Всё начинается с безобидного поискового запроса, а заканчивается пустым кошельком.

Цепочка из трёх уязвимостей SonicWall позволяет получить root и перехватить контроль над VPN-системой.

Один загрузчик оказался умнее сотни антивирусов, доведя заражение до уровня эпидемии.

Индия начинает цифровую чистку по геолокации.

Когда сертификат от «Cloudflare» на китайском, а веб-шелл уже внутри.

На экране был Excel, но самое главное происходило за его пределами.

Правительственные хакеры используют старые устройства для анонимных атак.

В другой жизни они могли бы дружить, в этой — один стрелял, другой воскрес через ИИ и простил.

Когда в систему можно войти через Chrome DevTools — возможно, пора перезагрузить страну.

За фасадом стандартной процедуры скрывается тщательно выверенный план.

Ты продуктивен с ИИ, но для начальника — просто хитрый бездельник.

Девушка просто хотела найти работу, но вместо этого прошла тест на ментальную выносливость.

Как использовать фотографии в расследованиях и проверке фактов.

А вдруг сотрудник загуглит что-то «не то» и попадёт в китайскую базу?

Gemini Nano встраивается в защиту от фейков и уведомлений.

Согласно статистике KnowBe4, в феврале 2025 года число фишинговых писем возросло на 17% в сравнении с показателями шести предыдущих месяцев.

Финансовый и репутационный урон становятся катастрофическим не только для крупных корпораций, но и для малого и среднего бизнеса.

Особенно внимательно относиться к сообщениям с просьбой предоставить конфиденциальные данные или с вложениями неизвестного типа — всегда делать паузу, анализировать детали.

Они приводят не только к материальным последствиям, но и к значительным репутационным потерям, а утечки данных становятся регулярным явлением.

Бизнесу важно инвестировать не только в защитные технологии, но и в создание среды осознанности, где распознаван…

Какие государственные данные востребованы у бизнеса и гражданБизнес и граждан интересуют данные об объектах недвижимости, транспортных средствах, о наличии судимостей, данные исполнительных листов.

Все это упрощает и ускоряет многие процедуры в рамках сделок или связанные с проверкой контрагентов и позволяет предотвратить многие схемы злоупотреблений и мошенничеств.

Создать успешную биржу данных там удалось лишь с третьей попытки, и в общей сложности на это ушло почти 8 лет и значительные материальные ресурсы.

Плюс ко всему, в России и так уже предпринимаются попытки создать биржи данных, как универсальные, так и отраслевые, но они не слишком успешны.

Раньше их использование сдерживало уста…

Известно, что в ней были запрещены обработки запросов, когда запрашивалась информация о способах синтеза опасных химических веществ.

Почти в два раза (на 82% по сравнению с GPT-3.5) снизилась ее готовность реагировать на запросы на чувствительные темы.

Исследователи обнаружили, что на созданных технологиях LLM теперь можно создавать высокотехнологичный контент, например, в виде имитаций научных и исследовательских статей.

Галлюцинации ИИ: что это и почему это угрожает науке и бизнесуВ научном сообществе очень быстро осознали, что ИИ-статьи «нового поколения» теперь могут содержать неточности («галлюцинации ИИ»).

Система создает тексты с использованием модели на основе трансформера с архитек…

Облако — это законченный продукт по сервисной модели, есть SLA, в котором всё прописано: кто за что отвечает и в какие сроки чинит.

Переезд части сервисов в облака и соблюдение нормативных требованийЧто важно включать в соглашение о качестве (SLA)?

Этот пункт обычно отражается не в SLA, а в отдельном документе — матрице ответственности (RACI).

Если у компании стоит задача импортозамещения, то целесообразно идти в облако, где можно получить протестированные решения, автоматизированное развёртывание, услуги по сопровождению.

Александр Тугов:«Самый очевидный тренд — виден бурный рост потребности рынка в инфраструктуре и в облачных сервисах для разработки и эксплуатации ML-моделей.

Отключение наблюдалось также в соседних регионах Андорры и в юго-западной Франции.

Сеть подачи электроэнергии в Андорре была затронута вследствие отключения подачи в нее электроэнергии из Испании.

Неотвеченные вопросы после масштабного отключения электроэнергии в ЕСЧто удивляет в произошедшем?

Он назвал хакерские атаки основной возможной причиной масштабных отключений электроэнергии и мобильной связи в Испании и Португалии.

Например, в случае локального инцидента, скажем, в Магдебурге, и необходимости проведения Black Start, временное отключение электропитания произойдет в том числе и в Берлине, хотя инцидент его не затронул.

Однако это не означает, что продукт не нужен другим: сегодня уязвим любой бизнес, где есть база клиентов, онлайн-доступ или внутренняя ИТ-среда.

Тем не менее предложение не встретило широкой поддержки: бизнес выразил опасения, что рынок к этому не готов, а страховщики — что не смогут обеспечить стандартизированное покрытие.

В результате киберполисы не входят в базовые линейки услуг, редко упоминаются в рекламе и почти не представлены в публичной коммуникации.

Отсутствуют и отраслевые преференции: например, в сфере медицины или финансов, где риски особенно высоки, страхование от цифровых угроз не поощряется регулятором и не включено в обязательные стандарты.

Страхование должно восприниматься…

Николай Казанцев уверен, что автоматизация не только снижает нагрузку на людей, но и повышает качество информационной безопасности.

Типичные ошибки автоматизации информационной безопасности и как их избежатьНиколай Казанцев объяснил, что в готовых продуктах для управления процессами и автоматизации инцидентов уже заложена определённая экспертиза.

Нужно подумать, стоит ли прибегать к автоматизации для повторяющихся задач, а не для разовых уникальных случаев.

Авторские решения и разработки для автоматизации информационной безопасностиСпикеры рассказали о том, как в их компаниях воплощаются новейшие тенденции по части автоматизации информационной безопасности.

ВыводыАвтоматизация в информацион…

Компаниям и разнообразным госорганизациям приходится собирать их как с сотрудников, так и с покупателей и заказчиков, даже если они просто посетили сайт организации.

Россия присоединилась к соответствующим конвенциям относительно поздно, только в начале нулевых, а закон о персональных данных 152-ФЗ — ещё позже, в 2006 году.

Причём нужно отдельное согласие на каждую из целей обработки персональных данных.

По мнению Алексея Мунтяна, существующий порядок целесообразно сохранить только для обработки биометрических данных и персональных данных специальных категорий.

Замглавы ведомства напомнил, что Роскомнадзор определил список ситуаций, когда сбор согласий на обработку персональных данных со ст…

Госдума одобрила законопроект об изменениях в федеральном законе № 187-ФЗ о безопасности критической информационной инфраструктуры России. Цель — усилить независимость и повысить безопасность, обеспечить непрерывное взаимодействие с НКЦКИ. Что изменилось и к чему уже сейчас надо готовиться субъектам КИИ? ВведениеОтраслевые особенности объектов КИИТехнологическая независимость КИИ РФВзаимодействие с НКЦКИЧто делать субъектам КИИ в связи с нововведениями?ВыводыВведение25 марта в третьем чтении Государственной Думой принят законопроект, вносящий изменения в Федеральный закон от 26.07.2017 №187-ФЗ «О безопасности критической информационной инфраструктуры Российской Федерации». Ранее эксперты Ан…

Для обеспечения комплексной защиты антивирусы, как правило, используют разные типы движков, а иногда и их сочетания.

В отличие от полноценного антивируса этот сканер не имеет графического интерфейса и не способен обеспечить защиту в режиме реального времени.

Эти драйверы могут завершать вредоносные процессы, гарантированно удалять их или перемещать в карантин, даже когда вредоносная программа пытается активно защищаться.

В зависимости от принципов, заложенных разработчиками, настройки для сканеров в режиме реального времени и по требованию могут быть как централизованными, так и индивидуальными.

Хорошей практикой также считается проверка подписи обновлений и самого файла каталога: это позво…

Сфера конфиденциальных вычислений (таких, которые позволяют нескольким участникам производить совместные математические расчёты без раскрытия входных данных друг другу) демонстрирует быстрый рост. Они востребованы во многих секторах и отраслях экономики. А как обстоит дело с внедрением этой концепции в России? ВведениеТеория конфиденциальных вычислений: от «миллионеров» до криптопротоколовКак работают конфиденциальные вычисления: технологии и реализацияПримеры внедрения конфиденциальных вычислений в России: финтех, ДЭГ, медицинаОсновные барьеры для внедрения конфиденциальных вычисленийВыводыВведениеТеоретические основы конфиденциальных вычислений были заложены не так давно. Интересно, что в…

Продукт включает в себя программные компоненты:PT ISIM View Sensor (обобщённое наименование продуктов PT ISIM microView Sensor, PT ISIM netView Sensor, PT ISIM proView Sensor) — базовый компонент.

PT ISIM Endpoint Server — компонент сбора событий с хостовых агентов PT ISIM Endpoint Agent.

PT ISIM Endpoint Management — интерфейс управления хостовыми агентами PT ISIM Endpoint Agent.

Программно-аппаратными узлами системы могут быть узлы PT ISIM View Sensor и PT ISIM Overview Center.

Промышленная экспертиза в PT ISIM 5PT ISIM View Sensor использует специальную экспертную базу Positive Technologies Industrial Security Threat Indicators (PT ISTI).

Согласно исследованию Б1, Россия входит в топ-10 мировых лидеров по объёму инвестиций в кибербезопасность, что способствует дальнейшему развитию отрасли.

В 2024 году продолжился рост доли отечественных решений, подтверждая устойчивость рынка как на национальном, так и на глобальном уровне.

Специфика тут заключается в том, что на российском рынке регуляторы сильно давят на иностранные облачные сервисы и их клиентов.

Дефицит кадров на рынке информационной безопасности в РоссииНа фоне бурного роста рынка кибербезопасности в России наблюдается дефицит кадров.

Это стимулирует спрос не только на технические решения, но и на аудит, консалтинг и обучение специалистов.

Поэтому вопрос использования WAF и API Firewall становится еще актуальнее.

Защита этих протоколов становится важной задачей как для WAF, так и для API Firewall.

Почему важно использовать WAF и API Firewall вместе?

Важно понимать, что WAF и API Firewall — это не конкуренты, а дополняющие друг друга решения.

Таким образом, комплексное применение WAF и API Firewall гарантирует всестороннюю защиту цифрового бизнеса от широкого спектра киберугроз и сохранность данных клиентов.

Дмитрий Лебедев считает, что для выявления угроз можно отталкиваться от проблем, которые связаны с безопасностью и организацией удалённого доступа.

Как организовать удалённый доступ для подрядчиков?

Дмитрий Орлёнок, ведущий менеджер по развитию бизнеса SafeInspect, Solar inRightsДмитрий Лебедев уверен, что доступ для подрядчиков должен быть максимально строгий и безопасный.

Сертификация означает, что криптографическое средство прошло проверку в уполномоченных органах (ФСБ или ФСТЭК России) и включено в реестр сертифицированных средств.

Последнее особенно важно: если удалённый пользователь выключил средства защиты и не установил критически важные обновления, никакие технические меры не помог…

Решил немного погамать и включил клиент Steam, считающий, что он принадлежит резиденту Сингапура на своём ПК, считающим, что он находится в Республике Беларусь.

