• Open

    Keep Your Tech Flame Alive: Trailblazer Rachel Bayley
    In this Akamai FLAME Trailblazer blog post, Rachel Bayley encourages women to step into the unknown and to be their authentic selves.
    Threats Making WAVs - Incident Response to a Cryptomining Attack
    Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.
    The Oracle of Delphi Will Steal Your Credentials
    Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.
    The Nansh0u Campaign ? Hackers Arsenal Grows Stronger
    In the beginning of April, three attacks detected in the Guardicore Global Sensor Network (GGSN) caught our attention. All three had source IP addresses originating in South-Africa and hosted by VolumeDrive ISP (see IoCs).
    PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers
    Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

  • Open

    Scattered Spider is running a VMware ESXi hacking spree
    Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. [...]  ( 10 min )

  • Open

    📖 [The CloudSecList] Issue 298
    📖 [The CloudSecList] Issue 298 was originally published by Marco Lancini at CloudSecList on July 27, 2025.  ( 5 min )
  • Open

    Allianz Life confirms data breach impacts majority of 1.4 million customers
    Insurance company Allianz Life has confirmed that the personal information for the "majority" of its 1.4 million customers was exposed in a data breach that occurred earlier this month. [...]  ( 9 min )
    Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks
    More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. [...]  ( 8 min )
  • Open

    Scientists Report Surreal Scenes In the World’s Most Northern Town
    Researchers witnessing warming in Svalbard worry that “we have been too cautious” with climate warnings.  ( 7 min )
  • Open

    GENIUS法/CLARITY法案:暗号資産規制・コンプライアンスの現状と最新動向
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 米国の暗号資産政策において、歴史的な転換点が訪れました。長年にわたり規制が整備されていなかった状況を経て、米国議会は大きく前進しました。米国下院は、暗号資産に関する規制を刷新する2つの包括的な法案、GENIUS法およびCLARITY法を可決し、大統領がGENIUS法に署名したことで、同法がついに成立しました。 この規制強化には、以下のような重要な要素が含まれます。 ステーブルコイン発行者に対する連邦政府のライセンス制度の導入 厳格な準備金要件の設定 米国証券取引委員会(SEC)および商品先物取引委員会(CFTC)の管轄権に関する明確化 これにより、米国は規制面で「追いつき追い越す」段階を終え、今後デジタルアセットマーケットの形成においてより主導的な役割を果たす準備を整えたといえる、これまでで最も強いシグナルを世界に示した形となります。 では、これらの動きが実際にどのような意味を持つのか、Chainalysisの視点からも今後詳細に分析していきます。 GENIUS法によるステーブルコイン業界のコンプライアンス要件 GENIUS法は、ステーブルコイン業界に対して基本的な要件を導入し、発行者およびそのアセットの今後の運営方法を定義しています。 主な内容は以下の通りです。 ライセンス制度は2段階制です。「認可された決済用ステーブルコイン発行者」以外の事業体が米国で決済用ステーブルコインを発行することは禁止されています。ステーブルコイン発行には、連邦政府もしくは州政府のライセンスを取得する必要があります。 時価総額が100億米ドル未満の場合は、州レベルのライセンス取得が可能ですが、州は連邦の基準に従う必要があります。 時価総額が100億米ドル以上の場合は、OCC(通貨監督庁)やその他の連邦銀行監督機関の監督下で連邦ライセンスを取得することが求められます。 準備金については、100%が高品質かつ流動性の高い資産で裏付けされていること、および完全な開示が求められます。適格アセットには、米ドル、短期国債、レポ、国債を担保としたリバースレポ、適格アセットに投資するマネーマーケットファンド、中央銀行準備預金などが含まれます。 すべての発行者は、毎月準備金の情報開示を義務付けられ、規模の大きい発行者については年次財務諸表の提出も必要です。 マネーロンダリング対策(AML)および制裁対応については、銀行秘密保護法(BSA)の適用範囲を全面的にカバーしています。発行者は金融機関として分類され、AML・KYCプログラムの実施や不審な活動の監視・通報(疑わしい取引の届出)、OFAC制裁スクリーニングの遵守が必須です。 また、発行者は法的命令に基づくステーブルコインの差し押さえ、凍結、バーン、または移転防止に関する技術的能力を備えている必要があります。 さらに、施行日から3年以内に、(1)違法な金融取引を検出するための新規かつ革新的な手法、(2)決済用ステーブルコイン発行者が違法行為を特定・監視・報告する基準、(3)分散型金融(DeFi)プロトコルと関わる金融機関向けのカスタマイズされたリスク管理基準に関する調査と、米財務省 金融犯罪取締ネットワーク(FinCEN)によるガイダンス策定が求められています。… The post GENIUS法/CLARITY法案:暗号資産規制・コンプライアンスの現状と最新動向 appeared first on Chainalysis.  ( 8 min )
    暗号資産業界で注目されるロールアップ技術とは:ポッドキャスト第168回
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 ロールアップは、Ethereum などのブロックチェーンが持つ本来のセキュリティ特性や高い中立性を損なうことなく、ブロックチェーンのスケーラビリティ向上を可能とするソリューションとして注目されています。このエピソードでは、Conduit の創設者である Andrew Huang が、Chainalysis シニアソリューションアーキテクトの Brian Alapatt とともに、ロールアップ技術を活用してトランザクション処理能力や顧客エンゲージメントを強化する多様な暗号資産アプリケーションについて、重要な見解を共有します。 エピソードはSpotify、Apple、Audibleにて配信中です。また、各サービスにて購読も可能です。エピソード168のプレビューについては、下記をご覧ください。 Public Key エピソード168:DeFiの可能性を広げる ― ロールアップの役割 ロールアップは、Ethereumなどのブロックチェーンにおいて、実際に評価されているセキュリティ特性や信頼性の高い中立性を維持しつつ、スケーラビリティを向上させるための主要なソリューションとなっています。 今回のエピソードではConduit の創設者… The post 暗号資産業界で注目されるロールアップ技術とは:ポッドキャスト第168回 appeared first on Chainalysis.  ( 8 min )
    日本における暗号資産規制の先進的取り組み:ポッドキャスト第167回
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 Mt.Goxの破綻は、世界中の規制当局に対してデジタルアセットをもはや無視できないという現実を突きつけました。特に日本の金融庁はこのメッセージを最も強く受け止めた機関の一つです。 本エピソードでは、ChainalysisのAPACポリシー責任者であるChengyi Ongが、金融庁 総合政策局総務課国際室 国際企画調整官/国際資金洗浄対策調整官 の牛田遼介氏と対談しています。暗号資産規制分野における金融庁の先駆的な取り組みや、日本がイノベーションとリスク低減の両立に成功した背景について、多角的な視点から掘り下げています。 エピソードはSpotify、Apple、Audibleにて配信中です。また、各サービスにて購読も可能です。対談の内容は下記の対談全文でご確認いただけます。 Public Key エピソード167:日本の暗号資産規制における革新的な歩み Mt.Goxの破綻をきっかけに、世界各国の規制当局はデジタルアセットを無視できない存在として認識するようになりました。中でも、日本の金融庁はその重要性を最も強く認識し、積極的な対応を進めてきました。 Chainalysis APACポリシー責任者であるChengyiと、金融庁 総合政策局総務課国際室 国際企画調整官/国際資金洗浄対策調整官 牛田遼介氏の対談では、金融庁が暗号資産規制分野で果たしてきた先駆的な役割と、日本がイノベーションとリスク低減のバランスをどのように実現してきたのかについて、多角的な視点から意見交換が行われました。 この対談の中で、牛田氏は規制とイノベーションの目標を両立させるために重要となる、省庁間の連携を含めた日本独自の包括的デジタルアセット戦略の進化についても言及しています。また、ステーブルコイン規制、暗号資産をめぐる政策の国際的な調和、そしてサイバー脅威によるセキュリティ課題への対応といったテーマも取り上げられ、日本がフィンテックおよびデジタルアセット分野で採用してきた多面的なアプローチも紹介されました。 今回の印象的な一言  ”日本の暗号資産の歴史は2014年から始まりました。当時、東京に「Mt.Gox」というbitcoin取引所があり、世界のbitcoin取引の70%以上がこの取引所で行われていました。しかし、金融庁(JFSA)はその事実を全く把握していませんでした。ところが突然、およそ5億米ドル相当のbitcoinが失われる事件が発生しました。この出来事をきっかけに、2016年には暗号資産サービスプロバイダー向けの新たな規制枠組みが創設されました。”  牛田遼介氏… The post 日本における暗号資産規制の先進的取り組み:ポッドキャスト第167回 appeared first on Chainalysis.  ( 8 min )

