple different ways," Silent Push said.

Keitaro TDS has long been involved in threat activity going beyond malvertising and scams to deliver more sophisticated malware, including exploit kits, loaders, ransomware, and Russian influence operations.

"Raspberry Robin…

"Because the second-stage payload delivers a bash-scripted payload for Linux systems and retrieves Windows executables via certutil.exe, both Linux build servers and Windows workstations are susceptible to compromise," Brown said.

The findings underscore the continued supply chain risks arising from the cross-platform nature of Go to push malware.

The packages, which have been collectively downloaded over 1,110 downloads, continue to remain available on the npm registry as of writing.

Central to their operations is their ability to retrieve a remote database of Indonesian phone numbers from a GitHub repository.

"The presence of an unused GitHub token could indicate incomplete development, p…

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions.

"This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations."

However, the attack hinges on the threat actor already having administrator access to an Exchange Server.

As mitigations, customers are recommended to review Exchange Server security changes for hybrid deployments, install the April 2025 Hot Fix (or newer), and follow the configuration instructions.

"If you've previously configured Exchange hybrid or OAuth authentication be…

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.

"The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view camera feeds," Claroty researcher Noam Moshe said.

"Furthermore, using internet scans of exposed Axis.Remoting services, an attacker can enumerate vulnerable servers and clients, and carry out granular, highly targeted attacks."

There is no evidence that the issues have been exploited in the wild.

Atta…

As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden:Secure AI embedded in every part of the business.

The recent Sysdig Cloud Defense Report 2025 breaks down this tectonic shift.

Security teams are responding in kind.

Tools like Sysdig Sage™, a fully integrated AI cloud security analyst, are driving mean time to respond down by 76%.

Key ways security teams are leveraging AI include:Contextual enrichment : AI quickly correlates related events and aggregates data that makes alerts understandable.

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse.

"We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the company said.

"Instead, there is a significant correlation with threat activity related to CVE-2024-40766."

"An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and, in specific conditions, causing the firewall to crash," it noted in an advisory at the time.

Furthermore, the company pointed out that So…

From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn't write.

Python supply chain attacks are rising fast—and your next pip install could be the weakest link.

It's Time to Treat Python Supply Chain Security Like a First-Class ProblemThe traditional approach—"just pip install and move on"—won't cut it anymore.

In this session, we'll walk through:The Anatomy of Modern Python Supply Chain Attacks: What happened in recent PyPI incidents—and why they keep happening.

Whether you're early in your journey or already doing audits and signing, this session will help you take your Python supply chain to the next level.

Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment.

"We identified a way to abuse an undocumented ECS internal protocol to grab AWS credentials belonging to other ECS tasks on the same EC2 instance," Haziz said in a report shared with The Hacker News.

In other words, a malicious app in an ECS cluster could assume the role of a more privileged task.

]2 that exposes the temporary credentials associated with the task's IAM role.

ECScape can have severe consequences when running ECS tas…

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications.

These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive analysis shared with The Hacker News.

One such Android app is Spam Shield block, which purports to be a spam blocker for push notifications but, in reality, charges users several times after convincing them to enroll in a subscription.

All types of cybercrime, from dating scams to investment fraud and i…

To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands.

A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs.

The answers can be found in "The 2025 State of the vCISO Report".

This newly-released report offers a deep dive into the vCISO market evolution and the broader shift toward advanced cybersecurity services.

This allows service providers to support more clients, deliver higher-quality outputs, and improve profit margins, all without expanding headcount.

Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts.

The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant.

"It uses decompilers and other tools, reviews their output, and determines whether the software is malicious or benign."

Project Freta is a Microsoft Research initiative that enables "discovery sweeps for undetected malware," such as rootkits and advanced malware, in memory snapshots of live Linux systems during memory audits.

A second evaluation of near…

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild.

The Trend Micro Incident Response (IR) Team and Jacky Hsieh at CoreCloud Tech have been credited with reporting the two flaws.

Trend Micro said it "observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild."

Mitigations for Trend Micro Apex One as a Service have already been deployed as of July 31, 2025.

A short-term solution for on-premise versions is available in the form of a fix tool.

They explain how this technique went from non-existent a year ago to the second most prevalent threat today, and why it’s so effective.

Moving from emerging threats to positive developments, the second segment highlights recent law enforcement disruptions of infostealers.

Aryeh and Ondrej discuss what made these infostealer-as-a-service ventures attractive to affiliates, the impact of the disruptions, and ESET research’s specific contributions to these takedowns.

If ransomware, infostelaers or new social engineering techniques are your thing, tune in and subscribe to the ESET Research Podcast.

For a more detailed version, download the ESET Threat Report H1 2025 from the Threat Reports secti…

Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too muchThe world of espionage has gone digital.

Rather than involving trench coats and secret missions, it's now about silent cyberthreats that can turn phones into secret surveillance devices.

In this episode of Unlocked 403, the show's host Becks is joined by Lukas Stefanko, a malware researcher at ESET, to unpack the evolution of spying in the digital age and to shed light on the ins and outs of modern spyware.

Lukas also shares his findings about tools such as BadBazaar, discovered by ESET, as well as his best tips for spotting and getting rid of spyware.

Lukas is a familiar…

The UK Government wants access, when requested, to the end-to-end encrypted messages and data for everyone in the UK.

Demanding the impossiblePut simply, restricting end-to-end encryption on a single-country basis is inherently unenforceable.

This issue was highlighted when Apple withdrew Advanced Data Protection (ADP) from the UK marketplace back in February.

This is not so simple, however: once you enable encryption, to disable it you need to decrypt the data before switching off the encryption, otherwise the encrypted data remains encrypted and unreadable.

To enforce it at the border, each person entering the country would need to unencrypt end-to-end encrypted data and disable any apps …

Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025With another month behind us, it's time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that made an impact and offered vital lessons in July 2025.

Here's Tony's rundown of some of what stood out most over the past 30 or so days.

attacks targeting on-premises Microsoft SharePoint servers by exploiting the ToolShell zero-day vulnerabilities – and the implications of these attacks for businesses,Lumma Stealer, previously disrupted in a global operation that also relied on ESET's expertise, has returned, as also confirmed by ESET research,KNP, a…

Not all browser add-ons are handy helpers – some may contain far more than you have bargained forWhat would we do without the web browser?

Next time you’re thinking about downloading a web browser add-on, think through the following risks.

Malware may be hidden in legitimate-looking browser extensions like those purporting to be ad blockers or PDF converters or even security enhancements.

Rilide Stealer posing as a Chrome browser extension (source: ESET Threat Report H1 2024)What can malicious extensions do?

be sure to source your browser extensions and, indeed, all other software from reliable providers.

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacksThe ESET research team has released their findings about exploitation of CVE-2025-53770 and CVE‑2025‑53771, zero-day vulnerabilities in on-premises Microsoft SharePoint servers dubbed ToolShell.

ESET's data shows that attacks hit victims globally, with the US (13.3% of attacks) being the most-targeted country.

What else is there to know about the incursions and what should organizations do to stay safe?

Watch the video with ESET Chief Security Evangelist Tony Anscombe and make sure to read the blogpost itself,

]228 2025-07-21 16:00 2025-07-22 16:00 45.77.155[.

]170 2025-07-21 16:00 2025-07-21 19:00 64.176.50[.

]139 N/A Alina Gatsaniuk 2025-07-22 IP address exploiting SharePoint vulnerabilities.

]10 N/A The Constant Company, LLC 2025-07-22 IP address exploiting SharePoint vulnerabilities.

]75 N/A IP Manager 2025-07-22 IP address exploiting SharePoint vulnerabilities.

