• Open

    PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers
    Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.
    Threats Making WAVs - Incident Response to a Cryptomining Attack
    Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.
    The Oracle of Delphi Will Steal Your Credentials
    Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.
    The Nansh0u Campaign ? Hackers Arsenal Grows Stronger
    In the beginning of April, three attacks detected in the Guardicore Global Sensor Network (GGSN) caught our attention. All three had source IP addresses originating in South-Africa and hosted by VolumeDrive ISP (see IoCs).
    Keep Your Tech Flame Alive: Trailblazer Rachel Bayley
    In this Akamai FLAME Trailblazer blog post, Rachel Bayley encourages women to step into the unknown and to be their authentic selves.

  • Open

    'It's Not a Political Statement': Checking in With Tesla Superfans at Elon Musk's New Diner
    The Tesla Diner has two gigantic screens, a robot that serves popcorn, and owners hope it will be free from people who don't like Tesla.
    Military Says It Will ‘Continuously’ Monitor Bathrooms to Comply With Anti-Trans Order
    An internal memo obtained by 404 Media also shows the military ordered a review hold on "questionable content" at Stars and Stripes, the military's 'editorially independent' newspaper.
    We're Publishing Our ICE Reporting In Spanish
    From ICE's facial recognition app to its Palantir contract, we've translated a spread of our ICE articles into Spanish and made them freely available.
    El ICE ya usa una nueva app de reconocimiento facial para identificar personas, revelan correos filtrados
    Correos internos del ICE obtenidos por 404 Media indican que el sistema CBP, normalmente usado para tomar fotos de personas al ingresar o salir de EE.UU., está siendo usado ahora por la agencia mediante una herramienta llamada Mobile Fortify.
    Filtración revela el plan de Palantir para ayudar al ICE a deportar personas
    Chats de Slack y foros de discusión internos de la empresa muestran que el gigante de la vigilancia está colaborando activamente con el ICE para ubicar a personas con órdenes de deportación.
    ICE accede a una red nacional de cámaras con inteligencia artificial, según datos
    Las cámaras lectoras de patentes de Flock están instaladas en más de 5000 comunidades en EE.UU. y las policías locales usan el sistema nacional para realizar búsquedas el ICE.
    Un vistazo a la base de datos del ICE que busca comentarios “despectivos” en línea
    ¿Positivo o negativo? Esas son las opciones que tienen los analistas cuando la herramienta Giant Oak Search Technology desentierra el contenido publicado en redes sociales y otras fuentes para que el ICE lo analice.
    Manifiestos de vuelo revelan que casi 40 personas no identificadas fueron enviadas en tres vuelos de deportación a El Salvador
    Información filtrada mediante hackeos y obtenida por 404 Media revela que en los vuelos de deportación a El Salvador hubo decenas de personas adicionales no registradas oficialmente.
    La herramienta de vigilancia con inteligencia artificial que usa el DHS para detectar “sentimientos y emociones”
    Documentos internos del DHS revelan su colaboración con Fivecast, una empresa que ofrece el servicio de “detección de términos y frases de riesgo encontrados en línea”.
    Un vistazo a la colosal base de datos que usa el ICE para identificar y deportar personas
    La base de datos permite crear filtros según cientos de categorías distintas, incluidos estatus migratorio, "características físicas específicas" (cicatrices, marcas, tatuajes), "afiliación criminal"; datos de lectores de patentes y más.
    Los más de 200 sitios que monitorea un contratista de vigilancia de ICE
    404 Media obtuvo la lista de páginas y servicios desde donde el contratista ShadowDragon extrae datos. Su herramienta permite a analistas del gobierno analizar la información para encontrar vínculos entre personas.
  • Open

    Lumma infostealer malware returns after law enforcement disruption
    The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. [...]  ( 9 min )
    Windows 11 KB5062660 update brings new 'Windows Resilience' features
    ​​Microsoft has released the KB5062660 preview cumulative update for Windows 11 24H2 with twenty-nine new features or changes, with many gradually rolling out, such as the new Black Screen of Death and Quick Machine Recovery tool. [...]  ( 13 min )
    Windows 11 gets new Black Screen of Death, auto recovery tool
    Microsoft is rolling out significant changes to Windows 11 24H2 as part of the Windows Resilience Initiative, designed to reduce downtime and help devices recover from serious failures, as well as an overhaul of the all-too-familiar BSOD crash screens. [...]  ( 9 min )
    Coyote malware abuses Windows accessibility framework for data theft
    A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. [...]  ( 9 min )
    CISA and FBI warn of escalating Interlock ransomware attacks
    CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks. [...]  ( 9 min )
    Major European healthcare network discloses security breach
    AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. [...]  ( 8 min )
    Cisco: Maximum-severity ISE RCE flaws now exploited in attacks
    Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. [...]  ( 9 min )
    UK to ban public sector orgs from paying ransomware gangs
    The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. [...]  ( 9 min )
    Microsoft links Sharepoint ToolShell attacks to Chinese hackers
    Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. [...]  ( 9 min )
    Microsoft: Windows Server KB5062557 causes cluster, VM issues
    Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month's Windows Server 2019 security updates. [...]  ( 8 min )
  • Open

    Introducing SRA Verify – an AWS Security Reference Architecture assessment tool
    The AWS Security Reference Architecture (AWS SRA) provides prescriptive guidance for deploying AWS security services in a multi-account environment. However, validating that your implementation aligns with these best practices can be challenging and time-consuming. Today, we’re announcing the open source release of SRA Verify, a security assessment tool that helps you assess your organization’s alignment […]  ( 25 min )
    Five facts about how the CLOUD Act actually works
    French | German At Amazon Web Services (AWS), customer privacy and security are our top priority. We provide our customers with industry-leading privacy and security when they use the AWS Cloud anywhere in the world. In recent months, we’ve noticed an increase in inquiries about how we manage government requests for data. While many of […]  ( 45 min )
  • Open

    Startup takes personal data stolen by malware and sells it on to other companies
    A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data.  ( 10 min )
    ‘Car crash victim’ calls mother for help and $15K bail money. But it’s an AI voice scam
    A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam.  ( 10 min )
  • Open

    Coyote in the Wild: First-Ever Malware That Abuses UI Automation
    No content preview
    Understand the SharePoint RCE: Exploitations, Detections, and Mitigations
    No content preview
  • Open