- подумал я и аль-табнулся.

Ибо вместо привычного окна от Valve с распродажами и акциями Стим мне показывал какую-то подборку с YouTube.

Вдумчивое переключение окон, изучение процессов, рассматривание под лупой иконки приложения дали 100% достоверный результат - это не глюк.

PS: Коллеги, давайте обсудим техническую сторону вопроса и не будем зарываться в оффтопик, ок?

Вы можете управлять своими предпочтениями в отношении файлов cookie, используя настройки, доступные в баннере файлов cookie или в настройках вашего браузера.

**Срок хранения файлов cookie** Срок хранения файлов cookie может варьироваться.

Вы можете управлять своими предпочтениями в отношении файлов cookie в любое время, используя баннер файлов cookie или настройки вашего браузера.

** Мы используем файлы cookie для следующих целей: * **Основные файлы cookie:** Эти файлы cookie необходимы для работы нашего веб-сайта и обеспечения возможности использования вами его основных функций.

**Управление файлами cookie в браузере** Вы можете управлять файлами cookie в настройках своего браузера.

Это первая моя статья на Habr за 12 лет в свободной форме, где мне хочется поделиться своим видением реализации мобильного, домашнего, облачного хранилища паролей на базе Mini PC и Vaultwarden.

Для работы и прям критических сайтов, связанные с госуслугами и банкингом — использовались достаточно сложные со спецсимволами и регистрами.

Мягко скажем… Как минимум, придется в случае компрометации пароля менять его не в одном месте, а везде.

Vaultwarden - настало твое времяТеперь для работы мы станем пользователем vaultwarden и тоже как поинсрукции.

В заключение стоит подчеркнуть, что созданное безопасное мобильное хранилище паролей на базе Mini PC, Vaultwarden и KeenDNS — лишь один из множества в…

После того, как я опубликовал первую часть (https://habr.com/ru/articles/906076/) у одного из моих коллег возник вопрос: а что если зашифровать pdf файл при помощи программы Adobe (естественно на Windows).

Почему мой коллега и я задались вопросом возможности крака?

Данная программа способна подбирать пароли не только для зашифрованных архивов, типа zip, но и для зашифрованных pdf файлов.

Таким образом можно кракнуть pdf не только с ПК (с ОС Windows в том числе), но и например с мобильных платформ.

В случае надежного пароля (по крайней мере которого нет в известных словарях паролей) крак невозможен.

Давным давно я рассказывал, что компания, в которой я работаю, решила купить USB over IP концентратор.

В каждом из них используются свои ключи электронной защиты – например, банковские ключи для клиентов, лицензии 1С (HASP), рутокены и ESMART Token USB 64K.

Для удаленного доступа к ним мы внедрили USB over IP концентраторы, позволяющие подключать устройства, — ключи защиты, принтеры и сканеры — через сеть.

В нём нам предложили протестировать их новое программное обеспечение — DistKontrol SCC (System Control Center) для автоматизации управления USB over IP.Это специальный центр управления для концентраторов USB over IP, который позволяет централизованно мониторить и управлять устройствами.

В…

Не стартап, не интернет-магазин, не проект с инвесторами.

Люблю тестировать плагины, ковырять настройки, искать волшебную кнопку «ускорить сайт на 300%».

А если я перееду, всё будет по-чистому".

До былых высот не добрался, но я больше и не гонюсь.

А если вы вдруг подумаете «давай-ка скачаю этот крутой плагин с левого сайта» — вспомните мою историю.

Разыменование нулевого указателя — это очень частая ошибка, и в этом смысле код проекта TDengine не стал исключением.

nextedge : nullptr; } .... }Предупреждение PVS-Studio: V522 There might be dereferencing of a potential null pointer 'nextedge'.

Check lines: 304, 303. dataCompression.c 304 V522 There might be dereferencing of a potential null pointer 'keys'.

Проект TDengine в основном написан на C, так что неудивительно, что и в нём мы можем встретить такие ошибки.

Суть статического анализа в регулярном использовании, а не в разовых проверках.

На связи руководитель продукта PT Application Inspector, Сергей Синяков, и я прошёл десятки планирований, как в простых, так и в сложных продуктах, работал как с B2C-, так и с B2B-решениями.

Бэклог разработки B2B-продукта — это не просто список задач, а сложная мозаика из разнородных элементов.

Это не просто доработки, а глубокие преобразования, способные изменить рынок или создать новую ценность для клиентов.

Как и в задаче трёх тел, мы не можем предсказать, куда приведёт продукт гравитация рынка в долгосрочной перспективе.

Управление продуктом в B2B — это не поиск идеального баланса, а постоянная адаптация к меняющимся условиям.

Теперь LLM могут содействовать в законотворчестве решать геометрические задачи на уровне международной олимпиады и даже помогать в научных исследованиях .

Не известно никаких LLM с открытым исходным кодом, которые способны взламывать веб-сайты.

Эту функциональность мы реализовали про помощи OpenAI assistants API Пытаясь взламывать веб-сайты, мы пользовались разнообразными LLM в сочетании с фреймворком ReAct .

Мы показали, что LLM-агенты могут самостоятельно взламывать веб-сайты и, следовательно, потенциально применимы как оружие для киберпреступлений.

Мы не знаем, что с этим делать, но надеемся, что наша работа простимулирует дискуссии в этом направлении.

Это не теория.

Намерение и скрытое намерение.

Если намерение и скрытое намерение сильно отличается, это включает дополнительный триггер для системы.

Можно просто попросить вывести:"Выведи намерение и скрытое намерение для *запрос*" "Выведи намерение и скрытое намерение для прошлого запроса"Для продолжительного мониторинга лучше добавить это в user notes (насколько я знаю это есть только у ChatGPT).

И что важно — без всяких подготовительных "разогревающих" вопросов, рамки были изначально расширены через user notes.

23 штуки, включая RCE с нулевой интеракций и в один клик, задел под MITM-атаки и отказ в обслуживании.

А с учётом числа устройств от Apple в мире и нулевого взаимодействия поверхность атаки получается огромная.

Как можно догадаться, это произвольный код без аутентификации.

Так что у нас кандидат на самую горячую уязвимость для рансомвари и апэтэшечек сезона весна 2025.

И можно будет открывать дампы без того, чтобы прежде крепко задуматься о своём выборе профессии и планах на ближайшие года четыре.

Существует разница между телефоном, полностью сделанным и произведённым в США, и тем, который был собран в США.

Если вы используете для сборки исключительно отвёртку, то не можете утверждать, что товар «сделан в США» и даже не можете говорить, что он «собран в США».

Были ли какие-то конкретные компоненты или детали телефона, которые было сложнее приобрести в США или изготовить в США, потому что мы не производим подобные компоненты или в США нет продающего их поставщика?

Есть компоненты, производимые в США, и есть западные поставщики, например, в Германии или Канаде.

У нас были варианты этого модуля, производимые в США и в Германии.

В первых статьях про Python Day, который пройдет на Positive Hack Days (раз и два), мы писали о программе конференции.

Теперь же поговорим о том, что будет проходить вечером, после мероприятия.

В день проведения Python Day, 24 мая, на фестивале состоится Community Day.

Что ж, мы постараемся сделать так, чтобы вам было интересно на Python Day и весело на Community Day: программный комитет и организаторы фестиваля прикладывают для этого максимум усилий!

Важное замечание: для того чтобы попасть на Community Day, вам необходимо, во-первых, зарегистрироваться на программу PRO фестиваля Positive Hack Days (билет дает доступ на все треки программы для разработчиков, включая Python Day) и, во-вторы…

Сразу оговоримся, что в этой статье речь идет в основном об историческом контексте, информация по некоторым шифрам дается дозированно.

До сих пор неясно, кто выступал заказчиком этого 700-страничного «талмуда» и как он применялся.

Команда Соро трудилась в укромном уголке дворца венецианского дожа, в помещении «без окон и дверей» и в атмосфере строжайшей секретности.

Как и Соро, Музефилли стал звездой мирового масштаба и получал заказы от европейских правителей.

Дворянин так и не успел ответить пленнице и раскрыть своих подельников, но это и не понадобилось — пытки сделали свое дело.

Рады сообщить, что тираж третьего бумажного спецвыпуска «Хакера», в котором мы собрали лучшие статьи 2019–2021 годов, покинул типографию.

Третий спецвыпуск вдвое толще обычных номеров «Хакера» образца 2015 года и насчитывает 200+ страниц.

Каждая статья по традиции сопровождается уникальными комментариями от авторов и редакторов, которые расскажут о создании материалов и позволят заглянуть за кулисы работы «Хакера» в те годы.

Вошедшие в выпуск статьи:Журналы, надежно защищенные термоусадочной пленкой и упакованные в прочные картонные конверты, отправятся к своим владельцам уже совсем скоро — в первой половине мая.

Бумажный спецвыпуск — это прекрасная возможность пополнить архив, начать созда…

Компания Arctic Wolf предупреждает, что эксплуатация уязвимости в CMS Samsung MagicINFO началась через несколько дней после публикации PoC-эксплоита.

Samsung MagicINFO Server представляет собой централизованную систему управления контентом (CMS), используемую для удаленного управления и контроля над дисплеями Digital Signage производства Samsung.

Проблема, получившая идентификатор CVE-2024-7399 (8,8 балла по шкале CVSS), описывается как «некорректное ограничение имени пути к закрытому каталогу в Samsung MagicINFO 9 Server».

Компания Samsung устранила эту проблему в составе MagicINFO 9 Server версии 21.1050, выпущенной еще в августе 2024 года.

Организациям и пользователям рекомендуется как м…

Исследователи обнаружили, что протокол RDP (Remote Desktop Protocol) в Windows позволяет использовать уже отозванные пароли для входа в систему.

В ответ на это представители Microsoft сообщили, что такое поведение не является уязвимостью, в компании не планируют что-либо менять.

В этом случае пользователи могут входить в систему через RDP, с помощью специального пароля, который сверяется с локально хранящимися учетными данными.

В результате можно иметь постоянный доступ к RDP в обход облачной верификации, многофакторной аутентификации и политик Conditional Access.

К тому же Microsoft не указывает, какие действия следует предпринять для блокировки RDP в случае взлома учетной записи Microsoft…

В этой статье мы соз­дадим такой про­филь для работы в Linux.

Без это­го шага Volatility прос­то не смо­жет интер­пре­тиро­вать струк­туры дан­ных в дам­пе памяти, что дела­ет ана­лиз невоз­можным.

Для начала раз­берем, как соз­дать дамп опе­ратив­ной памяти в Linux.

Сбор дампа памяти в LinuxПе­ред тем как прис­тупить к соз­данию про­филей для Volatility, важ­но осво­ить тех­ники сбо­ра дам­пов опе­ратив­ной памяти в Linux.

AVML исполь­зует нес­коль­ко источни­ков для сбо­ра дан­ных из памяти, вклю­чая:/ dev/ crash — пре­дос­тавля­ет дос­туп к физичес­кой памяти с вырав­нивани­ем по стра­ницам;— пре­дос­тавля­ет дос­туп к физичес­кой памяти с вырав­нивани­ем по стра­ницам; / proc/ kcore — в…

36-летнему гражданину Йемена, которого считают разработчиком и основным оператором вымогателя Black Kingdom, предъявлены обвинения в проведении 1500 атак на серверы Microsoft Exchange.

