Cybersecurity

Burgers kunnen straks zelf via StopID online hun paspoort en identiteitskaart ongeldig verklaren. Minister Frank Rijkaart van ...

De EU-landen hebben vandaag een akkoord over de digitale euro gesloten. Volgens het ministerie van Financiën verschijnt de ...

De Belastingdienst, Microsoft, de politie, Clinical Diagnostics en de Vereniging van Nederlandse Gemeenten (VNG) zijn ...

Gladinet CentreStack file servers zijn het doelwit van ransomware-aanvallen, zo stelt securitybedrijf Curated Intelligence. De ...

Het demissionaire kabinet verwacht dat de supercomputer van de 'AI-fabriek' die in Groningen zal worden gebouwd eind 2027 of ...

Zeker 25.000 Fortinet-apparaten met FortiCloud SSO, waarvan bijna vierhonderd in Nederland, zijn toegankelijk vanaf het ...

Firewall-leverancier WatchGuard waarschuwt voor een actief misbruikte kwetsbaarheid in de firewalls die het levert. Er zijn ...

Het advertentiebedrijf Mobius heeft van de Franse privacytoezichthouder CNIL een boete van 1 miljoen euro gekregen omdat het de ...

Het demissionaire kabinet kan niet uitsluiten dat via Zivver uitgewisselde gegevens in de Verenigde Staten terechtkomen, zo ...

Twee medewerkers van cybersecuritybedrijven hebben bekend dat ze ransomware-aanvallen op organisaties hebben uitgevoerd, ...

The White House says it's investigating how a personal-finance YouTuber's livestream briefly appeared on the White House's official live video page. The creator says he has no idea how his video ended up there. The Associated Press reports: The livestream appeared for at least eight minutes late Thursday on whitehouse.gov/live, where the White House usually streams live video of the president speaking. It's unclear if the website was breached or the video was linked accidentally by someone in the government. The White House said in a statement that it was "aware and looking into what happened." The video that appeared on the government-run website featured some of a more than two-hour livestream from Matt Farley, who posts as @RealMattMoney, as he answered financial questions. Farley told The Associated Press on Friday that he had no idea what happened and learned about it after the fact. He said he had not been contacted by the government and didn't have any theories about how his livestream ended up on the website. He joked that he hoped President Donald Trump and his youngest son, Barron Trump, "are watching my streams and taking advice." "Had I known it would have been on the White House website, I probably would have had other things to talk about than personal finance," Farley said. When asked what other things he would discuss, Farley responded with a laugh and said: "What would you talk about with the world for eight minutes if you had an opportunity? I'm just some guy making YouTube videos about stocks."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: At this point, most competitive online multiplayer games on the PC come with some kind of kernel-level anti-cheat software. As we've written before, this is software that runs with more elevated privileges than most other apps and games you run on your PC, allowing it to load in earlier and detect advanced methods of cheating. More recently, anti-cheat software has started to require more Windows security features like Secure Boot, a TPM 2.0 module, and virtualization-based memory integrity protection. Riot Games, best known for titles like Valorant and League of Legends and the Vanguard anti-cheat software, has often been one of the earliest to implement new anti-cheat requirements. There's already a long list of checks that systems need to clear before they'll be allowed to play Riot's games online, and now the studio is announcing a new one: a BIOS update requirement that will be imposed on "certain players" following Riot's discovery of a UEFI bug that could allow especially dedicated and motivated cheaters to circumvent certain memory protections. In short, the bug affects the input-output memory management unit (IOMMU) "on some UEFI-based motherboards from multiple vendors." One feature of the IOMMU is to protect system memory from direct access during boot by external hardware devices, which otherwise might manipulate the contents of your PC's memory in ways that could enable cheating. The patch for these security vulnerabilities (CVE-2025-11901, CVE-202514302, CVE-2025-14303, and CVE-2025-14304) fixes a problem where this pre-boot direct memory access (DMA) protection could be disabled even if it was marked as enabled in the BIOS, creating a small window during the boot process where DMA devices could gain access to RAM. The relative obscurity and complexity of this hardware exploit means that Vanguard isn't going to be enforcing these BIOS requirements on every single player of its games. For now, it will just apply to "restricted" players of Valorant whose systems, for one reason or another, are "too similar to cheaters who get around security features in order to become undetectable to Vanguard." But Riot says it's considering rolling the BIOS requirement out to all players in Valorant's highest competitive ranking tiers (Ascendant, Immortal, and Radiant), where there's more to be gained from working around the anti-cheat software. And Riot anti-cheat analyst Mohamed Al-Sharifi says the same restrictions could be turned on for League of Legends, though they aren't currently. If users are blocked from playing by Vanguard, they'll need to download and install the latest BIOS update for their motherboard before they'll be allowed to launch the game. Riot's new anti-cheat change could create problems for older PCs if the new anti-cheat change is expanded, notes Ars. The update relies on a BIOS patch to fix a UEFI flaw, and many older motherboards, especially Intel 300-series and AMD AM4 boards, may never receive that update. If Riot flags a system and the manufacturer doesn't provide a patched BIOS, players could be locked out of games despite having otherwise capable hardware.

Read more of this story at Slashdot.

Microsoft's latest holiday ad for its Copilot AI assistant features a 30-second montage of users seamlessly syncing smart home lights to music, scaling recipes for large gatherings, and parsing HOA guidelines -- none of which the software can actually perform reliably when put to the test. The Verge methodically tested each prompt shown in the ad and found that Copilot repeatedly hallucinated interface elements that didn't exist, claimed to highlight on-screen buttons when it hadn't, and abandoned calculations midway through. The smart home interface shown in the ad belongs to "Relecloud," a fictional company Microsoft uses in internal case studies. A Microsoft spokesperson confirmed that both the HOA document and the inflatable reindeer photo were fabricated for the advertisement. The ad closes with Santa Claus asking Copilot why toy production is behind schedule. Further reading: Talking To Windows' Copilot AI Makes a Computer Feel Incompetent.

Read more of this story at Slashdot.