Using fake CAPTCHA images, ClickFix spreads all manner of threats, including infostealers, ransomware, remote access trojans, cryptominers, and even malware from nation-state-aligned threat actors.

It hides the malicious activity from us, and our security software, and uses legitimate Windows tools to stay under the radar.

There are various ways you may be exposed to a malicious CAPTCHA.

A CAPTCHA threat could also install a remote access trojan (RAT), another type of malware but this time designed to provide remote access to your machine.

Falling for a CAPTCHA threat isn’t the end of the world.

Behind every free online service, there's a price being paid.

Learn why your digital footprint is so valuable, and why you might be the product.

It's not just a trail of data left behind by your online activity – it's a goldmine of sensitive data.

Their conversation pulls back the curtain on how social media, apps, and websites gobble up, analyze, and use your personal information, as well as why this relentless data gathering may pose hidden risks, especially for children.

They also go on to discuss everything from the nuances of first- versus third-party data collection, a principle called data minimization, the power of metadata, all the way to the intricacies of apps' privacy settings.

Fork hierarchyFigure 2 illustrates how some of the more prevalent AsyncRAT forks have evolved from one another over time.

Not all RATs are serious in nature though, and this applies equally to AsyncRAT forks.

Extensive fork listWe have highlighted here some of the more prominent AsyncRAT forks.

For completeness, Figure 8 provides an extended list of AsyncRAT forks known to be used for malicious purposes, as seen in ESET telemetry to date.

4FB0CAAD6E345947EE2D 30E795B711F91C6A4819 Stub.exe MSIL/AsyncRAT.A AsyncRAT client.

Cracking the code of a successful cybersecurity career starts here.

Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.

What does it take to break into cybersecurity?

Hear from ESET Principal Threat Intelligence Researcher Robert Lipovsky as he breaks down the skills and personality traits that all aspiring cybersecurity professionals should have in order to succeed in this ever-evolving industry.

Of course, this is far from the first time we've looked at how to get started in cybersecurity.

Here’s how to avoid getting played by gamified job scams.

Many of these are so-called “task scams,” where victims are actually tricked into paying a “deposit” in order to get paid.

What are task scams and how do they work?

Task scams are a specific type of employment fraud that use gamification techniques to string victims along.

Once you pay, your money disappears and you’ll have no way to recoup those fake earnings.

Add staffing and funding cuts to the mix, and the problem is only likely to get worse.

Governments are among the largest consumers of cybersecurity services, and private companies are often reliant on the revenue from these contracts.

It’s vendors such as these that are likely to fall victim to funding cuts, either through reduced service contracts or future grant funding.

Federal cuts to CISA could create new opportunities for Managed Service Providers (MSPs) and cybersecurity vendors offering Managed Detection and Response (MDR) services.

A funding reduction in cybersecurity hands cybercriminals a significant opportunity, ensuring their activities will reap long-term rewards and maintain …

Over a third of companies say they are using AI, including generative AI, to fight fraud, according to Experian.

While some companies are open to using AI to fight fraud, consumer trust is still low.

“With the widespread use of generative AI, fraud is evolving faster than many businesses can keep up with,” said Kathleen Peters, Chief Innovation Officer, Experian North America.

The most common types include identity theft, payment fraud, account takeovers, peer-to-peer payment scams, and first-party fraud.

While 85% of businesses believe their fraud controls align with consumer expectations, less than half of people are highly trusting of companies to address their concerns online.

Here’s a look at the most interesting products from the past week, featuring releases from Black Kite, Descope, Elastic, ExtraHop, LastPass, and Riverbed.

Elastic AI SOC Engine helps SOC teams expose hidden threatsElastic AI SOC Engine (EASE) is a new serverless, easy-to-deploy security package that brings AI-driven context-aware detection and triage into existing SIEM and EDR tools, without the need for an immediate migration or replacement.

ExtraHop helps SOCs connect the dots with identity-driven detectionExtraHop unveiled new innovations to accelerate incident response, offering an understanding of cyberattacks by linking disparate detections to compromised identities.

Descope enhances …

Instead of making users choose different models based on speed or accuracy, GPT‑5 decides on the fly how to respond.

For professionals who work with AI daily, this means fewer dead ends and more productive interactions.

GPT‑5 is designed to excel at logical reasoning, handle complex coding tasks with minimal prompting, and support more autonomous task handling.

For developers, GPT‑5 brings new tools like code generation, reasoning toggles, and the ability to fine-tune how verbose or concise it is.

IT teams and developers can expect faster, smarter automation and more flexible AI use.

(The app is used to authenticate and secure the communication between Exchange Server and Exchange Online.)

A hybrid deployment of Microsoft Exchange Server involves a configuration that connects an on-premises Microsoft Exchange Server environment with Exchange Online, the cloud-based version bundled in most Microsoft 365 subscriptions.

The retirement of Exchange Web Services (EWS) in Exchange Online (in favor of the Microsoft Graph API) and the transition from the Office 365 Exchange Online application to a dedicated Exchange hybrid app has been planned by Microsoft for a while.

The company set the process in motion in earlier this year, by releasing hotfix updates for Exchange Server 201…

Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today.

A SonicWall spokesperson told Help Net Security that there have been fewer than 40 confirmed cases, and the attacks seem to be linked to legacy credential use during migrations from Gen 6 to Gen 7 firewalls.

(CVE-2024-40766 also affects Gen 7 firewalls running SonicOS 7.0.1-5035 and older versions.)

Thus, they are urging organizations using Gen 7 firewalls to upgrade to it.

Huntress and GuidePoint Security have shared indicators of compromise associated with the campaign and listed the various actions and tools used by…

Black Hat USA 2025 was packed with innovation, with companies showing off tools built to get ahead of what’s coming next.

SpecterOps has released BloodHound 8.0, the latest iteration of its open-source attack path management platform, featuring major enhancements and expanded capabilities.

Manifest Cyber introduced Manifest AI Risk, the latest module part of the Manifest Platform, designed to help security and compliance teams secure their AI supply chains.

Cymulate announced the new Cymulate Exposure Management Platform, which validates, prioritizes and optimizes the entire security ecosystem – continuously.

The new Cymulate platform unifies exposure data and integrates threat validation r…

Help Net Security newsletters : Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.

He explains why post-quantum cryptography (PQC) is an urgent and long-term priority.

In an already highly technical space, speaking the language of post-quantum cryptography to a non-technical board member could lead to a breakdown in communication.

Do you see post-quantum cryptography as primarily a long-term risk or a near-term operational challenge?

Do you foresee PQC adoption driving wider changes in how CISOs think about digital trust and resilience?

Adopting PQC is the only way we can ensure we maintain digital trust and resilience in an environment where today’s cryptography is broken in seconds.

Cybercriminals are deploying unidentifiable phishing kits (58% of phishing sites) to propagate malicious campaigns at scale, indicating a trend towards custom-made or obfuscated deployments, according to VIPRE Security.

Manufacturing is the top target sectorFor the sixth quarter in a row, the manufacturing sector remains the prime target for cybercriminals.

In Q2 2025, manufacturers faced the highest volume of email-based attacks, 26% of all incidents, encompassing BEC, phishing, and malspam threats.

Manufacturing faced the highest number of email-based attacks in Q2 2025, which fits with its overall rise in cyberattacks.

BEC targets ScandinaviaScandinavian countries, known for their sophis…

Elastic AI SOC Engine (EASE) is a new serverless, easy-to-deploy security package that brings AI-driven context-aware detection and triage into existing SIEM and EDR tools, without the need for an immediate migration or replacement.

