If You’re a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
Coming to bed dear? The post If You’re a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News appeared first on Futurism.| Futurism
Coming to bed dear? The post If You’re a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News appeared first on Futurism.| Futurism
Are we prepared for a world where cyberattacks are fully automated? Where AI agents can identify vulnerabilities, write malicious code, and adapt their tactics in real time? This isn’t a scene from a science fiction movie but rather questions to ask yourself this Cybersecurity Awareness Month. The cybercrime industry, projected to cost the global economy nearly $15.6 trillion by 2029, is not just growing – it’s evolving at an unprecedented pace. | Jane Frankland
The US Federal Bureau of Investigation (FBI) is pointing the finger at TraderTraitor, a North Korean hacker group, as being behind the largest ever crypto heist in history. The group, also known as Lazarus,…| France 24
La tarjeta SIM (o su versión integrada eSIM) es mucho más que el trozo de plástico que habilita voz y datos. Es un elemento seguro (secure element) con CPU, memoria, sistema operativo y apps, diseñado para custodiar tu identidad móvil […]| Teléfonos
Nintendo has announced hackers did not take any development or business information when they accessed its systems last week. Read more| GamesIndustry.biz Latest Articles Feed
Kerberoasting, a technique for offline cracking of Kerberos service account passwords in Active Directory environments, was publicly introduced and detailed … Continue reading Kerberoasting History| PwnDefend
“Juice jacking” has become a modern cybersecurity myth — a catchy scare story built on a long-patched Android debugging issue … Continue reading A threat to sanity – Cyber Myth: Juice Jacking| PwnDefend
October is National Cyber Security Awareness Month (NCSAM), a global effort spearheaded by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) in the United States. The primary goals are to educate people by raising awareness of cybersecurity issues and best practices, promote safe online practices, and highlight potential threats. While…| FRSecure
Continuing our 2025 State of InfoSec series, President Oscar Minks breaks down business email compromised payloads observed over 162 recent cases. Read more!| FRSecure
As the number of devices connected to the internet explodes, so do the opportunities for attackers.| Twelvesec
Would you allow a stranger to drive a camera-equipped computer around your living room? You might have already done so without even realizing it. The Beginning: A Curious Experiment It all started innocently enough. I had recently bought an iLife A11 smart vacuum—a sleek, affordable, and technologically advanced robot| Small World
As it turns out they don't actually want you to do this (and have some interesting ways to stop you)| Cats with power tools
The Include Security team takes a foray into the world of audio production equipment in our latest blog post. We look under the hood of a professional-grade audio mixer to explore its security profile, consider how its functionality could be leveraged by an attacker in a real world setting, and develop a proof-of-concept exploit to demonstrate quick n' easy privilege escalation.| Include Security Research Blog
Are you looking for the best penetration testing training online? Gain hands-on experience with our top choices to master pen testing.| StationX
1 Prologue A while ago, I took a flight from Canada back to Hong Kong - about 12 hours in total with Air Canada. Interestingly, the plane actually had WiFi: However, the WiFi had restrictions. For Aeroplan members who hadn’t paid, it only offered Free Texting, meaning you could only use messaging apps like WhatsApp, Snapchat, and WeChat to send text messages, but couldn’t access other websites. If you wanted unlimited access to other websites, it would cost CAD $30.75:| In Pursuit of Simplicity
Citizen Lab validates Amnesty International investigation showing targeting of staff member and Saudi activist with NSO Group's technology.| The Citizen Lab
The Web is growing more bloated and invasive every day, but it's not the only way to share information online.| Colin Cogle's Blog
A non-working eBay item gets saved from the scrap heap, and I get a cheap upgrade.| Colin Cogle's Blog
When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported.| Colin Cogle's Blog
A cheap Craigslist laptop gets its BIOS hacked and Intel Management Engine neutered.| Colin Cogle's Blog
You can use aprs-weather-submit to share weather data without a smart weather station.| Colin Cogle's Blog
Using a decommissioned Alibaba cloud accelerator card as an FPGA dev board| Tales on the wire
by David Bloxberg, Senior Global Marketing Manager, VIPRE Security Group Vacuums Shouted Racial Slurs and Chased Pets In recognition of National Cyber Security Awareness Month (NCSAM), let’s address a shocking series of events involving the Chinese-made Ecovacs Deebot robot vacuums, hacked in multiple cities across the United States. These incidents uncovered significant security flaws that... The post Security Flaws in Ecovacs Vacuums Revealed During NCSAM appeared first on Inspired eLearn...| Inspired eLearning
Cybersecurity is no longer just a technical concern. It is a pillar of national security, public health and economic stability. The post Hack the Planet: Cybersecurity’s Global Race Against Chaos appeared first on The Globalist.| The Globalist
When Humans and AI See Different Things| josephthacker.com
