Cybersecurity

#Microsoft now pays up to $40,000 for some .NET vulnerabilities

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-40-000-for-some-net-vulnerabilities/

#cybersecurity #dotNET #BugBounty

The #Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant #Spyware

https://www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/

#cybersecurity #Russia #malware #ISP

#Microsoft to disable #Excel workbook links to blocked file types

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-external-workbook-links-to-blocked-file-types/

#cybersecurity

#CISA open-sources #Thorium platform for #malware, #forensic analysis

https://www.bleepingcomputer.com/news/security/cisa-open-sources-thorium-platform-for-malware-forensic-analysis/

#OpenSource #DigitalForensics #cybersecurity

Users left scrambling for a plan B as #Dropbox drops #DropboxPasswords

https://www.theregister.com/2025/07/30/dropbox_drops_dropbox_passwords/

#cybersecurity #passwords

#KaliLinux can now run in #Apple containers on #macOS systems

https://www.bleepingcomputer.com/news/security/kali-linux-can-now-run-in-apple-containers-on-macos-systems/

#cybersecurity #Linux #FOSS

#AI code generators are writing vulnerable software nearly half the time

https://nerds.xyz/2025/07/ai-security-flaws-veracode-2025/

#cybersecurity

Spikes in malicious activity precede new security flaws in 80% of cases

https://www.bleepingcomputer.com/news/security/spikes-in-malicious-activity-precede-new-cves-in-80-percent-of-cases/

#cybersecurity

Hackers plant 4G #RaspberrPi on bank network in failed #ATM heist

https://www.bleepingcomputer.com/news/security/hackers-plant-4g-raspberry-pi-on-bank-network-in-failed-atm-heist/

#cybersecurity #banking #cybercrime

#SafePay #ransomware threatens to leak 3.5TB of #IngramMicro data

https://www.bleepingcomputer.com/news/security/safepay-ransomware-threatens-to-leak-35tb-of-ingram-micro-data/

#cybersecurity #DataBreach

Introducing #ProtonAuthenticator – secure #2FA, your way

https://proton.me/blog/authenticator-app

#Proton #FOSS #cybersecurity

Hackers target #Python devs in #phishing attacks using fake #PyPI site

https://www.bleepingcomputer.com/news/security/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site/

#cybersecurity

How to get another free year of updates for your #Windows10 PC

https://arstechnica.com/gadgets/2025/07/how-to-get-another-free-year-of-updates-for-your-windows-10-pc/

#cybersecurity #Windows #EoL

New version of #Asterisk fixes a remote crash (and maybe RCE!) in STIR/SHAKEN header parsing: CVE-2025-49832

https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr

#CVE #appsec #CyberSecurity #VOIP

#ShinyHunters behind #Salesforce data theft attacks at #Qantas, #Allianz Life, and #LVMH

https://www.bleepingcomputer.com/news/security/shinyhunters-behind-salesforce-data-theft-attacks-at-qantas-allianz-life-and-lvmh/

#cybersecurity #DataBreach #privacy #ransomware

"Far be it from me to accuse Anthropic of this. When they designed MCP, the idea was to quickly and easily extend chat interfaces with tool functionality (and a whole bunch of other stuff that folks ignore in the protocol!). For that context, it’s actually a good fit for the job (bar some caveats that can easily be fixed).

No, the dünnbrettbohrer of the MCP world are the implementers of the MCP servers themselves. Right now, it’s the peak of the hype cycle of inflated expectations, meaning a lot of people are selling low-code, or no-code, dressed up as MCP — but it’s still the same old shenanigans under the hood.

What I would like to achieve today is to give you simple guidance on when, how, and where to use MCP without shooting yourself in the foot (such as with Github’s latest MCP server disaster, an exploit that left private repository data vulnerable to attackers)."

https://nordicapis.com/mcp-if-you-must-then-do-it-like-this/

#CyberSecurity #MCP #AI #GenerativeAI #LLMs #Chatbots #APIs

#Apple patches security flaw exploited in #Chrome zero-day attacks

https://www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/

#cybersecurity #Google

Hackers stole Social Security numbers during #Allianz Life cyberattack

https://techcrunch.com/2025/07/30/hackers-stole-social-security-numbers-during-allianz-life-cyberattack/

#cybersecurity #privacy #DataBreach #insurance

Hackers actively exploit critical RCE in #WordPress #Alone theme

https://www.bleepingcomputer.com/news/security/hackers-actively-exploit-critical-rce-in-wordpress-alone-theme/

#cybersecurity

"Recent advances have enabled LLM-powered AI agents to autonomously execute complex tasks by combining language model reasoning with tools, memory, and web access. But can these systems be trusted to follow deployment policies in realistic environments, especially under attack? To investigate, we ran the largest public red-teaming competition to date, targeting 22 frontier AI agents across 44 realistic deployment scenarios. Participants submitted 1.8 million prompt-injection attacks, with over 60,000 successfully eliciting policy violations such as unauthorized data access, illicit financial actions, and regulatory noncompliance. We use these results to build the Agent Red Teaming (ART) benchmark - a curated set of high-impact attacks - and evaluate it across 19 state-of-the-art models. Nearly all agents exhibit policy violations for most behaviors within 10-100 queries, with high attack transferability across models and tasks. Importantly, we find limited correlation between agent robustness and model size, capability, or inference-time compute, suggesting that additional defenses are needed against adversarial misuse. Our findings highlight critical and persistent vulnerabilities in today's AI agents. By releasing the ART benchmark and accompanying evaluation framework, we aim to support more rigorous security assessment and drive progress toward safer agent deployment."

https://arxiv.org/abs/2507.20526

#AI #GenerativeAI #LLMs #CyberSecurity #Chatbots #AIAgents #AgenticAI

How do #browser #extensions work, and what is a #firewall?

https://adguard.com/en/blog/techtok-9-browser-extensions-and-firewall.html

#cybersecurity #guide

Supply-chain attacks on #OpenSource software are getting out of hand

https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/

#FOSS #cybersecurity

New #Lenovo #UEFI #firmware updates fix #SecureBoot bypass flaws

https://www.bleepingcomputer.com/news/security/new-lenovo-uefi-firmware-updates-fix-secure-boot-bypass-flaws/

#cybersecurity

#Linux 6.16 brings faster file systems, improved confidential memory support, and more #Rust support

https://www.zdnet.com/article/linux-6-16-brings-faster-file-systems-improved-confidential-memory-support-and-more-rust-support/

#cybersecurity #FOSS

Measuring the Attack/Defense Balance

https://www.schneier.com/blog/archives/2025/07/measuring-the-attack-defense-balance.html

#cybersecurity