  • Open

    Amazon AI coding agent hacked to inject data wiping commands
    A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. [...]  ( 9 min )
    Microsoft investigates outage affecting Microsoft 365 admin center
    Microsoft is investigating an ongoing outage blocking Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center. [...]  ( 8 min )
    The role of the cybersecurity PM in incident-driven development
    From PowerShell abuse to USB data theft, modern threats hit fast—and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management. [...]  ( 7 min )
    US sanctions North Korean firm, nationals behind IT worker schemes
    The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People's Republic of Korea (DPRK) government. [...]  ( 9 min )
    Woman gets 8 years for aiding North Koreans infiltrate 300 US firms
    Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies. [...]  ( 9 min )
    Microsoft lifts Windows 11 update block for Easy Anti-Cheat users
    Microsoft has removed a compatibility hold that prevented some Easy Anti-Cheat users from installing the Windows 11 2024 Update because of a known issue that triggers restarts with blue screen of death (BSOD) errors. [...]  ( 8 min )
  • Open

    Marcus Michaelsen on the Impacts of Transnational Repression: Interview by Stockholm Center for Freedom
    What’s stopping diaspora members from speaking up against the government in their home country? In an interview with the Stockholm Center for Freedom (SCF), Citizen Lab senior researcher Marcus Michaelsen discusses digital transnational repression (DTR) and its impacts on diasporas worldwide.  Read the interview.  ( 3 min )
  • Open

    Beyond Perimeter Defense: Implementing Zero Trust in Federal Agencies
    Learn how to address cybersecurity in this new perimeter-less world and get six steps to achieving Least Permissive Trust for federal agencies.
  • Open

    Steam games abused to deliver malware once again
    A cybercriminal managed to insert malicious files leading to info stealers in a pre-release of a game on the Steam platform  ( 9 min )
    Watch out: Instagram users targeted in novel phishing campaign
    Phishers are using legitimate looking Instagram emails in order to scam users.  ( 10 min )
  • Open

    Behind the Blog: Don't Record Me, Bro
    This week, we discuss smart glasses for frat bros, Amazon comms messiness, and more.  ( 4 min )
    Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan
    “DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!” the thread read before being deleted.  ( 4 min )
  • Open

    New AWS whitepaper: AWS User Guide to Financial Services Regulations and Guidelines in Australia
    Amazon Web Services (AWS) has released substantial updates to its AWS User Guide to Financial Services Regulations and Guidelines in Australia to help financial services customers in Australia accelerate their use of AWS. The updates reflect the Australian Prudential Regulation Authority’s (APRA) publication of the Prudential Standard CPS 230 Operational Risk Management (CPS 230), which […]  ( 14 min )
  • Open

    CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
    On January 25th, 2025, the Trend Zero Day Initiative (ZDI) received a report from Kentaro Kawane of GMO Cybersecurity by Ierae regarding a deserialization of untrusted data vulnerability in Cisco Identity Services Engine (ISE). This pre-authentication vulnerability existed in the enableStrongSwanTunnel method of the DescriptionRegistrationListener class. While analyzing this vulnerability, I noticed that the same function was also vulnerable to command injection as root. Cisco patched this initially as CVE-2025-20281(ZDI-25-609), but also released CVE-2025-20337 (ZDI-25-607) to fully address the vulnerability. You’ll see why below. Exploitation wasn't as straight forward as I'd originally hoped but was ultimately a lot more fun than a normal, run-of-the-mill command injection. In this blog…
  • Open

    Meet Network Chuck at Black Hat USA!
    Join us at #BHUSA and meet @NetworkChuck 📣​  ( 7 min )
  • Open

    InfoSec News Nuggets 7/25/2025
    Trump AI plan calls for cybersecurity assessments, threat info-sharing  The U.S. government will expand information sharing, cyber risk evaluations and guidance to the private sector to address the cybersecurity threats posed by artificial intelligence, according to an “AI action plan” that the Trump administration published on Wednesday. “As our global competitors race to exploit these technologies, it is […] The post InfoSec News Nuggets 7/25/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    bitcoinの分析で明らかになったIntelBrokerの摘発
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 国際的な法執行機関が連携し、BreachForumを摘発し、IntelBroker(Kai West)を含む5人の管理者を逮捕しました。 IntelBrokerは、覆面捜査においておとり購入の決済手段としてMoneroではなくbitcoinを受け入れたため、ブロックチェーン分析が可能となり、事件解決の糸口となりました。 Chainalysis Reactorは、複数の暗号資産取引所を介した暗号資産の流通を追跡することで、IntelBrokerのデジタル上の活動とその正体を結びつけるうえで重要な役割を果たしました。 本件は、ブロックチェーン分析と従来の捜査手法を組み合わせることで、暗号資産の匿名性を効果的に打破できることを実証しています。   2025年6月25日、国際的な連携作戦により、法執行機関は、盗難データの取引で最も重要なプラットフォームの一つであるBreachForumに対して一斉捜査を実施しました。フランスのサイバー犯罪対策部隊(Brigade de lutte contre la cybercriminalité/BL2C)は、プラットフォーム管理者とみられる5人(サイバー攻撃者のShinyhunter、Noct、Depressedを含む)を逮捕しました。 同時に、ニューヨーク南部地区連邦検察局はイギリス国籍のKai Westに対し、『IntelBroker』としての活動に関連する容疑で起訴状を公表しました。IntelBrokerは、2024年8月から2025年1月までBreachForumの所有者として活動していました。Westは高度なブロックチェーン分析により、暗号資産の匿名性を突破し、デジタル上のペルソナを現実世界の身元へと結びつけることが可能であることが示された調査によって、2025年2月にフランス当局によって逮捕されています。 捜査:暗号資産がデジタル指紋と化した経緯 IntelBrokerの特定において大きな進展があったのは、2023年1月の慎重に計画された覆面捜査によるものでした。IntelBrokerは盗んだデータの売却を持ちかけ、覆面捜査官が購入の連絡を取りました。通常、IntelBrokerはプライバシー保護機能の高いプライバシーコインであるMoneroによる支払いを要求していましたが、この際、捜査官はサイバー攻撃者にbitcoinによる支払いを受け入れさせることに成功しました。この支払い方法の変更が、IntelBrokerの活動解明の大きな決定打となりました。 IntelBrokerが提供したbitcoinのアドレス(bc1qj52d3d4p6d9d72jls6w0zyqrrt0gye69jrctvq)から、その資金の流れや財務基盤の全容が明らかとなりました。bitcoinは他の多くの暗号資産と同様に、透明性の高いブロックチェーン上で取引が公開される仕組みのため、取引履歴を追跡しやすいという特徴があります。一方、IntelBrokerが本来利用を希望していたMonero(XMR)は、送信者・受信者・取引額の秘匿など、匿名性やプライバシー重視の機能を持ち合わせているため、ブロックチェーン上での資金の追跡が非常に困難です。このようなプライバシーコインは、世界中の多くの暗号資産取引所で規制の対象となっており、日本や韓国などでは既に取引が禁止されています。… The post bitcoinの分析で明らかになったIntelBrokerの摘発 appeared first on Chainalysis.  ( 8 min )

