Infosec.Pub

WTF happened to onionmail.info?

So disturbing.

It was such a great resource for email. It was a quite unique infrastructure that gave a bit of freedom and privacy unlike any other email provider.

Crime group claims to have already doled out $1K to those in it 'for money and for the love of the game' Scattered Lapsus$ Hunters has launched an unusual crowdsourced extortion scheme, offering $10 in Bitcoin to anyone willing to help pressure their alleged victims into paying ransoms.…

Someone in Texas shot a fiber line. The shooter remains a mystery, but nearly 25,000 people were taken offline by the incident. The outage affected parts of Dallas, Irving, Plano, Arlington, Austin, and San Antonio. […] As random as a bullet taking down the internet might sound, there’s actually precedent to this sort of thing. … Continue reading Texas Loss of Internet Caused by Guns →

New leaked documents show how the FBI convinced a judge to let its partners collect a mass of encrypted messages from thousands of phones around the world.

Just 250 malicious training documents can poison a 13B parameter model - that's 0.00016% of a whole dataset Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on. …

Central bank says market concentration hasn't been this extreme in 50 years.

​Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. [...]

Turns out Apple’s ‘Find My’ feature isn’t just for when your phone slips down the side of the couch.

While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot.

The alleged targeting of prominent Italian businessman Francesco Gaetano Caltagirone now widens the Paragon spyware scandal in Italy to victims beyond journalists and activists.

California just passed 14 new privacy and AI laws. We’re highlighting a few that give users real control over their personal data.

The cryptocurrency sector faces an existential threat on two fronts: none of the 2,138 web applications and 146 mobile apps tested by ImmuniWeb support post-quantum encryption, and more than 7.8 million user records are already circulating on the dark web. As adversaries hoard encrypted data for future “Harvest Now, Decrypt Later” exploits, the industry’s failure to adopt NIST’s Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) standard signals a looming crisis. Without action, encrypted transactions could be laid bare … More → The post Outdated encryption leaves crypto wide open appeared first on Help Net Security.

SonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month. [...]

A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. [...]