    Disrupting active exploitation of on-premises SharePoint vulnerabilities
    Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Customers should apply these updates immediately to ensure they are protected. The post Disrupting active exploitation of on-premises SharePoint vulnerabilities appeared first on Microsoft Security Blog.  ( 25 min )
    Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
    We’re evolving our industry-leading Security Incidents and Event Management solution (SIEM), Microsoft Sentinel, to include a modern, cost-effective data lake. By unifying all your security data, Microsoft Sentinel data lake, in public preview, accelerates AI adoption and drives unparalleled visibility, empowering teams to detect and respond faster. With Sentinel data lake, you’re no longer forced to choose between retaining critical data and staying within budget. ​  The post Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI appeared first on Microsoft Security Blog.  ( 22 min )
  • Open

    InfoSec News Nuggets 7/22/2025
    Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem Recent revelations of Chinese government-backed hacking show a recurring pattern: prominent hackers behind groups such as APT17, APT27, APT41, Flax Typhoon, and Red Hotel—monikers given by cybersecurity researchers for groups with similar tactics—trace their roots to a broader community of early elite hackers, known as […] The post InfoSec News Nuggets 7/22/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    The Rise of Rollups in Crypto: Podcast Ep. 168
    Rollups have been the go-to solution for scaling blockchains while being able to maintain the security properties and credible neutrality… The post The Rise of Rollups in Crypto: Podcast Ep. 168 appeared first on Chainalysis.  ( 9 min )
    Following the Bitcoin Trail: The IntelBroker Takedown
    TL;DR International law enforcement coordinated to take down BreachForum, arresting five administrators including IntelBroker (Kai West). Breakthrough came when IntelBroker… The post Following the Bitcoin Trail: The IntelBroker Takedown appeared first on Chainalysis.  ( 10 min )
    ギリシャ初の暗号資産差押え事例:Chainalysis ReactorがBybitハッキング資金回収を支援
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 ギリシャのマネーロンダリング対策当局は、Chainalysisの支援のもと、過去最大規模となる15億ドル相当のBybitハッキング事件において、初めて暗号資産の押収に成功しました。追跡された資産の一部については、すでに凍結が実施されています。 この画期的な成果は、2023年に当局が現地パートナーであるPerformance Technologiesを通じてChainalysis Reactorを導入し、継続的なサポートを受けてきたことによる戦略的な投資が基盤となっています。 この事例は、最先端のブロックチェーン分析ツール、専門家によるトレーニング、そして国際的な協力体制の組み合わせが、グローバルな暗号資産犯罪への対策において非常に有効であることを示しています。 ブロックチェーンが持つ、公開かつ不変の台帳という特性は、法執行機関や情報機関にとって強力なツールとなっています。あらゆるトランザクションがデジタル上に痕跡を残すため、適切なツールと専門知識を用いることで、複雑な犯罪の計画や資金の流れを解明することが可能です。 こうした原則は、ギリシャのマネーロンダリング対策当局がギリシャ国内で初めて適用した事例で実証されています。同当局は、ブロックチェーン分析技術を活用し、暗号資産を用いた犯罪に対する画期的な成果をあげました。これは、適切な分析基盤と連携体制があれば、従来の金融資産と比べて暗号資産ははるかに追跡・回収がしやすいことを示しています。 この画期的な作戦により、史上最大規模のサイバー強盗事件で盗まれた資金の回収に成功しました。この成果は、最先端の技術と専門知識への戦略的な投資が直接もたらしたものです。また、この成功は、公的機関がブロックチェーンの透明性を最大限に活用することで、デジタル時代の金融犯罪に効果的に立ち向かうことができることを明確に示しています。   窃盗事件から地域当局による解明へ 2025年2月、Bybitから約15億米ドル相当の暗号資産が不正流出した事件に端を発した本捜査は、北朝鮮 ラザルスやロシアが関与する悪名高いマネーロンダリング活動との関連が広く指摘されています。犯行グループは、盗み出したETHを即座に複数の複雑な取引ネットワークを通じて送金し、資金の流れを巧妙に隠蔽するなど、高度な資金洗浄手法を用いていました。 数か月後、不審な暗号資産トランザクションに関する新たな情報が発見され、これがギリシャ当局による複雑なマネーロンダリングスキームの全容解明の重要な手掛かりとなりました。 Chainalysis Reactorを活用した資金の流れの追跡 ギリシャ当局は、重要な局面で戦略的な準備が大きな役割を果たしました。2023年、当局は信頼できる地域パートナーであるPerformance Technologiesを通じてChainalysis Reactorを導入し、高度なブロックチェーン分析機能に投資していました。Performance Technologiesのアナリティクス事業部は、専門的なコンサルティング、包括的なトレーニング、継続的なサポートを通じて、当局の分析能力強化を支えました。… The post ギリシャ初の暗号資産差押え事例:Chainalysis ReactorがBybitハッキング資金回収を支援 appeared first on Chainalysis.  ( 8 min )
  • Open

    Solving Dumb Hacker Problems With Nix | Ryan Basden
    No content preview

  • Open

    Beyond IAM access keys: Modern authentication approaches for AWS
    When it comes to AWS authentication, relying on long-term credentials, such as AWS Identity and Access Management (IAM) access keys, introduces unnecessary risks; including potential credential exposure, unauthorized sharing, or theft. In this post, I present five common use cases where AWS customers traditionally use IAM access keys and present more secure alternatives that you […]  ( 27 min )
  • Open

    Introducing OSS Rebuild: Open Source, Rebuilt to Last
    Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers. The project comprises: Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages. SLSA Provenance for thousands of packages across our supported ecosystems, meeting SLSA Build Level 3 requirements with no publisher intervention. Build observability and verification tools that security teams can integrate into their existing vulnerabilit…
  • Open

    Intel announces end of Clear Linux OS project, archives GitHub repos
    The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. [...]  ( 8 min )
    Ring denies breach after users report suspicious logins
    Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. [...]  ( 10 min )
    ExpressVPN bug leaked user IPs in Remote Desktop sessions
    ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. [...]  ( 9 min )
  • Open

    The Citizen Lab’s Submission to the UN on Universal Birth Registration and the Use of Digital Technologies
    In a submission to the United Nations Office of the High Commissioner of Human Rights, Citizen Lab researchers warn of the dangerous rhetoric of “birth registration and certification as a prerequisite for other rights” and the risks digital ID infrastructure could pose to human rights.
    Chasing Shadows: Chronicles of Counter-Intelligence from the Citizen Lab
    On August 6, join Citizen Lab director Ron Deibert for his keynote, "Chasing Shadows: Chronicles of Counter-Intelligence from the Citizen Lab," at Black Hat 2025.
    Canada’s Outdated Laws Leave Spyware Oversight Dangerously Weak
    In a new piece for Policy Options, senior research associate Kate Robertson and legal extern Song-Ly Tran discuss how outdated protections in Canada’s decades old wiretap laws fail to protect people in Canada from abuse of spyware technologies.
  • Open