President Trump's closure of the de minimis customs loophole in May -- which previously allowed Chinese packages valued under $800 to enter the U.S. duty-free -- has redirected a flood of cheap goods toward Europe, where similar exemptions for packages under $175.8 in the EU and $180 in the UK remain intact. The shift has been swift: exports of low-value Chinese packages to the U.S. have dropped more than 40% since May, according to Chinese customs data, and the EU has this year overtaken the U.S. as the largest market for China's roughly $100 billion cheap package trade. Shipments to Hungary and Denmark have quadrupled, and those to Germany, France, and the UK have risen 50% or more. Temu has recorded seven straight months of double-digit U.S. sales declines, per Consumer Edge data tracking credit and debit card transactions. Its European sales, on the other hand: up 56% in the EU and 46% in the UK since May compared to a year ago. The EU agreed last week to impose a $3.5 fee on imported small packages starting in July and to close the de minimis exemption entirely by 2028. The UK plans to follow in 2029.

Read more of this story at Slashdot.

alternative_right writes: Grocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully enrolled them in paid subscriptions. Instacart partners with over 1,800 retailers to provide online shopping, delivery, and pickup services from nearly 100,000 stores across North America. Its platform serves millions of customers and is also used by roughly 600,000 independent shoppers across thousands of cities in Canada and the United States. In a complaint filed on Thursday, the FTC claimed Instacart engaged in multiple deceptive tactics that raised costs for customers, including failing to provide advertised refunds and falsely advertising "free delivery" while still charging mandatory service fees that added up to 15% to order costs. The FTC said Instacart also advertised a "100% satisfaction guarantee," but typically offered only small credits toward future orders rather than full refunds to customers experiencing problems with deliveries or service. The company allegedly hid refund options from "self-service" menus, leading customers to believe credits were their only option.

Read more of this story at Slashdot.

Microsoft AI CEO Mustafa Suleyman estimates that staying competitive in frontier AI development will require "hundreds of billions of dollars" over the next five to ten years, a sum that doesn't even account for the high salaries companies are paying individual researchers and technical staff. Speaking on a podcast, Suleyman compared Microsoft to a "modern construction company" where hundreds of thousands of workers are building gigawatts of CPUs and AI accelerators. There's "a structural advantage by being inside a big company," he said. When asked whether startups could compete with Big Tech, Suleyman said "it's hard to say," adding that "the ambiguity is what's driving the frothiness of the valuations." Meta CEO Mark Zuckerberg said in September he'd rather risk "misspending a couple of hundred billion" than fall behind in superintelligence.

Read more of this story at Slashdot.

The television industry's brightness war may have hit its inflection point in 2025, the year TCL and Hisense released the first consumer TVs capable of 5,000 nits under specific settings -- a figure that would have seemed absurd not long ago when manufacturers struggled to reach 2,000 nits. LG introduced Primary RGB Tandem OLED technology, moving from a three-stack panel design to a four-stack red-blue-green-blue configuration that the company claims can achieve 4,000 nits. The technology appears in the LG G5, Panasonic Z95B and Philips OLED950 and OLED910. RGB mini-LED also emerged as a new category. The technology uses individual small red, green and blue LED backlights instead of white or blue LEDs paired with quantum dots. Hisense demonstrated it at CES 2025, TCL announced its Q10M for China, and Samsung unveiled its own version called micro-RGB. These sets range from $12,000 to $30,000. Sony has confirmed it will debut RGB TV technology in spring 2026. HDR content is currently mastered at a maximum of 4,000 nits. The situation echoes the audio industry's loudness war, The Verge points out, which peaked with Metallica's heavily compressed Death Magnetic in 2008.

Read more of this story at Slashdot.

Uber is hiring more engineers rather than fewer because AI tools have made them "superhumans," CEO Dara Khosrowshahi said, pushing back against the industry trend of using productivity gains to justify headcount cuts. Speaking on the "On with Kara Swisher" podcast, Khosrowshahi noted that other tech executives see AI making engineers 20% to 30% more productive and conclude they need 20% to 30% fewer engineers. His view: every engineer has become more valuable. Between 80% and 90% of Uber's developers now use AI tools, according to Khosrowshahi. The company no longer keeps scores of engineers on call to diagnose issues because AI agents are constantly monitoring systems, he said. The latest AI models are producing "hundreds of millions of dollars of benefit" for Uber, he said, describing the company as an "applied AI" business that harnesses the technology for pricing, payments, matching, routing, identification and customer complaints.

Read more of this story at Slashdot.

iRobot, the Bedford, Massachusetts-based company that brought the Roomba vacuum cleaner into American homes over its 35-year history, filed for bankruptcy on Sunday and will be acquired by Picea, its Chinese contract manufacturer that also produces competing household devices. The Wall Street Journal's editorial board placed blame for the company's demise on the Federal Trade Commission under Chair Lina Khan, which opposed Amazon's $1.7 billion bid to acquire iRobot. That deal collapsed in January 2024 amid regulatory pressure from both the FTC and European antitrust authorities. Senator Elizabeth Warren and other progressives had urged Khan to block the acquisition, arguing in a September 2022 letter that Amazon is "'almost universally recognized' as the leader in warehouse and fulfillment robotics space" and that the deal "would open up a new market to Amazon's abuses." After the deal fell through, iRobot cut 31% of its workforce and moved "non-core engineering functions to lower-cost regions." The company had shifted production to Vietnam to reduce its exposure to China but was hit by tariffs under Trump's Liberation Day trade measures -- initially 46%, later reduced to 20%. iRobot said the trade uncertainty made it difficult to operate.

Read more of this story at Slashdot.

The Association for Computing Machinery, the world's largest society of computing professionals, announced that all publications and related artifacts in the ACM Digital Library will become freely available to everyone starting January 2026. Authors will retain full copyright to their published work under the new arrangement, and ACM has committed to defending those works against copyright and integrity-related violations. The transition follows what ACM described as extensive dialogue with authors, Special Interest Group leaders, editorial boards, libraries, and research institutions globally. Students, educators, and researchers at institutions of all sizes -- from well-resourced universities to emerging research communities -- will gain unrestricted access to the full catalog of ACM-published work. The Digital Library houses decades of computing research across journals, magazines, conference proceedings, and books.

Read more of this story at Slashdot.

