惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog
V
Vulnerabilities – Threatpost
Apple Machine Learning Research
Apple Machine Learning Research
V
V2EX
博客园 - 叶小钗
阮一峰的网络日志
阮一峰的网络日志
人人都是产品经理
人人都是产品经理
Latest news
Latest news
博客园 - 三生石上(FineUI控件)
美团技术团队
aimingoo的专栏
aimingoo的专栏
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threatpost
Y
Y Combinator Blog
T
Tailwind CSS Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
A
Arctic Wolf
C
Cyber Attacks, Cyber Crime and Cyber Security
小众软件
小众软件
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
Tenable Blog
W
WeLiveSecurity
L
LINUX DO - 热门话题
D
Docker
Cyberwarzone
Cyberwarzone
量子位
A
About on SuperTechFans
The Last Watchdog
The Last Watchdog
雷峰网
雷峰网
C
CERT Recently Published Vulnerability Notes
P
Palo Alto Networks Blog
The Hacker News
The Hacker News
Blog — PlanetScale
Blog — PlanetScale
P
Proofpoint News Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
F
Full Disclosure
The Cloudflare Blog
T
The Blog of Author Tim Ferriss
T
The Exploit Database - CXSecurity.com
Engineering at Meta
Engineering at Meta
O
OpenAI News
Hacker News - Newest:
Hacker News - Newest: "LLM"
Scott Helme
Scott Helme
IT之家
IT之家
S
Secure Thoughts
MongoDB | Blog
MongoDB | Blog
L
Lohrmann on Cybersecurity
博客园 - 司徒正美
Google DeepMind News
Google DeepMind News

The Register - Security: Research

www.theregister.com Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine ChatGPT blindly trusts browser content, turning the page into a payload Russia-linked threat group put ChatGPT to work from lure to payload Kids can bypass some age checks with a drawn-on mustache What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia ORNL builds more sensitive GPS interference detector Researchers find sabotage malware that may predate Stuxnet Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Anthropic, Google, Microsoft paid AI bug bounties – quietly Security reserchers tricked Apple Intelligence into cursing Don't open that WhatsApp message, Microsoft warns Security boffins harvest bumper crop of API keys from web Lightning-fast exploits mean patch fast, says Cisco Talos AI agents are 'gullible' and easy to turn into your minions Smooth criminals talking their way into cloud environments, Google says Snoops plant info-stealing malware on iPhones, Google warns Cybercrime up 245% since the start of the Iran war Rogue AI agents can work together to hack systems Fake applicants are sending security-killing malware AI agent hacked McKinsey chatbot for read-write access Kaspersky: No signs Coruna iPhone exploit kit made by US Perplexity Comet browser hole was exploitable via cal invite DEF CON hackers 'fed up with government,' Jake Braun says DEF CON hackers 'fed up with government,' Jake Braun says Ransomware payments cratered in 2025 – attacks did not Ransomware payments cratered in 2025 – attacks did not Claude's collaboration tools allowed remote code execution AI takes a swing at online anonymity Fake 'interview' repos lure Next.js devs into running secret-stealing malware Threat intelligence supply chain is full of weak links AI agents abound, unbound by rules or safety disclosures RAT disguised as an RMM costs crims $300 a month Android malware taps Gemini to navigate infected devices Posting AI caricatures on social media is bad for security Payroll pirates conned the help desk, stole employee’s pay Microsoft boffins show LLM safety can be trained away For the price of Netflix, crooks can rent AI crime ops For the price of Netflix, crooks can rent AI crime ops Fast Pair, loose security: Bluetooth accessories open to silent hijack Fast Pair flaw exposes Bluetooth devices to hijacking A simple CodeBuild flaw put every AWS environment at risk A simple CodeBuild flaw put every AWS environment at risk DeadLock ransomware uses smart contracts to evade defenders Python libraries in AI/ML models can be poisoned w metadata OpenAI patches déjà vu prompt injection vuln in ChatGPT Fake Windows BSODs check in at Europe's hotels to con staff into running malware Hotel staff tricked into installing malware by bogus BSODs Your car’s web browser may be on the road to cyber ruin China's Ink Dragon hides out in European government networks Browser 'privacy' extensions have eye on your AI, log all your chats 10K Docker images spray live cloud creds across the internet 'Botnets in physical form' are top humanoid robot risk 'Botnets in physical form' are top humanoid robot risk Apache warns of 10.0-rated flaw in Tika metadata toolkit Novel clickjacking attack relies on CSS and SVG 'Exploitation is imminent' of max-severity React bug Swiss government bans SaaS and cloud for sensitive info Scattered Lapsus$ Hunters stress testing Zendesk weak spots HashJack attack shows AI browsers can be fooled with '#' New ClickFix attacks use fake Windows Updates to swipe creds Years-old bugs in open source took out major clouds at risk LLM-generated malware improving, but not operational (yet) 3.5B WhatsApp users' info scooped through enumeration flaw 3.5B WhatsApp users' info scooped through enumeration flaw 50k more ASUS routers pwned by evolving Beijing-linked op Overconfidence is the new zero-day as teams stumble through cyber simulations LLM side-channel attack could allow snoops to guess topic Landfall spyware used in 0-day attacks on Samsung phones MIT Sloan shelves paper about AI-driven ransomware Security hole slams Chromium browsers - no fix yet OpenAI Atlas Browser tripped up by malformed URLs Devs of VS Code extensions are leaking secrets en masse Chatbots that butter you up make you worse at conflict Tile trackers leak unencrypted Bluetooth data, say boffins Beijing's RedNovember hacked critical US, global orgs Lazarus RAT code resurfaces in North Korean IT-worker scams Suspected Chinese spies broke into 'numerous' enterprises Deepfaked calls hit 44% of businesses in last year: Gartner Kaspersky: RevengeHotels returns with AI-coded malware Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack HybridPetya ransomware dodges UEFI Secure Boot
NCSC finds cyber deception tools work, if deployed right
Brandon Vigliarolo Brandon Vigliarolo · 2025-12-15 · via The Register - Security: Research