    Spotify Publishes AI-Generated Songs From Dead Artists Without Permission
    "They could fix this problem. One of their talented software engineers could stop this fraudulent practice in its tracks, if they had the will to do so."
    The NIH Is Capping Research Proposals Because It's Overwhelmed by AI Submissions
    The NIH wrote that it has recently “observed instances of Principal Investigators submitting large numbers of applications, some of which may have been generated with AI tools."
    Gemini Is 'Strict and Punitive' While ChatGPT Is 'Catastrophically' Cooperative, Researchers Say
    In tests involving the Prisoner's Dilemma, researchers found that Google’s Gemini is “strategically ruthless,” while OpenAI is collaborative to a “catastrophic” degree.
    A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
    Infostealer data can include passwords, email and billing addresses, and the embarrassing websites you use. Farnsworth Intelligence is selling to divorce lawyers and other industries.
  • Open

    InfoSec News Nuggets 7/21/2025
    New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers TeleMessage SGNL, a made-in-Israel clone of the Signal app used by US government agencies and regulated businesses, has been found running with an outdated configuration that exposes sensitive internal data to the internet, no login required. The main cause of the problem is how some […] The post InfoSec News Nuggets 7/21/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    “Ring cameras hacked”? Amazon says no, users not so sure
    Ring users on TikTok, Reddit, and X are reporting multiple unauthorized device logins all dating back to May 28.  ( 10 min )
    A week in security (July 14 – July 20)
    A list of topics we covered in the week of July 14 to July 20 of 2025  ( 8 min )
  • Open

    Why Customer Experience Is the New Battleground in Zero Trust
    Learn why being named a Customer Favorite in Forrester's Zero Trust Wave reveals what we believe really matters in cybersecurity.
    How Search Engines, LLMs, and Third-Party Scrapers Affect Bot Management
    No content preview
  • Open

    イタリア警察、Chainalysisを活用し880万ユーロ規模の違法暗号資産取引所を摘発
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 イタリアのカラビニエリ(国家憲兵隊) 暗号資産部門は、2021年から2024年にかけて約880万ユーロのマネーロンダリングに関与した違法な暗号資産取引所の運営者である中国籍のFranco Leeを逮捕し、デジタルアセットの一部を押収しました。 この成果は、カラビニエリが独自に開発したスクリプトと、Chainalysis Reactorによるネットワーク分析、さらにWallet Scanを用いた断片化されたシードフレーズからの迅速なウォレット特定といった高度な捜査技術を組み合わせることで達成されました。 本件は、欧州の法執行機関における技術力の高度化を示すとともに、複雑化する暗号資産関連の金融犯罪に対処するための具体的な前例を確立しました。 イタリアを拠点とする国際ネットワーク Franco Leeは、2021年から2024年にかけて、主にイタリアのローマおよびフラスカティを拠点とし、国際的な違法金融サービスネットワークを運営していました。このネットワークは、不正な金融投資の宣伝やマネーロンダリング、自己によるマネロン(セルフ・ローンダリング)などに関与し、約880万ユーロ相当の暗号資産取引を仲介していました。Leeは、顧客から5%から10%の手数料を徴収することで、金融コンプライアンス規制の回避とユーザーの匿名性の確保を実現していました。 また、Leeのネットワークはイタリア国内にとどまらず、国際的な取引にも広がっていました。 Leeは海外の暗号資産取引所も活用し、フランス、スイス、スペインでも取引を行っていました。さらに、ローマで開催されたブロックチェーン関連イベント「Blockchain Week」に登壇するなど、国際的な暗号資産コミュニティとのつながりが明確になっています。 コードの解読:バラバラのフレーズから証拠の構築へ 捜査の過程で、暗号資産特有の複雑な課題が明らかになりました。容疑者であるLeeは、暗号資産の仮名性や国境を越える送金、分散型という特性を巧みに利用し、顧客を集めながらも監視の目をかいくぐっていました。また、貸金庫から発見された50以上のシードフレーズについても、1つずつを意図的に多数の紙片に分割することで、資産の回復プロセスを複雑化させていました。 こうした困難な状況下においては、カラビニエリ暗号資産部門の専門知識が不可欠となりました。同部門は、複数の高度な技術を組み合わせてこの課題を乗り越えました。 ネットワーク分析 (Chainalysis… The post イタリア警察、Chainalysisを活用し880万ユーロ規模の違法暗号資産取引所を摘発 appeared first on Chainalysis.  ( 8 min )

  • Open

    📖 [The CloudSecList] Issue 297
    📖 [The CloudSecList] Issue 297 was originally published by Marco Lancini at CloudSecList on July 20, 2025.
  • Open