EASE delivers agentless integrations, AI-driven alert correlation using Elastic’s Attack Discovery, and an AI Assistant that empowers SOC analysts to uncover hidden, coordinated threats faster and reduce manual investigation time.

Delivered on the Elastic Cloud, EASE gives security teams a friction-reducing path to prioritize threats, reduce alert fatigue, and enhance the value of their current security investments.

“EASE brings Elastic’s proven AI capabilities …

While GenAI excels at producing functional code, it introduces security vulnerabilities in 45 percent of cases, according to Veracode’s 2025 GenAI Code Security Report, which analyzed code produced by over 100 LLMs across 80 real-world coding tasks.

Our research reveals GenAI models make the wrong choices nearly half the time, and it’s not improving.”AI is enabling attackers to identify and exploit security vulnerabilities quicker.

Tools powered by AI can scan systems at scale, identify weaknesses, and even generate exploit code with minimal human input.

Each task prompted more than 100 LLMs to complete code snippets, offering the opportunity to choose a secure or insecure implementation.

J…

Researchers assessed the external attack surface of 21 major energy companies, analyzing nearly 40,000 IP addresses and scanning all 65,535 ports per host.

In total, the companies had 58,862 services exposed to the Internet.

Some services known to be vulnerable, like HTTP, SSH, SMTP, and DNS, were found running on ports far outside their defaults.

In total, SixMap found 304 vulnerable services on non-standard ports, including 21 CVEs known to be exploited in the wild.

Since traditional exposure management tools cannot discover IPv6 hosts, this portion of the infrastructure is often left unmonitored.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

The Semiconductor Industry and Regulatory ComplianceEarlier this week, the Trump administration narrowed export controls on advanced semiconductors ahead of US-China trade negotiations.

And China is skirting American export controls to accelerate AI research and development, with the explicit goal of enhancing its military capabilities.

We can’t afford to wait for semiconductor firms to catch up gradually.

If Trump’s new license-focused export controls are to be effective, the administration must increase the penalties for noncompliance.

The Commerce Department’s Bureau of Industry and Security (BIS) needs to more aggressively enforce its regulations by sharply increasing penalties for expo…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

An Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers.

The North Koreans were hired as remote software and application developers with multiple Fortune 500 companies, including an aerospace and defense company, a major television network, a Silicon Valley technology company, and a high-profile company.

As a result of this scheme, they collected over $17 million in illicit revenue paid for their work, which was shared with Chapman, who processed their paychecks through her financial accounts.

“Chapman also shipped 49 laptops and other devices supplied by U.S. companies to locations o…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations.

As you might expect, it’s used by wealthy or important people.

So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people.

And maybe even steal their luggage.

Because once you are the super-admin of their most sensitive systems, you have have [sic] the ability to do anything.”

I have long said that the engineering problems between now and a useful, working quantum computer are hard.

And by “hard,” we don’t know if it’s “land a person on the surface of the moon” hard, or “land a person on the surface of the sun” hard.

And we’re going to hit those engineering problems one by one, as we continue to develop the technology.

While I don’t think quantum computing is “surface of the sun” hard, I don’t expect them to be factoring RSA moduli anytime soon.

And—even there—I expect lots of engineering challenges in making Shor’s Algorithm work on an actual quantum computer with large numbers.

But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data.

The essay provides the first framework for metrics about how we are all doing collectively—and not just how an individual network is doing.

There are substantial improvements across threat operations, threat ecosystem and organizations, and software vulnerabilities.

And since cost imposition is leading to a survival-of-the-fittest contest, we’re stuck with perhaps fewer but fiercer predators.

From the report:Our project is proceeding in three phases—­the initial framework presented here is only phase one.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Microsoft SharePoint Zero-DayChinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide:The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10.

It gives unauthenticated remote access to SharePoint Servers exposed to the Internet.

Starting Friday, researchers began warning of active exploitation of the vulnerability, which affects SharePoint Servers that infrastructure customers run in-house.

Patching isn’t enough, as attackers have used the vulnerability to steal authentication credentials.

This is an unfolding security mess, and quite the hacking coup.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Subliminal Learning in AIsToday’s freaky LLM behavior:We study subliminal learning, a surprising phenomenon where language models learn traits from model-generated data that is semantically unrelated to those traits.

For example, a “student” model learns to prefer owls when trained on sequences of numbers generated by a “teacher” model that prefers owls.

This effect only occurs when the teacher and student share the same base model.

Interesting security implications.

I am more convinced than ever that we need serious research into AI integrity if we are ever going to have trustworthy AI.

How Solid Protocol Restores Digital AgencyThe current state of digital identity is a mess.

We’re used to the massive security failures resulting from all of this data under the control of so many different entities.

Unlike Web 2.0 platforms like Facebook, which require massive back-end systems to store, process, and monetize user data, Solid applications can be lightweight and focused solely on functionality.

Patients maintain their own comprehensive medical record, with data cryptographically signed by trusted providers, in their own data wallet.

This process eliminates dangerous information gaps while ensuring that patients maintain an appropriate role in who sees what about them and why.

Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.

The gaming sites all require users to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action.

Those who deposit cryptocurrency funds are soon asked for additional payments.

However, any “winnings” displayed by these gaming sites are a complete fantasy, and players who deposit cryptocurrency funds will never see that money again.

Thereallo said the operators of this scam empire appear to generate a unique Bitcoin wallet for each gaming domain they deploy.

An Internet search for this email address reveals a humorous blog post from 2020 on the Russian forum hackware[.

]biz reference the technical contact of “Justy John” and the email address [email protected].

A search at DomainTools found [email protected] has been registering one-off phishing domains since at least 2012.

]biz, all of which at one point included the email address [email protected].

The same Nigerian phone number shows up in dozens of domain registrations that reference the email address [email protected], including 26i3[.

In an advisory about the SharePoint security hole, a.k.a.

The Cybersecurity & Infrastructure Security Agency (CISA) concurred, saying CVE-2025-53770 is a variant on a flaw Microsoft patched earlier this month (CVE-2025-49706).

Microsoft notes the weakness applies only to SharePoint Servers that organizations use in-house, and that SharePoint Online and Microsoft 365 are not affected.

“It is critical that affected servers rotate SharePoint server ASP.NET machine keys and restart IIS on all SharePoint servers.

This threat is already operational and spreading rapidly.”Microsoft’s advisory says the company has issued updates for SharePoint Server Subscription Edition and SharePoint Server 2019,…

As first reported by Wired, the researchers discovered that the weak password used by Paradox exposed 64 million records, including applicants’ names, email addresses and phone numbers.

Paradox.ai acknowledged the researchers’ findings but said the company’s other client instances were not affected, and that no sensitive information — such as Social Security numbers — was exposed.

“We are confident, based on our records, this test account was not accessed by any third party other than the security researchers,” the company wrote in a July 9 blog post.

Still, a review of the exposed passwords shows they included the Vietnamese administrator’s credentials to the company’s SSO platform — parad…

On July 13, Mr. Elez committed a code script to GitHub called “agent.py” that included a private application programming interface (API) key for xAI.

GitGuardian’s systems constantly scan GitHub and other code repositories for exposed API keys, and fire off automated alerts to affected users.

The code repository containing the private xAI key was removed shortly after Caturegli notified Elez via email.

However, Caturegli said the exposed API key still works and has not yet been revoked.

“If a developer can’t keep an API key private, it raises questions about how they’re handling far more sensitive government information behind closed doors,” Caturegli told KrebsOnSecurity.

Authorities in the United Kingdom this week arrested four alleged members of “Scattered Spider,” a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

The FBI warned last month that Scattered Spider had recently shifted to targeting companies in the retail and airline sectors.