  • Open

    BlackSuit ransomware extortion sites seized in Operation Checkmate
    Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years. [...]  ( 9 min )
    OpenAI confirms ChatGPT Agent is now rolling out for $20 Plus users
    ChatGPT Agent is now rolling out to users with $20 Plus subscription, but OpenAI warns that it will take a few days for the rollout to finish. [...]  ( 8 min )
    New Koske Linux malware hides in cute panda images
    A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. [...]  ( 10 min )
  • Open

    Post-quantum TLS in Python
    At Amazon Web Services (AWS), security is a top priority. Maintaining data confidentiality is a substantial component of operating environment security for AWS and our customers. Though not yet available, a cryptographically relevant quantum computer (CRQC) could be used to break public key algorithms that are used today to provide data confidentiality. To prepare for […]  ( 17 min )
    AWS Security Incident Response: The customer’s journey to accelerating the incident response lifecycle
    Organizations face mounting challenges in building and maintaining effective security incident response programs. Studies from IBM and Morning Consult show security teams face two major challenges: over 50 percent of security alerts go unaddressed because of resource constraints and alert fatigue, while false positives consume 30 percent of investigation time, delaying responses to true positive threats […]  ( 25 min )
  • Open

    Credit Card Companies Are Hurting the Future of Video Games
    By going after Itch.io, “we’re really hamstringing the future of arts and communication.”  ( 11 min )
    Grindr Won’t Let Users Say 'No Zionists'
    An error message appears saying "The following are not allowed: no zionist, no zionists" when users try to add the phrase to their bios, but any number of other phrases about political and religious preferences are allowed.  ( 4 min )
    Lawsuit Alleges Roblox Hosted Digital 'Diddy Freak-Off' Themed Games
    The games were mentioned in a 2024 report and are now part of a new lawsuit in which a 11 year old girl was allegedly groomed and sexually assaulted after meeting a stranger on Roblox.  ( 3 min )
    LeBron James' Lawyers Send Cease-and-Desist to AI Company Making Pregnant Videos of Him
    Viral Instagram accounts making LeBron 'brainrot' videos have also been banned.  ( 4 min )
    Humans Have Shifted Earth's Rotation, Scientists Discover. Here's How.
    Over the past few centuries, dams have pulled the poles a few feet off of Earth’s rotational axis.  ( 6 min )
  • Open

    Age verification: Child protection or privacy risk?
    With more platforms and governments asking for age verification, we look at the options and the implications.  ( 11 min )
    iPhone vs. Android: iPhone users more reckless, less protected online
    Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.  ( 13 min )
    Introducing the smarter, more sophisticated Malwarebytes Trusted Advisor, your cybersecurity personal assistant
    Malwarebytes Trusted Advisor has had an update, and it's now sharper, smarter, and more helpful than ever.  ( 8 min )
    AI-generated image watermarks can be easily removed, say researchers
    The battle to fight misinformation continues.  ( 10 min )
  • Open

    InfoSec News Nuggets 7/24/2025
    Silicon Valley engineer admits theft of US missile tech secrets A Silicon Valley engineer has pleaded guilty to stealing thousands of trade secrets worth hundreds of millions of dollars, including crucial military technology. San Jose-based Chenguang Gong, a 59-year-old dual Chinese and American citizen, admitted downloading over 3,600 documents from two electronics manufacturers and storing them on […] The post InfoSec News Nuggets 7/24/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    Issue 276: API discovery hype, BOLA at McDonalds, Cisco APIs exploited, input validation best practices
    This week, we’re sharing two articles focused on input validation best practices, exploring how weak validation can leave APIs exposed. We also take a closer look at some recent claims about API discovery that risk distracting from real security issues, plus a review of recent API security incidents reported at McDonald’s and Cisco. Article: How [...] Read More... The post Issue 276: API discovery hype, BOLA at McDonalds, Cisco APIs exploited, input validation best practices appeared first on API Security News.  ( 8 min )
  • Open

    CISA Recommends Segmentation & Zero Trust to Combat Interlock Ransomware
    No content preview

  • Open

    New whitepaper available: AICPA SOC 2 Compliance Guide on AWS
    We’re excited to announce the release of our latest whitepaper, AICPA SOC 2 Compliance Guide on AWS, which provides in-depth guidance on implementing and maintaining SOC 2-aligned controls using AWS services. Building and operating cloud-native services in alignment with the AICPA’s Trust Services Criteria requires thoughtful planning and robust implementation. This new whitepaper helps cloud architects, […]  ( 14 min )
  • Open

    Google’s AI Is Destroying Search, the Internet, and Your Brain
    Google’s AI Overview, which is easy to fool into stating nonsense as fact, is stopping people from finding and supporting small businesses and credible sources.  ( 4 min )
    Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent
    The wiping commands probably wouldn't have worked, but a hacker who says they wanted to expose Amazon’s AI “security theater” was able to add code to Amazon’s popular ‘Q’ AI assistant for VS Code, which Amazon then pushed out to users.  ( 4 min )
    ChatGPT Hallucinated a Feature, Forcing Human Developers to Add It
    Welcome to the era of ‘gaslight driven development.’ Soundslice added a feature the chatbot thought it existed after engineers kept finding screenshots from the LLM in its error logs.  ( 5 min )
    Podcast: Spotify Is Publishing AI Tracks of Dead Artists
    Spotify is publishing AI-generated tracks of dead artists; a company is selling hacked data to debt collectors; and the Astronomer CEO episode shows the surveillance dystopia we live in.  ( 4 min )
  • Open

    Proton launches Lumo, a privacy-focused AI chatbot
    Proton, known for its privacy focused set of services, announced the introduction of Lumo, a privacy-first Artificial Intelligence (AI) chatbot. It...  ( 10 min )
  • Open

    InfoSec News Nuggets 7/23/2025
    158-year-old company forced to close after ransomware attack precipitated by a single guessed password A UK-based transportation company with a venerable 158-year history has collapsed in the wake of a ransomware attack. Around 500 Northamptonshire-based Knights of Old (KNP) trucks are now off the road, and 700 people have lost their jobs, due to money-grasping […] The post InfoSec News Nuggets 7/23/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    Creams Cafe - 159,652 breached accounts
    In May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK's favourite dessert parlour". The data included email and physical addresses, names and phone numbers. Creams Cafe did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP subscribers confirmed the legitimacy and accuracy of the data.  ( 2 min )

  • Open

    'It's Not a Political Statement': Checking in With Tesla Superfans at Elon Musk's New Diner
    The Tesla Diner has two gigantic screens, a robot that serves popcorn, and owners hope it will be free from people who don't like Tesla.  ( 9 min )
    Military Says It Will ‘Continuously’ Monitor Bathrooms to Comply With Anti-Trans Order
    An internal memo obtained by 404 Media also shows the military ordered a review hold on "questionable content" at Stars and Stripes, the military's 'editorially independent' newspaper.  ( 5 min )
    We're Publishing Our ICE Reporting In Spanish
    From ICE's facial recognition app to its Palantir contract, we've translated a spread of our ICE articles into Spanish and made them freely available.  ( 5 min )
  • Open