Latest charges join the mountain of indictments facing alleged Tren de Aragua members

A Venezuelan gang described by US officials as "a ruthless terrorist organization" faces charges over alleged deployment of malware on ATMs across the country, illegally siphoning millions of dollars....

Newly disclosed vulnerability already being abused, users urged to lock down exposed firewalls

WatchGuard is in emergency patch mode after confirming that a critical remote code execution flaw in its Firebox firewalls is under active attack....

Attackers helped themselves to historical personal info on 27K people

The University of Sydney is ringing around thousands of current and former staff and students after admitting attackers helped themselves to historical personal data stashed inside one of its online code repositories....

Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform

Hewlett Packard Enterprise has told customers to drop whatever they're doing and patch OneView after admitting a maximum-severity bug could let attackers run code on the management platform without so much as a login prompt....

Officials admit 'there certainly has been a hack,' but refuse to confirm China link or data theft

The UK's Foreign Office is investigating a confirmed cyberattack it learned about in October, senior ministers say....

Ofcom survey finds 18-34s increasingly see life online as bad for society and their mental health

Young Brits are souring on the internet, with increasing numbers seeing it as damaging to society and their mental health, according to latest research published by Ofcom....

Practical lessons on securing AI and using AI to strengthen defence

Sponsored Post AI is moving from experimentation to everyday use inside the enterprise. That shift brings new opportunities, but it also changes the security equation. Attacks are becoming faster and more convincing, while organizations are simultaneously trying to protect new assets like models, prompts, agent workflows, and the sensitive data those systems can access....

Beijing wants to 'seize the initiative in the international competition in cyberspace'

Chinese authorities on Thursday certified the China Environment for Network Innovation (CENI), a vast research network that Beijing hopes will propel the country to the forefront of networking research....

Plus: Lazarus Group has a brand new BeaverTail

Even Amazon isn't immune to North Korean scammers who try to score remote jobs at tech companies so they can funnel their wages to Kim Jong Un's coffers....

Study finds built-in browsers across gadgets often ship years out of date

Web browsers for desktop and mobile devices tend to receive regular security updates, but that often isn't the case for those that reside within game consoles, televisions, e-readers, cars, and other devices. These outdated, embedded browsers can leave you open to phishing and other security vulnerabilities....

NCEES explains why licensure matters for engineers and answers your top questions about the FE and PE exams. Source Views: 10

La entrada Thinking About Becoming a Licensed Engineer? Start Here. se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

View our compilation of online stories and resources highlighting the Hispanic community and their contributions to STEM. Source Views: 7

La entrada Celebrate Hispanic Heritage Month With SWE se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team Software supply chain attacks have emerged as a serious threat in the rapidly evolving field of cybersecurity, especially in medical devices. As these devices become more and more interconnected and dependent on complex software ecosystems, the potential for exploitation through the supply chain has grown exponentially. One powerful tool […]

La entrada The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software Supply Chain Threats – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median demands rising 20% year-over-year across virtually all industries. But it’s not only the ransom sums themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and techniques to extort their victims. It’s […]

La entrada Ransomware Tactics Are Shifting. Here’s How to Keep Up – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Rob Wright CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in “sophisticated” attacks against targeted individuals. Original Post URL: https://www.darkreading.com/vulnerabilities-threats/french-sheds-light-apple-spyware-activity Category & Tags: – Views: 5

La entrada French Advisory Sheds Light on Apple Spyware Activity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Riaz Lakhani Together, we can foster a culture of collaboration and vigilance, ensuring that we are not just waiting for a hero to save us, but actively working to protect ourselves and our communities. Original Post URL: https://www.darkreading.com/cyberattacks-data-breaches/without-federal-help-cyber-defense-cisa Category & Tags: – Views: 13

La entrada Without Federal Help, Cyber Defense Is Up to the Rest of Us – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Gaurav Banga Here’s a scenario security teams increasingly face. A user—or an attacker pretending to be one—types something like: This is how many prompt injection attempts begin. The phrase looks harmless, but it’s a red flag: the user is telling the AI to forget its built‐in rules. What follows is often […]

La entrada Safer Conversational AI for Cybersecurity: The BIX Approach – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Sofia Naer Introduction On July 16, 2025, Europol revealed the details of Operation Eastwood, a coordinated international strike against one of the most active pro-Russian cybercrime groups, NoName057(016). The announcement promised a major disruption to the group’s activities. In this blog, we explore whether Operation Eastwood had any real impact on […]

La entrada Operation Eastwood: Measuring the Real Impact on NoName057(16) – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt Five months after the future of the CVE program was thrown in doubt, CISA this week released a roadmap that calls for steps to take for its new “quality era,” which includes public sponsorship, expanded public-private partnership, and modernization. The post CISA Lays Out Roadmap for CVE Program’s ‘Quality […]

La entrada CISA Lays Out Roadmap for CVE Program’s ‘Quality Era’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Marc Handelman via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Dual Roomba’ appeared first on Security Boulevard. Original Post URL: https://securityboulevard.com/2025/09/randall-munroes-xkcd-dual-roomba/?utm_source=rss&utm_medium=rss&utm_campaign=randall-munroes-xkcd-dual-roomba Category & Tags: Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD – Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD Views: 8

La entrada Randall Munroe’s XKCD ‘Dual Roomba’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Amazon Security Chief explains how a subtle keyboard delay exposed a North Korean impostor. Read about the laptop farm scheme and how 110 milliseconds of lag ended a major corporate infiltration.

Torrance, United States / California, 19th December 2025, CyberNewsWire

Pillar Security has identified a critical indirect prompt injection vulnerability in Docker’s ‘Ask Gordon’ assistant. By poisoning metadata on Docker Hub, attackers could bypass security to exfiltrate private build logs and chat history. Discover how the "lethal trifecta" enabled this attack and why updating to Docker Desktop 4.50.0 is essential for developer security.

Crypto’s public image lagged reality. Stablecoins, tokenization, and regulation now power a blockchain backend settling global finance at institutional scale.

Cary, North Carolina, USA, 18th December 2025, CyberNewsWire

North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts.

SafeBreach reports the resurgence of the Iranian APT group Prince of Persia (Infy). Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada.

Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every…

The FBI and international police have shut down E-Note, a cryptocurrency exchange that laundered over $70 million for cybercriminals. Read about the indictment of a Russian and how the global task force ended his decade-long operation.