The NCA said the defendants were charged in cyberattacks against Marks & Spencer, the U.K. retailer Harrods, and the British food retailer Co-op Group.

The bigger fish netted as part of the Scattered Spider dragnet is Thalha Jubair, a U.K. man whose alleged exploits under various monikers have been well-documented in stories on this site.

In…

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software.

While not listed as critical, CVE-2025-49719 is a publicly disclosed information disclosure vulnerability, with all versions as far back as SQL Server 2016 receiving patches.

This pre-authentication vulnerability affects any Windows client machine running Windows 10 1607 or above, and all current versions of Windows Server.

Microsoft also patched at least four critical, remote code execution flaws in Office (CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49702).

CVE-2025-47178 involves a remote code execution flaw in Microsoft Configuration Manager…

But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook, Github, PayPal and Twitter/X.

It is generally illegal for U.S. companies or individuals to transact with people sanctioned by the Treasury.

However, as Mr. Lizhi’s case makes clear, just because someone is sanctioned doesn’t necessarily mean big tech companies are going to suspend their online accounts.

Mr. Lizhi also maintains a working PayPal account under the name Liu Lizhi and username “@nicelizhi,” another nickname listed in the Treasury sanctions.

Another active Facebook account clearly connected to Lizhi is a tourism page for Ganzhou, China called “E…

These include Apple’s Lockdown Mode, which is designed for users who are worried they may be subject to targeted attacks.

Earlier this month, Citizen Lab researchers documented a zero-click attack used to infect the iOS devices of two journalists with Paragon’s Graphite spyware.

Apple has not commented on whether CVE-2025-43200 could be exploited on devices with Lockdown Mode turned on.

But I have had Apple’s Lockdown Mode enabled on all of my Apple devices since it was first made available in September 2022.

Although it would be nice if Apple’s Lockdown Mode sent fewer, less alarming and more informative alerts, the occasional baffling warning message is hardly enough to make me turn it of…

Doppelganger campaigns use specialized links that bounce the visitor’s browser through a long series of domains before the fake news content is served.

Further investigation revealed LosPollos and TacoLoco were apps developed by a company called Holacode, which lists Cerutti as its CEO.

Asked to comment on the findings by Qurium and Infoblox, Cerutti vehemently denied being associated with VexTrio.

Virtually overnight, DollyWay and several other malware families that had previously used VexTrio began pushing their traffic through another TDS called Help TDS.

Uncheck the option to “allow websites to ask for permission to send notifications” if you wish to turn off notification requests entir…

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software.

Tenable’s Satnam Narang said organizations that have at least one Windows Server 2025 domain controller should review permissions for principals and limit those permissions as much as possible.

Adobe has released updates for Acrobat Reader and six other products addressing at least 259 vulnerabilities, most of them in an update for Experience Manager.

Mozilla Firefox and Google Chrome both recently released security updates that require a restart of the browser to take effect.

For a detailed breakdown on the individual security updates released by Microsoft today, chec…

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds.

For example, Ukraine’s incumbent ISP Ukrtelecom is now routing just 29 percent of the IPv4 address ranges that the company controlled at the start of the war, Kentik found.

From a website’s perspective, the traffic from a proxy network user appears to originate from the rented IP address, not from the proxy service customer.

However, proxy services also are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source.

There are now multiple companies that will pay…

The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans.

Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms.

The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

In May 2024, KrebsOnSecurity published a deep dive on Stark Industries Solutions that found much of the malicious traffic traversing Stark’s network (e.g.

vulnerability scanning and password brute force attacks) was being bounced thro…

Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade.

Pakistan’s National Cyber Crime Investigation Agency (NCCIA) reportedly conducted raids in Lahore’s Bahria Town and Multan on May 15 and 16.

In January 2025, the FBI and the Dutch Police seized the technical infrastructure for the cybercrime service, which was marketed under the brands Heartsender, Fudpage and Fudtools (and many other “fud” variations).

Dawn reported that those arrested included Rameez Shahzad, the alleged ringleader of the Heartsender cybercrime business, which most recently operated under the P…

A company, which offered insurance and repair services to cell phone owners across Germany, and generated revenues of up to 70 million Euros (US $80 million) has collapsed following a ransomware attack.

And yet, despite the company's success, an attack by the Royal ransomware group became its ruin.

The freeze in day-to-day business was estimated by Einhaus to have ultimately cost his company something in the mid-seven-figure range.

Einhaus informed the police of the ransomware attack against his company, and - according to reports - investigators have identified three suspects and other possible victims.

As ever, the aftermath of a cyber attack can be considered much worse than day one of a…

Ukraine's Defence Intelligence agency (HUR) claims that its hackers have successfully stolen secret files and classified data on a state-of-the-art Russian nuclear submarine, the “Knyaz Pozharsky."

The “Knyaz Pozharsky” is nuclear-powered ballistic missile submarine, that was commissioned into the Russian Navy's Northern Fleet at a shipyard in Severodvinsk during a ceremony overseen by Russian President Vladimir Putin on 24 July 2025.

The submarine features advanced stealth facilities, designed to allow it to slip past NATO defences, as well as significant strike capability.

The implication of the alleged hack is that Ukraine - and potentially its allies - could now have access to sensitive…

Well, according to local media reports, a hospital in Thailand has been fined after patient’s printed records were recycled as snack bags to hold crispy crepes!

The “secure disposal” business contracted by the hospital offered as an explanation that the documents had been stored at their home, and somehow leaked.

Authorities in Thailand fined the hospital 1.21 million baht (approx US $37,000).

The disposal business owner was fined 16,940 baht (approx US $520).

For a much better idea on how to integrate cybersecurity and food wrappers, check out what has been happening in Belgium.

In episode 62 of The AI Fix, your hosts learn how AI models smash through CAPTCHA roadblocks like they’re made of wet tissue paper – so much for humanity’s last line of defence.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining The AI Fix Plus!

Follo…

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

Also in this week’s episode, Graham reveals why you should never ask a vibe coding app to “clean up” your project, and Mark explains why it was handbags at dawn at the International Mathematical Olympiad.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joi…

Over 200,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers.

The Post SMTP plugin is an add-on used by approximately 400,000 WordPress-powered websites to improve the reliability and security of their email delivery.

According to a report by Patchstack, an ethical hacker responsibly disclosed a serious vulnerability in the Post SMTP plugin.

On June 11, Iqbal released version 3.3.0 of the Post SMTP plugin, which included the patch for the flaw.

You can even, if you are comfortable, set WordPress plugins to automatically update when new versions become available.

European defence giant Naval Group has confirmed that it is investigating an alleged cyber attack which has seen what purports to be sensitive internal data published on the internet by hackers.

Naval Group builds and maintains an array of ships and submarines for the French navy, including aircraft carriers and nuclear submarines.

In their forum post on 23 July, Neferpitou said that Naval Group had 72 hours to make contact or "I'll leak everything for free."

On 25 July, Neferpitou posted an update sharing a link to more detail and said that Naval Group had 24 hours left to contact them.

"At this stage, no intrusion into our IT environments has been detected and there has been no impact on …

US insurance firm Allianz Life has told the media that hackers stole personal info of the “majority” of its customers and staff earlier this month.

The company says that a hacker gained access to an unnamed third-party cloud-based CRM used by Allianz Life, using a social engineering attack.

The firm hasn’t said if it has received a ransom demand, and it hasn’t shared any details on who the hackers might have been.

Maybe with a slice of phishing, SIM swapping, and multi-factor authentication (MFA) bombing too…Found this article interesting?

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

As BBC News reports, a woman’s dating app designed to enhance safety and vet potential dating partners has itself suffered a serious security breach.

