Cybersecurity

Cybersecurity firm Kapersky reports that over 7 million accounts from streaming services have been compromised, including Netflix, Prime Video, Disney+, HBO Max, and Apple TV+. Read more at @TechRadar. #Cybersecurity #Streaming #Kapersky #Netflix #Tech #Technology. https://flip.it/yoNT3n

"The curse of prompt injection continues to be that we’ve known about the issue for more than two and a half years and we still don’t have convincing mitigations for handling it.

I’m still excited about tool usage—it’s the next big feature I plan to add to my own LLM project—but I have no idea how to make it universally safe.

If you’re using or building on top of MCP, please think very carefully about these issues:

Clients: consider that malicious instructions may try to trigger unwanted tool calls. Make sure users have the interfaces they need to understand what’s going on—don’t hide horizontal scrollbars for example!

Servers: ask yourself how much damage a malicious instruction could do. Be very careful with things like calls to os.system(). As with clients, make sure your users have a fighting chance of preventing unwanted actions that could cause real harm to them.

Users: be thoughtful about what you install, and watch out for dangerous combinations of tools."

https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/

#AI #GenerativeAI #LLMs #Chatbots #CyberSecurity #MCP #PromptInjection

Adidas customers' personal information at risk after third-party data breach.

Once again, a third-party's cybersecurity has damaged the brand reputation of a world-renowned brand, and endangered consumers.

Read more in my article on the Bitdefender blog:
https://www.bitdefender.com/en-us/blog/hotforsecurity/adidas-customers-personal-information-at-risk-after-data-breach

#cybersecurity #databreach

#CRA & #NIS2 are here. Is your #opensource project ready for #EU regulations? 📜 Stay compliant. Find out more at the #open4business at this year's #openSUSE Conference. https://events.opensuse.org/ #CyberSecurity

A Starter #Guide to Protecting Your Data From Hackers and Corporations

https://www.wired.com/story/guide-protect-data-from-hackers-corporations/

#cybersecurity

Why the #iPhone's Messages App Refuses Audio Messages That Mention 'Dave & Buster's'

https://apple.slashdot.org/story/25/05/26/0159210/why-the-iphones-messages-app-refuses-audio-messages-that-mention-dave-busters

#cybersecurity #Apple

Fake #Zenmap. #WinMRT sites target IT staff with #Bumblebee #malware

https://www.bleepingcomputer.com/news/security/bumblebee-malware-distributed-via-zenmap-winmrt-seo-poisoning/

#cybersecurity

How Many #Qubits Will It Take to Break Secure Public Key #Cryptography Algorithms?

https://it.slashdot.org/story/25/05/24/0530234/how-many-qubits-will-it-take-to-break-secure-public-key-cryptography-algorithms

#cybersecurity

#Naukri exposed recruiter email addresses, researcher says

https://techcrunch.com/2025/05/23/naukri-exposed-recruiter-email-addresses-researcher-says/

#cybersecurity #privacy #DataBreach

I received an "important email" from #Dreamhost about my domain registration. You'd think that #email security would be paramount for them.

They have no DKIM setting, so it's impossible to see if the email was tampered with in transit and if it was sent by the claimed sender. And, their DMARC policy is p=none, which tells email providers, "don't do anything special if you can't verify me".

Their dreamhostregistry.com domain is wide open for spoofing because they've configured it to be wide open for spoofing.

How can a web hosting company be so lax about email security? How can I trust emails they send to me if I have no assurance they sent it, and it wasn't modified in transit?

#Cybersecurity #DKIM #SPF #Spoofing #EmailSecurity

How can Europe better secure the open #digitalinfrastructure that underpins its public services, or #digitaleconomy?

We are delighted to announce the next #EOSA Webinar, #OpenSource for #Cybersecurity: Securing and Maintaining Europe's Open Source Dependencies.
This webinar looks at how Europe's cybersecurity and digital policy agendas are increasingly intertwined.

Learn more and register today: https://tinyurl.com/yf7xyadr

"My experiment harness executes this N times (N=100 for this particular experiment) and saves the results. It’s worth noting, if you rerun this you may not get identical results to me as between running the original experiment and writing this blog post I had removed the file containing the code to be analysed, and had to regenerate it. I believe it is effectively identical, but have not re-run the experiment.

o3 finds the kerberos authentication vulnerability in the benchmark in 8 of the 100 runs. In another 66 of the runs o3 concludes there is no bug present in the code (false negatives), and the remaining 28 reports are false positives. For comparison, Claude Sonnet 3.7 finds it 3 out of 100 runs and Claude Sonnet 3.5 does not find it in 100 runs. So on this benchmark at least we have a 2x-3x improvement in o3 over Claude Sonnet 3.7.