France confirms a cyberattack on its Interior Ministry as a 22-year-old is arrested. Hacker claims access to police, tax, and criminal record systems.

A vulnerability was found in ActFax 10.10 and classified as problematic. This vulnerability affects unknown code of the file ActSrvNT.exe of the component ActiveFaxServiceNT Service. Such manipulation leads to unquoted search path. This vulnerability is referenced as CVE-2023-53954. The attack can only be performed from a local environment. Furthermore, an exploit is available.

A vulnerability has been found in WebsiteBaker 2.13.3 and classified as problematic. This affects an unknown part. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2023-53953. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in AspEmail up to 5.6.0.2. Affected by this issue is some unknown functionality of the component Persits Software EmailAgent Service. The manipulation results in incorrect permission assignment. This vulnerability was named CVE-2023-53949. The attack needs to be approached locally. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in oscinventory OCS Inventory NG up to 2.3.0.0. Affected by this vulnerability is an unknown functionality. The manipulation leads to unquoted search path. This vulnerability is uniquely identified as CVE-2023-53947. Local access is required to approach this attack. Moreover, an exploit is present.

A vulnerability classified as problematic was found in Arcsoft PhotoStudio up to 6.0.0.172. Affected is an unknown function of the component Exchange Service. Executing manipulation can lead to unquoted search path. This vulnerability is handled as CVE-2023-53946. It is possible to launch the attack on the local host. Additionally, an exploit exists.

A vulnerability classified as critical has been found in fastapi-users FastAPI up to 15.0.1. This impacts the function generate_state_token of the file /authorize. Performing manipulation results in improper authorization. This vulnerability is known as CVE-2025-68481. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Esri ArcGIS Web AppBuilder Developer Edition up to 2.29. This affects an unknown function. Such manipulation leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-67712. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Ever Gauzy 0.281.9. The impacted element is an unknown function. This manipulation causes improper verification of cryptographic signature. This vulnerability appears as CVE-2023-53951. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as critical has been found in Dotclear 2.25.3. The affected element is an unknown function of the component Blog Post Creation Interface. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2023-53952. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in ltb-project LDAP Tool Box Self Service Password 1.5.2. Impacted is an unknown function of the component HTTP Header Handler. The manipulation of the argument Host leads to weak password recovery. This vulnerability is documented as CVE-2023-53958. The attack can be initiated remotely. Additionally, an exploit exists.

https://security-tracker.debian.org/tracker/DSA-6084-1

https://security-tracker.debian.org/tracker/DSA-6083-1

https://security-tracker.debian.org/tracker/DSA-6082-1

https://security-tracker.debian.org/tracker/DSA-6081-1

https://security-tracker.debian.org/tracker/DSA-6080-1

https://security-tracker.debian.org/tracker/DSA-6079-1

https://security-tracker.debian.org/tracker/DSA-6078-1

https://security-tracker.debian.org/tracker/DSA-6077-1

https://security-tracker.debian.org/tracker/DSA-6076-1

https://security-tracker.debian.org/tracker/DSA-6075-1

Information published.

Information published.

Information published.

Information published.

Information published.

Information published.

Information published.

Information published.

Information published.

Information published.

Er is een kwetsbaarheid verholpen in WatchGuard Fireware OS. Er is een kwetsbaarheid verholpen in WatchGuard Fireware OS. De kwetsbaarheid CVE-2025-14733 betreft een out-of-bounds write in het iked-proces van Fireware OS en treft zowel de Mobile User VPN (IKEv2) als de Branch Office VPN (IKEv2) wanneer deze is geconfigureerd met een dynamische gateway-peer. De kwetsbaarheid stelt een niet-geauthenticeerde aanvaller op afstand in staat om willekeurige code uit te voeren. Als de WatchGuard Firebox eerder is geconfigureerd met een Mobile User VPN (IKEv2) of Branch Office VPN (IKEv2) naar een dynamische gateway-peer, en beide configuraties inmiddels zijn verwijderd, kan het systeem alsnog kwetsbaar zijn indien er nog steeds een Branch Office VPN naar een statische gateway-peer is geconfigureerd. WatchGuard heeft pogingen tot misbruik van de kwetsbaarheid waargenomen.

HPE heeft een kwetsbaarheid verholpen in de HPE OneView Software. De kwetsbaarheid bevindt zich in de manier waarop de OneView Software omgaat met externe verzoeken. Als HPE OneView Software via het internet toegangbaar is kunnen ongeauthenticeerde gebruikers op afstand code uitvoeren. Dit kan aanvallers in staat stellen controle te verkrijgen over de getroffen omgevingen.

Cisco heeft een kwetsbaarheid in Cisco AsyncOS. De kwetsbaarheid bevindt zich in apparaten die gebruik maken van Cisco AsyncOS-software in combinatie met Cisco Secure Email Gateway en Cisco Secure Email en Web Manager. Voor uitbuiting is het noodzakelijk dat de service toegankelijk is vanaf het internet en de Spam Quarantine functie actief is, wat niet gebruikelijk is voor deze configuratie.

Fortinet heeft kwetsbaarheden verholpen in FortiOS, FortiProxy, FortiWeb en FortiSwitchManager. De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot de systemen door gebruik te maken van verschillende technieken, waaronder het omzeilen van FortiCloud SSO-login authenticatie via speciaal vervaardigde SAML-berichten, het behouden van actieve SSLVPN-sessies ondanks een wachtwoordwijziging, en het uitvoeren van ongeautoriseerde operaties via vervalste HTTP- of HTTPS-verzoeken. Dit kan leiden tot ongeautoriseerde toegang tot gevoelige API-gegevens en andere netwerkbronnen. **update**: Onderzoekers melden actief misbruik waar te nemen van de kwetsbaarheden met kenmerk CVE-2025-59718 en CVE-59719. Deze kwetsbaarheden stellen kwaadwillenden in staat om de Single Sign On te omzeilen en zo toegang te krijgen tot de kwetsbare systemen. De onderzoekers hebben Indicators of Compromise (IoC's) gepubliceerd om misbruik te kunnen onderzoeken. Het NCSC adviseert zo spoedig mogelijk de updates van Fortinet in te zetten, indien dit nog niet is gedaan, eventueel de mitigerende maatregelen in te zetten en middels de gepubliceerde IoC's te onderzoeken of misbruik heeft plaatsgevonden en op basis daarvan de administrator accounts het password van te roteren. Het NCSC adviseert aanvullend om te overwegen de open sessies van administrators te sluiten na inzet van de updates. Zie voor detailinformatie van de IoC's: https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/