The Tea Dating Advice app, used by women to do background checks on men, identify catfishers and scammers, and share “red flags”, had rocketed to the top of the charts on Apple’s App Store.

And now it has spilled an alarming amount of data, including thousands of selfies.

It is reported that 72,000 images, including sensitive ID verification photos that were supposed to be deleted immediately, were carelessly exposed for anyone with an internet connection to access.

The data has, unfortunately, reportedly been a source of much entertainment fo…

There is good news for any organisation which has been hit by the Phobos ransomware.

Japanese police have released a free decryptor capable of recovering files encrypted by both the notorious Phobos ransomware, and its offshoot 8Base.

What is Phobos Ransomware?

And now, with the release of the Phobos decryption tool, there is an option for past victims to restore encrypted data that they might have thought was lost forever.

How can I get the Phobos decryption tool?

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.

The Home Office has confirmed that it is seeking to legally ban public bodies from paying ransom demands to cybercriminals.

The UK government is also looking at requiring businesses not covered by the ban to notify the authorities of any intent to pay a ransom.

The hope is that gathering more actionable intelligence on ransomware operations might help to hunt down the perpetrators.

"Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on," said Security Minister Dan Jarvis.

Public awareness of ransomware has never been higher in the United Kingdom, following a series of attacks on high-street names including Marks & Spencer an…

In episode 60 of The AI Fix, we learn why Grok might be Elon Musk’s bid for digital immortality, how Meta is building a Manhattan-sized data centre called Prometheus, how AI is helping create carbon-sucking concrete, and are bewildered that 2000 people “work” at the Candy Crush company.

Plus Graham takes a look at Elon’s latest creations: a giggling anime girlfriend desperate for your attention, and a cute cartoon red panda who wants to bomb a synagogue and moon the rabbi.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

If you would like to further support the podcast, and gain access to ad-free episodes, become a support…

Именно в этом и заключается метод выявления киберугроз под названием UEBA — User and Entity Behavior Analytics (поведенческий анализ пользователей и сущностей).

Как работает UEBA в рамках SIEMСогласно определению, UEBA, или «поведенческий анализ пользователей и сущностей», это технология выявления киберугроз, основанная на анализе поведения пользователей, а также устройств, приложений и иных объектов в информационной системе.

Именно поэтому мы оснастили нашу SIEM-систему KUMA пакетом правил UEBA, предназначенным для комплексного выявления аномалий в процессах аутентификации, в сетевой активности и при запуске процессов на рабочих станциях и серверах, работающих под управлением Windows.

Кажд…

Как действует новый зловред и как от него защититься — читайте в нашем материале.

Как шпион попадает в телефонМы обнаружили новую вредоносную кампанию, направленную на пользователей Android в России.

Потенциальной жертве может прийти сообщение с предложением установить ПО как от незнакомца, так и от взломанного аккаунта человека из контактов — так, например, угоняют аккаунты в Telegram.

Потенциальной жертве может прийти сообщение с предложением установить ПО как от незнакомца, так и от взломанного аккаунта человека из контактов — так, например, угоняют аккаунты в Telegram.

Тем не менее защищаться от LunaSpy необходимо так же внимательно, как и от других угроз.

Неизвестные злоумышленники пытаются заманить Python-разработчиков, использующих PyPi и создателей плагинов для Firefox, имеющих аккаунты addons.mozilla.org, на фальшивые сайты площадок, с целью выманить их учетные данные.

В связи с чем мы рекомендуем разработчиков ПО с открытым исходным кодом (не только пользователей PyPi и AMO) быть особенно внимательными при переходе по ссылкам из писем.

Детали фишинговой атаки на разработчиков PyPiФишинговые письма, адресованные пользователям Python Package Index, рассылаются по адресам, указанным в метаданных пакетов, опубликованных на сайте.

Детали фишинговой атаки на аккаунты addons.mozilla.orgФишинг, приходящий разработчикам аддонов для Firefox имити…

Реклама запускалась через страницу BMO Belski в Facebook* — компания Meta**, владеющая обеими социальными сетями, позволяет запускать рекламу в Instagram*, используя только бизнес‑страницу в Facebook*, без необходимости создавать отдельный аккаунт в Instagram*.

Как и в случае с канадским банком, в Instagram* распространялась реклама с поддельным Мартином Вулфом, приглашавшим всех желающих присоединиться к его группе в WhatsApp для получения инвестиционных советов.

Эти материалы распространялись в более чем 1700 рекламных объявлениях, размещенных в Facebook* и Instagram*.

Мошенники распространяли поддельные рекламные видео в Facebook* и Instagram*, а также, как и в предыдущей схеме, приглаша…

Злоумышленники это прознали — молодые люди с несколькими работами стали для них удобной мишенью.

В период с последней половины 2024 до первой половины 2025 эксперты «Лаборатории Касперского» зафиксировали 6 млн атак с поддельными платформами.

Как обманывают зумеров при трудоустройствеЕсли когда-нибудь в ваш домовой чат приходило сообщение в духе: «СРОЧНАЯ удаленная работа, платим 5 тысяч в час», то это скорее всего мошенники.

Поиск такой работы отличается от классики: вся переписка проходит в мессенджерах, а деньги могут прилететь даже с личного счета заказчика.

Почему зумеров обманывают и что с этим делатьНекоторые компании внедряют BYOD-политику — когда работников просят использовать личн…

Но на успех проекта и саму его возможность влияют технические подробности и особенности реализации технологии в многочисленных корпоративных системах.

Поддержка passkeys в системах управления identityПеред тем как решать организационные проблемы и писать политики, стоит разобраться, готовы ли к переходу на КД основные ИТ-системы в организации.

Microsoft Entra ID (Azure AD) полностью поддерживает КД и позволяет администраторам выбрать КД в качестве основного метода входа в систему.

А вот для входа через RDP и VDI и входа в AD, работающую только on-premises, нативной поддержки у Microsoft пока нет.

Passkeys — не панацеяПереход на КД не означает, что команда ИБ может вычеркнуть угрозы identity…

Сегодня расскажем, как распознать фишинговые письма и что с ними делать.

Признаки фишинговых писемСуществуют несколько общепринятых признаков, которые могут явно указывать на то, что письмо прислано мошенниками.

Если вы живете, например, в России и вам пришло письмо с итальянского адреса — это повод насторожиться и полностью проигнорировать его содержимое.

Что делать, если пришло фишинговое письмоЕсли вы сумели опознать его по признакам, описанным выше, — браво, вы великолепны!

Свежий пример: на почту пришло письмо с якобы голосовым письмом в формате .SVG — обычно с таким разрешением отправляют картинки.

Мотивы перехода на passkeys в компанииКак и любая крупная миграция, переход на ключи доступа требует бизнес-обоснования.

Во многих индустриях регуляторы обязуют применять для аутентификации сотрудников устойчивые методы, и passkeys обычно признаются таковыми.

NIST SP 800-63 Digital Identity Guidelines разрешает использование syncable authenticators (в определении которых явно читаются passkeys) для уровня AAL2 и device-bound authenticators для AAL3.

В общем, выбирать именно passkeys для регуляторного соответствия необязательно, но многие организации находят этот путь экономически самым эффективным.

План перехода на passkeys для организации

Злоумышленники используют истекшие и удаленные ссылки-приглашения Discord для распространения вредоносных программ: AsyncRAT — для удаленного управления зараженным компьютером и Skuld Stealer — для кражи данных криптокошельков.

Как работают ссылки-приглашения в DiscordДля начала нам придется разобраться в том, как работают ссылки-приглашения Discord и чем они различаются между собой.

Если же ссылка создается через API Discord, для нее можно задать произвольное время действия — любое значение до 7 дней.