    押収暗号資産を巡るNCA職員の不正行為とChainalysisの分析
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 英国の法執行機関の職員が、Silk Road 2.0の捜査で押収された資産から約50 BTCを盗み出しました。犯人はBitcoin Fogというミキシングサービスを利用していたものの、Chainalysisの業界トップクラスのデータと専門的な調査サービスにより、トランザクションの痕跡を追跡することができました。約5年間の休眠期間を経て、当局は最終的に盗まれた130万ドル相当のbitcoinを回収しています。 このケースは、ブロックチェーン上の不変性を持つ記録と高度なブロックチェーン分析技術を組み合わせることで、巧妙な金融犯罪であっても明らかにできるという点を示しています。 2019年、英国当局はダークネットマーケット「Silk Road 2.0」の管理者であるThomas Whiteを逮捕し、大きな成果をあげました。捜査の過程で、当局はWhiteが所有していたデバイスを押収しました。しかし、一見すると通常の捜査に見えたこの事案は、後に衝撃的な展開を見せました。国家犯罪捜査庁(NCA)の捜査官が押収デバイスから秘密鍵を発見し、それを利用してWhiteのウォレットから約50 BTCを不正に盗み出したのです。 2017年、捜査が本格化していた時期に、捜査官たちはWhiteのウォレットから約50 BTCが不正に送金されていることを突き止めました。このbitcoinの移動は当初見過ごされていましたが、ブロックチェーン上には消えない記録が残っていました。盗まれた資金は一連のトランザクションを経て、有名なミキシングサービス「Bitcoin Fog」を用いて検出を回避するために細分化され、体系的に引き出されていたことも判明しています。これらの手口は資金追跡を難しくすることを意図したものでした。   調査手法と証拠に基づく押収ビットコイン不正の解明 2022年、Merseyside Police(マージーサイド警察)は、Whiteに属していた50… The post 押収暗号資産を巡るNCA職員の不正行為とChainalysisの分析 appeared first on Chainalysis.  ( 8 min )
    2025年上半期暗号資産犯罪動向速報:北朝鮮による盗難資金が過去最大規模
    ※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 2025年上半期暗号資産犯罪の主要なポイント 盗難資金 2025年、暗号資産サービスからの盗難額は21億7000万ドルを超え、2024年の年間被害額を上回りました。この主な原因は、北朝鮮によるByBitへの15億ドルのハッキングです。これは暗号資産史上最大のハッキング事件となりました。 2025年6月末までに、年初来(YTD)の盗難額は、過去最悪であった2022年を17%上回りました。現在の傾向が続けば、年末までにサービスからの盗難資金は40億米ドルを超える可能性があります。 エコシステム全体の盗難額に占める個人ウォレット被害の割合が増加しており、攻撃者は個人ユーザーを標的とする傾向を強めています。2025年の年初来の盗難資金全体の23.35%を占めています。 暗号資産保有者に対する身体的暴力や脅迫を伴う「レンチ攻撃」は、bitcoinの価格変動と相関関係があり、価格が高い時期に標的を絞って行われる傾向があることが示唆されています。 国・地域ごとの特徴 被害に遭った資金の所在地を見ると、2025年には米国、ドイツ、ロシア、カナダ、日本、インドネシア、韓国に集中していることがわかります。 地域別では、東ヨーロッパ、MENA、CSAOにおける被害者総数が、2024年上半期から2025年上半期にかけて最も急速に増加しました。 盗難に遭ったアセットの種類は地域によって顕著な違いがあり、これは各地域における暗号資産の普及パターンを反映していると考えられます。 マネー・ローンダリングの傾向 サービスを侵害するサイバー攻撃と個人を標的とするサイバー攻撃では、盗まれた資金の洗浄方法に違いが見られます。一般的に、サービスに不正アクセスする攻撃者の方が、より高度な手法を用いる傾向があります。 盗難資金の洗浄者は、資金の移動に多額の費用をかけており、その平均プレミアムは2021年の2.58倍から2025年年初来で14.5倍に増加しています。 ブロックチェーン上での資金移動のコストは年々減少しているにもかかわらず、盗難資金がオンチェーンで移動する際に発生する平均コストに対する上乗せ率は増加しています。 個人ウォレットを侵害するサイバー攻撃者には、盗んだ資産をすぐに洗浄せず、多額の盗難資金をオンチェーンに残しておく傾向が強まっています。現在、個人ウォレットを標的とした盗難による暗号資産は85億ドルがオンチェーンに保持されている一方、サービスから盗まれた資金は12億8000万ドルとなっています。 変化する違法取引環境 I2025年、違法取引は過去最高のペースで進行しており、その総額は昨年の推定510億ドルに匹敵するか、それを上回る勢いです。この状況は、違法行為者の活動に大きな変化が見られる中で発生しています。例えば、制裁対象であったロシアの暗号資産取引所Garantexの閉鎖や、700億ドル以上の資金を扱ってきたカンボジアを拠点とする中国語サービスHuione Groupに対するFinCENの特別措置の可能性が高まったことなどが挙げられます。これらの変化は、犯罪者がエコシステムを通じて資金を移動させる方法に影響を与えています。 このような動向の中で、2025年においては盗難資金の取引が最も深刻な問題として浮上しています。他の違法行為が前年比で多様な傾向を示す中、暗号資産の盗難の急増は、エコシステムの参加者にとって差し迫った脅威であると同時に、業界のセキュリティインフラにとって長期的な課題となっています。… The post 2025年上半期暗号資産犯罪動向速報:北朝鮮による盗難資金が過去最大規模 appeared first on Chainalysis.  ( 8 min )
  • Open

    Customer guidance for SharePoint vulnerability CVE-2025-53770
    Revision Change Date 1.0 Information published 07/19/25 2.0 Clarified affected SharePoint product in summary 07/20/25 Added fix availability guidance Provided additional protections guidance regarding: Upgrade SharePoint products to supported versions (if required) Install July 2025 Security Updates Rotate machine keys Updated Microsoft Defender detections and protections section: Documented additional MDE alerts Mapping exposure via Microsoft Defender Vulnerability Management Documented CVE-2025-53771 3.

  • Open

    Optimizing Government Websites for Peak Traffic Events
    Learn how to proactively withstand peak traffic events and improve your government website?s performance and security posture.
    Vulnerable to Bulletproof: Protect TLS via Certificate Posture Management
    No content preview
  • Open

    Chainalysis POV: What the GENIUS and CLARITY Act Bills Really Mean for Crypto Compliance
    Today marks a defining moment for U.S. crypto policy. After years of regulatory limbo, Congress has taken a major step… The post Chainalysis POV: What the GENIUS and CLARITY Act Bills Really Mean for Crypto Compliance appeared first on Chainalysis.  ( 12 min )
  • Open

    Meta execs pay the pain away with $8 billion privacy settlement
    Meta executives settled a shareholders' lawsuit alleging continuous disregard of privacy regulations for the price of $8 billion.  ( 10 min )
  • Open

    Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense
    Microsoft will spotlight its AI-first, end-to-end security platform at Black Hat USA 2025. Read our blog post for details on how to connect with us there and what to expect from our participation. The post Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense appeared first on Microsoft Security Blog.  ( 35 min )
  • Open

    how hackers hide (Intro to Beacon Object Files - with Empire C2!)
    No content preview
  • Open