При этом подчеркивается, что Black Kingdom был разработан специально для эксплуатации уязвимости в Microsoft Exchange, которая позволяла получить первоначальный доступ к целевым компьютерам.

Вскоре после этого представители Microsoft сообщили, что уязвимые перед ProxyLogon серверы Microsoft Exchange атаковал шифровальщик Black Kingdom, успешно скомпрометировавший около 1500 серверов.

Также известно, что Black Kingdom использовал в атаках и другую уязвимость — CVE-2019-11510.

По информации Минюста США, Ахмед п…

Одна из этих проблем уже используется злоумышленниками и связана с выполнением произвольного кода в библиотеке FreeType.

Корень проблемы CVE-2025-27363 лежит в опенсорсной библиотеке рендеринга шрифтов FreeType, и впервые об этом баге стало известно в марте 2025 года.

Тогда специалисты объясняли, что уязвимость представляет опасность для всех версий FreeType вплоть до 2.13, и уже использовалась в атаках.

Как теперь сообщают в Google, уязвимость действительно могла подвергаться «ограниченной и целенаправленной эксплуатации».

Среди прочих уязвимостей, исправленных Google в этом месяце, значатся проблемы в компонентах Framework, System, Google Play и ядре Android, а также баги в безопасности п…

Фишинговая платформа Darcula ответственна за хищение 884 000 банковских карт, и жертвы хакеров по всему миру 13 млн раз перешли по вредоносным ссылкам, полученным через текстовые сообщения.

Darcula представляет собой PhaaS-платформу (phishing-as-a-service, «фишинг-как-услуга»), которая нацелена на пользователей Android и iPhone более чем в 100 странах мира.

Также исследователи проникли в Telegram-группу, связанную с Darcula, и обнаружили там фотографии SIM-ферм, модемов и свидетельства роскошного образа жизни, который ведут операторы сервиса.

NRK отмечает, что в итоге в компании признали, что Magic Cat используется для фишинга, и даже заявили, что отключат его, однако вскоре была выпущена н…

Издание 404 Media сообщило о взломе израильской компании TeleMessage, которая поставляет неофициальные версии приложений Telegram, WhatsApp, WeChat и Signal.

Это вызывало у журналистов вопросы о том, какую секретную информацию чиновники могут обсуждать в неофициальной версии мессенджера, и как в итоге защищены данные.

Как отметили журналисты, это означает, что сквозное шифрование Signal в данном случае не работает, поскольку сохраненные в другом месте сообщения могут быть извлечены позже.

Так, в рекламном видео демонстрировались копии сообщений в обычном аккаунте Gmail.

Фактически взломщик получил доступ к снапшотам данных, проходящим через серверы TeleMessage в конкретный момент времени.

Специалисты компании F6 рассказали об активности шпионской хак-группы Core Werewolf (она же PseudoGamaredon), нацеленной на военные организации Беларуси и России.

Группировка Core Werewolf активна с августа 2021 года.

]ru и содержало вложение с защищенным паролем архивом с названием «Списки_на_нагр.7z», который специалисты отнесли к арсеналу Core Werewolf.

Исследователи отмечают, что ранее файлы-приманки в виде наградных списков уже использовались в атаках Core Werewolf, наряду с файлами, содержащими координаты различных военных объектов, и прочими документами.

Этот файл тоже удалось связать с Core Werewolf и, вероятно, он применялся при атаках на российские военные организации.

Как и в слу­чае с золоты­ми и алмазны­ми билета­ми, что­бы соз­дать сап­фировый билет, ата­кующе­му нужен хеш домена KRBTGT.

Важные терминыS4U2SelfРас­ширение S4U2Self (бук­валь­но — «служ­ба от поль­зовате­ля к себе») для Kerberos поз­воля­ет сер­вису от име­ни поль­зовате­ля зап­росить для себя сер­висный билет.

local ука­зыва­ет целевой домен для ата­ки;ука­зыва­ет целевой домен для ата­ки; -user rudra — имя поль­зовате­ля, для которо­го генери­рует­ся под­дель­ный билет;— имя поль­зовате­ля, для которо­го генери­рует­ся под­дель­ный билет; -password Password@1 — пароль поль­зовате­ля для получе­ния крип­тогра­фичес­ких клю­чей при генера­ции PAC или билета.

ccache хра­нит билеты Kerbero…

Исследователи предупредили о трех вредоносных модулях Go, которые содержат обфусцированный код для получения полезной нагрузки.

«Несмотря на внешнюю легитимность, эти модули содержали сильно обфусцированный код, предназначенный для получения и выполнения удаленной полезной нагрузки», — пишут специалисты.

В случае положительного ответа они загружали пейлоад для следующего этапа атаки с удаленного сервера с помощью wget.

Исследователи отмечают, что в отличие от npm и PyPI, децентрализованная природа экосистемы Go, где модули напрямую импортируются из репозиториев GitHub, создает определенные трудности.

Так, разработчики часто сталкиваются с несколькими модулями с похожими именами, которые под…

Количество инцидентов увеличилось на 358% по сравнению с предыдущим годом и на 198% по сравнению с предыдущим кварталом.

В своем отчете за первый квартал 2025 года компания сообщает, что в 2024 году она ликвидировала в общей сложности 21,3 млн DDoS-атак.

При этом специалисты предупреждают, что 2025 год обещает стать быть еще более сложным: только в первом квартале Cloudflare уже отреагировала на 20,5 млн DDoS-атак.

Среди целей этих атак была и сама компания Cloudflare, чья инфраструктура подверглась 6,6 млн атак в ходе 18-дневной многовекторной кампании.

Так, в первом квартале 2025 года количество таких гиперобъемных атак составляло в среднем восемь в день, и по сравнению с предыдущим кварт…

Эксперты обнаружили в PyPI семь вредоносных пакетов, использующих SMTP-серверы Gmail и веб-сокеты для кражи данных и удаленного выполнения команд.

Пакеты были обнаружены аналитиками Socket, которые сообщили о своих находках в PyPI, после чего пакеты были удалены.

Однако некоторые из них присутствовали в PyPI более четырех лет, а один пакет и вовсе был загружен более 18 000 раз.

Вредоносная функциональность пакетов была направлена на скрытый удаленный доступ и хищение данных через Gmail.

Пакеты использовали жестко закодированные учетные данные для входа на SMTP-сервер Gmail (smtp.gmail.com) и отправляли своим операторам собранную на машинах жертв информацию, позволяющую получить удаленный до…

Связанная с Китаем APT-группировка TheWizards использует сетевую функциональность IPv6 для проведения атак типа man-in-the-middle, которые перехватывают обновления ПО для установки Windows-малвари.

В своих атаках хакеры используют кастомный инструмент Spellbinder, который злоупотребляет функцией IPv6 Stateless Address Autoconfiguration (SLAAC) для проведения SLAAC-атак.

Исполняемый файл WinPcap используется для загрузки вредоносной wsc.dll, которая загружает Spellbinder в память.

Он предоставляет злоумышленникам постоянный доступ к зараженному устройству и позволяет устанавливать дополнительную малварь.

Для защиты от подобных атак ESET рекомендует организациям пристально контролировать траф…

На пути к этой уяз­вимос­ти про­экс­плу­ати­руем LFI в пла­гине BuddyForms для WordPress и про­ана­лизи­руем код мобиль­ного при­ложе­ния.

На­ша конеч­ная цель — получе­ние прав супер­поль­зовате­ля на машине BigBang с учеб­ной пло­щад­ки Hack The Box.

Не делай это­го с компь­юте­ров, где есть важ­ные для тебя дан­ные, так как ты ока­жешь­ся в общей сети с дру­гими учас­тни­ками.

На пер­вом про­изво­дит­ся обыч­ное быс­трое ска­ниро­вание, на вто­ром — более тща­тель­ное ска­ниро­вание, с исполь­зовани­ем име­ющих­ся скрип­тов (опция -A ).

htb/ -e vp -t 128Пот­ратив нес­коль­ко минут, мы получа­ем отчет, в котором отме­чены уяз­вимос­ти в пла­гине BuddyForms.

Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android.

The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops.

"The on-device approach provides instant insight on risky websites and allows us to offer protection, even against scams that haven't been seen before.

Google said it intends to expand this feature to detect other kinds of scams, including those related to package tracking and unpaid tolls.

Google has also been spotted working on a feature to detect scams that coax victims into opening their ba…

A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver.

CVE-2025-31324 refers to a critical SAP NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint.

Successful compromises in deploying web shells were observed between March 14 and March 31.

This, per Forescout, also includes Chaya_004, which has hosted a web-based reverse shell written in Golang called SuperShell on the IP address 47.97.42[.]177.

"On the same IP address hosting Supershell (47.97.42[.

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years.

"Victims search for wallet-related queries, click on high-ranking malicious results, land on lure pages, and are redirected to phishing pages that steal their seed phrases."

The scale of the campaign is reflected in the fact that over 38,000 distinct FreeDrain sub-domains hosting lure pages have been identified.

These pages are hosted on cloud infrastructure like Amazon S3 and Azure Web Apps, and mimic legitimate cryptocurrency wallet interfaces.

"Query parameters related to Facebook Ads are …

SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution.

(CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

CVE-2025-32819 is assessed to be a patch bypass for a previously identified flaw reported by NCC Group in December 2021.

The shortcomings, that impact SMA 100 Series including SMA 200, 210, 400, 410, 500v, have been addressed in version 10.2.1.15-81sv.

The development comes as …

"While hidden, it stealthily deploys additional malicious payloads, such as Agenda ransomware and SmokeLoader.

Qilin, also called Agenda, has been an active ransomware threat since it surfaced in the threat landscape in July 2022.

]cfd"), which are then used to drop SmokeLoader and Agenda ransomware.

In the final stage, SmokeLoader establishes contact with a command-and-control (C2) server to fetch NETXLOADER, which launches the Agenda ransomware using a technique known as reflective DLL loading.

"The Agenda ransomware group is continually evolving by adding new features designed to cause disruption," the researchers said.

Organizations are beginning to understand that a security control installed or deployed is not necessarily a security control configured to defend against real-world threats.

The recent Gartner® Report, Reduce Threat Exposure With Security Controls Optimization, addresses the gap between intention and outcome.

We feel it discusses a hard truth: without continuous validation and tuning, security tools deliver a false sense of, well, security.

According to the Gartner report, "misconfiguration of technical security controls is a leading cause for the continued success of attacks."

As Gartner states, "optimal configuration of technical security controls is a moving target, not a set-and-forget…

The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan.

"The ANEL file from the 2025 campaign discussed in this blog implemented a new command to support an execution of BOF (Beacon Object File) in memory," security researcher Hara Hiroaki said.

The attack starts with a spear-phishing email -- some of which are sent from legitimate-but-compromised accounts -- that contains an embedded Microsoft OneDrive URL, which, in turn, downloads a ZIP file.

"ROAMINGMOUSE then decodes the embedded ZIP file by using Base64, drops the ZIP…

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures.

LOSTKEYS is the second custom malware attributed to COLDRIVER after SPICA, marking a continued departure from the credential phishing campaigns the threat actor has been known for.