    Introducing SRA Verify – an AWS Security Reference Architecture assessment tool
    The AWS Security Reference Architecture (AWS SRA) provides prescriptive guidance for deploying AWS security services in a multi-account environment. However, validating that your implementation aligns with these best practices can be challenging and time-consuming. Today, we’re announcing the open source release of SRA Verify, a security assessment tool that helps you assess your organization’s alignment […]  ( 14 min )
    Five facts about how the CLOUD Act actually works
    French | German At Amazon Web Services (AWS), customer privacy and security are our top priority. We provide our customers with industry-leading privacy and security when they use the AWS Cloud anywhere in the world. In recent months, we’ve noticed an increase in inquiries about how we manage government requests for data. While many of […]  ( 34 min )
  • Open

    Startup takes personal data stolen by malware and sells it on to other companies
    A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data.  ( 11 min )
    ‘Car crash victim’ calls mother for help and $15K bail money. But it’s an AI voice scam
    A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam.  ( 10 min )
  • Open

    Coyote in the Wild: First-Ever Malware That Abuses UI Automation
    No content preview
    Understand the SharePoint RCE: Exploitations, Detections, and Mitigations
    No content preview
  • Open

    Disrupting active exploitation of on-premises SharePoint vulnerabilities
    Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Customers should apply these updates immediately to ensure they are protected. The post Disrupting active exploitation of on-premises SharePoint vulnerabilities appeared first on Microsoft Security Blog.  ( 31 min )
    Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
    We’re evolving our industry-leading Security Incidents and Event Management solution (SIEM), Microsoft Sentinel, to include a modern, cost-effective data lake. By unifying all your security data, Microsoft Sentinel data lake, in public preview, accelerates AI adoption and drives unparalleled visibility, empowering teams to detect and respond faster. With Sentinel data lake, you’re no longer forced to choose between retaining critical data and staying within budget. ​  The post Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI appeared first on Microsoft Security Blog.  ( 22 min )
  • Open

    InfoSec News Nuggets 7/22/2025
    Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem Recent revelations of Chinese government-backed hacking show a recurring pattern: prominent hackers behind groups such as APT17, APT27, APT41, Flax Typhoon, and Red Hotel—monikers given by cybersecurity researchers for groups with similar tactics—trace their roots to a broader community of early elite hackers, known as […] The post InfoSec News Nuggets 7/22/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    The Rise of Rollups in Crypto: Podcast Ep. 168
    Rollups have been the go-to solution for scaling blockchains while being able to maintain the security properties and credible neutrality… The post The Rise of Rollups in Crypto: Podcast Ep. 168 appeared first on Chainalysis.  ( 9 min )
    Following the Bitcoin Trail: The IntelBroker Takedown
    TL;DR International law enforcement coordinated to take down BreachForum, arresting five administrators including IntelBroker (Kai West). Breakthrough came when IntelBroker… The post Following the Bitcoin Trail: The IntelBroker Takedown appeared first on Chainalysis.  ( 10 min )
    ギリシャ初の暗号資産差押え事例:Chainalysis ReactorがBybitハッキング資金回収を支援
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 ギリシャのマネーロンダリング対策当局は、Chainalysisの支援のもと、過去最大規模となる15億ドル相当のBybitハッキング事件において、初めて暗号資産の押収に成功しました。追跡された資産の一部については、すでに凍結が実施されています。 この画期的な成果は、2023年に当局が現地パートナーであるPerformance Technologiesを通じてChainalysis Reactorを導入し、継続的なサポートを受けてきたことによる戦略的な投資が基盤となっています。 この事例は、最先端のブロックチェーン分析ツール、専門家によるトレーニング、そして国際的な協力体制の組み合わせが、グローバルな暗号資産犯罪への対策において非常に有効であることを示しています。 ブロックチェーンが持つ、公開かつ不変の台帳という特性は、法執行機関や情報機関にとって強力なツールとなっています。あらゆるトランザクションがデジタル上に痕跡を残すため、適切なツールと専門知識を用いることで、複雑な犯罪の計画や資金の流れを解明することが可能です。 こうした原則は、ギリシャのマネーロンダリング対策当局がギリシャ国内で初めて適用した事例で実証されています。同当局は、ブロックチェーン分析技術を活用し、暗号資産を用いた犯罪に対する画期的な成果をあげました。これは、適切な分析基盤と連携体制があれば、従来の金融資産と比べて暗号資産ははるかに追跡・回収がしやすいことを示しています。 この画期的な作戦により、史上最大規模のサイバー強盗事件で盗まれた資金の回収に成功しました。この成果は、最先端の技術と専門知識への戦略的な投資が直接もたらしたものです。また、この成功は、公的機関がブロックチェーンの透明性を最大限に活用することで、デジタル時代の金融犯罪に効果的に立ち向かうことができることを明確に示しています。   窃盗事件から地域当局による解明へ 2025年2月、Bybitから約15億米ドル相当の暗号資産が不正流出した事件に端を発した本捜査は、北朝鮮 ラザルスやロシアが関与する悪名高いマネーロンダリング活動との関連が広く指摘されています。犯行グループは、盗み出したETHを即座に複数の複雑な取引ネットワークを通じて送金し、資金の流れを巧妙に隠蔽するなど、高度な資金洗浄手法を用いていました。 数か月後、不審な暗号資産トランザクションに関する新たな情報が発見され、これがギリシャ当局による複雑なマネーロンダリングスキームの全容解明の重要な手掛かりとなりました。 Chainalysis Reactorを活用した資金の流れの追跡 ギリシャ当局は、重要な局面で戦略的な準備が大きな役割を果たしました。2023年、当局は信頼できる地域パートナーであるPerformance Technologiesを通じてChainalysis Reactorを導入し、高度なブロックチェーン分析機能に投資していました。Performance Technologiesのアナリティクス事業部は、専門的なコンサルティング、包括的なトレーニング、継続的なサポートを通じて、当局の分析能力強化を支えました。… The post ギリシャ初の暗号資産差押え事例:Chainalysis ReactorがBybitハッキング資金回収を支援 appeared first on Chainalysis.  ( 8 min )
  • Open

    Solving Dumb Hacker Problems With Nix | Ryan Basden
    No content preview

  • Open

    Beyond IAM access keys: Modern authentication approaches for AWS
    When it comes to AWS authentication, relying on long-term credentials, such as AWS Identity and Access Management (IAM) access keys, introduces unnecessary risks; including potential credential exposure, unauthorized sharing, or theft. In this post, I present five common use cases where AWS customers traditionally use IAM access keys and present more secure alternatives that you […]  ( 16 min )
  • Open

    Introducing OSS Rebuild: Open Source, Rebuilt to Last
    Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers. The project comprises: Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages. SLSA Provenance for thousands of packages across our supported ecosystems, meeting SLSA Build Level 3 requirements with no publisher intervention. Build observability and verification tools that security teams can integrate into their existing vulnerabilit…  ( 38 min )
  • Open

    The Citizen Lab’s Submission to the UN on Universal Birth Registration and the Use of Digital Technologies
    In a submission to the United Nations Office of the High Commissioner of Human Rights, Citizen Lab researchers warn of the dangerous rhetoric of “birth registration and certification as a prerequisite for other rights” and the risks digital ID infrastructure could pose to human rights.  ( 3 min )
    Chasing Shadows: Chronicles of Counter-Intelligence from the Citizen Lab
    On August 6, join Citizen Lab director Ron Deibert for his keynote, "Chasing Shadows: Chronicles of Counter-Intelligence from the Citizen Lab," at Black Hat 2025.  ( 3 min )
    Canada’s Outdated Laws Leave Spyware Oversight Dangerously Weak
    In a new piece for Policy Options, senior research associate Kate Robertson and legal extern Song-Ly Tran discuss how outdated protections in Canada’s decades old wiretap laws fail to protect people in Canada from abuse of spyware technologies.  ( 3 min )
  • Open