For the curious, I have uploaded a sample report from o3 (here) and Sonnet 3.7 (here). One aspect I found interesting is their presentation of results. With o3 you get something that feels like a human-written bug report, condensed to just present the findings, whereas with Sonnet 3.7 you get something like a stream of thought, or a work log. There are pros and cons to both. o3’s output is typically easier to follow due to its structure and focus. On the other hand, sometimes it is too brief, and clarity suffers."

https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/

#AI #GenerativeAI #O3 #OpenAI #CyberSecurity #Linux #Kernel #ZeroDay

Dozens of malicious packages on #NPM collect host and network data

https://www.bleepingcomputer.com/news/security/dozens-of-malicious-packages-on-npm-collect-host-and-network-data/

#cybersecurity

Hacker steals $223 million in #CetusProtocol #cryptocurrency heist

https://www.bleepingcomputer.com/news/security/hacker-steals-223-million-in-cetus-protocol-cryptocurrency-heist/

#cybersecurity #crypto

FBI warns of #LunaMoth extortion attacks targeting law firms

https://www.bleepingcomputer.com/news/security/fbi-warns-of-luna-moth-extortion-attacks-targeting-law-firms/

#cybersecurity

Mysterious hacking group #Careto was run by the Spanish government, sources say

https://techcrunch.com/2025/05/23/mysterious-hacking-group-careto-was-run-by-the-spanish-government-sources-say/

#Spain #cybersecurity

#TikTok videos now push #infostealer #malware in #ClickFix attacks

https://www.bleepingcomputer.com/news/security/tiktok-videos-now-push-infostealer-malware-in-clickfix-attacks/

#cybersecurity

""This latest technology helps ensure that we know who is boarding flights," said TSA’s Federal Security Director for Pennsylvania and Delaware Gerardo Spero in a news release last month. "Credential authentication plays an important role in passenger identity verification. It improves a TSA officer’s ability to validate a traveler’s photo identification while also identifying any inconsistencies associated with fraudulent travel documents."

However, there are rising concerns around the safety of biometric information storage, stemming from the lack of transparency around the database where the information is being stored.

"It's not about the integrity of your face or driver's license, it's about the database where you have no control," said India McKinney, director of federal affairs at the Electronic Frontier Foundation. There's the risk of misidentification, security breaches, plus human or technological error. The screening process also varies at different airports and even terminals, putting the burden on the traveler."

https://eu.usatoday.com/story/travel/news/2025/05/20/tsa-facial-recognition-safety/83726603007/

#USA #Surveillance #Biometrics #FacialRecognition #TSA #AirsportScreening #CyberSecurity

Police takes down 300 servers in #ransomware supply-chain crackdown

https://www.bleepingcomputer.com/news/security/police-takes-down-300-servers-in-ransomware-supply-chain-crackdown/

#cybersecurity #cybercrime #OperationEndgame

TikTok videos now push infostealer malware in ClickFix attacks

"One of the videos claiming to provide instructions on how to "boost your Spotify experience instantly," has reached almost 500,000 views, with over 20,000 likes and more than 100 comments."

OMG. These are such naive people. Over 20,000 likes for a malware video! Disheartening. And I feel sorry for the real experience they've boosted.

https://www.bleepingcomputer.com/news/security/tiktok-videos-now-push-infostealer-malware-in-clickfix-attacks/

#Malware #CyberSecurity #Tiktok

Feds Charge 16 Russians Allegedly Tied to Botnets Used in #Ransomware, Cyberattacks, and Spying

https://www.wired.com/story/us-charges-16-russians-danabot-malware/

#cybersecurity #botnet #DanaBot #cybercrime

Oversharing on social media can not only be embarrassing but could also put your privacy at risk, damage your personal or professional reputation, or present a target to scammers who may use the information you shared to steal your identity. Read more at @ZDNet. #SocialMedia #Cybersecurity #DataPrivacy #OnlineSafety #Tech #Technology https://flip.it/26XlAA

US indicts leader of #Qakbot #botnet linked to #ransomware attacks

https://www.bleepingcomputer.com/news/security/us-indicts-leader-of-qakbot-botnet-linked-to-ransomware-attacks/

#cybersecurity #cybercrime

Destructive #malware available in #NPM repo went unnoticed for 2 years

https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/

#cybersecurity

Hackers use fake #Ledger apps to steal #Mac users’ seed phrases

https://www.bleepingcomputer.com/news/security/hackers-use-fake-ledger-apps-to-steal-mac-users-seed-phrases/

#crypto #cybersecurity