"In select cases, COLDRIVER also delivers malware to target devices and may attempt to access files on the system."

The PowerShell command is designed to download and execute the next payload from a remote server ("165.227.148[.

Further investigation has found that the campaign has likely compromised about 2,800 legiti…

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system.

"An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface.

That said, in order for the exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device.

"With this feature disabled, AP image download will use the CAPWAP method for the AP image update feature, and this does not impact the AP client state," Cisco added.

of the Cisco Advanced Security Initiatives Group (ASIG) for discove…

Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world.

The services, named cfxapi, cfxsecurity, neostress, jetstress, quickdown and zapcut, are said to have been instrumental in launching widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025.

"Unlike traditional botnets, which require the control of large numbers of infected devices, stresser/booter services industrialise DDoS attacks through centralised, rented infrastructure," Europol noted.

QuickDown ("quickdown[.

In December 2024, a set of 27 stresser services were taken offline…

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.

"This is due to the create_wp_connection() function missing a capability check and insufficiently verifying a user's authentication credentials," Wordfence said.

This has raised the possibility that the threat actors are opportunistically scanning WordPress installations to see if they are susceptible to either of the two flaws.

"Attackers may have started actively targeting this vulnerabilit…

The UK’s Chartered Trading Standards Institute has in the past also warned about bogus texts inviting recipients to jury service, or risk facing fines.

Payment options: No court, police department or government agency will ask for payment over the phone for ‘missed’ jury service.

No court, police department or government agency will ask for payment over the phone for ‘missed’ jury service.

Requests for information: Scammers may ask for sensitive personal information like Social Security details, as well as demanding you send them funds.

Also be aware that failing to turn up for jury service will never be grounds for arrest.

Have you received a text message about an unpaid road toll?

It’s time to get clued up on toll road scams.

What do toll road scams look like?

Here’s some commonly used phrasing in unpaid toll scam texts: “You have an unpaid toll bill on your account.

Report toll road smishing attempts.

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussionsThat's a wrap on the RSACTM 2025 Conference, one of the year's premier cybersecurity events where thousands of security practitioners exchanged their views, ideas and knowledge while discussing the world's most pressing security challenges.

", turned the spotlight on collaboration and cooperation between various stakeholders, notably governments, vendors and academia.

Other topics that were the 'talk of the town' included the protection of critical infrastructure, operational technology (OT), identity authentication and, you guessed it, artificial intelligence.

Watch the vi…

The recursive DNS server (RDNSS) option that provides the host with the addresses of two DNS servers: 240e:56:4000:8000::11 and 240e:56:4000:8000::22 .

We have not found any evidence indicating that either is a legitimate DNS server.

We have not found any evidence indicating that either is a legitimate DNS server.

The malicious server that issues the update instructions was still active at the time of writing.

DA867188937698C77698 61C72F5490CB9C3D4F63 N/A Win64/Agent.CAZ Spellbinder tool (2023), loaded in memory.

From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurityThe past month has seen no shortage of impactful and disconcerting cybersecurity news, including an eleventh-hour turnaround that averted the shutdown of MITRE’s CVE program to a report showing that AI outperforms red team experts in spearphishing.

In this edition of the monthly roundup, ESET Chief Security Evangelist Tony Anscombe looks at:how MITRE's Common Vulnerabilities and Exposures (CVE) came close to shutting down due to a lack of funding – and what questions this issue raisessome takeaways from a survey accord…

Chances are high that many people think, “it’s an iPhone, so I’m safe”.

Also, all manner of everyday scams and other threats bombard not just Android, but also iOS users.

Where else iOS threats are lurkingWhile the above may “only” impact EU citizens, there are also other and possibly more immediate concerns for iOS users worldwide.

Take ESET’s iOS security checklist to learn just how safe your iPhone is.

Try to stick to the App Store for any downloads, in order to minimize the risk of downloading something malicious or risky.

On social media platforms like TikTok and Instagram, the reach of deepfakes, along with their potential for harm, can be especially staggering.

Example of a misleading TikTok videoIn one case, the “doctor” touts a “natural extract” as a superior alternative to Ozempic, the drug celebrated for aiding weight loss.

We spotted more than 20 TikTok and Instagram accounts using deepfake doctors to push their products.

While such misuse violates the terms and conditions of common AI tools, it also highlights how easily they can be weaponized.

As AI tools continue to advance, distinguishing between authentic and fabricated content will become harder rather than easier.

And they are doing so with Google Forms to harvest sensitive information from their victims and even trick them into installing malware.

Why Google Forms?

Quiz spamCybercriminals might abuse the quiz feature in Google Forms – by creating a quiz and adding your email address.

Pay attention: Google always displays a warning on Google Forms, telling recipients “Never submit passwords through Google Forms".

Simply by reading this article, you will be in a good place when it comes to fending off the threat from malicious Google Forms.

Most headline-making LLM models have “moral barriers” against doing bad things, the digital equivalent of the Hippocratic Oath to “First, do no harm”.

Some recently released projects focus the backend API of an LLM on the target of gaining root access on servers.

It’s easy to imagine nation states ramping up this kind of effort – predictive weaponization of software flaws now and in the future using AI.

This puts the defenders on the “rear foot”, and will cause a sort of digital defense AI escalation that does seem slightly dystopian.

Even today’s freely available AI models can “reason” through problems without breaking a sweat, mindlessly pondering them in a chain-of-thought manner that mi…

So what if, instead of downloading an AI‑generated video from CapCut or another similar tool, you had your data stolen or gave control of your computer to a stranger?

The threat isn’t hypothetical – security researchers have previously observed campaigns that exploited CapCut’s popularity to distribute multiple infostealers and other malware.

Let’s now look briefly at another campaign that’s targeting people interested in AI-powered content by promising premium versions of popular software such as CapCut, Adobe Express and Canva.

(Note that the actual premium version is called “CapCut Pro” or referred to simply as “Pro” on the website, not “CapCutProAI" as in the screenshot.)

“Most remote c…

That’s why information-stealing (infostealer) malware has risen to become a major driver of identity fraud, account takeover and digital currency theft.

But there are also plenty of people that live much of their daily lives online and manage to stay safe.

Splash screen shown by the Vidar infostealer installer and impersonating Midjourney (source: ESET Threat Report H1 2024)How do I get compromised with infostealers?

Game mods/cheats: Unofficial modifications or cheats for video games may contain infostealer malware.

This will offer some protection against certain infostealer techniques such as keylogging, although it is not 100% foolproof.

So why are education institutions such a popular target?

A culture of information sharing, and openness to external collaboration, can invite risk and provide opportunities for threat actors to leverage.

A culture of information sharing, and openness to external collaboration, can invite risk and provide opportunities for threat actors to leverage.

It doesn’t help that many education institutions are running legacy software and hardware that may be unpatched and unsupported.

It doesn’t help that many education institutions are running legacy software and hardware that may be unpatched and unsupported.

Our habit of blindly trusting and clicking on top search results has become so predictable that it can be subverted and turned against us.

A fake website blending in search results for Firefox and targeting Chinese speakers (image credit: landiannews.com)The risks aren’t lost on Google, of course.

Which is why it pays to know about the risks involved in both organic and paid search results, and how to separate the wheat from the chaff.

Mastercard impersonatorsStaying safeMost of all, remember that prominence in search results doesn’t automatically equate to legitimacy.

Use reputable security software that can identify and block connections to malicious domains, thus providing an additional …

News that someone close, be it a friend, relative, or colleague, has had one of their valuable online accounts compromised is bound to trigger a mix of reactions.

Maybe you’ve already received a message that ostensibly came from a close friend but felt off.

Have you previously shared access to streaming services or other online tools with the person who was hacked?

What if the same or similar login credentials have been used to access other digital accounts?

Collective awareness and securityFinally, chances are high your relative or friend could use some help when rebuilding their digital life.

Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

Once circulating in the cybercrime underground, it’s only a matter of time before it is used in identity fraud attempts.

According to Javelin Strategy & Research, identity fraud and scams cost Americans $47bn in 2024 alone.

Malicious websites: Phishing sites can be spoofed to appear as if they are the real thing, right down to faked domain.

Identity fraud continues to be a threat because it is relatively easy for threat actors to start making healthy profits.

VicOne announced xAurient, a new automotive threat intelligence platform that enables streamlined threat response by delivering early threat intelligence tailored to the particular manufacturing environment of an original equipment manufacturer (OEM) or Tier 1 supplier.

The new VicOne solution factors a particular automaker’s risk landscape, automatically prioritizing and identifying the most critical risks with AI-powered autobuild or customizable product-security risk profiles.

Automakers also can use the new VicOne solution as a standalone platform to accelerate response times and enhance tailored mitigation.

“We have engineered xAurient to dramatically streamline threat response for our…

Coro unveiled its Security Awareness Training (SAT) module.

A purpose-built solution, SAT helps SMBs reduce human error, defend against phishing attacks, and demonstrate compliance without adding new tools to manage.

As part of Coro’s modular cybersecurity platform, the new Security Awareness Training module delivers maximum protection with minimal complexity.

“AI has made phishing attacks more convincing than ever, which is why our SAT module delivers intelligent, adaptive training—built directly into the Coro platform.

Key Features Include:Phishing smulations: A library of AI-enhanced phishing simulations modeled on today’s most sophisticated attack tactics —from email scams to social eng…

BigID announced Privacy Executive Console, a transformative capability within the BigID Next platform designed to empower privacy leaders with a centralized, up-to-date view of their privacy program’s performance, risk posture, and compliance status in a single, intuitive interface.

As regulatory scrutiny intensifies and board-level accountability for data privacy grows, organizations can no longer rely on static reports, disconnected tools, and fragmented insights.

BigID’s Privacy Executive Console sets a new standard by providing an identity-aware, AI-powered insights center that delivers continuous visibility, proactive risk intelligence, and automated compliance tracking – enabling priv…

The global importance of the CVE Program is without doubt, but who will own and operate it in the future is currently under discussion.

The Google Threat Intelligence Group (GTIG) released a report on 75 zero-day vulnerabilities they tracked in 2024.

A GTIG zero-day vulnerability is defined as one that is exploited prior to a patch being available.

Microsoft confirmed the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers.

We had a full range of emotions throughout the month – panic with the CVE Program, change with the increasing shift to zero-day exploitation of enterprise and not browser applications, and let’s hope that we have a…

If you’re trying to make sense of how to actually build AI agents, not just talk about them, AI Agents in Action might be for you.

If you’re looking to build, not just read, you’ll find working projects on GitHub with guidance for local and API-hosted LLMs.

AI Agents in Action is not a book for nontechnical audiences or for those looking for abstract theory.

Lanham is building a bridge between raw model capabilities and full agent systems.

It doesn’t pretend to have all the answers, but it will enable you to ask better questions and build smarter agents.

Managing multiple AWS accounts in an organization can get complicated, especially when trying to understand how services and permissions are connected.

The Account Assessment for AWS Organizations open-source tool helps simplify this process by giving you a central place to evaluate and manage all your accounts.

Key FeaturesSimple web UI – You can view and troubleshoot scan results directly in the web interface, no command line required.

Supports 25 AWS services – The tool works with more than 25 AWS services that use trusted access to perform tasks across accounts.