Далее пользователь проходит через цепочку редиректов и в итоге попадает на аккуратно оформленную веб-страницу, стилизованную под интерфейс Discord, в центре которой размещена кнопка Верифицир…

Вы наверняка хотя бы раз проходили опрос в Google Формах.

Дело в Google Формах.

Все дело в том, что подобные письма отправляются с почтовых серверов Google и содержат ссылку с доменом forms.gle.

Как защититься от скама с Google ФормамиСамый простой и понятный способ — довериться надежному защитному решению, которое предупредит вас при переходе на фишинговый сайт.

Если вы сильно устали от большого количества мошенничеств с использованием Google Форм, то можете самостоятельно настроить фильтр в почтовом клиенте по фразе Создать форму Google.

Сегодня мы разберем, как защитить свои данные в Garmin Connect и Connect IQ Store — двух сервисах одной из наиболее популярных экосистем спортивных гаджетов.

Как найти настройки приватности в Garmin ConnectНастройки приватности в приложении и веб-версии Garmin Connect расположены в разных разделах.

В веб-версии Garmin ConnectЗайдите на сайт Garmin Connect в браузере.

Создание зон приватностиВойдите в личный кабинет Garmin Connect в браузере (эта функция недоступна в мобильном приложении).

Регулярно обновлять прошивку своих гаджетов Garmin через Garmin Express на десктопах или через Garmin Connect на смартфонах.

Неизвестные злоумышленники активно атакуют серверы организаций, на которых установлены SharePoint Server 2016, SharePoint Server 2019 и SharePoint Server Subscription Edition.

Об опасности ситуации говорит тот факт, что патчи для уязвимостей были выпущены Microsoft поздно вечером в воскресенье.

Атакующие устанавливают на уязвимые серверы SharePoint веб-шеллы, а также похищают криптографические ключи, которые позднее могут позволить им выдавать себя за легитимные сервисы или пользователей.

На момент публикации этого материала, патчей для SharePoint 2016 нет, поэтому если вы все еще используете эту версию сервера, придется ограничиться компенсирующими мерами.

Если у вас есть основания подозре…

Да и сама схема была не совсем типичной — в ней жертву пытались заставить ввести корпоративные учетные данные от почты под предлогом изменений HR-политики.

Начать с того, что все содержимое письма, вместе с успокоительной зеленой плашкой и обращением по имени, — это картинка.

На самом деле код, конечно же, ведет на страницу, где пользователя просят ввести корпоративные учетные данные, за которыми и охотятся авторы схемы.

Даже имя в нем упомянуто дважды — в обращении и в строчке перед инструкцией «письмо предназначено для».

Вероятно, мы видим результат работы какого-то нового механизма автоматизации рассылок, генерирующего документ и картинку для письма под каждого адресата (ну или очень ста…

Перемещения людей и животных в доме — и даже незначительные жесты вроде помахивания рукой — возможно отслеживать при помощи Wi-Fi.

Давайте разберемся, как работает технология, можно ли ее использовать без рисков для конфиденциальности и как ее отключить при необходимости.

Требования и ограничения Wi-Fi sensingЕсть важные технические нюансы, необходимые для работы технологии Wi-Fi sensing и влияющие на ее применимость:Сам роутер должен иметь несколько антенн и поддерживать как минимум Wi-Fi 5 (он же 802.11ac).

Иногда в качестве «датчиков» подходят расширители дальности Wi-FI (Wi-Fi extenders) и устройства Mesh Wi-FI.

Есть перспективы у Wi-Fi Sensing и в нише домашней автоматизации: например,…

These publicly reachable endpoints become attractive targets for Denial-of-Service (DoS) attacks, wherein adversaries can flood the key exchange servers with a high volume of IKE traffic.

This approach reduces the processing burden on IKE servers by proactively filtering excessive traffic before it reaches the IKE server.

In parallel, we deployed a tracking system to identify source IPs exhibiting patterns consistent with IKE flooding behavior, enabling rapid response to emerging threats.

3: IKE Throttling in the VPP node graphFig.

5: IKE Throttling – IKE Throttling Reset MechanismProviding observability on high-rate initiators with a probabilistic approachTo complement the IKE throttling m…

Llama-3.1-FoundationAI-SecurityLLM-instruct-8B (Foundation-sec-8B-Instruct) layers instruction fine-tuning on top of our domain-focused base model, giving you a chat-native copilot that understands security context and follows natural-language directions straight out of the box.

Built for Security, Tuned for ConversationInstruction following — Foundation-sec-8B-Instruct obeys everyday prompts for summarization, question-answering, sentiment analysis, and creative text generation without any extra fine-tuning.

Compact footprint — A 4K-token context window lets Foundation-sec-8B-Instruct run on a single, high-memory GPU while we push toward much longer windows.

— A 4K-token context window let…

Elevating AI Supply Chain Security with Hugging FaceAt Cisco, we are on a mission to help every organization on the planet securely execute their AI strategy.

We’re proud to deliver our work on AI supply chain security to Cisco customers and now, the greater AI and security community.

Learn MoreThe Cisco Foundation AI team recently launched Cerberus, a 24/7 guard for the AI supply chain.

With the release of ClamAV 1.5, Cisco brings deeper visibility into the AI model supply chain to the security community.

All existing users of Cisco Secure Endpoint and Email Threat Defense are protected against malicious AI Supply Chain artifacts.

Email Threat Defense analyzes nearly 100 million emails every day, leveraging AI to protect thousands of customers from the latest threats.

Backed by over 20 years of experience in the email gateway space, we’re bringing the next wave of innovation to email security.

With the addition of our new UAE region, Email Threat Defense now operates in five regions globally expanding our reach while maintaining trusted, enterprise-grade security everywhere we serve.

By using Cisco Secure Email Threat Defense, businesses in the UAE can protect their communications, safeguard sensitive data, and keep their operations running smoothly with confidence.

Want to learn more about being an Email Threat Defe…

Our Secure Firewall 4225 is the first firewall ever to earn SE Labs’ coveted AAA rating in the ultra-tough Advanced Performance test, hot on the heels of its February AAA rating for efficacy.

Cisco Secure Firewall can tackle this challenge in multiple ways.

These capabilities led to the exceptional security efficacy and network performance highlighted in the SE Labs report.

In essence, the Cisco Secure Firewall 4225 doesn’t just block threats; it does so with industry-leading speed and efficiency, ensuring your network remains secure and your operations unhindered.

Explore the full SE Labs report to see how the Cisco Secure Firewall 4225 can secure your organization with uncompromised perfo…

A recent evaluation by SE Labs, a leading independent security testing firm, put Cisco Secure Email Threat Defense (ETD) under the microscope.

The SE Labs testing methodologySE Labs is known for its rigorous, real-world testing environments designed to simulate actual cyberattack scenarios using threats seen in the real-world at the time of testing.

1: SE Labs test case structureSecure Email Threat Defense: A clear standoutEmail Threat Defense excelled across both core evaluation areas.

What makes Email Threat Defense effective?

Email Threat Defense’s top score in SE Labs latest evaluation highlights its strength as credible and reliable threat protection in this space.

That’s why we’re excited to introduce Cisco XDR Connect—a new tool designed to make navigating this rich ecosystem easier than ever.

With a clean, intuitive interface and no Cisco XDR login required, XDR Connect lets users search, browse, and explore integrations and automation capabilities all in one place.

More than just a catalog, Cisco XDR Connect is a window into the breadth and depth of Cisco XDR’s interoperability.

Cisco XDR Connect fills that need, providing a streamlined way to explore what’s possible with Cisco XDR.

In Cisco XDR Connect, users can search, browse, and view the details of all available XDR integrations and automation content.