    InfoSec News Nuggets 7/18/2025
    Microsoft Teams voice calls abused to push Matanbuchus malware The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. Matanbuchus is a malware-as-a-service operation seen promoted on the dark web first in early 2021. It was advertised as a $2,500 Windows loader that executes malicious payloads directly in […] The post InfoSec News Nuggets 7/18/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    PEPR '25 - Establishing Privacy Metrics for Genomic Data Analysis
    No content preview
    PEPR '25 - When Privacy Guarantees Meet Pre-Trained LLMs: A Case Study in Synthetic Data
    No content preview
    PEPR '25 - Using GenAI to Accelerate Privacy Implementations
    No content preview
    PEPR '25 - From Existential to Existing Risks of Generative AI: A Taxonomy of Who Is at Risk,...
    No content preview
    PEPR '25 - Breaking Barriers, Not Privacy: Real-World Split Learning across Healthcare Systems
    No content preview
    PEPR '25 - OneShield Privacy Guard: Deployable Privacy Solutions for LLMs
    No content preview
    PEPR '25 - Privacy Engineers on the Front Line: Bridging Technical and Managerial Skills
    No content preview
    PEPR '25 - Panel: How Privacy Engineers Can Shape the Coming Wave of AI Governance
    No content preview
    PEPR '25 - Building Privacy Products: Field Notes
    No content preview
    PEPR '25 - Verifying Humanness: Personhood Credentials for the Digital Identity Crisis
    No content preview
    PEPR '25 - Building an End-to-End De-Identification Pipeline for Advertising Activity Data at...
    No content preview
    PEPR '25 - Remediating Systemic Privacy Incidents
    No content preview
    PEPR '25 - Enterprise-Scale Privacy for AI: How Canva Scaled Customer Control of Data for AI...
    No content preview
    PEPR '25 - Observable...Yet Still Private? An Offensive Privacy Perspective on Observability
    No content preview
    PEPR '25 - Safetypedia: Crowdsourcing Privacy Inspections
    No content preview

  • Open

    Transparency on Microsoft Defender for Office 365 email security effectiveness
    Microsoft believes in transparently sharing performance data from Microsoft Defender for Office 365, and other ecosystem providers, to help customers evaluate email security solutions and make decisions to layer for defense in depth. The post Transparency on Microsoft Defender for Office 365 email security effectiveness appeared first on Microsoft Security Blog.  ( 21 min )
  • Open

    Adoption agency leaks over a million records
    The database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.  ( 10 min )
    Meta AI chatbot bug could have allowed anyone to see private conversations
    A researcher has disclosed how he found a—now fixed—vulnerability in Meta AI that could have allowed others to see private questions and answers.  ( 9 min )
    WeTransfer walks back clause that said it would train AI on your files
    File sharing site WeTransfer has rolled back language that allowed it to train machine learning models on any files that its users uploaded.  ( 11 min )
    Chrome fixes 6 security vulnerabilities. Get the update now!
    Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.  ( 9 min )
  • Open

    Fox Den Pull List: Our Favorite Comics
    At Bishop Fox, thinking like an adversary comes naturally. So it’s no surprise that comics—where power, perspective, and outsider thinking collide—resonate deeply with our team. Ahead of Comic-Con 2025, we asked our Foxes: what comics still stick with you?
  • Open

    2025 Crypto Crime Mid-year Update: Stolen Funds Surge as DPRK Sets New Records
    Key findings Stolen funds With over $2.17 billion stolen from cryptocurrency services so far in 2025, this year is more… The post 2025 Crypto Crime Mid-year Update: Stolen Funds Surge as DPRK Sets New Records appeared first on Chainalysis.  ( 17 min )
  • Open

    Cloud Cost Conundrum: Rising Expenses Hinder AI Innovation in Europe
    No content preview

  • Open

    AWS successfully completes CCAG 2024 pooled audit with European financial institutions
    Amazon Web Services (AWS) has completed its annual Collaborative Cloud Audit Group (CCAG) audit engagement with leading European financial institutions. At AWS, security remains our highest priority. As customers continue to embrace the scalability and flexibility of the cloud, we support them in evolving security, identity, and compliance into core business enablers. The AWS Compliance […]  ( 26 min )
  • Open

    How Chainalysis Helped Uncover an NCA Officer’s Theft of Seized Bitcoin
    TL;DR A UK law enforcement officer stole approximately 50 BTC from assets seized in the Silk Road 2.0 investigation. Despite… The post How Chainalysis Helped Uncover an NCA Officer’s Theft of Seized Bitcoin appeared first on Chainalysis.  ( 10 min )
  • Open

    Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
    We are honored to be recognized once again as a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms—our sixth consecutive time. Microsoft was recognized for its completeness of vision and ability to execute, which we believe underscores the effectiveness of Defender for Endpoint in the face of an ever-shifting threat environment.​ The post Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.  ( 21 min )
    Protecting customers from Octo Tempest attacks across multiple industries
    To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem to protect against threat actors like Octo Tempest. The post Protecting customers from Octo Tempest attacks across multiple industries appeared first on Microsoft Security Blog.  ( 22 min )
  • Open

    InfoSec News Nuggets 7/16/2025
    Driver’s license numbers, addresses leaked in 2024 bitcoin ATM company breach Cryptocurrency ATM company Bitcoin Depot said more than 26,000 people had sensitive data in a batch of information stolen during a cyberattack about one year ago.  The company said it completed its investigation into the incident on July 18, 2024, but waited until this […] The post InfoSec News Nuggets 7/16/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    Dating app scammer cons former US army colonel into leaking national secrets
    A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.  ( 10 min )
    Amazon warns 200 million Prime customers that scammers are after their login info
    Amazon has emailed 200 million customers to warn them about a rather convincing phishing campaign.  ( 9 min )

  • Open

    AI and LLM Bot Management Has Become a Business-Critical Issue: Do It Right
    AI bots, agents, and LLM scrapers all want your content. Here?s how to manage them so that they help, not hinder, your business.
    From VPN to Zero Trust: Why It?s Time to Retire Traditional VPNs, Part 2
    No content preview
  • Open

    CVE-2025-4919: Corruption via Math Space in Mozilla Firefox
    In recent years, there has been an increase interest in the JavaScript engine vulnerabilities in order to compromise web browsers. Notably, vulnerabilities in JIT engines are among the most favorite ones as it provides strong primitives and well-known techniques are already available to facilitate compromise. At Pwn2Own Berlin 2025, Manfred Paul compromised the Mozilla Firefox renderer process using a vulnerability in IonMonkey but did not further escape the JavaScript engine sandbox. IonMonkey is the JavaScript JIT compiler for SpiderMonkey (the Firefox JavaScript and WebAssembly engine) This vulnerability is assigned CVE-2025-4919 and Mozilla swiftly fixed it in Mozilla Firefox 138.0.4 via Security Advisory 2025-36 in the following day. Trend Zero Day Initiative assigned ZDI-25-291 to th…
  • Open

    Repeater Strike: manual testing, amplified
    Manual testing doesn't have to be repetitive. In this post, we're introducing Repeater Strike - a new AI-powered Burp Suite extension designed to automate the hunt for IDOR and similar vulnerabilities
  • Open

    Chainalysis Integrates with World Chain
    Chainalysis is excited to announce its integration with World Chain across all Chainalysis products. World Chain is a blockchain designed… The post Chainalysis Integrates with World Chain appeared first on Chainalysis.  ( 8 min )
  • Open

    NoBooze1 Malware Targets TP-Link Routers via CVE-2019-9082
    Sensor Intel Series: July 2025 CVE Trends  ( 13 min )
  • Open

    How I Used AI to Crush CTF Challenges and What I Learned Along the Way | Tabatha Kossman
    No content preview
  • Open

    MaReads - 74,453 breached accounts
    In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.
  • Open

    Congratulations to the MSRC 2025 Most Valuable Security Researchers!
    The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.