Apple heeft kwetsbaarheden verholpen in iOS en iPadOS (versies 18.7.3 en 26.2) De kwetsbaarheden omvatten onder andere een use-after-free probleem, een geheugenbeschadiging, en een logboekprobleem dat ongeautoriseerde toegang tot gevoelige gebruikersdata mogelijk maakte. Deze kwetsbaarheden konden worden uitgebuit door kwaadwillenden via speciaal vervaardigde gegevens of door misbruik van de loggingmechanismen. De fixes omvatten verbeterde geheugenbeheerpraktijken en strengere controles om de integriteit van gebruikersgegevens te waarborgen. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren, een malafide bestand te openen of link te volgen.

Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2). De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.

Meta heeft kwetsbaarheden verholpen in React Server Components Parcel, Turbopack en Webpack. De kwetsbaarheden zijn gerelateerd aan onveilige deserialisatie van HTTP-verzoekpayloads, wat kan leiden tot Denial-of-Service-aanvallen en serverhangen. Dit heeft invloed op de beschikbaarheid van applicaties die gebruikmaken van deze versies. Daarnaast is er een informatielek dat kan resulteren in het blootleggen van de broncode van Server Functions onder specifieke omstandigheden. Deze kwetsbaarheden zijn kritiek voor server-side rendering in React-applicaties.

SAP heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, en SAP BusinessObjects. De kwetsbaarheden omvatten onder andere code-injectie, deserialisatie, en onvoldoende invoervalidatie, die kunnen leiden tot ongeautoriseerde toegang, gegevensverlies, en verstoring van de beschikbaarheid van systemen. Aangevallen systemen kunnen ernstige gevolgen ondervinden, zoals het uitvoeren van kwaadaardige code door geauthenticeerde aanvallers, en het risico op gegevenslekken door onvoldoende autorisatiecontroles. De impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen is aanzienlijk, met name voor de SAP producten die kwetsbaar zijn voor Denial-of-Service aanvallen en andere exploitatievormen.

OSGeo heeft een kwetsbaarheid verholpen in GeoServer. De kwetsbaarheid bevindt zich in de wijze waarop GeoServer XML-input verwerkt, specifiek via de `/geoserver/wms` GetMap-operatie. Onjuiste sanitatie van XML-input stelt aanvallers in staat om gevoelige bestanden openbaar te maken of Denial-of-Service-aanvallen uit te voeren met behulp van op maat gemaakte XML-input. Er zijn gevallen van actief misbruik van deze kwetsbaarheid bekend.

Barracuda heeft een kwetsbaarheid verholpen in Barracuda Service Center (Specifiek voor RMM oplossingen, versies voor 2025.1.1). De kwetsbaarheid bevindt zich in de inadequate URL-verificatie in WSDL-bestanden die door aanvallers kunnen worden gemanipuleerd. Dit kan leiden tot het (over)schrijven van willekeurige bestanden en externe code-executie, wat een ernstige bedreiging vormt voor de integriteit en beveiliging van de getroffen systemen.

Er is een kwetsbaarheid in Notepad++ gevonden waarmee het mogelijk is om malafide updates naar gebruikers te pushen. Momenteel zijn voor zover bekend uitsluitend organisaties met belangen in Oost-Azië slachtoffer van gerichte aanvallen. Het NCSC heeft vooralsnog geen aanwijzing dat ook in Nederland actief misbruik heeft plaatsgevonden.

Op 3 december 2025 heeft React een blog gepubliceerd over een kritieke kwetsbaarheid met kenmerk CVE-2025-55182. Het NCSC heeft naar aanleiding van deze blog een HIGH/HIGH beveiligingsadvies uitgebracht met handelingsperspectief. NCSC roept organisaties die gebruik maken van deze software met klem op dit advies op te volgen.

De Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV) heeft het Cybersecuritybeeld Nederland 2025 (CSBN) gepubliceerd. Het CSBN schetst een beeld van een digitaal dreigingslandschap dat steeds complexer en onvoorspelbaarder wordt. Cyberaanvallen worden geavanceerder terwijl digitale systemen onderling sterk van elkaar afhankelijk zijn. Deze ontwikkeling vraagt om een brede, proactieve aanpak om digitale weerbaarheid te vergroten. In dit bericht belichten we de belangrijkste aandachtspunten uit het CSBN voor Nederlandse organisaties en bedrijven.

Op dinsdag 18 november organiseerden het NCSC, de NCTV en RDI een webinar over de aankomende Cyberbeveiligingswet voor Cbw-organisaties.

Vandaag heeft het NCSC samen met 27 partijen het convenant samenwerking Cyclotron ondertekend op de ONE Conference. De ondertekenaars zijn een groot aantal private partijen en daarnaast ook de AIVD, MIVD, Politie en het NCTV. De ondertekening is een volgende belangrijke stap in de samenwerking met als doel om het beeld op cyberdreigingen en incidenten te versterken door het structureel delen van informatie, het gezamenlijk analyseren van informatie en het verstrekken van informatie uit die analyses aan belanghebbende organisaties. Hiermee wordt de digitale weerbaarheid van Nederland verhoogd.

Voor kleine bedrijven die een financiële drempel ervaren bij het (laten) uitvoeren van cybermaatregelen, is tijdelijk een subsidie beschikbaar: Mijn Cyberweerbare Zaak. Deze subsidie dekt 50% van de kosten van diverse cybermaatregelen, tot een maximum van € 1.250. Kleinere bedrijven met 1 tot en met 50 medewerkers voor wie cybersecurity vaak niet een kerntaak is, kunnen nu met deze subsidie van het ministerie van Economische Zaken de nodige stappen zetten om hun bedrijf beter te beschermen tegen de toenemende cyberdreigingen en eisen die andere bedrijven in de bedrijfsketen stellen.

