惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
The Hacker News
The Hacker News
AWS News Blog
AWS News Blog
Spread Privacy
Spread Privacy
T
Tenable Blog
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Securelist
P
Privacy & Cybersecurity Law Blog
Know Your Adversary
Know Your Adversary
T
The Exploit Database - CXSecurity.com
Latest news
Latest news
D
Darknet – Hacking Tools, Hacker News & Cyber Security
I
Intezer
F
Fortinet All Blogs
Engineering at Meta
Engineering at Meta
Simon Willison's Weblog
Simon Willison's Weblog
The Register - Security
The Register - Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
Lohrmann on Cybersecurity
C
Cyber Attacks, Cyber Crime and Cyber Security
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
H
Help Net Security
T
Threat Research - Cisco Blogs
D
DataBreaches.Net
S
Schneier on Security
Cyberwarzone
Cyberwarzone
Google DeepMind News
Google DeepMind News
P
Privacy International News Feed
S
Secure Thoughts
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recorded Future
Recorded Future
C
Cybersecurity and Infrastructure Security Agency CISA
MyScale Blog
MyScale Blog
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
IT之家
IT之家
人人都是产品经理
人人都是产品经理
NISL@THU
NISL@THU
博客园 - Franky
T
Tor Project blog
G
GRAHAM CLULEY
博客园 - 【当耐特】
Jina AI
Jina AI
Security Archives - TechRepublic
Security Archives - TechRepublic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
A
About on SuperTechFans
Hacker News - Newest:
Hacker News - Newest: "LLM"

The Register - Security

India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat Are we human? MyPillow must decide whether to be firm or soft as ransomware crims demand pay Experts pour cold borscht on Farage's Russian hack claim AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets Techie claims Trump Mobile website was leaking thousands of people's data Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Microsoft open-sources agentic AI safety tools Are we human? America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shai-Hulud copycat worm infects yet another npm package MPs want social media treated more like unsafe toys than harmless apps Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data To gain root access, intruder just had to ask AWS patched Quick auth bypass, says customers weren't using control Disgruntled researcher releases two more Microsoft zero-days Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files US bank reports itself after slinging customer data at 'unauthorized AI app' Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator Best Western Hotels confirms web app data breach Arctic Wolf cuts 250 jobs in AI push 1 in 8 workers say selling company logins is justifiable Iran cyberspies LARPing as ransomware crims in espionage ops UK age-gating plans risk breaking the internet, privacy groups warn India orders infosec red alert in case Mythos sparks crime 'CopyFail' attackers start cashing in on Linux flaw ShinyHunters claims dump puts 119K Vimeo emails in the wild ShinyHunters claims 119K Vimeo emails in the wild Singapore boffins get diverse SIEMs singing in harmony Shadow IT has given way to shadow AI. Enter AI-BOMs AI-BOMs replace SBOMs as way to track AI agents and bots Home Office adds £216M to travel doc contract before bids FBI: China's hacker-for-hire ecosystem 'out of control' UK business breach rate stuck at 43%... blame the phishing What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Chinese spy group caught lurking in Poland, Asia networks Critical cPanel, WHM flaw probs exploited as 0-day, pros say ORNL builds more sensitive GPS interference detector Microsoft patch fell short. New Windows flaw exploited Fooling large language models just keeps getting simpler Wiz hands GitHub AI-aided bug report that isn Don’t pay VECT a ransom - your big files are likely gone Pitney Bowes the latest victim of ShinyHunters’ breach-spree Ongoing supply-chain attack targets security, dev tools Medical and utility tech companies admit digital breakins Cybersecurity professional getting more work and less pay Crime crew impersonates help desk, abuses Teams chats ShinyHunters claim they have cruise giant Carnival’s booty CISA, NCSC issue Firestarter backdoor warning Intel expects AI inference to drive demand for its CPUs Open source models can find bugs as well as Mythos Researchers find sabotage malware that may predate Stuxnet Attackers could disable all of a city's public EV chargers Age checks could turn internet into an ID checkpoint, complains Proton CEO France's 'Secure' ID agency probes breach as crooks claim 19M records Scotland Yard can keep using live facial recognition on Londoners, say judges Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Panasonic creates device-locked QR codes to speed facial biometric capture Iran claims US used backdoors to knock out networking equipment during war Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Scot becomes second Scattered Spider-linked crook to plead guilty in US Just like phishing for gullible humans, prompt injecting AIs is here to stay Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Git identity spoof fools Claude into giving bad code the nod McGraw Hill linked to 13.5M-record data leak Microsoft announces product it doesn't want anyone to buy Server-room lock was nothing but a crock Nobody knows how many CVEs Anthropic's Project Glasswing has actually found Autovista blames ransomware for service disruption French cops free mother and son after crypto kidnapping UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents No honor among thieves as 0APT threatens rival ransomware gang Krybit Fake Linux leader using Slack to con devs into giving up their secrets Booking.com warns of possible reservation data exposure NHS pays £46K to prep next Microsoft licensing round China wants AI to prepare school lessons and mark homework Anthropic's Mythos has The Kettle crew curious, skeptical Two different attackers poisoned popular open source tools Hungary officials used weak passwords exposed in breach dump CPUID hijacked to serve malware as HWMonitor downloads Unpacking AI security 2026 from experimentation agentic era Microsoft locks out top open source devs, blames process NHS Scotland-linked domains push pr0n and illegal streams Iran cyber actors disrupting US water, energy facilities, FBI warns Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns AI agents found vulns in this Linux and Unix print server Don't glamorize cybercrims, roast them instead Trump wants to take a battle axe to CISA again and slash $707M from budget
If malware via monitor cables is a matter of national security, this might be the gadget for you
Connor Jones · 2026-04-23 · via The Register - Security

GCHQ's cyber arm has entered the hardware game with its first device designed to prevent cyberattacks on display devices.