Here’s a quick tip for people learning how to solder small components: don’t rely on your eyes. Instead, solder by touch: use the force-feedback available through your fingertips. Human fingers can reliably detect bumps on the order of microns in size – much finer than the resolution of sight, even with the assistance of a decent microscope.| bunnie's blog
It was a quiet Friday afternoon when the CISO of a mid-sized manufacturing company received the call every security leader dreads. Their systems had been breached. The attackers had moved swiftly, exploiting a vulnerability that had gone unnoticed. Despite the company’s significant investment in “industry-leading” cybersecurity tools, the breach exposed sensitive customer data and left the organization scrambling to contain the fallout.| Jane Frankland
Cliff Stoll’s book is a fascinating look at how a liberal, free-spirited astrophysicist became an accidental bureaucrat and changed his views on trust, authority, and the early internet| Akshay Ranganath’s Blogs
Interview with Pablos Holman on The Tim Ferriss Show podcast.| The Blog of Author Tim Ferriss
Yep, that's a pretty intriguing blog post title and it's not often that you can literally put the payload for an attack into a title! I was invited to taked part in some research recently after a smart CCTV camera made the news here in the UK. Turns out that| Scott Helme
Shortly after having my new fibre broadband installed, I discovered a method to permanently compromise the security of the BrightBox router provided by EE. After a brief period of traffic analysis, something I do to all new devices on my network, I had found that it is incredibly easy to| Scott Helme
When you’re deeply entrenched in the world of thought leadership, your name, your voice, and your image spread across media interviews, conference stages, and every corner of the internet, the potential for your identity to be misused is more than a passing worry.| Jane Frankland
This weekend I was running a workshop with my awesome friend James, where we were discussing the realities of wireless network security, man in the middle attacks and what we have found in the field, both from an offensive perspective and as corporate network defenders. As with all things in life, sometime reality doesn’t work quite as well as a demo! So I’ve done a quick thread on twitter showing the kill chain an adversary can deploy when attacking WPA2 PSK (without PMF enforced) networ...| PwnDefend
Vulnerabilidad de alto riesgo en servicio de terceros permite tomar control de sitios web Drupal | Ciberseguridad| IICS
Multi-Modal Fault Tolerant Data Store| Xer0x's Underground
In bug bounty hunting, having a short domain for XSS payloads can be the difference in exploiting a bug or not… and it’s just really cool to have a nice domain for payloads, LOL.| Joseph Thacker
How a €5 MT02 Wi-Fi repeater let me pop a root shell with nothing more than a cheeky SSID.| Chocapikk's Cybersecurity Blog 🛡️
Most of what you will find on this blog is file format identification. I see this as the first step in a longer process of preservation and ultimately access. Hopefully the analysis of some file formats can help make better decisions when needing to render the file in an emulator or migrate to another format. I don’t spend much time trying to parse the files I look at to understand the actual content, just enough to properly identify and differentiate between important versions of the format. | Obsolete Thor
Remember “cybersecurity”? Mysterious hooded computer guys doing mysterious hooded computer guy... things! Who knows what kind of naughty digital mischief they might be up to? Unfortunately, we now live in a world where this kind of digital mischief is literally rewriting the world’s history. For proof| Coding Horror
Follow us on Twitter @HackRead| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
I just spent at least 15 minutes trying to figure out why every single post on the Internet tells me to place MD5 hash in a file and call John like this john --format=raw-md5 --wordlist=/usr/share/dict/words md5.txt and yet, it constantly gives me an error message: No password hashes loaded (see FAQ) The content of md5.txt was: 20E11C279CE49BCC51EDC8041B8FAAAA I even tried prepending dummy| Everything about nothing
Syrian Hackers have stated that they have compromised the central command of the US.The hackers from Syrian Electronic Army, which are hardcore supporters of| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Elon Musk is raising new questions about Bitcoin’s long-term safety in the face of rapid advances in quantum computing. The Tesla and SpaceX CEO turned to his| Bitcoinist.com
Let's learn the MS Edge Browser Password Monitor Feature to Safeguard the Password of your Online Account. This post discusses the New Password Monitor in| How to Manage Devices Community Blog Modern Device Management Guides
The France-based video gaming giant, Ubisoft, initiated a mass password reset, which indicates the company suffered a cyberattack and was concerned about| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Follow us on Twitter @HackRead| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Follow us on Twitter @HackRead| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Follow us on Twitter @HackRead| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The LastPass password manager has suffered yet another data breach, carried out by the same attackers involved in recent previous breaches.| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