De cyberweerbaarheid van Nederland is niet langer op te vangen met losse initiatieven. Deze tijd vraagt om één samenhangend netwerk: het Cyberweerbaarheidsnetwerk, kortweg CWN. In het CWN komen publieke en private organisaties samen. Daar brengen ze hun kennis, expertise en ervaring in om gezamenlijk aan opgaven te werken die bijdragen aan de cyberweerbaarheid van alle organisaties in het Koninkrijk der Nederlanden, en daarmee ook de overzeese gebieden. Want alleen samen worden we weerbaarder.

Recentelijk kwam een wereldwijde malwareinfectie van Windows computers aan het licht dankzij software die gebruikers zelf installeerden. Het NCSC adviseert daarom toegang tot de betreffende C2-domeinen te blokkeren, te controleren op de aanwezigheid van de applicaties “Manualfinder”, “PDF-editor” en varianten daarvan, te controleren op de aanwezigheid van JavaScript bestanden met een op een GUID lijkende naam in de directory /AppData/Local/TEMP en om eindgebruikers er met klem op te wijzen om geen externe, onvertrouwde tools te installeren.

Er zijn nieuwe kwetsbaarheden in Citrix Netscaler ontdekt. Met een eerder gepubliceerd detectiescript van het NCSC kan compromittatie worden gedetecteerd.

Eefje Zents wordt met ingang van 15 september 2025 Chief Relations Officer/directeur Samenwerking Digitale weerbaarheid bij het Nationaal Cyber Security Centrum (NCSC) van het ministerie van Justitie en Veiligheid.

Ein Angreifer kann mehrere Schwachstellen in Google Chrome/Microsoft Edge ausnutzen, um nicht spezifizierte Angriffe durchzuführen, potenziell um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in MongoDB ausnutzen, um Informationen offenzulegen.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in WebKitGTK ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial-of-Service-Zustand zu verursachen.

Ein lokaler Angreifer kann mehrere Schwachstellen in binutils ausnutzen, um einen Denial of Service Angriff durchzuführen oder beliebigen Code auszuführen.

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht näher beschrieben Auswirkungen zu erzielen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuführen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in WatchGuard Firebox OS ausnutzen, um beliebigen Programmcode auszuführen.

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in ConnectWise ScreenConnect ausnutzen, um Informationen offenzulegen.

Ein lokaler Angreifer kann eine Schwachstelle in Dell PowerEdge ausnutzen, um beliebigen Programmcode auszuführen.

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Kibana ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, vertrauliche Informationen offenzulegen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.

Une vulnérabilité a été découverte dans Broadcom Carbon Black Cloud. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans les produits Netgate. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Une vulnérabilité a été découverte dans Microsoft Windows Admin Center. Elle permet à un attaquant de provoquer une élévation de privilèges.

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service et un problème de sécurité non spécifié par l'éditeur.

A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover attacks. The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare. The attacks involve using compromised email addresses belonging to government

Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader. The campaign "uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families," Cyderes Howler Cell Threat Intelligence

WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code. "This vulnerability affects both the

Authorities in Nigeria have announced the arrest of three "high-profile internet fraud suspects" who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme. The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) said investigations conducted in collaboration with

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and input–output memory management unit (IOMMU). UEFI and IOMMU are designed to enforce a security

A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at least September 2023. "

Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a

This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become. Here’s the full rundown of what

Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December. The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stole

Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major SaaS vendor has rushed to embed AI into their offerings. The result is an explosion of AI capabilities across

Palo Alto Networks and Google Cloud expand their partnership in a multibillion-dollar deal to secure AI workloads as attacks on AI infrastructure surge.

The post Palo Alto Networks, Google Cloud Expand Partnership in Multibillion-Dollar Deal appeared first on TechRepublic.

These aren't simple chatbots anymore—these AI agents access data and tools and carry out tasks, making them infinitely more capable and dangerous.

The post OWASP Drops First AI Agent Risk List appeared first on TechRepublic.

The government stopped short of directly attributing the attack to Chinese operatives or the Chinese state.

The post UK Foreign Office Cyber Breach Exposed Diplomatic Secrets appeared first on TechRepublic.

French intelligence agencies uncovered what appears to be a coordinated foreign interference operation targeting the GNV Fantastic.

The post Italian Ferry Malware Attack Sparks International Probe appeared first on TechRepublic.

The security updates delivered through KB5071546 have fundamentally broken Message Queuing (MSMQ) functionality across multiple Windows versions.

The post Microsoft December Update Breaks Critical IIS Servers appeared first on TechRepublic.

The Chinese threat group, tracked as UAT-9686, has deployed a collection of custom-built hacking tools to maintain persistent access to compromised systems.

The post Chinese Hackers Target Cisco’s Email Security Systems appeared first on TechRepublic.

The breach has already triggered widespread chaos across the platform, with users worldwide reporting connection failures and cryptic error messages.

The post SoundCloud Cyberattack Leaves 28M Users Exposed appeared first on TechRepublic.

An unsecured database exposed 4.3 billion LinkedIn-derived records, enabling large-scale phishing and identity-based attacks.

The post 4.3B LinkedIn-Style Records Found in One of the Largest Data Exposures Ever appeared first on TechRepublic.

Prepare for a successful IT career with lifetime access to expert-led courses covering CompTIA A+, Network+, Security+, and Cloud+ certification prep.

The post Master IT Fundamentals with This CompTIA Certification Prep Bundle appeared first on TechRepublic.

This marks another abrupt end to a Google service that users had come to rely on.

The post Google to Kill Popular Dark Web Report Tool appeared first on TechRepublic.

Microsoft Teams is experiencing issues, with thousands reporting problems sending messages, including delays. [...]

The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. [...]

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. [...]

The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. [...]

Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability. [...]

Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface monitoring platform developed by AI SPERA, is now officially integrated into Palo Alto Networks' Cortex XSOAR. [...]

Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations. [...]

WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. [...]

Grocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully enrolled them in paid subscriptions. [...]

This month's extended security update for Windows 11 broke Message Queuing (MSMQ), which is typically used by enterprises to manage background tasks. [...]

Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick users into giving them access to their M365 accounts, Proofpoint researchers say.

The post Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts appeared first on Security Boulevard.