Called SilentGlass, the small gadget's intellectual property is courtesy of the UK's National Cyber Security Centre (NCSC), and the signals intelligence agency licensed it out to UK-based Goldilock Labs to make it commercially available to all businesses and consumers.

SilentGlass is the NCSC's first branded device to hit the market. Announced publicly on Wednesday, the HDMI and DisplayPort-compatible device has already been deployed across "government estates," for several years and is capable of protecting "most high-threat environments."

Naturally, The Register had a bunch of questions, but the NCSC refused to answer any.

Through the powers that be, however, we are reliably informed that beyond the information included in the NCSC's blog, these devices are equipped with hardware that identifies malicious traffic in the data channel, blocking the transfer between computer and display.

We're also told that the SilentGlass gizmos are threat-agnostic, meaning they are capable of detecting any kind of nastiness and preventing it from reaching and ultimately altering or manipulating a display. Anything potentially malicious that travels between HDMI or DisplayPort connections and a monitor is blocked.

You might be thinking "it's not every day we hear about monitors being pwned via HDMI," and you'd be right.

You wouldn't be alone either. Since the NCSC announced SilentGlass, infoseccers have taken to social media to question the need for this device.

However, it is understood there are legitimate attack paths that are both applicable to modern environments and have been abused by known attackers.

Very little exists in the research literature about these kinds of attacks. A team based out of Montevideo's Universidad de la República published findings in 2024 about the potential for highly technical individuals to intercept the electromagnetic radiation emitted from HDMI cables and use deep learning algorithms to reproduce text intended to be displayed on a monitor.

The team called the finding Deep-TEMPEST, an evolution of the TEMPEST analog signal interception phenomenon of yesteryear. But, as with all side-channel attacks, the real-world application is significantly different from a remotely exploitable software bug, for example. 

Most organizations probably don't need to worry about highly motivated foreign spies lurking around their cables looking for electromagnetic emissions. However, for those safeguarding highly sensitive data within the context of critical national infrastructure operators, it's potentially a slightly more credible threat.

NCSC's SilentGlass HDMI device. Image courtesy of the NCSC.

NCSC's SilentGlass HDMI device – Image courtesy of the NCSC

In any case, SilentGlass devices are available to anyone who wishes to purchase one, starting today.

Attendees of Black Hat or 44con back in 2012 may also remember NCC Group's presentations about the potential for exploiting vulnerabilities in HDMI's EDID and CEC parsers, as well as CDC and NEC protocols.

Again, these are fringe cases of which we hear very little from real-world scenarios, outside a conference keynote.

Despite the lack of published cases of these attacks, the NCSC believes external computer monitors are "a hugely attractive target" for adversaries, particularly those with an espionage focus.

It did not mention China specifically, although that is the country most often associated with cyberespionage, in the context of the UK's four main adversaries - China, Russia, Iran, and North Korea.

The timing of the launch also coincides with the agency's CEO, Richard Horne, declaring China "a peer competitor in cyberspace," within the context of a steady rate of nationally significant cyberattacks directed at the UK by nation-states.

The org also said such attacks can be effective if the people behind them are looking to cause disruption, or generate some financial gains, which essentially implicates each of the other three countries.

Ollie Whitehouse, the NCSC's CTO, said: "Display screens and monitors are everywhere in modern business environments, and the SilentGlass device will help protect previously vulnerable IT infrastructure with unprecedented ease.

"Its development and commercialisation shows the impact that the NCSC can have, alongside industry partners, with an affordable and effective product now globally available. 

"By helping to launch a UK company onto the global market with this world-class innovation, we are breaking new ground and helping to strengthen national prosperity."

NCSC gave Goldilock Labs, in partnership with Sony UK, the license to produce and sell SilentGlass, which comes as separate devices - one for HDMI and another for DisplayPort, each protecting one cable only.

The NCSC wouldn't tell us the price, so we're waiting on Golidlock to tell us more information on that front.

Stephen Kines, co-founder of Goldilock Labs, said the device meets a security problem that to date has been "widely overlooked," as many have not viewed HDMI and DisplayPort connections as a serious security boundary.

"What was once confined to national security environments is now being applied with a low-cost, easy-to-deploy solution for CNI and businesses where the same risks exist," he said.

"SilentGlass is the first step in a wider effort to enforce behaviour at hardware interfaces before it reaches complex software. It reflects a shift toward treating physical connectivity as a point of control rather than an assumed trust boundary." ®