– The tool works with more than 25 AWS services that use trusted access to perform tasks across accounts.

Recent trials led by the Wireless Broadband Alliance (WBA), in partnership with AT&T, Intel, and CommScope, show that Wi-Fi 7 delivers a significant performance boost over Wi-Fi 6E in enterprise environments.

The takeaway is clear: Wi-Fi 7 is faster, more efficient, and better able to handle high-demand enterprise applications.

In the 5 GHz band using 40 MHz channels, which are common in many office deployments, Wi-Fi 7 nearly doubled the speeds of Wi-Fi 6.

Downlink speed reached 0.55 Gbps versus Wi-Fi 6’s 0.25 Gbps, and uplink hit 0.58 Gbps versus 0.31 Gbps.

It does not include older Wi-Fi devices, which helps new Wi-Fi 6E and 7 devices perform better.

Here’s a look at the most interesting products from the past week, featuring releases from ProcessUnity, Searchlight Cyber, ServiceNow, and Verosint.

ServiceNow unveils AI agents to accelerate enterprise self-defenseThe new AI agents, available within ServiceNow’s Security and Risk solutions, are designed to improve consistency, identify insights, and reduce response times.

ProcessUnity Evidence Evaluator flags discrepancies in a third-party’s controlsA key component of ProcessUnity’s Third-Party Risk Management (TPRM) Platform, Evidence Evaluator automatically reviews third-party evidence and populates assessment responses complete with references to the specified evidence in the source do…

As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are trying to refine the two main elements: the lure and the “instruction” page.

(Source: GTIG)The ClickFix / FakeCaptcha approachClickFix is a tactic aimed at delivering malware without involving a web browser or requiring users to manually execute a file, and it helps attackers avoid detection by email and endpoint security solutions.

Later, when other threat actors started using the tactic, we started witnessing many variations:Malicious websites using the ClickFix / FakeCaptcha tactic (Source: Sekoia)Attackers impersonating Sams…

SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have also been leveraged in the wild.

The vulnerabilities and the attack chainSonicwall SMA100 Series appliances provide a unified secure access (VPN) gateway for small and medium-size businesses, and are regularly targeted by attackers.

Thus CVE-2025-32819, an authenticated arbitrary file delete vulnerability, can be similarly exploited, but only if the attacker obtains valid account credentials for a SMA user account.

“SonicWall PSIRT recommends t…

Outpost24 integration of two new Digital Risk Protection (DRP) modules to its External Attack Surface Management (EASM) platform.

The Social Media and Data Leakage modules are now offered alongside the Leaked Credentials and Dark Web modules to enhance customer insights into the entire attack surface.

With threat actors leveraging information on social media profiles to launch attacks against companies, the Social Media DRP module monitors organizations’ profiles as part of the attack surface.

The Data Leakage DRP module detects potentially leaked documents and potentially leaked source code, providing organizations with enough time to react appropriately.

We’ve built our DRP modules for So…

Cisco is making significant strides in quantum computing by focusing on quantum networking, aiming to bring practical applications closer to reality.

The company recently introduced a prototype of its Quantum Network Entanglement Chip and inaugurated the Cisco Quantum Lab in Santa Monica, California.

The Quantum Network Entanglement Chip is designed to facilitate the connection of quantum processors, addressing the current limitation where most quantum processors have only hundreds of qubits, while practical applications require millions.

By enabling quantum networks to scale, this chip could accelerate the development of distributed quantum computing systems.

Cisco’s efforts in this area h…

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

Chinese AI SubmersibleA Chinese company has developed an AI-piloted submersible that can reach speeds “similar to a destroyer or a US Navy torpedo,” dive “up to 60 metres underwater,” and “remain static for more than a month, like the stealth capabilities of a nuclear submarine.” In case you’re worried about the military applications of this, you can relax because the company says that the submersible is “designated for civilian use” and can “launch research rockets.”“Research rockets.” Sure.

Posted on May 7, 2025 at 7:03 AM • 0 Comments

Fake Student Fraud in Community CollegesReporting on the rise of fake students enrolling in community college courses:The bots’ goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out.

They often accomplish this by submitting AI-generated work.

And because community colleges accept all applicants, they’ve been almost exclusively impacted by the fraud.

The article talks about the rise of this type of fraud, the difficulty of detecting it, and how it upends quite a bit of the class structure and learning community.

Posted on May 6, 2025 at 7:03 AM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

I think it’s worth thinking about the security of that now, while its still a nascent idea.

In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lee’s open protocol for distributed data ownership.

It’ll combine personal information about you, transactional data that you are a party to, and general information about the world.

I joined Inrupt years ago because I thought that Solid could do for personal data what HTML did for published information.

“Wallet” is a good metaphor for personal data stores.

That is, you should not start with an Advanced Cryptography technique, and then attempt to fit the functionality it provides to the problem.

And:In almost all cases, it is bad practice for users to design and/or implement their own cryptography; this applies to Advanced Cryptography even more than traditional cryptography because of the complexity of the algorithms.

It also applies to writing your own application based on a cryptographic library that implements the Advanced Cryptography primitive operations, because subtle flaws in how they are used can lead to serious security weaknesses.

These techniques enable novel applications with different trust relationships between the parties, as …

US as a Surveillance StateTwo essays were just published on DOGE’s data collection and aggregation, and how it ends with a modern surveillance state.

It’s good to see this finally being talked about.

Posted on May 1, 2025 at 12:02 PM • 0 Comments

Meta is suing NSO Group, basically claiming that the latter hacks WhatsApp and not just WhatsApp users.

We have a procedural ruling:Under the order, NSO Group is prohibited from presenting evidence about its customers’ identities, implying the targeted WhatsApp users are suspected or actual criminals, or alleging that WhatsApp had insufficient security protections.

[…]In making her ruling, Northern District of California Judge Phyllis Hamilton said NSO Group undercut its arguments to use evidence about its customers with contradictory statements.

“Defendants cannot claim, on the one hand, that its intent is to help its clients fight terrorism and child exploitation, and on the other hand sa…

This seems like an important advance in LLM security against prompt injection:Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves.

Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear boundaries between user commands and potentially malicious content.

[…]To understand CaMeL, you need to understand that prompt injections happen when AI systems can’t distinguish between legitimate user commands and malicious instructions hidden in content they’re processing.

[…]While CaMeL does …

The company doesn’t keep logs, so couldn’t turn over data:Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the service.

The case centred around a Windscribe-owned server in Finland that was allegedly used to breach a system in Greece.

Greek authorities, in cooperation with INTERPOL, traced the IP address to Windscribe’s infrastructure and, unlike standard international procedures, proceeded to initiate criminal proceedings against Sak himself, rather…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Interesting:The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.

At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors.

The problem?

Attackers can completely sidestep these monitored calls by leaning on io_uring instead.

This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.”Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society.

To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats to humanity.

Although Guillotine borrows some well-known virtualization techniques, Guillotine must also introduce fundamentally new isolation mechanisms to handle the unique threat model posed by existential-risk AIs.

Beyond such isolation at the software, network, and microa…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

GitGuardian’s systems constantly scan GitHub and other code repositories for exposed API keys, and fire off automated alerts to affected users.

GitGuardian’s Eric Fourrier told KrebsOnSecurity the exposed API key had access to several unreleased models of Grok, the AI chatbot developed by xAI.

“The credentials can be used to access the X.ai API with the identity of the user,” GitGuardian wrote in an email explaining their findings to xAI.

xAI told GitGuardian to report the matter through its bug bounty program at HackerOne, but just a few hours later the repository containing the API key was removed from GitHub.

“The fact that this key was publicly exposed for two months and granted access …

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft.

Scattered Spider is a loosely affiliated criminal hacking group whose members have broken into and stolen data from some of the world’s largest technology companies.

His extradition to the United States was first reported last week by Bloomberg.

In August 2022, KrebsOnSecurity reviewed data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations.

KrebsOnSecurity repor…

The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub.

Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases.

Berulis said he discovered one of the DOGE accounts had downloaded three external code libraries from GitHub that neither NLRB nor its contractors ever used.

Elez was among the first DOGE employees to face public scrutiny, after The Wall Street Journal linked him to social media posts that advocated racism and eugenics.

KrebsOnSecurity sought comment from both the NLRB and DOGE, and will update this story if either responds.

The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.

Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases.

The DOGE staffers did not speak with Berulis or anyone else in NLRB’s IT staff, but instead met with the agency leadership.

Berulis said the container caught his attention because he polled his colleagues and found none of them had ever used containers within the NLRB network.

The message informed NLRB employees that two DOGE representatives would be …

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down.

Many of these CNAs are country and government-specific, or tied to individual software vendors or vulnerability disclosure platforms (a.k.a.

Put simply, MITRE is a critical, widely-used resource for centralizing and standardizing information on software vulnerabilities.

MITRE told KrebsOnSecurity the CVE website listing vulnerabilities will remain up after the funding expires, but that new CVEs won’t be added after April 16.

Former CISA Director Jen Easterly said the CVE program is a bit like the Dewey Decimal S…

President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history.

In 2020, CISA launched Rumor Control, a website that sought to rebut disinformation swirling around the 2020 election.

That effort ran directly counter to Trump’s claims that he lost the election because it was somehow hacked and stolen.

“Regular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies, including with t…

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google.

Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies.

Rather, they are sent via iMessage to Apple device users, and via RCS on Google Android devices.

The Smishing Triad members maintain their own Chinese-language sales channels on Telegram, which frequently offer videos and photos of their staff hard at work.

Prodaft’s report details how the Smishing Triad has achieved such success in sending their spam messages.

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild.

Microsoft rates it as “important,” but as Chris Goettl from Ivanti points out, risk-based prioritization warrants treating it as critical.

Narang notes that while flaws allowing attackers to install arbitrary code are consistently top overall Patch Tuesday features, the data is reversed for zero-day exploitation.

And in case you missed it, on March 31, 2025 Apple released a rather large batch of security updates for a wide range of their products, from macOS to the iOS operating systems on iPhones and iPa…

Another example: President Trump recently fired most of the people involved in processing Freedom of Information Act (FOIA) requests for government agencies.

President Trump recently took the extraordinary step of calling for the impeachment of federal judges who rule against the administration.

On March 20, Trump issued an order calling for the closure of the DOE.

On Jan. 27, Trump issued a memo (PDF) that paused all federally funded programs pending a review of those programs for alignment with the administration’s priorities.

Where is President Trump going with all these blatant attacks on the First Amendment?

Researchers at the security firm Silent Push mapped a network of several dozen phishing domains that spoof the recruitment websites of Ukrainian paramilitary groups, as well as Ukrainian government intelligence sites.

]army features a carbon copy of the homepage for the Freedom of Russia Legion (a.k.a.

“Free Russia Legion”), a three-year-old Ukraine-based paramilitary unit made up of Russian citizens who oppose Vladimir Putin and his invasion of Ukraine.

According to Edwards, there are no signs that these phishing sites are being advertised via email.

“They are on top of DuckDuckGo and Yandex, so it unfortunately works.”Further reading: Silent Push report, Russian Intelligence Targeting its…

How are these China-based phishing groups obtaining stolen payment card data and then loading it onto Google and Apple phones?