We’re pleased to share that customers reported significant increases in their level of satisfaction with our product’s ability to deliver security efficacy, simplified endpoint security and faster threat detection.

To address this, Cisco Talos doubled down on incorporating the latest threat landscape insights into Cisco Secure Endpoint detections, further strengthening our detection capabilities.

In fact, AV- Comparatives consistently assesses Cisco Secure Endpoint as having Low or Very Low False Positives in their Business Security Test.

Streamlined, User-Friendly Security ExperienceManaging endpoint security shouldn’t require a steep learning curve or a pile of disconnected tools.

We also…

That’s why we’re thrilled to announce that Universal Zero Trust Network Access (ZTNA) from Cisco has undergone rigorous independent testing by SE Labs, a leading authority in security testing, and has achieved its highest possible rating: AAA.

This marks a significant milestone as the industry’s first SE Labs test specifically focused on Universal ZTNA identity-based security.

The SE Labs test evaluated how effectively Universal ZTNA from Cisco could detect and block realistic, identity-focused attacks that mimic techniques used by advanced threat actors in the wild.

Across a total of 30 distinct attacks (12 Stolen Credentials, 8 MFA Brute-Forcing, and 10 Session Hijacking attempts), Univer…

NetSecOPEN testing brings transparency and relevance to security performance metrics, so customers can make informed decisions with confidence that lab-validated results reflect real-world network performance and threat efficacy.

NetSecOPEN is an independent nonprofit consortium that offers standardized network security testing, ensuring customers can trust and replicate results in their own environments.

And as part of Cisco’s Hybrid Mesh Firewall solution, the Catalyst 8300 strengthens branch security while complementing other enforcement points such as Cisco Secure Firewall and Firewall as a Service (FWaaS) from Cisco Secure Access.

Ask a question and stay connected with Cisco Security o…

With an open-source AI supply chain comes AI supply chain risks, as mentioned in our February discussion on the three pillars of this growing attack surface:Software (software library vulnerabilities, AI framework vulnerabilities)(software library vulnerabilities, AI framework vulnerabilities) Model (embedded malware within model files, architectural backdoors)(embedded malware within model files, architectural backdoors) Data (poisoning during training processes, licensing and compliance issues)Bringing AI Supply Chain Security to CiscoTo help organizations eliminate these risks automatically, the Foundation AI threat intelligence team has produced Cerberus, a 24/7 guard for the AI supply …

The result was the third edition of the Cyber Hard Problems report published last month.

The list of hard problems and accompanying analyses serve as a reference to develop research agendas, inform public and private investments and catalyze new collaborations.

Twenty years ago, when the National Academies last published the Cyber Hard Problems report, social media was for college kids with .edu emails and the global pandemic had yet to drive business online.

10 Cyber Hard Problems to SolveThe Cyber Hard Problems report updates and expands the critical list of challenges facing cyber resiliency today – offering focused, actionable guidance for researchers, practitioners and policymakers aro…

The Building Blocks of the Hybrid Mesh FirewallCisco’s Hybrid Mesh Firewall is more than just one tool — it’s a combination of advanced technologies that work together to protect your business at every level.

Cisco Secure FirewallCisco Secure Firewall acts as the foundation of your security architecture.

Cisco Security Cloud ControlManaging security across on-premises, cloud, hybrid and IoT environments can be complex.

Why the Hybrid Mesh Firewall MattersThe Hybrid Mesh Firewall isn’t just about security – it’s about enabling your business to grow and adapt without fear.

To learn more about how Cisco can help your organization achieve cybersecurity excellence, visit the Cisco Hybrid Mesh Fi…

We observed a machine with multiple alerts for malware Upatre , a malware variant often used to deliver other payloads.

Selecting ‘Malware Upatre’ opens the indicator in Secure Malware Analytics (SMA – formerly Threat Grid) to further understand the behaviors of malware Upatre .

Using Splunk to Search for Additional Connections — Using Splunk to find additional connection to pcapp[.

Using Splunk to Search for Additional Connections — Using Splunk to find additional connection to pcapp[.

Check out our main blog post — Cisco Live San Diego 2025 SOC — and the rest of the Cisco Live SOC content.

Technologies such as Cisco XDR and Security Cloud and Splunk Enterprise Security, Splunk Attack Analyzer, and Splunk Cloud are the perfect pairing to reduce the Mean time to Detect, Respond, Contain, and Eradicate (MTTx) significantly.

Want to learn more abut what we saw at Cisco Live San Diego 2025?

Check out our main blog post — Cisco Live San Diego 2025 SOC — and the rest of our Cisco Live SOC content.

Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social MediaLinkedInFacebookInstagramXShareShare:

We’re excited to launch Microsoft Secure Future Initiative (SFI) patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale.

Introducing SFI patterns and practices taxonomyJust as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges.

Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.

Joining the SFI patterns and practices journeySFI patterns and practices is your guide to turning architecture i…

Defender Experts now offers 24/7, expert-driven protection for cloud workloads, beginning with hybrid and multicloud servers in Microsoft Defender for Cloud. Additionally, third-party network signals can be used in Microsoft Defender Experts for XDR to enhance incidents for faster and more accurate detection and response.

The post Elevate your protection with expanded Microsoft Defender Experts coverage appeared first on Microsoft Security Blog.

As a complete Zero Trust access solution, the Microsoft Entra Suite unifies identity governance, protection, verification, and network access security to deliver consistent, granular access controls across your environment.

The Total Economic Impact™ study of the Microsoft Entra SuiteTo quantify the Suite’s impact, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study of Microsoft Entra Suite.

The momentum behind these results is fueling the next wave of Microsoft Entra innovation, as mentioned later in this blog and which will be highlighted this week at the Microsoft Entra Suite Summer Camp!

Microsoft Entra Suite empowers organizations to converge acc…

The combination of the individual Microsoft identity solutions is great.

The Identity Security initiative offers an identity-specific view of recommended actions from across on-premises and cloud identities, identity infrastructure, and third-party identity providers.

Where the integration truly shines, however, is our identity threat response capabilities.

Microsoft Identity Threat Detection and Response Get comprehensive protection for all of your identities and identity infrastructure.

Learn more about Microsoft Identity Threat Detection and Response.

Secret Blizzard is attributed by the United States Cybersecurity and Infrastructure Agency (CISA) as Russian Federal Security Service (Center 16).

Secret Blizzard AiTM infection chainApolloShadow malwareApolloShadow uses two execution paths depending on the privilege level of the running process.

Defending against Secret Blizzard activityMicrosoft recommends that all customers, but especially sensitive organizations operating in Moscow, should implement the following recommendations to mitigate against Secret Blizzard activity.

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To hear stories and insights fro…

After discovering the bypass technique during proactive hunting for processes with privileged entitlements, we shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

We thank the Apple security team for their collaboration in addressing this vulnerability and encourage macOS users to apply these security updates as soon as possible.

The determination of UTI for dynamic types can be done with the uttype utility, even if the calling app does not have TCC access to the right directory.

Strengthening protection against TCC bypass attacksAttackers with the ability to bypass TCC protections on macOS devices can acces…

By unifying all your security data, Microsoft Sentinel data lake, now in public preview, accelerates agentic AI adoption and drives unparalleled visibility, empowering teams to detect and respond faster.

With Sentinel data lake, you’re no longer forced to choose between retaining critical data and staying within budget.

Now, you can continue your own journey and onboard Microsoft Sentinel data lake.

Microsoft Sentinel data lake was purpose-built to solve this challenge and provides the foundation for agentic defense.

Microsoft Sentinel data lake can be a valuable tool for data centralization and visibility and for historical analysis across large volumes of datasets.