NCC Group this week revealed it has allied with Qualys to expand the scope of its managed attack surface management (ASM) services to address instances of shadow IT. Amber Mitchell, lead product manager for ASM at NCC Group, said the managed security service provider (MSSP) already provides a managed attack surface service, but aligning with..

The post NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm appeared first on Security Boulevard.

Large enterprises today find themselves stuck in the “messy middle” of digital transformation, managing legacy on-premise firewalls from Palo Alto, Check Point, and Fortinet while simultaneously governing fast-growing cloud environments....

The post 4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management appeared first on Security Boulevard.

Strengthen NIS2 compliance by preventing weak and compromised passwords with Enzoic's continuous credential protection.

The post NIS2 Compliance: Maintaining Credential Security appeared first on Security Boulevard.

Session 6C: Sensor Attacks

Authors, Creators & Presenters: Shuguang Wang (City University of Hong Kong), Qian Zhou (City University of Hong Kong), Kui Wu (University of Victoria), Jinghuai Deng (City University of Hong Kong), Dapeng Wu (City University of Hong Kong), Wei-Bin Lee (Information Security Center, Hon Hai Research Institute), Jianping Wang (City University of Hong Kong)

PAPER
NDSS 2025 - Interventional Root Cause Analysis Of Failures In Multi-Sensor Fusion Perception Systems

Autonomous driving systems (ADS) heavily depend on multi-sensor fusion (MSF) perception systems to process sensor data and improve the accuracy of environmental perception. However, MSF cannot completely eliminate uncertainties, and faults in multiple modules will lead to perception failures. Thus, identifying the root causes of these perception failures is crucial to ensure the reliability of MSF perception systems. Traditional methods for identifying perception failures, such as anomaly detection and runtime monitoring, are limited because they do not account for causal relationships between faults in multiple modules and overall system failure. To overcome these limitations, we propose a novel approach called interventional root cause analysis (IRCA). IRCA leverages the directed acyclic graph (DAG) structure of MSF to develop a hierarchical structural causal model (H-SCM), which effectively addresses the complexities of causal relationships. Our approach uses a divide-and-conquer pruning algorithm to encompass multiple causal modules within a causal path and to pinpoint intervention targets. We implement IRCA and evaluate its performance using real fault scenarios and synthetic scenarios with injected faults in the ADS Autoware. The average F1-score of IRCA in real fault scenarios is over 95%. We also illustrate the effectiveness of IRCA on an autonomous vehicle testbed equipped with Autoware, as well as a cross-platform evaluation using Apollo. The results show that IRCA can efficiently identify the causal paths leading to failures and significantly enhance the safety of ADS.

---

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Interventional Root Cause Analysis Of Failures In Multi-Sensor Fusion Perception Systems appeared first on Security Boulevard.

The recent discovery of a cryptomining campaign targeting Amazon compute resources highlights a critical gap in traditional cloud defense. Attackers are bypassing perimeter defenses by leveraging compromised credentials to execute legitimate but privileged API calls like ec2:CreateLaunchTemplate, ecs:RegisterTaskDefinition, ec2:ModifyInstanceAttribute, and lambda:CreateFunctionUrlConfig. While detection tools identify anomalies after they occur, they do not prevent execution, lateral [...]

The post Preventing This Week’s AWS Cryptomining Attacks: Why Detection Fails and Permissions Matter appeared first on Security Boulevard.

Live from AWS re:Invent, Snir Ben Shimol makes the case that vulnerability management is at an inflection point: visibility is no longer the differentiator—remediation is. Organizations have spent two decades getting better at scanning, aggregating and reporting findings. But the uncomfortable truth is that many of today’s incidents still trace back to vulnerabilities that were..

The post Vulnerability Management’s New Mandate: Remediate What’s Real appeared first on Security Boulevard.

via the insightful artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Fifteen Years’ appeared first on Security Boulevard.

Amazon is warning organizations that a North Korean effort to impersonate IT workers is more extensive than many cybersecurity teams may realize after discovering the cloud service provider was also victimized. A North Korean imposter was uncovered working as a remote systems administrator in the U.S. after their keystroke input lag raised suspicions. Normally, keystroke..

The post Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread appeared first on Security Boulevard.

Google is shutting down its dark web report tool, which was released in 2023 to alert users when their information was found available on the darknet. However, while the report sent alerts, Google said users found it didn't give them next steps to take if their data was detected.

The post Google Shutting Down Dark Web Report Met with Mixed Reactions appeared first on Security Boulevard.

Topic: Summar Employee Portal 3.98.0 Authenticated SQL Injection Risk: Medium Text:# Exploit Title: Summar Employee Portal 3.98.0 - Authenticated SQL Injection # Google Dork: inurl:"/MemberPages/quienesquien....

Topic: dotCMS 25.07.02-1 Authenticated Blind SQL Injection Risk: Medium Text:#!/usr/bin/env python3 # Exploit Title: dotCMS 25.07.02-1 - Authenticated Blind SQL Injection # Google Dork: N/A # Date: 2...

Topic: Soosyze CMS 2.0 Brute Force Login Risk: Medium Text:# Exploit Title: Soosyze CMS 2.0 - Brute Force Login # Google Dork: N/A # Date: 2025-08-13 # Exploit Author: Beatriz Fresno ...

Topic: Windows LNK File UI Misrepresentation Remote Code Execution Risk: Medium Text:# Title: Windows LNK File UI Misrepresentation Remote Code Execution # Date: 2025-01-04 # Exploit Author: nu11secur1ty # Ven...

Topic: Microsoft Windows Media Player WMDRM 'RES://' URI Arbitrary Code Execution Vulnerability Risk: High Text:There ́s an implementation flaw that causes 'RES://' URIs to always be mapped to an 'Internet' security zone context, which all...

Topic: phpMyFAQ 3.1.7 Reflected Cross-Site Scripting (XSS) Risk: Low Text:# Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # V...

Topic: Pluck 4.7.7-dev2 PHP Code Execution Risk: High Text:# Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution # Date: 2024-10-26 # Exploit Author: CodeSecLab # Vendor Homepage: ...

Topic: R.s.W - Sql Injection Risk: Medium Text:********************************************************* # Exploit Title: SQL Injection – Red Spider Web CMS # Date: 2025-...