  • Open

    ControlPlane Local Privilege Escalation Vulnerability on macOS
    A technical exploration of Local Privilege Escalation Vulnerability in ControlPlane on macOS.
  • Open

    Is AI “healthy” to use? (Lock and Code S06E14)
    This week on the Lock and Code podcast, we speak with Anna Brading and Zach Hinkle about whether using AI is damaging for our health.  ( 11 min )
    CNN, BBC, and CNBC websites impersonated to scam people
    Cybercriminals are using sponsored ads and fake news websites to lure victims to investment scams.  ( 10 min )
    A week in security (July 7 – July 13)
    A list of topics we covered in the week of July 7 to July 13 of 2025  ( 8 min )
  • Open

    Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra
    Announcing the general availability of Microsoft Security Copilot capabilities for IT with Microsoft Intune and Microsoft Entra, offering AI-powered efficiency and enhanced security for your operations. The post Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra appeared first on Microsoft Security Blog.  ( 22 min )
  • Open

    InfoSec News Nuggets 7/14/2025
    McDonald’s ‘McHire’ chatbot records accessed via ‘123456’ password McDonald’s “McHire” job application service was accessed by researchers last month using the password “123456,” potentially exposing more than 64 million records. Applicants’ conversations with the McDonald’s “Olivia” hiring chatbot were viewable from a test account accessed by security researchers Ian Carroll and Sam Curry, who published […] The post InfoSec News Nuggets 7/14/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    An Intentionally Engineered Platform for a More Responsible Internet
    Learn how Akamai delivers performance, security, and scale on a platform that's also built for sustainability.

  • Open

    Omnicuris - 215,298 breached accounts
    In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training progress. Omnicuris is aware of the incident.

  • Open

    📖 [The CloudSecList] Issue 296
    📖 [The CloudSecList] Issue 296 was originally published by Marco Lancini at CloudSecList on July 13, 2025.

  • Open

    Spring 2025 SOC 1/2/3 reports are now available with 184 services in scope
    Amazon Web Services (AWS) is pleased to announce that the Spring 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 184 services over the 12-month period from April 1, 2024, to March 31, 2025, giving customers a full year of assurance. The reports demonstrate our continuous commitment to […]  ( 26 min )
  • Open

    how hackers avoid getting caught
    No content preview
  • Open

    InfoSec News Nuggets 7/11/2025
    LLMs Fall Short in Vulnerability Discovery and Exploitation Large language models (LLMs) are still falling short in performing vulnerability discovery and exploitation tasks. Many threat actors therefore remain skeptical about using AI tools for such roles. This is according to new research by Forescout Research – Vedere Labs, which tested 50 current AI models from […] The post InfoSec News Nuggets 7/11/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )

  • Open

    ​​Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report
    Employing a Zero Trust strategy is an effective way to modernize security infrastructure to protect against ever evolving security challenges. The post ​​Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report appeared first on Microsoft Security Blog.  ( 20 min )
  • Open

    Establishing a European trust service provider for the AWS European Sovereign Cloud
    Last month, we announced new sovereign controls and governance structure for the AWS European Sovereign Cloud. The AWS European Sovereign Cloud is a new, independent cloud for Europe, designed to help customers meet their evolving sovereignty needs, including stringent data residency, operational autonomy, and resiliency requirements. Launching by the end of 2025, the AWS European […]  ( 26 min )
  • Open

    Deepfake criminals impersonate Marco Rubio to uncover government secrets
    Deepfake attacks aren't just for recruitment and banking fraud; they've now reached the highest levels of government.  ( 9 min )
    McDonald’s AI bot spills data on job applicants
    The job applicants' personal information could be accessed by simply guessing a username and using the password “12345.”  ( 10 min )
  • Open

    How AI Bots Are Rewriting the Rules of Publishing
    See how AI bots impact publishers and how Akamai helps you protect, control, and monetize your content as AI reshapes how people find information.
    Mitigating CitrixBleed 2 (CVE?2025?5777) NetScaler Memory Disclosure with App & API Protector
    No content preview
  • Open

    InfoSec News Nuggets 7/10/2025
    Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools A set of 18 malicious browser extensions that are still available to download on Google Chrome and Microsoft Edge have been identified by a team of security researchers at Koi Security. These extensions masquerade as productivity and entertainment tools across diverse categories, including […] The post InfoSec News Nuggets 7/10/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )

  • Open

    Microsoft expands Zero Trust workshop to cover network, SecOps, and more
    The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Zero Trust security, providing a comprehensive guide for organizations to modernize their security posture. The post Microsoft expands Zero Trust workshop to cover network, SecOps, and more appeared first on Microsoft Security Blog.  ( 21 min )
  • Open

    You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough
    Conventional pen testing methods fall short with LLMs. Static prompt tests miss adversarial context manipulation and latent model behaviors. Explore how to test AI systems like an attacker.
  • Open

    Millions of people spied on by malicious browser extensions in Chrome and Edge
    Researchers have discovered a campaign of malicious browser extensions that were available in the official Chrome and Edge web stores.  ( 10 min )

  • Open

    Learn Google Dorking!
    No content preview
  • Open

    Enhancing Microsoft 365 security by eliminating high-privilege access
    ​In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer (CISO) for Experiences and Devices, Naresh Kannan, about eliminating high-privileged access across all Microsoft 365 applications. This blog is part of an ongoing series where our Deputy CISOs share their thoughts on what is most important in their respective domains. In this series you will get practical advice and forward-looking commentary on where the industry is going, as well as tactics you should start (and stop) deploying, and more. The post Enhancing Microsoft 365 security by eliminating high-privilege access  appeared first on Microsoft Security Blog.  ( 19 min )
  • Open