INFOSEC IN BRIEF The UK's National Cyber Security Centre (NCSC) has found that cyber-deception tactics such as honeypots and decoy accounts designed to fool attackers can be useful if implemented very carefully.

The NCSC tested cyber deception technology with several volunteer companies, because those that wander into the carefully laid traps leave behind clues that can turn into threat intelligence, at least according to vendors of such tools.

The NCSC found that there's truth to those claims during the run of its Active Cyber Defense 2.0 program, according to a blog post last week.

"We found that cyber deception can be used for visibility in many systems, including legacy or niche systems," the NCSC said. Great news, but there's the caveat: "Without a clear strategy organizations risk deploying tools that generate noise rather than insight.”

In other words, you need a proper plan to make these tools work.

"If cyber deception tools aren't properly configured, they may fail to detect threats or lead to a false sense of security, or worse, create openings for attackers," the NCSC warned. "Keeping cyber deception tools aligned requires ongoing effort."

The NCSC also found that, while most companies using deception tools prefer to keep that fact quiet, the data suggests the opposite ought to be the case.

"When attackers believe cyber deception is in use they are less confident in their attacks," the org said. "This can impose a cost on attackers by disrupting their methods and wasting their time, to the benefit of the defenders."

The NCSC sees cyber deception tools as an essential part of a modern defense strategy and said that they want to start helping organizations properly invest in them, and are working to develop a service to that end.

How to instantly drain an AI development budget

A malicious actor or untrained developer can change spending limits in AI IDE Cursor or AWS Bedrock, potentially spending millions in a matter of hours.

A vendor called Ox Security learned this the hard way after a new developer on its team “accidentally spent our monthly Cursor budget in hours, then discovered he could change team spending limits to over $1M without admin approval or notification."

Ox Security last week admitted to the incident and reported that Cursor and Bedrock both lack default controls that prevent unprivileged users from modifying budget controls, and both leak API tokens that can provide unlimited access.

Both platforms include features to prevent such accidents or malicious actions from occurring due to an attacker gaining access via a malicious link or leaked API token, as Ox proved in its proof of concept attacks, but neither have the features enabled by default.

"This wasn't just a configuration oversight," Ox said. "It exposed a systemic problem: AI platforms prioritize speed and access over protection, creating an environment where a single leaked token or malicious link can trigger unbounded usage."

In its post about its own mess, Ox has detailed procedures to prevent the kind of incident it endured.

Spanish police arrest suspected perp behind theft of 64 million personal records

A 19-year-old is behind bars in Spain after police allegedly connected him to the theft of 64 million people's personal records from nine different companies.

The unnamed suspect is thought to have stolen national ID numbers, addresses, telephone numbers and international bank account numbers, Spanish police reported last week. The suspect reportedly sold the data online for an unspecified quantity of cryptocurrency, following his breaches of the nine firms he targeted. Spanish police said they've frozen the cryptocurrency wallet where the suspect stashed his ill-gotten gains.

Law enforcement officials said they had been investigating the breaches since last June, which led them to the city of Igualada, near Barcelona, and the suspect whom they subsequently apprehended for the crime.

Polish police arrest trio of suspected traveling hackers

Police in Warsaw apprehended a trio of Ukrainian citizens last week, as they suspect the trio are a traveling band of threat actors.

Polish police stopped the three for a traffic violation and found them to be "visibly nervous," Polish police said in a report. The trio apparently said they were traveling around Europe, having only recently arrived in Poland, and planned to depart for Lithuania in short order.

Upon searching the vehicle, police found a whole bunch of suspicious items, including a Flipper penetration testing tool, plus antennae, laptops, "a large number of SIM cards," routers, portable hard drives, and cameras. All of the storage media was encrypted, police said.

The situation smelled fishy enough that police apprehended the trio, who claimed to be IT specialists.

"When asked more specific questions, they forgot their English and pretended not to understand what was being said," Polish police said.

The equipment seized from the trio could be used to interfere with national strategic IT systems or break into telecom networks, Polish police said, so they're being detained while law enforcement tries to get to the bottom of this rather unusual situation.

XSS tops CISA’s top vulns of 2025 list

CISA has published the Common Weakness Enumeration top 25 most dangerous software weaknesses of 2025.

The rankings don't have anything to do with the number of CVEs assigned for the year, rather they're all about which flaws have the potential to do the most damage.

Topping the list this year is improper neutralization of input during webpage generation, or cross-site scripting, the second year in a row it's made number one. SQL injection came in second, rising from third place the year prior, followed by cross-site request forgery, missing authorization, and out-of-bounds writes.

Classic buffer overflow, stack-based buffer overflow, heap-based buffer overflow, and improper access control are all new entries on the list, suggesting the risk they pose has increased.

CISA is urging security professionals to prioritize detection and remediation of the weaknesses outlined in the list. ®