    InfoSec News Nuggets 7/21/2025
    New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers TeleMessage SGNL, a made-in-Israel clone of the Signal app used by US government agencies and regulated businesses, has been found running with an outdated configuration that exposes sensitive internal data to the internet, no login required. The main cause of the problem is how some […] The post InfoSec News Nuggets 7/21/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    “Ring cameras hacked”? Amazon says no, users not so sure
    Ring users on TikTok, Reddit, and X are reporting multiple unauthorized device logins all dating back to May 28.  ( 10 min )
    A week in security (July 14 – July 20)
    A list of topics we covered in the week of July 14 to July 20 of 2025  ( 8 min )
  • Open

    Why Customer Experience Is the New Battleground in Zero Trust
    Learn why being named a Customer Favorite in Forrester's Zero Trust Wave reveals what we believe really matters in cybersecurity.
    How Search Engines, LLMs, and Third-Party Scrapers Affect Bot Management
    No content preview
  • Open

    イタリア警察、Chainalysisを活用し880万ユーロ規模の違法暗号資産取引所を摘発
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 イタリアのカラビニエリ(国家憲兵隊) 暗号資産部門は、2021年から2024年にかけて約880万ユーロのマネーロンダリングに関与した違法な暗号資産取引所の運営者である中国籍のFranco Leeを逮捕し、デジタルアセットの一部を押収しました。 この成果は、カラビニエリが独自に開発したスクリプトと、Chainalysis Reactorによるネットワーク分析、さらにWallet Scanを用いた断片化されたシードフレーズからの迅速なウォレット特定といった高度な捜査技術を組み合わせることで達成されました。 本件は、欧州の法執行機関における技術力の高度化を示すとともに、複雑化する暗号資産関連の金融犯罪に対処するための具体的な前例を確立しました。 イタリアを拠点とする国際ネットワーク Franco Leeは、2021年から2024年にかけて、主にイタリアのローマおよびフラスカティを拠点とし、国際的な違法金融サービスネットワークを運営していました。このネットワークは、不正な金融投資の宣伝やマネーロンダリング、自己によるマネロン(セルフ・ローンダリング)などに関与し、約880万ユーロ相当の暗号資産取引を仲介していました。Leeは、顧客から5%から10%の手数料を徴収することで、金融コンプライアンス規制の回避とユーザーの匿名性の確保を実現していました。 また、Leeのネットワークはイタリア国内にとどまらず、国際的な取引にも広がっていました。 Leeは海外の暗号資産取引所も活用し、フランス、スイス、スペインでも取引を行っていました。さらに、ローマで開催されたブロックチェーン関連イベント「Blockchain Week」に登壇するなど、国際的な暗号資産コミュニティとのつながりが明確になっています。 コードの解読:バラバラのフレーズから証拠の構築へ 捜査の過程で、暗号資産特有の複雑な課題が明らかになりました。容疑者であるLeeは、暗号資産の仮名性や国境を越える送金、分散型という特性を巧みに利用し、顧客を集めながらも監視の目をかいくぐっていました。また、貸金庫から発見された50以上のシードフレーズについても、1つずつを意図的に多数の紙片に分割することで、資産の回復プロセスを複雑化させていました。 こうした困難な状況下においては、カラビニエリ暗号資産部門の専門知識が不可欠となりました。同部門は、複数の高度な技術を組み合わせてこの課題を乗り越えました。 ネットワーク分析 (Chainalysis… The post イタリア警察、Chainalysisを活用し880万ユーロ規模の違法暗号資産取引所を摘発 appeared first on Chainalysis.  ( 8 min )

  • Open

    📖 [The CloudSecList] Issue 297
    📖 [The CloudSecList] Issue 297 was originally published by Marco Lancini at CloudSecList on July 20, 2025.  ( 6 min )
  • Open

    押収暗号資産を巡るNCA職員の不正行為とChainalysisの分析
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 英国の法執行機関の職員が、Silk Road 2.0の捜査で押収された資産から約50 BTCを盗み出しました。犯人はBitcoin Fogというミキシングサービスを利用していたものの、Chainalysisの業界トップクラスのデータと専門的な調査サービスにより、トランザクションの痕跡を追跡することができました。約5年間の休眠期間を経て、当局は最終的に盗まれた130万ドル相当のbitcoinを回収しています。 このケースは、ブロックチェーン上の不変性を持つ記録と高度なブロックチェーン分析技術を組み合わせることで、巧妙な金融犯罪であっても明らかにできるという点を示しています。 2019年、英国当局はダークネットマーケット「Silk Road 2.0」の管理者であるThomas Whiteを逮捕し、大きな成果をあげました。捜査の過程で、当局はWhiteが所有していたデバイスを押収しました。しかし、一見すると通常の捜査に見えたこの事案は、後に衝撃的な展開を見せました。国家犯罪捜査庁(NCA)の捜査官が押収デバイスから秘密鍵を発見し、それを利用してWhiteのウォレットから約50 BTCを不正に盗み出したのです。 2017年、捜査が本格化していた時期に、捜査官たちはWhiteのウォレットから約50 BTCが不正に送金されていることを突き止めました。このbitcoinの移動は当初見過ごされていましたが、ブロックチェーン上には消えない記録が残っていました。盗まれた資金は一連のトランザクションを経て、有名なミキシングサービス「Bitcoin Fog」を用いて検出を回避するために細分化され、体系的に引き出されていたことも判明しています。これらの手口は資金追跡を難しくすることを意図したものでした。   調査手法と証拠に基づく押収ビットコイン不正の解明 2022年、Merseyside Police(マージーサイド警察)は、Whiteに属していた50… The post 押収暗号資産を巡るNCA職員の不正行為とChainalysisの分析 appeared first on Chainalysis.  ( 8 min )
    2025年上半期暗号資産犯罪動向速報:北朝鮮による盗難資金が過去最大規模
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 2025年上半期暗号資産犯罪の主要なポイント 盗難資金 2025年、暗号資産サービスからの盗難額は21億7000万ドルを超え、2024年の年間被害額を上回りました。この主な原因は、北朝鮮によるByBitへの15億ドルのハッキングです。これは暗号資産史上最大のハッキング事件となりました。 2025年6月末までに、年初来(YTD)の盗難額は、過去最悪であった2022年を17%上回りました。現在の傾向が続けば、年末までにサービスからの盗難資金は40億米ドルを超える可能性があります。 エコシステム全体の盗難額に占める個人ウォレット被害の割合が増加しており、攻撃者は個人ユーザーを標的とする傾向を強めています。2025年の年初来の盗難資金全体の23.35%を占めています。 暗号資産保有者に対する身体的暴力や脅迫を伴う「レンチ攻撃」は、bitcoinの価格変動と相関関係があり、価格が高い時期に標的を絞って行われる傾向があることが示唆されています。 国・地域ごとの特徴 被害に遭った資金の所在地を見ると、2025年には米国、ドイツ、ロシア、カナダ、日本、インドネシア、韓国に集中していることがわかります。 地域別では、東ヨーロッパ、MENA、CSAOにおける被害者総数が、2024年上半期から2025年上半期にかけて最も急速に増加しました。 盗難に遭ったアセットの種類は地域によって顕著な違いがあり、これは各地域における暗号資産の普及パターンを反映していると考えられます。 マネー・ローンダリングの傾向 サービスを侵害するサイバー攻撃と個人を標的とするサイバー攻撃では、盗まれた資金の洗浄方法に違いが見られます。一般的に、サービスに不正アクセスする攻撃者の方が、より高度な手法を用いる傾向があります。 盗難資金の洗浄者は、資金の移動に多額の費用をかけており、その平均プレミアムは2021年の2.58倍から2025年年初来で14.5倍に増加しています。 ブロックチェーン上での資金移動のコストは年々減少しているにもかかわらず、盗難資金がオンチェーンで移動する際に発生する平均コストに対する上乗せ率は増加しています。 個人ウォレットを侵害するサイバー攻撃者には、盗んだ資産をすぐに洗浄せず、多額の盗難資金をオンチェーンに残しておく傾向が強まっています。現在、個人ウォレットを標的とした盗難による暗号資産は85億ドルがオンチェーンに保持されている一方、サービスから盗まれた資金は12億8000万ドルとなっています。 変化する違法取引環境 I2025年、違法取引は過去最高のペースで進行しており、その総額は昨年の推定510億ドルに匹敵するか、それを上回る勢いです。この状況は、違法行為者の活動に大きな変化が見られる中で発生しています。例えば、制裁対象であったロシアの暗号資産取引所Garantexの閉鎖や、700億ドル以上の資金を扱ってきたカンボジアを拠点とする中国語サービスHuione Groupに対するFinCENの特別措置の可能性が高まったことなどが挙げられます。これらの変化は、犯罪者がエコシステムを通じて資金を移動させる方法に影響を与えています。 このような動向の中で、2025年においては盗難資金の取引が最も深刻な問題として浮上しています。他の違法行為が前年比で多様な傾向を示す中、暗号資産の盗難の急増は、エコシステムの参加者にとって差し迫った脅威であると同時に、業界のセキュリティインフラにとって長期的な課題となっています。… The post 2025年上半期暗号資産犯罪動向速報:北朝鮮による盗難資金が過去最大規模 appeared first on Chainalysis.  ( 8 min )
  • Open