    The July 2025 Security Update Review
    It’s the second Tuesday of the month, and as expected, Adobe and Microsoft have released their latest security patches. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for July 2025 For July, Adobe (eventually) released 13 bulletins addressing 60 unique CVEs in Adobe ColdFusion, After Effects, Substance 3D Viewer, Audition, InCopy, InDesign, Connect, Dimension, Substance 3D Stager, Illustrator, FrameMaker, Experience Manager Forms, and Experience Manager Screens. The obvious place to start here is ColdFusion. It’s the only update listed as Priority 1 and addresses 13 CVEs, five of which are rated Critical. ColdFus…
  • Open

    Advancing Protection in Chrome on Android
    Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google’s strongest security for mobile devices, providing greater peace of mind that you’re better protected against the most sophisticated threats. Advanced Protection acts as a single control point for at-risk users on Android that enables important security settings across applications, including many of your favorite Google apps, including Chrome. In this post, we’d like to do a deep dive into the Chrome features tha…
  • Open

    How to Get the Most Out of the Python Decompilers Uncompyle6 and Decompyle3
    No content preview
  • Open

    Spring 2025 PCI DSS compliance package available now
    Amazon Web Services (AWS) is pleased to announce that three new AWS services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Amazon Verified Permissions AWS B2B Data Interchange AWS Resource Explorer This certification means that customers can use these services while maintaining PCI DSS compliance, enabling […]  ( 25 min )
  • Open

    InfoSec News Nuggets 7/8/2025
    BERT Ransomware Group Targets Asia and Europe on Multiple Platforms In April, a new ransomware group known as BERT, has been observed targeting organizations across Asia and Europe. Trend™ Research telemetry has confirmed the emergence and activity of this ransomware. This blog entry examines BERT’s tools and tactics across multiple variants. By comparing its different iterations, we unpack […] The post InfoSec News Nuggets 7/8/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    No thanks: Google lets its Gemini AI access your apps, including messages [updated]
    Google says its Gemini AI will soon be able to access your messages, WhatsApp, and utilities on your phone. But we're struggling to see that as a good thing.  ( 11 min )
    Ransomware negotiator investigated over criminal gang kickbacks
    If someone is going to negotiate with criminals for you, that person should at least be on your side.  ( 10 min )
  • Open

    Protect Client-Side Code and Certify the Authenticity of Data Collection
    No content preview
  • Open

    The Extendables: Exploiting Browser Extensions for PrivEsc and Persistence | Fin Hume
    No content preview

  • Open

    2025 CyberVadis report now available for due diligence on third-party suppliers
    We’re excited to announce that AWS has completed the CyberVadis assessment of its security posture with the highest score (Mature) in all assessed areas. This demonstrates our continued commitment to meet the heightened expectations for cloud service providers. Customers can now use the 2025 AWS CyberVadis report and scorecard to reduce their supplier due-diligence burden. With […]  ( 25 min )
  • Open

    A Match Made in the Heavens: The Surveillance State and the “New Space” Economy
    This new piece co-authored by the Citizen Lab’s Gabrielle Lim discusses the risks of privatized space technology. She and her co-authors highlight that the issue is not private-sector involvement, but the concentration of power in the hands of a few private firms that are “incentivized to serve the surveillance state and further a new kind... Read more »
  • Open

    Free certificates for IP addresses: security problem or solution?
    Let's Encrypt has started rolling out certificates for IP addresses. Although it's a security solution it also offers cybercriminals opportunities.  ( 10 min )
  • Open

    InfoSec News Nuggets 7/7/2025
    14-hour+ global blackout at Ingram Micro halts customer orders Widespread outages across Ingram Micro’s websites and client service portals are being attributed to “technical difficulties.” The outages at Ingram Micro, one of the world’s biggest IT distributors, began at around 2000 UTC yesterday, according to Reg reader reports and social media. The distie turned over revenue of $12.28 […] The post InfoSec News Nuggets 7/7/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    Congratulations to the top MSRC 2025 Q2 security researchers!
    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q2 Security Researcher Leaderboard are wkai, Brad Schlintz (nmdhkr), and 0x140ce! Check out the full list of researchers recognized this quarter here.

  • Open

    📖 [The CloudSecList] Issue 295
    📖 [The CloudSecList] Issue 295 was originally published by Marco Lancini at CloudSecList on July 06, 2025.
  • Open

    Reverse Engineering Anti-Debugging Techniques (with Nathan Baggs!)
    No content preview

  • Open

    The G7 Condemned Transnational Repression, But Will Canada Meet Its Own Commitments?
    “Transnational repression is a phenomenon that is only growing in scope, scale and sophistication worldwide,” writes Ron Deibert in his new op-ed for the Globe and Mail.
  • Open

    Read Between The Logs: A New Vulnerability in Gemini Cloud Assist Proves the Threat is Real
    No content preview
    fwd:cloudsec State of the Conference 2025
    No content preview

  • Open

    Catwatchful - 61,641 breached accounts
    In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.
  • Open

    Issue 275: API hackers strike gold, Malicious API drift at CoinMarketCap, Survey reveals major API security gaps
    This week, our theme is “how secure is your API security?”. We highlight two recent attacks targeting major financial platforms, along with a new industry survey that exposes significant gaps in API security practices. We also explore technical deep-dives into vulnerabilities such as JWT flaws and host header injection attacks. Plus, we share details on [...] Read More... The post Issue 275: API hackers strike gold, Malicious API drift at CoinMarketCap, Survey reveals major API security gaps appeared first on API Security News.
  • Open

    InfoSec News Nuggets 7/3/2025
    California jury orders Google to pay $314 million over data transfers from Android phones A California jury has ordered Google to pay $314 million for collecting data from Android phones while they were connected to cellular networks, a practice that plaintiffs said equated to stealing a resource that they had paid for. The verdict, issued Tuesday […] The post InfoSec News Nuggets 7/3/2025 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    Real Performance Improvements 2025
    No content preview

  • Open

    When too much access is not enough: a story about Confluence and tokens
    During a Red Team engagement, we compromised an AWS account containing a Confluence instance hosted on an EC2 virtual machine. Although we fully compromised the machine hosting the Confluence instance, we did not have valid credentials to log in but were able to interact with the underlying database. This led us to study the structure of the Confluence database and the mechanism for generating API tokens.
  • Open

    this malware hides in a WALLPAPER
    No content preview
  • Open

    Agentic AI Is Here ? and It?s Shaping the Future of Bot Defense
    No content preview
  • Open