Use or upgrade to supported versions of on-premises Microsoft SharePoint Server.

Note: AMSI integration was enabled by default in the September 2023 security update for SharePoint Server 2016/2019 and the Version 23H2 feature update for SharePoint Server Subscription Edition.

Post-exploitation web shell droppedLook for the web shell dropped via the PowerShell command.

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

Microsoft will spotlight its AI-first, end-to-end security platform at Black Hat USA 2025. Read our blog post for details on how to connect with us there and what to expect from our participation.

The post Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense appeared first on Microsoft Security Blog.

Yet, despite the critical role email security plays in protecting organizations, there is limited transparency and standardization in how email security effectiveness is measured and communicated.

As both an email platform and a security provider, we want to work together with our ecosystem and do more to empower customers to understand email security effectiveness.

The first describes the protection value added by Integrated Cloud Email Security (ICES) vendors, which detect and remediate threats after Microsoft Defender for Office 365.

The second describes the value of Secure Email Gateways (SEGs), which filter emails before they reach Microsoft Defender for Office 365.

Learn moreLearn mor…

Microsoft Security Copilot agents, introduced this year, automate routine tasks by fitting naturally into existing workflows across the security stack.

Supporting a global SOC: Security analysts navigate many complexities in their daily operations—language barriers should not be one of them.

Learn moreIf you’re not yet taking advantage of Microsoft’s leading endpoint security solution, visit Microsoft Defender for Endpoint and start a free trial today to evaluate our leading endpoint protection platform.

Share your insights on Microsoft Defender for Endpoint and get rewarded with a $25 gift card on Gartner Peer Insights™.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity…

Recent activity shows Octo Tempest has deployed DragonForce ransomware with a particular focus on VMWare ESX hypervisor environments.

Octo Tempest detection coverageMicrosoft Defender has a wide range of detections to detect Octo Tempest related activities and more.

Based on previous learnings from popular Octo Tempest techniques, attack disruption will automatically disable the user account used by Octo Tempest and revokes all existing active sessions by the compromised user.

In addition to these tables, analysts can also use exposure insights from Microsoft Security Exposure Management.

Also, follow us on Microsoft Security LinkedIn and @MSFTSecurity on X for the latest news and updates o…

When Microsoft introduced Microsoft Security Copilot last year, our vision was to empower organizations with generative AI that helps security and IT teams simplify operations and respond faster.

We’re excited to announce the Security Copilot capabilities in Microsoft Intune and Microsoft Entra have moved from preview to general availability.

As part of our ongoing commitment to enhancing the embedded experience of Security Copilot across Microsoft Security products, we’re excited to introduce a new in-portal capacity calculator available in the Security Copilot standalone experience (Azure account required).

Learn more about how to apply Microsoft Intune and Microsoft Entra to your program…

We are proud to share that Forrester has named Microsoft a Leader in The Forrester Wave™: Zero Trust Platforms, Q3 2025 report, ranking us highest in the strategy category.

This integration spans the entire Microsoft Security portfolio—Microsoft Defender, Microsoft Purview, Microsoft Intune, Microsoft Sentinel, and Microsoft Entra—to provide a unified platform that secures identities, endpoints, data, apps, infrastructure, and AI.

With the right Zero Trust security strategy, you can embrace AI’s transformative power while keeping your organization secure.

For more information on this recognition, check out the full Forrester Wave™: Zero Trust Platforms, Q3 2025 report.

The Forrester Wave™: …

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts.

Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and distribute provenance.

With an estimated value exceeding $12 trillion, open source software has never been more integral to the global economy.

For publishers and maintainers of open source packages, OSS Rebuild can...

If you're a developer, enterprise, or security researcher interested in OSS security, we invite you to follow along and get involved!

Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures.

This is particularly useful for Advanced Protection users, since in 2023, plaintext HTTP was used as an exploitation vector during the Egyptian election.

JavaScript Optimizations and Security Advanced Protection reduces the attack surface of Chrome by disabling the higher-level optimizing Javascript compilers inside V8.

Javascript optimizers can be disabled outside of Advanced Protection Mode via the “Javascript optimization & security” Site Setting.

We…

Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approachGoogle has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle.

From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level.

Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article.

Moving forwardOur comprehensive prompt injection security strategy strengthens the overall security framework for Gemini.

The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

To safeguard Chrome’s users, and preserve the integrity of the Chrome Root Store, we are taking the following action.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described in this blog post by installing the corresponding root CA certificate as a locally-trusted root on the platform Chrome is running (e.g., install…

Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems.

In 2019, using the same physical assumptions – which consider qubits with a slightly lower error rate than Google Quantum AI’s current quantum computers – the estimate was lowered to 20 million physical qubits.

Normally more error correction layers means more overhead, but a good combination was discovered by the Google Quantum AI team in 2023.

Another notable error correction improvement is using "magic state cultivation", proposed by the Google Quantum AI team in 2024, to reduce the workspace required for certain basic quantum operations.

These algorithms can already be deployed to d…

To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users.

Advanced Protection gives users:Best-in-class protection, minimal disruption: Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Defense-in-depth: Once a user turns on Advanced Protection, the system prevents accidental or malicious disab…

Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.

Now, Google Play Protect live threat detection will catch apps and alert you when we detect this deceptive behavior.

We’ve made Google Play Protect’s on-device capabilities smarter to help us identify more malicious applications even faster to keep you safe.

Google Play Protect now uses a new set of on-device rules to specifically look for text or binary patterns to quickly identify malware families.

This update to Google Play Protect is now available globally for all Android…

Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data.

Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts.

Chrome has always worked with Google Safe Browsing to help keep you safe online.

Standard Protection users will also benefit indirectly from this feature as we add newly discovered dangerous sites to blocklists.

Beyond tech support scams, in the future we plan to use the capabilities described in this post to help detect other popular scam types, such as package tracking scams and unpaid toll scams.

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers.

This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources.

Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1).

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1…

In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library.

These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy.

These features are why we recommend Sigstore’s signing mechanism as the default approach for signing ML models.

Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods.

This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional so…

The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome.

It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy.

Last spring, the Chrome Root Program led ecosystem-wide experiments, emphasizing the need for linting adoption due to the discovery of widespread certificate mis-issuance.

We recently landed an updated version of the Chrome Root Program Policy that further aligns with the goals outlined in “Moving Forward, Together.” The Chrome Root Program remains committed to proactive advancement of the Web PKI.

We continue to value collaboration with web…

We’re excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.

What is a Titan Security Key?

How do I use a Titan Security Key?

Where can I buy a Titan Security Key?

You can buy Titan Security Keys on the Google Store.

In December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR.

With guided remediation support for Maven, you can remediate vulnerabilities in both direct and transitive dependencies through direct version updates or overriding versions through dependency management.

We also introduced machine readable output for guided remediation that makes it easier to integrate guided remediation into your workflow.

VEX Support: We're planning to add support for Vulnerability Exchange (VEX) to facilitate better communication and collaboration around vulnerability information.

Try OSV-Scanner V2You can try V2.0.0 and contribute to its ongoing developme…

Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of $12 million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who’s reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who’ve recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and rel…

Scam Detection in Google Messages uses powerful Google AI to proactively address conversational scams by providing real-time detection even after initial messages are received.

You can turn off Spam Protection, which includes Scam Detection, in your Google Messages at any time.

Scam Detection in Google Messages is launching in English first in the U.S., U.K. and Canada and will expand to more countries soon.

Scam Detection for callsMore than half of Americans reported receiving at least one scam call per day in 2024.

If enabled, Scam Detection will beep at the start and during the call to notify participants the feature is on.