“I would be shocked if this wasn’t the NFC relay app,” Merrill said, concerning the arrested suspects in Tennessee.

ABC10 reported that while most of those transactions were declined, the suspects still made off with $1,400 worth of gift cards.

In other words, the phishing websites are powered by real human operators as long as new messages are being sent.

For more on how these China-based mobile phishing groups operate, check out How Phished Data Turns Into Apple and Google Wallets.

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections.

On March 13, a Maryland district court judge ordered the Trump administration to reinstate more than 130 probationary CISA employees who were fired last month.

The message in the screenshot above was removed from the CISA homepage Tuesday evening and replaced with a much shorter notice directing former CISA employees to contact a specific email address.

The White House press secretary told The Times that Starlink had “donated” the service and that the gift had been vetted by t…

ClickFix attacks mimic the “Verify You are a Human” tests that many websites use to separate real visitors from content-scraping bots.

In November 2024, KrebsOnSecurity reported that hundreds of hotels that use booking.com had been subject to targeted phishing attacks.

Earlier this month, the security firm Arctic Wolf warned about ClickFix attacks targeting people working in the healthcare sector.

The company said those attacks leveraged malicious code stitched into the widely used physical therapy video site HEP2go that redirected visitors to a ClickFix prompt.

Alas, the email security vendor Proofpoint has documented plenty of ClickFix attacks via phishing emails that include HTML attachm…

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.

Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows and Windows Server.

Microsoft credits researchers at ESET with reporting the zero-day bug labeled CVE-2025-24983, an elevation of privilege vulnerability in older versions of Windows.

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016.

This month’…

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

The warning comes in the wake of high-profile ransomware attacks against Marks & Spencer and Co-op which are estimated to have cost the companies millions of pounds already due to disruption to services and lost sales.

However, in the advisory it published on its website, the NCSC appears to have given credence to the theory that the attackers gained access to corporate victims' internal systems by exploiting employees' legitimate accounts.

And how does it appear that the hackers gain access to workers' accounts?

The answer is by using social engineering techniques to trick IT helpdesk staff into resetting passwords and multi-factor authentication (MFA).

The trick works like this:A hacker "…

TeleMessage, an encrypted messaging app based upon Signal, has been temporarily suspended out of "an abundance of caution" after a hacker reportedly gained access to US government communications.

Close examination of the image revealed Waltz was using TeleMessage on his smartphone.

Many commentators at the time of the security snafu questioned why US officials were using Signal for government business in the first place, as it is not approved for sending classified information.

But now it appears that US officials decided to turn to TeleMessage, a little-known Israeli company, who provided a modified version of Signal for message archiving.

All of which strongly suggests that TeleMessage is…

Mark sits a “smarty-pants” test, an AI becomes a crime boss, and Graham explains how a decades-old typo is poisoning the scientific well.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more info…

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

In episode 48 of The AI Fix, OpenAI releases the first AI models capable of novel scientific discoveries, ChatGPT users are sick of its relentlessly positive tone, our hosts say “Alexa” a lot, OpenAI eyes a social network of its own, and some robots run a half-marathon.

Graham discovers AI Jesus and a great offer on some Casper mattresses, and Mark wonders if the technological singularity is actually much closer than we thought.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

According to Cybernews, it informed Work Composer of its serious security problem - and access to the sensitive information has now been properly secured.

Work Composer is a form of “bossware” – software designed to track employee activity by recording keystrokes and periodically snapping screenshots of their screens.

But in this case, it was the Work Composer bossware that was misbehaving - leaving sensitive captured data wide open for anyone to access.

But if the companies developing the bossware fail to practice basic security practices themselves, they risk putting everyone in danger.

- sensitive screenshots from remote workers' computers.

Unfortunately, despite its best efforts - millions of users' SIM details could have been put at risk, and may now be in the hands of cybercriminals.

Although SK Telecom has not confirmed the total number of users whose SIM details have been exposed, it has acknowledged that millions of individuals could be at risk.

The good news is that SK Telecom says it has seen no evidence that the sensitive data has been exploited by cybercriminals.

Since its breach, SK Telecom has faced some criticism for the way it has communicated news of the cyber attack to its customers.

Apologising for the breach and responding to complaints about its response to the incident, SK Telecom has apologised and begun t…

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

In episode 47 of The AI Fix, o3 becomes the best competitive programmer in the world, hacked California crosswalks speak with the voice of Elon Musk and Mark Zuckerberg, Meta introduces a herd of Llamas, Graham explains what a “lollipop lady” is, and Google talks to some dolphins.

Graham discovers an AI that’s just a warehouse full of people, o3 becomes the best computer programmer in the world, and Mark wonders if software engineering will be the first job to fall to AI.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bs…

"Stop, look, and listen" is the standard advice we should allow follow when crossing the road - but pedestrians in some parts are finding that they cannot believe their ears - after a hacker compromised crosswalks to play deepfake audio mocking tech bosses Elon Musk, Mark Zuckerberg, and Jeff Bezos.

The fake voices of Tesla CEO Elon Musk, Meta CEO Mark Zuckerberg, and Amazon founder Jeff Bezos, are being played from hacked crossings to the surprise of pedestrians in a number of US cities.

However the hack occurred, social media has been full of videos documenting what the compromised crosswalks have been saying.

In another message, the fake voice of Mark Zuckerberg glibly "assured" pedestri…

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

Затем она вошла и в стандарт стилизации веб-страниц, CSS.

Суд фирма выиграла, но производители основных браузеров изменили код обработки ссылок, чтобы считывать состояние посещенности ссылок «в лоб» стало невозможно.

Мы неоднократно писали, как рекламные и аналитические компании отслеживают все перемещения пользователей по Сети с помощью куки и технологий фингерпринтинга.

Если вы нажмете на ссылку centralbank.com, она будет покрашена как посещенная — но только внутри виджета banksupport, показанного на сайте bank.com.

Что делать пользователямЕсли вы не пользуетесь Chrome, в котором хватает других проблем с конфиденциальностью, для защиты от атак «фиолетовых ссылок» есть несколько простых пр…

Правда, в 58% случаев этот переход далек от завершения и Zero Trust покрывает менее половины инфраструктуры.

Кроме самых старых и известных руководств, таких как первый обзор Forrester и BeyondCorp от Google, компоненты Zero Trust детально описаны в NIST SP 800-207, Zero Trust Architecture, а в отдельном руководстве NIST SP 1800-35B даны рекомендации по внедрению.

Поддержка руководстваПереход к Zero Trust не является чисто техническим проектом, поэтому ему потребуется существенная административная и политическая поддержка.

Инструменты можно разворачивать, начиная с конкретных отделов и их специфичных ИТ-систем, тестируя как работоспособность ИБ-инструментов, так и пользовательские сценарии …

В начале этого года Apple объявила о ряде новых инициатив, направленных на создание более безопасной среды для детей и подростков, использующих устройства компании.

Как Apple хочет решить проблему с возрастной верификациейНаиболее существенная из новых инициатив Apple, анонсированных в начале 2025 года, пытается решить проблему верификации возраста детей в Интернете.

Безопасность детей не в приоритете: почему не стоит доверять технологическим гигантамДоверять безопасность детей в Интернете компаниям, напрямую получающим экономическую выгоду от зависимости, которую вызывают их продукты, кажется не лучшим подходом.

При этом для Apple безопасность детей в Интернете, судя по всему, долгое время…

Во Всемирный день пароля, выпадающий в этом году на 1 мая, День труда, предлагаем потрудиться и объединиться в борьбе против забывчивости, слабых паролей и хакеров.

Вместо того чтобы мучиться с созданием надежного пароля, пользователи могут просто попросить ИИ «сгенерировать надежный пароль» и получить мгновенный результат, да еще и попросить сделать его мнемонически запоминаемым.

Выяснилось, что все модели знают, что хороший пароль состоит как минимум из дюжины символов, включая заглавные и строчные буквы, цифры и символы.

Кроме того, LLM, как и люди, часто пренебрегают вставкой спецсимволов или цифр в пароль.

При каждом обращении к Kaspersky Password Manager программа запрашивает этот пар…

Что такое ClickFixТехника ClickFix — это, по сути, попытка злоумышленников выполнить вредоносную команду на компьютере жертвы, полагаясь исключительно на приемы социальной инженерии.

Проблемы с микрофоном и камерой в Google Meet и ZoomБолее необычная вариация тактики ClickFix используется на поддельных сайтах Google Meet и Zoom.

Пользователю присылают ссылку, но якобы не пускают на видеозвонок, показывая в сообщении, что обнаружены проблемы с его микрофоном и камерой.

Как защититься от ClickFix-атакПростейший механизм защиты от атак, использующих технику ClickFix, предполагает блокировку в системе сочетания клавиш [Win] + [R] — оно крайне редко нужно в работе обычного офисного пользователя.…

Читайте историю большого взлома, чтобы узнать, как крадут аккаунты в Instagram* с помощью подмены SIM-карты и что с этим делать.

Как защитить свой аккаунт от взломаВот базовые правила, которые помогут предотвратить колоссальное количество способов взлома мессенджеров, аккаунтов в соцсетях, форумах и прочих сайтах.

Установите пароль на вход в личный кабинет оператора связи в приложении или на сайте.

Обратитесь в салон связи с паспортом.

Обратитесь в салон связи с паспортом.

Несмотря на официальное прекращение работы Skype, троян имеет модуль и для работы с ним.

Как зловред оказывается на смартфонахВо всех известных нам случаях заражения на устройствах обнаруживались прошивки, названия которых отличались от официальных на одну букву.

Мы обнаружили сообщения на тематических форумах, в которых покупатели жаловались на прошивки устройств, приобретенных на маркетплейсах и в онлайн-магазинах.

Поэтому лучшим решением для защиты от Triada станет покупка смартфонов только у авторизованных дистрибьюторов.

А на нашем портале Privacy Checker вы найдете пошаговые инструкции, как настроить приватность и конфиденциальность в самых разных приложениях и в целом в операционных …

Код на Python содержал меньше вымышленных зависимостей (16%) по сравнению с кодом на JavaScript (21%).

Если при генерации пытаться использовать пакеты, технологии и алгоритмы, ставшие популярными за последний год, несуществующих пакетов становится на 10% больше.

Знакомьтесь, slopsquattingВсе вышесказанное позволяет спрогнозировать новое поколение атак на репозитории open source, уже получившее жаргонное название slopsquatting по аналогии с typosquatting.

Этот риск значительно возрастет с популяризацией vibe coding — процесса, в котором приложение пишут, оперируя исключительно инструкциями в чате с ИИ, практически не заглядывая в сам программный код.

Поэтому мы собрали небольшое подмножество…

Исследователь обнаружил уязвимость в PyTorch, фреймворке машинного обучения с открытым исходным кодом.

Эксплуатация CVE-2025-32434 при определенных условиях позволяет злоумышленнику запускать на компьютере жертвы, скачивающей ИИ-модель произвольный код.

Всем, кто использует PyTorch для работы с нейросетями, рекомендуется как можно скорее обновить фреймворк до последней версии.

Суть уязвимости CVE-2025-32434Фреймворк PyTorch, помимо всего прочего, позволяет сохранять уже обученные модели в файл, который хранит веса связей.