GoTo-owned LastPass revealed that hackers stole customers’ encrypted data in a November 2022 data breach.| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Cybersecurity - Cybersecurity Threats - What is Cybersecurity Threat? - Types of Cybersecurity Threats - Cybersecurity Attacks| Gridinsoft Blogs
For years, the world’s largest corporations have outsourced their cybersecurity to the big brand consulting firms and system integrators, believing that bigger equals better. These massive providers promise global cybersecurity coverage, deep expertise, and cutting-edge technology, making them the default choice for enterprise cybersecurity solutions.| Jane Frankland
The WannaCry ransomware attack is still infecting unsuspecting users, hospitals, and businesses around the world. While some users on Twitter are claiming| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
In this ransomware scam, scammers are tricking users by introducing them to a cryptocurrency called "SpriteCoin" that does not exist.| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
KQED, a prominent public TV and radio station in San Francisco, is an example that shows how badly a corporation suffers when ransomware hits these internet| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Did you visit YouTube from January 18th to January 26th? There is a chance your browser was used by hackers to generate Monero cryptocurrency.| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Another day, another ransomware attack, this time Hancock Health hospital suffered a malware attack in which hacker demanded ransom in Bitcoin.| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Je viens de refermer Hard Mary, cette courte novella de Sofia Samatar publiée dans la collection Récifs. Et j’ai encore le cœur qui cogne.| Depuis le cadre de ma fenêtre
Or How I Got Thousands of Mastodon Users to Whistle at Their Screens| kmcd.dev
We’re throwing a party in Vegas! Someone called it SCWPodCon last year, and the name stuck. It’s sponsored by Teleport, the infrastructure identity company. ...| securitycryptographywhatever.com
In this post we consider how to think about the attack surface of applications leveraging LLMs and how that impacts the scoping process when assessing those applications. We discuss why scoping matters, important points to consider when mapping out the LLM-associated attack surface, and conclude with architectural tips for developers implementing LLMs within their applications.| Include Security Research Blog
The newly discovered backdoor1 in the XZ Utils package2 affecting numerous Linux distributions3 and assigned CVE-2024-30944 is being dismissed by some members of the technology and security communities as yet another supply chain attack; relevant only because of how blatant it was and that it affected the Open Source ecosystem but in essence nothing out of the ordinary. Regardless of whether this perspective is gaining traction due to cynicism, as hyperbole for clicks or as a coping mechanism...| Jayson Salazar Rodriguez | @jdsalaro | Blog
Evil QR is a spin-off of a QRLJacking attack, demonstrating how attackers could take over accounts by convincing users to scan supplied QR codes, through phishing.| BREAKDEV
“All of the knowledge to generate the exploit already exists on the internet. AI could even build it for you,” the researcher told 404 Media.| 404 Media
Keith’s note: here we go again. A new GAO report: Cybersecurity: NASA Needs to Fully Implement Risk Management is out. Yawn. Once a year GAO, NASA OIG, or some other authoritative body does a review of NASA IT security and they come back and say that NASA is dragging its feet and not dealing with the ever-growing plethora of cyber events that confront us all. NASA writes a letter back […] The post Yet Another Report On How Broken NASA IT Security Is appeared first on NASA Watch.| IT/Web Archives - NASA Watch
A new twist in the TalkTalk hacking story sheds a remarkable light on the inner workings of the gang who ripped off Brits for hundreds of thousands of pounds.| Geoff White
The UK Parliament’s Intelligence & Security Committee found “Russia has sought to employ organised crime groups to supplement its cyber skills” This is pivotal, as it makes attribution much, much harder. Using crime groups, or just co-opting their tools and software, makes it easier for states such as Russia to hide their cyber activities. It’s…| Geoff White
There was a predictably pusillanimous BBC interview by Security Minister James Brokenshire on Friday regarding allegations that Russian state hackers attacked companies working on coronavirus vaccines. Brokenshire didn’t name the companies involved, nor did he confirm whether the hacks were successful. This is pretty typical of cybersecurity announcements: they flag up the threat, and provide…| Geoff White
It could well be coronavirus is hurting cybercrime as much as it's helping it.| Geoff White
Is a dental marketeer in the eastern US spamming Brits to trick them into surrendering sensitive info?| Geoff White
Read this ultimate guide to installing Kali Linux on a Raspberry Pi, what you will need, and how it can help you as a security professional.| StationX
Learn how to scan a network for live hosts by performing an Nmap ping sweep. Along the way, discover Nmap’s advanced options and firewall bypass techniques.| StationX
“Amusement will outcompete information, and spectacle will outcompete arguments.”| Jane Frankland
How TokenBreak Technique Hacks OpenAI, Anthropic, and Gemini AI Filters — Step-by-Step Tutorial - Tutorials - Information Security Newspaper | Hacking News| Information Security Newspaper | Hacking News