    Customer guidance for SharePoint vulnerability CVE-2025-53770
    Revision Change Date 1.0 Information published 07/19/25 2.0 Clarified affected SharePoint product in summary 07/20/25 Added fix availability guidance Provided additional protections guidance regarding: Upgrade SharePoint products to supported versions (if required) Install July 2025 Security Updates Rotate machine keys Updated Microsoft Defender detections and protections section: Documented additional MDE alerts Mapping exposure via Microsoft Defender Vulnerability Management Documented CVE-2025-53771 3.  ( 9 min )

  • Open

    Optimizing Government Websites for Peak Traffic Events
    Learn how to proactively withstand peak traffic events and improve your government website?s performance and security posture.
    Vulnerable to Bulletproof: Protect TLS via Certificate Posture Management
    No content preview
  • Open

    Meta execs pay the pain away with $8 billion privacy settlement
    Meta executives settled a shareholders' lawsuit alleging continuous disregard of privacy regulations for the price of $8 billion.  ( 12 min )
  • Open

    Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense
    Microsoft will spotlight its AI-first, end-to-end security platform at Black Hat USA 2025. Read our blog post for details on how to connect with us there and what to expect from our participation. The post Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense appeared first on Microsoft Security Blog.  ( 35 min )
  • Open

    how hackers hide (Intro to Beacon Object Files - with Empire C2!)
    No content preview
  • Open

    InfoSec News Nuggets 7/18/2025
    Microsoft Teams voice calls abused to push Matanbuchus malware The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. Matanbuchus is a malware-as-a-service operation seen promoted on the dark web first in early 2021. It was advertised as a $2,500 Windows loader that executes malicious payloads directly in […] The post InfoSec News Nuggets 7/18/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    PEPR '25 - Establishing Privacy Metrics for Genomic Data Analysis
    No content preview
    PEPR '25 - When Privacy Guarantees Meet Pre-Trained LLMs: A Case Study in Synthetic Data
    No content preview
    PEPR '25 - Using GenAI to Accelerate Privacy Implementations
    No content preview
    PEPR '25 - From Existential to Existing Risks of Generative AI: A Taxonomy of Who Is at Risk,...
    No content preview
    PEPR '25 - Breaking Barriers, Not Privacy: Real-World Split Learning across Healthcare Systems
    No content preview
    PEPR '25 - OneShield Privacy Guard: Deployable Privacy Solutions for LLMs
    No content preview
    PEPR '25 - Privacy Engineers on the Front Line: Bridging Technical and Managerial Skills
    No content preview
    PEPR '25 - Panel: How Privacy Engineers Can Shape the Coming Wave of AI Governance
    No content preview
    PEPR '25 - Building Privacy Products: Field Notes
    No content preview
    PEPR '25 - Verifying Humanness: Personhood Credentials for the Digital Identity Crisis
    No content preview
    PEPR '25 - Building an End-to-End De-Identification Pipeline for Advertising Activity Data at...
    No content preview
    PEPR '25 - Remediating Systemic Privacy Incidents
    No content preview
    PEPR '25 - Enterprise-Scale Privacy for AI: How Canva Scaled Customer Control of Data for AI...
    No content preview
    PEPR '25 - Observable...Yet Still Private? An Offensive Privacy Perspective on Observability
    No content preview
    PEPR '25 - Safetypedia: Crowdsourcing Privacy Inspections
    No content preview

  • Open

    Transparency on Microsoft Defender for Office 365 email security effectiveness
    Microsoft believes in transparently sharing performance data from Microsoft Defender for Office 365, and other ecosystem providers, to help customers evaluate email security solutions and make decisions to layer for defense in depth. The post Transparency on Microsoft Defender for Office 365 email security effectiveness appeared first on Microsoft Security Blog.  ( 21 min )
  • Open

    Adoption agency leaks over a million records
    The database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.  ( 10 min )
    Meta AI chatbot bug could have allowed anyone to see private conversations
    A researcher has disclosed how he found a—now fixed—vulnerability in Meta AI that could have allowed others to see private questions and answers.  ( 9 min )
    WeTransfer walks back clause that said it would train AI on your files
    File sharing site WeTransfer has rolled back language that allowed it to train machine learning models on any files that its users uploaded.  ( 9 min )
    Chrome fixes 6 security vulnerabilities. Get the update now!
    Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.  ( 9 min )
  • Open

    Fox Den Pull List: Our Favorite Comics
    At Bishop Fox, thinking like an adversary comes naturally. So it’s no surprise that comics—where power, perspective, and outsider thinking collide—resonate deeply with our team. Ahead of Comic-Con 2025, we asked our Foxes: what comics still stick with you?  ( 8 min )
  • Open

    Cloud Cost Conundrum: Rising Expenses Hinder AI Innovation in Europe
    No content preview

  • Open

    AWS successfully completes CCAG 2024 pooled audit with European financial institutions
    Amazon Web Services (AWS) has completed its annual Collaborative Cloud Audit Group (CCAG) audit engagement with leading European financial institutions. At AWS, security remains our highest priority. As customers continue to embrace the scalability and flexibility of the cloud, we support them in evolving security, identity, and compliance into core business enablers. The AWS Compliance […]  ( 15 min )
  • Open

    Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
    We are honored to be recognized once again as a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms—our sixth consecutive time. Microsoft was recognized for its completeness of vision and ability to execute, which we believe underscores the effectiveness of Defender for Endpoint in the face of an ever-shifting threat environment.​ The post Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.  ( 21 min )
    Protecting customers from Octo Tempest attacks across multiple industries
    To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem to protect against threat actors like Octo Tempest. The post Protecting customers from Octo Tempest attacks across multiple industries appeared first on Microsoft Security Blog.  ( 22 min )
  • Open