    Breaking AI Agents: Exploiting Managed Prompt Templates to Take Over Amazon Bedrock Agents
    No content preview
    Securing organizations ML & LLMops deployments : A platform architects journey onboarding LLM &...
    No content preview
    Keeping your cloud environments secure during a merger or acquisition
    No content preview
    Bypassing AI Security Controls with Prompt Formatting
    No content preview

  • Open

    fwd:cloudsec 2025 North America - Day 2, Breakout 1
    No content preview
    What would you ask a crystal ball for AWS IAM?
    No content preview
    Challenges implementing egress controls in a large AWS environment
    No content preview
    Shared-GPU Security Learnings from Fly.io
    No content preview
    fwd:cloudsec 2025 North America - Day 2, Breakout 2
    No content preview
    I SPy: Rethinking Entra ID research for new paths to Global Admin
    No content preview
    You Are Not Netflix: How to learn from conference talks
    No content preview
    This Wasn’t in the Job Description: Building a production-ready AWS environment from scratch
    No content preview
    The Duplicitous Nature of AWS Identity and Access Management (IAM)
    No content preview
  • Open

    Remote access to AWS: A guide for hybrid workforces
    Amazon Web Services (AWS) customers can enable secure remote access to their cloud resources, supporting business operations with both speed and agility. As organizations embrace flexible work environments, employees can safely connect to AWS resources from various locations using different devices. AWS provides comprehensive security solutions that help organizations maintain strong protection of corporate resources, […]  ( 34 min )
  • Open

    What is Quantum Computing?
    Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.  ( 10 min )
  • Open

    hackers trick everyone to run malware (FileFix)
    No content preview
  • Open

    Operationalize Day-2 Services for API Security and Microsegmentation
    Learn how to turn post-deployment services into a revenue opportunity and provide ongoing value for your customers with industry-leading tools and service playbooks.
    Commitment to Powering Europe?s Digital Sovereignty and Competitiveness
    Akamai remains committed to supporting our customers? European digital sovereignty with our suite of robust, secure, and high-performing solutions.
  • Open

    Rising star: Meet Dylan, MSRC’s youngest security researcher
    At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center (MSRC). His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security Dylan’s fascination with technology began early. Like many kids, he started with Scratch—a visual programming language for making simple games and animations.
  • Open

    Did You Knock Out Our [noun] ? | Jack Verrier
    No content preview

  • Open

    AWS Certificate Manager now supports exporting public certificates
    July 2, 2025: We’ve updated this post to include an FAQ section at the end. This includes our response to changing validity periods and associated certificate price points. AWS Certificate Manager (ACM) simplifies the provisioning, management, and deployment of public and private TLS certificates for AWS services and your on-premises and hybrid applications. To further […]  ( 34 min )
  • Open

    Dangling Danger: Why You Need to Focus on Your DNS Posture Management
    No content preview

  • Open

    📖 [The CloudSecList] Issue 294
    📖 [The CloudSecList] Issue 294 was originally published by Marco Lancini at CloudSecList on June 29, 2025.

  • Open

    Sitecore Experience Platform Vulnerabilities: Critical Update Needed for Versions 10.1 to 10.3
    Critical vulnerabilities in Sitecore Experience Platform versions 10.1–10.3 could allow unauthenticated attackers to gain full system access through a simple exploit chain. Learn what’s at risk—and how to defend against it.
  • Open

    Study Reveals API Security Gaps in Asia-Pacific Compliance Programs
    No content preview

  • Open

    How You Can Impersonate Anyone in Active Directory (with Shikata!)
    No content preview
  • Open

    Robinsons Malls - 195,597 breached accounts
    In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.
    Have Fun Teaching - 27,126 breached accounts
    In August 2021, the teaching resources website Have Fun Teaching suffered a data breach that leaked 80k WooCommerce transactions which were later posted to a popular hacking forum. The data contained 27k unique email addresses along with physical and IP addresses, names, payment methods and the item purchased. Have Fun Teaching is aware of the incident.
  • Open

    Sipping from the CVE Firehose: How We Prioritize Emerging Threats for Real-World Impact
    With tens of thousands of CVEs flooding in each year, how do you spot the ones that actually matter? At Bishop Fox, we’ve built a smarter way to cut through the noise and act fast on real-world threats. Here’s how we prioritize CVEs that truly impact our customers.
  • Open

    Keep Your Tech FLAME Alive: Akamai Trailblazer Maite Vitar
    No content preview
  • Open

    The State of Post-Quantum Cryptography (PQC) on the Web
    We analyze the world’s most popular websites and most widely used web browsers to determine the current state of PQC adoption on the web.
  • Open

    RedirectionGuard: Mitigating unsafe junction traversal in Windows
    As attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, filesystem redirection attacks, has been a persistent vector for privilege escalation. In response, we’ve developed and deployed a new mitigation in Windows 11 called RedirectionGuard.

  • Open

    Cryptominers? Anatomy: Shutting Down Mining Botnets
    No content preview
  • Open

    Fusing Reverse Shells And Kernel Exploits For Fun and Profit | Aleksa Zatezalo
    No content preview

  • Open

    CISPE Data Protection Code of Conduct Public Register now certifies 122 AWS services as adherent
    We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that 122 services are now certified as adherent to the Cloud Infrastructure Services Providers in Europe (CISPE) Data Protection Code of Conduct. This alignment with the CISPE requirements demonstrates our ongoing commitment to adhere to the heightened expectations for […]  ( 25 min )
  • Open

    Canada’s Secret Wars: Cold War Spies to Digital Surveillance with Ron Deibert & Donald Mahar
    On June 28, join Citizen Lab director Ron Deibert, author of Chasing Shadows, for this book talk at the Toronto International Festival of Authors.
    True Costs of Misinformation: The Global Spread of Misinformation Laws
    In the past decade, we have seen a significant shift in how governments talk about misinformation. Many countries now consider or intentionally frame misinformation as a matter of national security or public safety in order to justify the passage of new laws that impose penalties for the spread of information deemed false or other administrative... Read more »
    A Trip to Ancient BABYLON: Unearthing a 2017 Pegasus Persistence Exploit
    On June 29 at REcon, Citizen Lab senior researcher Bill Marczak and co-presenter Daniel Roethlisberger will recount how they discovered a Pegasus exploit targeting iOS 10 devices back in 2017. They will describe their investigation, analyze the root cause of the vulnerability, detail how the exploit leveraged the vulnerability to gain code execution after boot, and explain how the vulnerability was mitigated.
2025-07-23T01:50:01.451Z osmosfeed 1.15.1