Intro Cybersecurity experts and enthusiasts, brace yourselves! The notorious Gootloader malware is at it again, shifting tactics and burrowing deeper into compromised WordPress sites. Just when we thought we had them pinned down, they’ve executed a sleight of hand. This blog post uncovers their latest evasion techniques and provides insights into how they’ve been hiding […]| ⌛☃❀✵Gootloader Details ✵❀☃⌛
In a recent development in the cybersecurity landscape, the Gootloader malware has updated its infrastructure. As of May 28, 2024, threat actors behind Gootloader have established a new command and control (C2) server at hotheads.co.za, operating under the IP address 91.215.85.21. This strategic shift replaces their previous server, luckyserver777.co.za, which was located at IP address […]| ⌛☃❀✵Gootloader Details ✵❀☃⌛
Based on observations from our 2024 incident response cases, an MFA bypass technique called token theft attacks are gaining steam. Learn more here.| FRSecure
Exploring the transformation and future of bug bounty hunting with automation and AI.| josephthacker.com
I love granola.ai. Everyone I know is using it for meeting transcription. I’ve been using it to transcribe my calls and meetings for months.| Joseph Thacker
George Mack just released a new essay called High Agency. I had seen him on the Chris Williamson podcast before, but he went deeper down the rabbit hole and released this nice essay about it. Shout out to archangel for the recommendation to read it.| Joseph Thacker
MacOS Hardening for Hackers - Part - 02| Xer0x's Underground
Die ePA-Sicherheitslücke zeigt ein strukturelles Problem: Gematik beschwichtigt statt aufzuklären – ein Risiko für die digitale Gesundheitsinfrastruktur.| www.kuketz-blog.de
Most security products are terrible. For years our industry has managed to get by because our products were mandated by someone or some regulation, and users were trained to accept that security and usability were necessary trade-offs. This was just the prevailing truth. One of the reasons we always promote hacker-led companies is because hackers delight in challenging accepted truths. We think this applies as much to product design as it does to smashing the stack. In a few months, Thinkst w...| Thinkst Thoughts
A cyberpunk-styled visualization of the Scattered Spider attack flow, defensive countermeasures, and an interactive checklist with activity log, designed for WordPress compatibility.| PwnDefend
Stealth Commz with Fake TLS| Xer0x's Underground
Include Security's latest blog post covers Cross-Site WebSocket Hijacking and how modern browser security features do (or don't) protect users. We discuss Total Cookie Protection in Firefox, Private Network Access in Chrome, and review the SameSite attribute's role in CSWH attacks. The post includes a few brief case studies based on situations encountered during real world testing, in addition to a simple test site that can be hosted by readers to explore each of the vulnerability conditions.| Include Security Research Blog
How to Send DKIM-Signed, 100% Legit Phishing Emails — Straight from Google That Bypass Everything - Tutorials - Information Security Newspaper | Hacking News| Information Security Newspaper | Hacking News
Losing the war for the free internet| anarc.at
Why Security is dying?| Xer0x's Underground
In our team's latest blog post, we build a few examples that showcase ways in which memory corruption vulnerabilities could manifest in Delphi code despite being included in a list of "memory safe" languages within a paper published by the NSA. We cover how compiler flags and dangerous system library routines could affect memory safety while demonstrating Delphi stack/heap-based overflow examples and conclude with a few tips for developers to avoid introducing memory vulnerabilities in their ...| Include Security Research Blog
Couple of days ago my fiancée was watching an Armenian internet show named “Tany Layva” which roughly translates to “Live at home” that aired during COVID-19. The interesting part for me was not the show itself (frankly speaking I could not care less about Armenia’s pop culture) but the intro music triggered something in me… […]| Antranig Vartanian
Cyber attacks can happen to anyone, anywhere around the world. Here are 39 hacking statistics to shed light on this multi-trillion dollar problem.| Learn Digital Marketing
The post discusses the evolution of AI transparency, specifically focusing on DeepSeek’s Deep-Think feature. This feature enhances user trust by revealing AI’s reasoning process, contra…| e-Discovery Team
DeepSeek, an AI startup owned by Liang Wenfeng, has claimed its V-3 software-R1 offers revolutionary cost-effective AI training without relying on advanced NVIDIA chips. This announcement catalyzed…| e-Discovery Team
The new free update for the Evilginx phishing framework is OUT NOW! Enjoy the new features and improvements!| BREAKDEV
Discord accounts are getting hacked. This is my analysis of how most recent bookmarklet attacks work, with guidelines on what Discord can do to mitigate these attacks.| BREAKDEV
Pwndrop is a self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.| BREAKDEV
Welcome to 2019! As was noted, this will be the year of phishing automation. We've already seen a release of new reverse-proxy tool Modlishka and it is only January. This release would not have happened without the inspiration I received from Michele Orru (@antisnatchor), Giuseppe Trotta (@Giutro) and| BREAKDEV
Tis the season to be phishing! I've finally found some free time and managed to take a break to work on preparing a treat for all of you phishing enthusiasts out there. Just in time for the upcoming holiday season, I present you the chilly Evilginx update. [Download| BREAKDEV