    InfoSec News Nuggets 7/16/2025
    Driver’s license numbers, addresses leaked in 2024 bitcoin ATM company breach Cryptocurrency ATM company Bitcoin Depot said more than 26,000 people had sensitive data in a batch of information stolen during a cyberattack about one year ago.  The company said it completed its investigation into the incident on July 18, 2024, but waited until this […] The post InfoSec News Nuggets 7/16/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    Dating app scammer cons former US army colonel into leaking national secrets
    A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.  ( 9 min )
    Amazon warns 200 million Prime customers that scammers are after their login info
    Amazon has emailed 200 million customers to warn them about a rather convincing phishing campaign.  ( 9 min )

  • Open

    AI and LLM Bot Management Has Become a Business-Critical Issue: Do It Right
    AI bots, agents, and LLM scrapers all want your content. Here?s how to manage them so that they help, not hinder, your business.
    From VPN to Zero Trust: Why It?s Time to Retire Traditional VPNs, Part 2
    No content preview
  • Open

    CVE-2025-4919: Corruption via Math Space in Mozilla Firefox
    In recent years, there has been an increase interest in the JavaScript engine vulnerabilities in order to compromise web browsers. Notably, vulnerabilities in JIT engines are among the most favorite ones as it provides strong primitives and well-known techniques are already available to facilitate compromise. At Pwn2Own Berlin 2025, Manfred Paul compromised the Mozilla Firefox renderer process using a vulnerability in IonMonkey but did not further escape the JavaScript engine sandbox. IonMonkey is the JavaScript JIT compiler for SpiderMonkey (the Firefox JavaScript and WebAssembly engine) This vulnerability is assigned CVE-2025-4919 and Mozilla swiftly fixed it in Mozilla Firefox 138.0.4 via Security Advisory 2025-36 in the following day. Trend Zero Day Initiative assigned ZDI-25-291 to th…
  • Open

    Repeater Strike: manual testing, amplified
    Manual testing doesn't have to be repetitive. In this post, we're introducing Repeater Strike - a new AI-powered Burp Suite extension designed to automate the hunt for IDOR and similar vulnerabilities  ( 5 min )
  • Open

    NoBooze1 Malware Targets TP-Link Routers via CVE-2019-9082
    Sensor Intel Series: July 2025 CVE Trends
  • Open

    How I Used AI to Crush CTF Challenges and What I Learned Along the Way | Tabatha Kossman
    No content preview
  • Open

    MaReads - 74,453 breached accounts
    In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.  ( 2 min )
  • Open

    Congratulations to the MSRC 2025 Most Valuable Security Researchers!
    The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.  ( 7 min )

  • Open

    ControlPlane Local Privilege Escalation Vulnerability on macOS
    A technical exploration of Local Privilege Escalation Vulnerability in ControlPlane on macOS.
  • Open

    Is AI “healthy” to use? (Lock and Code S06E14)
    This week on the Lock and Code podcast, we speak with Anna Brading and Zach Hinkle about whether using AI is damaging for our health.  ( 9 min )
    CNN, BBC, and CNBC websites impersonated to scam people
    Cybercriminals are using sponsored ads and fake news websites to lure victims to investment scams.  ( 10 min )
  • Open

    Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra
    Announcing the general availability of Microsoft Security Copilot capabilities for IT with Microsoft Intune and Microsoft Entra, offering AI-powered efficiency and enhanced security for your operations. The post Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra appeared first on Microsoft Security Blog.  ( 22 min )
  • Open

    InfoSec News Nuggets 7/14/2025
    McDonald’s ‘McHire’ chatbot records accessed via ‘123456’ password McDonald’s “McHire” job application service was accessed by researchers last month using the password “123456,” potentially exposing more than 64 million records. Applicants’ conversations with the McDonald’s “Olivia” hiring chatbot were viewable from a test account accessed by security researchers Ian Carroll and Sam Curry, who published […] The post InfoSec News Nuggets 7/14/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    An Intentionally Engineered Platform for a More Responsible Internet
    Learn how Akamai delivers performance, security, and scale on a platform that's also built for sustainability.

  • Open

    Omnicuris - 215,298 breached accounts
    In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training progress. Omnicuris is aware of the incident.  ( 2 min )

  • Open

    📖 [The CloudSecList] Issue 296
    📖 [The CloudSecList] Issue 296 was originally published by Marco Lancini at CloudSecList on July 13, 2025.  ( 5 min )

  • Open

    Spring 2025 SOC 1/2/3 reports are now available with 184 services in scope
    Amazon Web Services (AWS) is pleased to announce that the Spring 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 184 services over the 12-month period from April 1, 2024, to March 31, 2025, giving customers a full year of assurance. The reports demonstrate our continuous commitment to […]  ( 15 min )
  • Open

    how hackers avoid getting caught
    No content preview
  • Open

    InfoSec News Nuggets 7/11/2025
    LLMs Fall Short in Vulnerability Discovery and Exploitation Large language models (LLMs) are still falling short in performing vulnerability discovery and exploitation tasks. Many threat actors therefore remain skeptical about using AI tools for such roles. This is according to new research by Forescout Research – Vedere Labs, which tested 50 current AI models from […] The post InfoSec News Nuggets 7/11/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )

  • Open

    ​​Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report
    Employing a Zero Trust strategy is an effective way to modernize security infrastructure to protect against ever evolving security challenges. The post ​​Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report appeared first on Microsoft Security Blog.  ( 20 min )
  • Open

    Establishing a European trust service provider for the AWS European Sovereign Cloud
    Last month, we announced new sovereign controls and governance structure for the AWS European Sovereign Cloud. The AWS European Sovereign Cloud is a new, independent cloud for Europe, designed to help customers meet their evolving sovereignty needs, including stringent data residency, operational autonomy, and resiliency requirements. Launching by the end of 2025, the AWS European […]  ( 15 min )
  • Open

    How AI Bots Are Rewriting the Rules of Publishing
    See how AI bots impact publishers and how Akamai helps you protect, control, and monetize your content as AI reshapes how people find information.
    Mitigating CitrixBleed 2 (CVE?2025?5777) NetScaler Memory Disclosure with App & API Protector
    No content preview
  • Open

    InfoSec News Nuggets 7/10/2025
    Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools A set of 18 malicious browser extensions that are still available to download on Google Chrome and Microsoft Edge have been identified by a team of security researchers at Koi Security. These extensions masquerade as productivity and entertainment tools across diverse categories, including […] The post InfoSec News Nuggets 7/10/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )

  • Open

    Microsoft expands Zero Trust workshop to cover network, SecOps, and more
    The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Zero Trust security, providing a comprehensive guide for organizations to modernize their security posture. The post Microsoft expands Zero Trust workshop to cover network, SecOps, and more appeared first on Microsoft Security Blog.  ( 21 min )
  • Open

    You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough
    Conventional pen testing methods fall short with LLMs. Static prompt tests miss adversarial context manipulation and latent model behaviors. Explore how to test AI systems like an attacker.  ( 7 min )

  • Open

    Learn Google Dorking!
    No content preview
  • Open

    Enhancing Microsoft 365 security by eliminating high-privilege access
    ​In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer (CISO) for Experiences and Devices, Naresh Kannan, about eliminating high-privileged access across all Microsoft 365 applications. This blog is part of an ongoing series where our Deputy CISOs share their thoughts on what is most important in their respective domains. In this series you will get practical advice and forward-looking commentary on where the industry is going, as well as tactics you should start (and stop) deploying, and more. The post Enhancing Microsoft 365 security by eliminating high-privilege access  appeared first on Microsoft Security Blog.  ( 19 min )
  • Open