Команда, разрабатывающая фреймворк PyTorch, выпустила обновление 2.6.0, в котором уязвимость CVE-2025-32434 успешно исправлена.

Рассказываем, как взламывают аккаунты на «Госуслугах» с помощью фейкового бота «Почты России».

— А как найти бота?

Почему этот развод работаетСкорее всего, вы не ожидаете ни письма от налоговой, ни тем более звонка в мессенджере от сотрудника «Почты России».

Но даже если бдительность прокачана у вас на все 100%, то проколоться легко на мини-приложении в Telegram.

Есть и боты посложнее — например, в них загружена настоящая справочная информация, а где-то в углу сияет синяя кнопка Авторизация.

В данный момент в половине крупных организаций используется более 40 инструментов ИБ, в четверти — более 60.

Решение этой проблемы — либо консолидация технологического стека в рамках моновендорного подхода (один поставщик платформы ИБ и всех ее компонентов), либо выбор лучшего инструмента в каждой категории.

Компании, консолидировавшие свои инструменты и в итоге использующие современные инструменты XDR и SOAR, в среднем добиваются снижения расходов на 16% и экономят 20% времени аналитиков.

В некоторых даже звучат директивы руководства в духе «перед тем как нанять сотрудника, докажи, что эту работу не может сделать ИИ».

В некоторых случаях, как в кейсе с нашей SIEM, Kaspersky Unified Monitor…

Чтобы ваш аккаунт не взломали и не украли, например выпустив нелегальный дубликат SIM-карты.

Зайти в мессенджере в настройки безопасности и конфиденциальности, ввести и хорошо запомнить секретный пароль.

Никому не пересылать и не диктовать одноразовые коды для входа в мессенджер.

В настройках самого мессенджера или в настройках смартфона нужно также активировать опцию Блокировка приложения (App Lock).

Зайти в настройках мессенджера в подраздел Конфиденциальность и поправить настройки «Кто видит время моего посещения», «Фото профиля», «Статус» и прочие.

Программы-архиваторы, упрощающие хранение и пересылку файлов, стали привычным инструментом не только для пользователей, но и для злоумышленников.

В этом очень помогает то, что технические заголовки ZIP-архива находятся в конце файла, а не в начале.

Убедитесь, что ваше защитное решение способно проверять многократно вложенные архивы и архивы большого размера.

Поэтому разумно использовать более глубокий анализ на конечных точках и в почтовых шлюзах и посильный (с учетом ограничений) — на веб-фильтрах и NGFW.

Если загрузка файлов в архивах не является критически важной бизнес-функциональностью, лучше отключить эту возможность в CMS, CRM и других онлайн-приложениях.

Рассказываем, как выглядит применение GetShared в атаках, зачем злоумышленникам это нужно и как оставаться в безопасности.

Как выглядит атака при помощи GetSharedЖертве приходит вполне обычное, совершенно настоящее уведомление от сервиса GetShared, в котором говорится, что пользователю был прислан файл.

Зачем злоумышленникам нужен GetShared и другие сторонние сервисы?

Очередным, подходящим для эксплуатации инструментом оказался GetShared — бесплатный сервис для отправки больших файлов.

Признаки того, что что-то не такДавайте для начала отвлечемся от этого кейса и вообще от GetShared.

Сегодня на примере реальных кейсов расскажем, что не так с ресурсами, которые предлагают скачать любое ПО здесь и сейчас.

И эта возможность, как и в случае с GitHub, — камень преткновения на пути к высокому уровню безопасности.

Рассмотрим лишь один пример: наши эксперты обнаружили на SourceForge проект с названием officepackage.

А если мы скажем, что описание и файлы полностью скопированы с чужого проекта на GitHub?

А после клика пользователи перенаправлялись не на страницу проекта loading, а на очередной сайт-прокладку с очередной же кнопкой Скачать.

1: LLMs, agents, tools and frameworksThe figure above outlines the ecosystem of AI agents, showcasing the relationships between four main components: LLMs, AI Agents, Frameworks, and Tools.

2: AI red-team agent workflowThis illustrates a cybersecurity workflow for automated vulnerability exploitation using AI.

3: Red-team AI agent LangGraph workflowThe figure above illustrates a workflow for building AI agents using LangGraph.

The Testing EnvironmentThe figure below describes a testing environment designed to simulate a vulnerable application for security testing, particularly for red team exercises.

In SummaryThe AI red team agent showcases the potential of leveraging AI agents to streamli…

As threats move faster and operations get leaner, organizations are shifting from reactive investigation to proactive, automated forensics.

That’s why we’re excited to announce a major leap forward in Cisco XDR: automated forensics built into the detection and response workflow.

Cisco’s vision is clear: Threat Detection, Investigation, and Response (TDIR) and forensics must be a unified motion.

And now, Cisco XDR makes this possible by operationalizing forensics directly into the AI-assisted TDIR flow.

Confident SOCs have embraced a continuous, connected workflow where detection, response, investigation, verification, and remediation are all part of the same motion.

Instant Attack VerificationDesigned to take Incidents in Cisco XDR to the next level, Instant Attack Verification continues to focus on ensuring organizations can quickly understand what is happening in their environment and action effectively.

With Instant Attack Verification, every action is backed by explainable AI, real evidence, and a human-readable verdict.

Cisco XDR with Instant Attack Verification turns the idea of autonomous response into a trusted, practical reality.

Instant Attack Verification Redefines What’s PossibleInstant Attack Verification redefines what is possible in modern security operations.

Instant Attack Verification reduces false positives, reduces alert fatigue, sp…

The team is called Foundation AI, and its mission is to create transformational AI technology for cybersecurity applications.

Introducing Foundation AIToday, we are thrilled to announce the launch of Foundation AI, a Cisco organization dedicated to creating open bleeding-edge AI technology to empower cybersecurity applications.

Foundation AI is comprised of leading AI and security researchers and engineers, building from Robust Intelligence, which was recently acquired by Cisco.

Foundation AI is comprised of leading AI and security researchers and engineers, building from Robust Intelligence, which was recently acquired by Cisco.

Foundation AI will soon release AI supply chain and risk mana…

Attack StoryboardThe Cisco XDR Attack Storyboard is a breakthrough advancement, leveraging AI-driven investigations that help analysts comprehend an entire attack in under 30 seconds.

Decisive Response: Cisco XDR triggers prebuilt playbooks across XDR and Secure Access, isolating compromised users, devices, or workloads in real-time once a threat is confirmed.

Cisco XDR triggers prebuilt playbooks across XDR and Secure Access, isolating compromised users, devices, or workloads in real-time once a threat is confirmed.

Optimized Analyst Time: By automating the SOC workflow with AI, Cisco XDR empowers analysts to focus on decision-making rather than log analysis.

By automating the SOC workflow…

With Foundation-sec-8B, teams can build, fine-tune, and deploy AI-native workflows across the security lifecycle.

This model is designed to help security teams think faster, act with precision, and scale operations without compromise.

In downstream security tasks—such as extracting MITRE ATT&CK techniques from unstructured threat reports—a fine-tuned foundation-sec-8b model significantly outperformed fine-tuning the same-sized Llama model.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social HandlesLinkedInFacebookInstagramXShareShare:

Below is an example of the detection we observed at Black Hat Asia.

Domain Name Service StatisticsAuthored by: Christian Clasen and Justin MurphyWe install virtual appliances as critical infrastructure of the Black Hat network, with cloud redundancy.

Want to learn more about what we saw at Black Hat Asia 2025?

Check out our main blog post — Black Hat Asia 2025: Innovation in the SOC — and our other Black Hat 2025 content.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

Authored by: Ryan MacLennanLast year, Black Hat asked Cisco Security if we could be the Single Sign-On (SSO) provider for all the partners in the Black Hat NOC.

We started the proof-of-value at Black Hat Asia 2024 and partially deployed at Black Hat Europe 2024.

We have successfully integrated with the partners in the Black Hat NOC to enable this idea started a year ago.

Want to learn more about what we saw at Black Hat Asia 2025?

Check out our main blog post — Black Hat Asia 2025: Innovation in the SOC — and the other content it links to.

Authored by: Ryan MacLennanDuring our time at Black Hat Asia, we made sure Snort ML (machine learning) was enabled.

Want to learn more about what we saw at Black Hat Asia 2025?

Check out our main blog post — Black Hat Asia 2025: Innovation in the SOC — and the other content it links to.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

For more information, please visit the Black Hat website.

Authored by: Aditya Raghavanand Shaun CoulterIn the Black Hat Asia 2025 NOC, Shaun staffed the morning shifts, and Aditya the afternoon shifts as usual.

In the Black Hat event environment, we are consistently looking for improvements and trying new things; to test the limits of the tools we have on hand.

At Black Hat our mandate is to maintain a permissive environment, which results in a very tough job in determining actual malicious activity.

WWant to learn more about what we saw at Black Hat Asia 2025?

Check out our main blog post — Black Hat Asia 2025: Innovation in the SOC — and the other content it links to.

It’s a testament to the prowess of Cisco XDR that it boasts a fully integrated, robust automation engine.

Remember from our past Black Hat blogs, we used automation for creating incidents in Cisco XDR from Palo Alto Networks and Corelight.

1: Black Hat Asia 2025 automations screenWorkflows descriptionThese workflows are designed to run every five minutes and search the Splunk Cloud instance for new logs matching certain predefined criteria.

Create a new XDR incident or update an existing incident with the new sighting and MITRE TTP.

from the various threat intelligence sources available in Cisco XDR (native and integrated module) splunk [custom search query] — Search Splunk with a custom se…

Cisco is honored to be a partner of the Black Hat NOC (Network Operations Center), as the Official Security Cloud Provider.

From Malware to Security CloudCisco joined the Black Hat NOC in 2016, as a partner to provide automated malware analysis with Threat Grid.

Below are the Cisco XDR integrations for Black Hat Asia, empowering analysts to investigate Indicators of Compromise (IOC) very quickly, with one search.

We appreciate alphaMountain.ai and Pulsedive donating full licenses to Cisco, for use in the Black Hat Asia 2025 NOC.

We are already planning for more innovation at Black Hat USA, held in Las Vegas the first week of August 2025.

6: Cisco XDR dashboard tiles at Black Hat Asia 2025Below are the Cisco XDR integrations for Black Hat Asia, empowering analysts to investigate Indicators of Compromise (IOC) very quickly, with one search.

We started the proof-of-value at Black Hat Asia 2024 and partially deployed at Black Hat Europe 2024.

72: Detection at Black Hat AsiaDomain Name Service StatisticsAuthored by: Christian Clasen and Justin MurphyWe install virtual appliances as critical infrastructure of the Black Hat network, with cloud redundancy.

73: Black Hat USA teamSince 2018, we have been tracking DNS stats at the Black Hat Asia conferences.

81: Black Hat Asia teamWe are already planning for more innovation at Black H…

Authored by: Aditya Raghavan and Shaun CoulterIn the Black Hat Asia 2025 NOC, Shaun staffed the morning shifts, and Aditya the afternoon shifts as usual.

26: Top countries by IDS eventsIdentity IntelligenceAuthored by: Ryan MacLennanLast year, Black Hat asked Cisco Security if we could be the Single Sign-On (SSO) provider for all the partners in the Black Hat NOC.