    The July 2025 Security Update Review
    It’s the second Tuesday of the month, and as expected, Adobe and Microsoft have released their latest security patches. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for July 2025 For July, Adobe (eventually) released 13 bulletins addressing 60 unique CVEs in Adobe ColdFusion, After Effects, Substance 3D Viewer, Audition, InCopy, InDesign, Connect, Dimension, Substance 3D Stager, Illustrator, FrameMaker, Experience Manager Forms, and Experience Manager Screens. The obvious place to start here is ColdFusion. It’s the only update listed as Priority 1 and addresses 13 CVEs, five of which are rated Critical. ColdFus…
  • Open

    Advancing Protection in Chrome on Android
    Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google’s strongest security for mobile devices, providing greater peace of mind that you’re better protected against the most sophisticated threats. Advanced Protection acts as a single control point for at-risk users on Android that enables important security settings across applications, including many of your favorite Google apps, including Chrome. In this post, we’d like to do a deep dive into the Chrome features tha…  ( 23 min )
  • Open

    How to Get the Most Out of the Python Decompilers Uncompyle6 and Decompyle3
    No content preview
  • Open

    Spring 2025 PCI DSS compliance package available now
    Amazon Web Services (AWS) is pleased to announce that three new AWS services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Amazon Verified Permissions AWS B2B Data Interchange AWS Resource Explorer This certification means that customers can use these services while maintaining PCI DSS compliance, enabling […]  ( 14 min )
  • Open

    Protect Client-Side Code and Certify the Authenticity of Data Collection
    No content preview
  • Open

    The Extendables: Exploiting Browser Extensions for PrivEsc and Persistence | Fin Hume
    No content preview

  • Open

    2025 CyberVadis report now available for due diligence on third-party suppliers
    We’re excited to announce that AWS has completed the CyberVadis assessment of its security posture with the highest score (Mature) in all assessed areas. This demonstrates our continued commitment to meet the heightened expectations for cloud service providers. Customers can now use the 2025 AWS CyberVadis report and scorecard to reduce their supplier due-diligence burden. With […]  ( 14 min )
  • Open

    A Match Made in the Heavens: The Surveillance State and the “New Space” Economy
    This new piece co-authored by the Citizen Lab’s Gabrielle Lim discusses the risks of privatized space technology. She and her co-authors highlight that the issue is not private-sector involvement, but the concentration of power in the hands of a few private firms that are “incentivized to serve the surveillance state and further a new kind... Read more »  ( 3 min )
  • Open

    Congratulations to the top MSRC 2025 Q2 security researchers!
    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q2 Security Researcher Leaderboard are wkai, Brad Schlintz (nmdhkr), and 0x140ce! Check out the full list of researchers recognized this quarter here.  ( 7 min )

  • Open

    📖 [The CloudSecList] Issue 295
    📖 [The CloudSecList] Issue 295 was originally published by Marco Lancini at CloudSecList on July 06, 2025.  ( 5 min )
  • Open

    Reverse Engineering Anti-Debugging Techniques (with Nathan Baggs!)
    No content preview

  • Open

    The G7 Condemned Transnational Repression, But Will Canada Meet Its Own Commitments?
    “Transnational repression is a phenomenon that is only growing in scope, scale and sophistication worldwide,” writes Ron Deibert in his new op-ed for the Globe and Mail.  ( 3 min )
  • Open

    Read Between The Logs: A New Vulnerability in Gemini Cloud Assist Proves the Threat is Real
    No content preview
    fwd:cloudsec State of the Conference 2025
    No content preview

  • Open

    Catwatchful - 61,641 breached accounts
    In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.  ( 2 min )
  • Open

    Issue 275: API hackers strike gold, Malicious API drift at CoinMarketCap, Survey reveals major API security gaps
    This week, our theme is “how secure is your API security?”. We highlight two recent attacks targeting major financial platforms, along with a new industry survey that exposes significant gaps in API security practices. We also explore technical deep-dives into vulnerabilities such as JWT flaws and host header injection attacks. Plus, we share details on [...] Read More... The post Issue 275: API hackers strike gold, Malicious API drift at CoinMarketCap, Survey reveals major API security gaps appeared first on API Security News.  ( 9 min )
  • Open

    Real Performance Improvements 2025
    No content preview

  • Open

    When too much access is not enough: a story about Confluence and tokens
    During a Red Team engagement, we compromised an AWS account containing a Confluence instance hosted on an EC2 virtual machine. Although we fully compromised the machine hosting the Confluence instance, we did not have valid credentials to log in but were able to interact with the underlying database. This led us to study the structure of the Confluence database and the mechanism for generating API tokens.
  • Open

    this malware hides in a WALLPAPER
    No content preview
  • Open

    Agentic AI Is Here ? and It?s Shaping the Future of Bot Defense
    No content preview
  • Open

    Breaking AI Agents: Exploiting Managed Prompt Templates to Take Over Amazon Bedrock Agents
    No content preview
    Securing organizations ML & LLMops deployments : A platform architects journey onboarding LLM &...
    No content preview
    Keeping your cloud environments secure during a merger or acquisition
    No content preview
    Bypassing AI Security Controls with Prompt Formatting
    No content preview

  • Open

    fwd:cloudsec 2025 North America - Day 2, Breakout 1
    No content preview
    What would you ask a crystal ball for AWS IAM?
    No content preview
    Challenges implementing egress controls in a large AWS environment
    No content preview
    Shared-GPU Security Learnings from Fly.io
    No content preview
    fwd:cloudsec 2025 North America - Day 2, Breakout 2
    No content preview
    I SPy: Rethinking Entra ID research for new paths to Global Admin
    No content preview
    You Are Not Netflix: How to learn from conference talks
    No content preview
    This Wasn’t in the Job Description: Building a production-ready AWS environment from scratch
    No content preview
    The Duplicitous Nature of AWS Identity and Access Management (IAM)
    No content preview
  • Open

    Remote access to AWS: A guide for hybrid workforces
    Amazon Web Services (AWS) customers can enable secure remote access to their cloud resources, supporting business operations with both speed and agility. As organizations embrace flexible work environments, employees can safely connect to AWS resources from various locations using different devices. AWS provides comprehensive security solutions that help organizations maintain strong protection of corporate resources, […]  ( 22 min )
  • Open

    What is Quantum Computing?
    Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.  ( 10 min )
  • Open

    hackers trick everyone to run malware (FileFix)
    No content preview
  • Open

    Operationalize Day-2 Services for API Security and Microsegmentation
    Learn how to turn post-deployment services into a revenue opportunity and provide ongoing value for your customers with industry-leading tools and service playbooks.
    Commitment to Powering Europe?s Digital Sovereignty and Competitiveness
    Akamai remains committed to supporting our customers? European digital sovereignty with our suite of robust, secure, and high-performing solutions.
  • Open

    Rising star: Meet Dylan, MSRC’s youngest security researcher
    At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center (MSRC). His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security Dylan’s fascination with technology began early. Like many kids, he started with Scratch—a visual programming language for making simple games and animations.  ( 8 min )
  • Open

    Did You Knock Out Our [noun] ? | Jack Verrier
    No content preview

  • Open

    AWS Certificate Manager now supports exporting public certificates
    July 2, 2025: We’ve updated this post to include an FAQ section at the end. This includes our response to changing validity periods and associated certificate price points. AWS Certificate Manager (ACM) simplifies the provisioning, management, and deployment of public and private TLS certificates for AWS services and your on-premises and hybrid applications. To further […]  ( 23 min )
  • Open

    Dangling Danger: Why You Need to Focus on Your DNS Posture Management
    No content preview

  • Open

    📖 [The CloudSecList] Issue 294
    📖 [The CloudSecList] Issue 294 was originally published by Marco Lancini at CloudSecList on June 29, 2025.  ( 5 min )
2025-07-28T01:55:27.298Z osmosfeed 1.15.1