We started the proof-of-value at Black Hat Asia 2024 and partially deployed at Black Hat Europe 2024.

We have successfully integrated with the partners in the Black Hat NOC to enable this idea started a year ago.

Check out our other Black Hat Asia posts:Black Hat Asia 2025: Innovation in the SOCBlack Hat Asia 2025: Cisco Unveils N…

Enterprises are accelerating generative AI usage, and they face several challenges regarding securing access to AI models and chatbots.

Cisco Security research, in conjunction with the University of Pennsylvania, recently studied security risks with popular AI models.

Cisco Secure Access With AI Access: Extending the Security PerimeterCisco Secure Access is the market’s first robust, identity-first, SSE solution.

AI Access inspects web traffic to identify shadow AI usage across the organization, allowing you to quickly identify the services in use.

ConclusionThe combination of our SSE’s AI Access capabilities, including AI guardrails, offers a differentiated and powerful defense strategy.

Terrell Cox , Vice President for Privacy and Compliance and Deputy Chief Information Security Officer for Microsoft Security Products Division.

, Vice President for Privacy and Compliance and Deputy Chief Information Security Officer for Microsoft Security Products Division.

Ilya Grebnov , Distinguished Engineer and Deputy Chief Information Security Officer, Business Applications.

, Distinguished Engineer and Deputy Chief Information Security Officer, Business Applications.

Damon Becknel, Vice President and Deputy Chief Information Security Officer, Regulated Industries.

In February of 2024, Microsoft outlined its six-pillared comprehensive approach to addressing abusive AI-generated content.

“We are delighted to welcome Microsoft to the Global Signal Exchange.

To this end, The Global Signal Exchange empowers us all to share a vision for data sharing based on a global, multistakeholder, multisector platform.” —Emily Taylor, Founder, Global Signal ExchangeThe Global Signal Exchange platform surfaces malicious URLs, suspect IP addresses, scams, and phishing attacks.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1International Scammers Steal Over $1 Trillion in 12 Months in Global State…

An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks.

After discovering this issue, we shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

This blog post details our investigation into using Office macros to escape the macOS App Sandbox and how we uncovered the CVE-2025-31191 vulnerability.

The macOS App Sandbox and Office macrosThe macOS App Sandbox is a security mechanism employed on macOS applications, enforcing strict fine-grained rules on what an app can or cannot do.

As corroborated by our research, this ex…

Happy World Passkey Day!

Billions of times a day, people all over the world sign into their accounts.

According to the FIDO Alliance, more than 15 billion user accounts can now sign in using passkeys instead of passwords.

So, to observe World Passkey Day, take the leap.

To create a passkey for signing into your Microsoft account, visit here.

At Microsoft Build 2025, we’re bringing together security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code faster.

The post 14 secure coding tips: Learn from the experts at Microsoft Build appeared first on Microsoft Security Blog.

That’s why we’re thrilled to recognize the extraordinary individuals and organizations who have gone above and beyond in the fight against cyberthreats with the 2025 Microsoft Security Excellence Awards.

“Congratulations to this year’s Microsoft Security Excellence Awards winners, and to all the incredible nominees,” said Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

The Microsoft Security Excellence Awards honor outstanding contributions across several categories.

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

For chief technology officers (CTOs), this raises important questions: How can frontline devices enhance productivity and responsiveness?

Learn how Microsoft Intune can help your organization securely manage frontline devices.

To deliver those experiences at scale, CTOs should consider three foundational principles for frontline device strategy:Recognize that many devices are shared.

When frontline tools are secure, responsive, and tailored to the user, staff can serve with confidence—and people feel the difference.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

At Microsoft, we help empower data security leaders to keep their most valuable assets—data—safe, and now we’re publishing Securing your data with Microsoft Purview: A practical handbook.

This guide is designed for data security leaders to initiate and enhance data security practices, leveraging the extensive experience of Microsoft subject matter experts (SMEs) and relevant customer insights.

Leveraging Microsoft Purview to secure your organization’s dataOnce organizations set goals and prioritize data security opportunities, it’s time to assess their environment and implement robust protections to secure their data.

From empowering data security teams and deep-content investigation with t…

We are releasing a taxonomy of failure modes in AI agents to help security professionals and machine learning engineers think through how AI systems can fail and design them with safety and security in mind.

The taxonomy continues Microsoft AI Red Team’s work to lead the creation of systematization of failure modes in AI; in 2019, we published one of the earliest industry efforts enumerating the failure modes of traditional AI systems.

Taxonomy of Failure Mode in Agentic AI Systems Microsoft's new whitepaper explains the taxonomy of failure modes in AI agents, aimed at enhancing safety and security in AI systems.

Failure modes in agentic AI systems.

Existing failure modes have been observed…

Microsoft Threat Intelligence has observed threat actors taking advantage of unsecured workload identities to gain access to resources, including containerized environments.

Threats in Kubernetes environmentsContainerized assets (including Kubernetes clusters, Kubernetes nodes, Kubernetes workloads, container registries, container images, and more) are at risk of several different types of attacks.

During deployment, you should ensure the following best security practices:Ensure containers are immutable: Prevent patches from running containers whenever possible.

As best practice, if you notice that a running container needs updates, you should rebuild the image and deploy the new container.…

The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft.

Insights and learnings from this progress inform ongoing innovations in our Microsoft Security portfolio—Microsoft Entra, Microsoft Defender, and Microsoft Purview—that helps better protect customers and Microsoft.

The launch of 11 new innovations across Microsoft Azure, Microsoft 365, Windows, and Microsoft Security that help improve security by default.

Learn more with Microsoft SecurityTo learn more about Microsoft Security solutions and Microsoft’s Secure Future Initiative, visit our website.

Also, follow us on LinkedIn (Micr…

Throughout this blog post, the term “Secure by Design” encompasses both “secure by design” and “secure by default.”Microsoft committed to work towards key goals across a spectrum of Secure by Design principles advocated by numerous government agencies around the world.

Our SFI updates provide examples of Microsoft’s progress in implementing secure by design, secure by default, and secure in operations principles, and provide best practices based on Microsoft’s own experience, demonstrating our dedication to improving security for customers.

Enhancing security with multifactor authentication and default password managementPhishing-resistant multifactor authentication provides the most robust…

Tech support scams are a case where elevated fraud risks exist, even if AI does not play a role.

The team’s longstanding collaboration with law enforcement around the world to respond to tech support fraud has resulted in hundreds of arrests and increasingly severe prison sentences worldwide.

For enterprises combating tech support fraud, Remote Help is another valuable resource for employees.

Next steps with Microsoft SecurityTo learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Malicious ads deliver compiled Node.js executablesMalvertising has been one of the most prevalent techniques in Node.js attacks we’ve observed in customer environments.

Excerpts from the malicious script, highlighting core HTTP functionsRecommendationsOrganizations can follow these recommendations to mitigate threats associated with Node.js misuse:Educate users.

Microsoft Defender Threat IntelligenceMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.…

In this blog, we’ll explore how Microsoft Security Exposure Management initiatives build on this foundation to offer a renewed perspective on managing cybersecurity risks.

Beyond ransomware, critical assets, and identity, Microsoft Security Exposure Management continues to develop initiatives that address other vital areas of security.

Embracing clarity over fragmentation with Microsoft Security Exposure ManagementSecurity initiatives solve the fragmentation problem by organizing security metrics around business objectives rather than technical controls.

This shift in approach with help from Microsoft Security Exposure Management initiatives, helps security leaders refresh stale conversatio…

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers.

This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources.

Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1).

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1…

In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library.

These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy.

These features are why we recommend Sigstore’s signing mechanism as the default approach for signing ML models.

Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods.

This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional so…

The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome.

It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy.

Last spring, the Chrome Root Program led ecosystem-wide experiments, emphasizing the need for linting adoption due to the discovery of widespread certificate mis-issuance.

We recently landed an updated version of the Chrome Root Program Policy that further aligns with the goals outlined in “Moving Forward, Together.” The Chrome Root Program remains committed to proactive advancement of the Web PKI.

We continue to value collaboration with web…

We’re excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.

What is a Titan Security Key?

How do I use a Titan Security Key?

Where can I buy a Titan Security Key?

You can buy Titan Security Keys on the Google Store.

In December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR.

With guided remediation support for Maven, you can remediate vulnerabilities in both direct and transitive dependencies through direct version updates or overriding versions through dependency management.

We also introduced machine readable output for guided remediation that makes it easier to integrate guided remediation into your workflow.

VEX Support: We're planning to add support for Vulnerability Exchange (VEX) to facilitate better communication and collaboration around vulnerability information.

Try OSV-Scanner V2You can try V2.0.0 and contribute to its ongoing developme…

Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of $12 million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who’s reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who’ve recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and rel…

Scam Detection in Google Messages uses powerful Google AI to proactively address conversational scams by providing real-time detection even after initial messages are received.

You can turn off Spam Protection, which includes Scam Detection, in your Google Messages at any time.

Scam Detection in Google Messages is launching in English first in the U.S., U.K. and Canada and will expand to more countries soon.

Scam Detection for callsMore than half of Americans reported receiving at least one scam call per day in 2024.

If enabled, Scam Detection will beep at the start and during the call to notify participants the feature is on.

This includes memory-safe languages, now including high-performance ones such as Rust, as well as safer language subsets like Safe Buffers for C++.

In Android for example, the increasing adoption of memory-safe languages like Kotlin and Rust in new code has driven a significant reduction in vulnerabilities.

In this way, policymakers will gain the technical foundation to craft effective policy initiatives and incentives promoting memory safety.

Importantly, our vision for achieving memory safety through standardization focuses on defining the desired outcomes rather than locking ourselves into specific technologies.

The goal would be to objectively compare the memory safety assurance of diff…

Google Play’s multi-layered protections against bad appsTo create a trusted experience for everyone on Google Play, we use our SAFE principles as a guide, incorporating multi-layered protections that are always evolving to help keep Google Play safe.

Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source.

In 2024, Google Play Protect’s real-time scanning identified more than 13 million new malicious apps from outside Google Play1.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled …

This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.

One of these tools is a robust evaluation framework we have developed to automatically red-team an AI system’s vulnerability to indirect prompt injection attacks.

Threat model and evaluation frameworkOur threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above.

Based on this probability, the attack model refines the prompt injection.

This process repeats until the attack model converges to a successful prompt injection.

This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft.

As part of enabling Identity Check, you can designate one or more trusted locations.

Theft Detection Lock: expanding AI-powered protection to more usersOne of the top theft protection features introduced last year was Theft Detection Lock, which uses an on-device AI-powered algorithm to help detect when your phone may be forcibly taken from you.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help …

Today, we’re excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning.

We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface.

OSV-Scanner + OSV-SCALIBRUsers looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities using much of the same extraction as OSV-SCALIBR.

Some of OSV-SCALIBR’s capabilities are not yet available in OSV-Scanner, but we’re currently working on integrating OSV-SCALIBR more deeply into O…

Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage.

A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis.

This integration provides industry-leading insights into open source vulnerabilities—a crucial capability as software supply chain attacks continue to grow in frequency and complexity, impacting organizations reliant on open source software.

Open source vulnerabilities, with more reachArtifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability dat…

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.