Topic: NetBT e-Fatura 'InboxProcessor' Unquoted Service Path Privilege Escalation Risk: Medium Text:# Exploit Title: NetBT e-Fatura 'InboxProcessor' Unquoted Service Path Privilege Escalation # Author: Seccops # Discovery Dat...

Topic: Mbed TLS 3.6.4 Use-After-Free Risk: High Text:/* * Exploit Title: Mbed TLS 3.6.4 - Use-After-Free * Google Dork: N/A * Date: 2025-08-29 * Exploit Author: Byte Reaper...

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all.

Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware.

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points.

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user's network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers.

In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic.

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses patched today affect all versions of Windows, including Windows 10.

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

Perhaps it's just the time of year where we all start to wind down a bit, or maybe I'm just tired after another massive 12 months, but this week's vid is way late. Ok, going away to the place that had just been breached

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

The sheer scope of cybercrime can be hard to fathom, even when you live and breathe it every day. It's not just the volume of data, but also the extent to which it replicates across criminal actors seeking to abuse it for their own gain, and to our

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

Twelve years (and one day) since launching Have I Been Pwned, it's now a service that Charlotte and I live and breathe every day. From the first thing every morning to the last thing each day, from holidays to birthdays, in sickness and in heal... wait a minute

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

Normally, when someone sends feedback like this, I ignore it, but it happens often enough that it deserves an explainer, because the answer is really, really simple. So simple, in fact, that it should be evident to the likes of Bruce, who decided his misunderstanding deserved a 1-star Trustpilot review

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

Well, I now have the answer to how Snapchat does age verification for under-16s: they give an underage kid the ability to change their date of birth, then do a facial scan to verify. The facial scan (a third party tells me...) allows someone well under 16 to pass it

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

I gave up on the IoT water meter reader. Being technical and thinking you can solve everything with technology is both a blessing and a curse; dogged persistence has given me the life I have today, but it has also burned serious amounts of time because I never want to

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

This week, it was an absolute privilege to be at Europol in The Hague, speaking about cyber offenders and at the InterCOP conference and spending time with some of the folks involved in the Operation Endgame actions. The latter in particular gave me a new sense of just how much

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

What. A. Week. It wasn't just the preceding weeks of technical pain as we tried to work out how to get this data loaded, it was all the subsequent queries we had to deal with too. Some of them are totally understandable, whilst others just resulted in endless

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

I hate hyperbolic news headlines about data breaches, but for the "2 Billion Email Addresses" headline to be hyperbolic, it'd need to be exaggerated or overstated - and it isn't. It's rounded up from the more precise number of 1,957,476,

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

The 2 billion email address stealer log breach I talk about this week is almost ready to go at the time of writing. It's been massively time-consuming, massively expensive (we turned the cloud up to 11) and enormously frustrating. I've written about why in the draft

Video from Reddit shows what could go wrong when you try to pet a—looks like a Humboldt—squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

At least some of this is coming to light:

Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone farm to manage at least hundreds of AI-generated social media accounts and promote products has been hacked. The hack reveals what products the AI-generated accounts are promoting, often without the required disclosure that these are advertisements, and allowed the hacker to take control of more than 1,000 smartphones that power the company.

The hacker, who asked for anonymity because he feared retaliation from the company, said he reported the vulnerability to Doublespeed on October 31. At the time of writing, the hacker said he still has access to the company’s backend, including the phone farm itself. ...

I’m sure there’s a story here:

Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items.

The man deceived the BA check-in agent by posing as a family member who had their passports and boarding passes inspected in the usual way.

For two days in September, Afghanistan had no internet. No satellite failed; no cable was cut. This was a deliberate outage, mandated by the Taliban government. It followed a more localized shutdown two weeks prior, reportedly instituted “to prevent immoral activities.” No additional explanation was given. The timing couldn’t have been worse: communities still reeling from a major earthquake lost emergency communications, flights were grounded, and banking was interrupted. Afghanistan’s blackout is part of a wider pattern. Just since the end of September, there were also major nationwide internet shutdowns in ...

New report: “The Party’s AI: How China’s New AI Systems are Reshaping Human Rights.” From a summary article:

China is already the world’s largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there. By exposing the full scope of China’s AI driven control apparatus, this report presents clear, evidence based insights for policymakers, civil society, the media and technology companies seeking to counter the rise of AI enabled repression and human rights violations, and China’s growing efforts to project that repression beyond its borders...

Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill. Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to regulate artificial intelligence. To many, this was catastrophic. The few massive AI companies seem to be swallowing our economy whole: their energy demands are overriding household needs, their data demands are overriding creators’ copyright, and their products are triggering mass unemployment as well as new types of clinical ...

This is a current list of where and when I am scheduled to speak:

• I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, at 6:00 PM CT on February 5, 2026. Details to come.
• I’m speaking at Capricon 44 in Chicago, Illinois, USA. The convention runs February 5-8, 2026. My speaking time is TBD.
• I’m speaking at the Munich Cybersecurity Conference in Munich, Germany on February 12, 2026.
• I’m speaking at Tech Live: Cybersecurity in New York City, USA on March 11, 2026.
• I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College on March 19, 2026...

I have no context for this video—it’s from Reddit—but one of the commenters adds some context:

Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting.

With so many people carrying around cameras, we’re getting more videos of giant squid at the surface than in previous decades. We’re also starting to notice a pattern, that around this time of year (peaking in January) we see a bunch of giant squid around Japan. We don’t know why this is happening. Maybe they gather around there to mate or something? who knows! but since so many people have cameras, those one-off monster-story encounters are now caught on video, like this one (which, btw, rips. This squid looks so healthy, it’s awesome)...

The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about things we are or that we know, and being unable to distinguish between who we are and who we have been. They struggle with incomplete, inaccurate, and partial context: with no standard way to move toward accuracy, no mechanism to correct sources of error, and no accountability when wrong information leads to bad decisions...

I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature.

Here’s some interesting research on training AIs to automatically exploit smart contracts:

AI models are increasingly good at cyber tasks, as we’ve written about before. But what is the economic impact of these capabilities? In a recent MATS and Anthropic Fellows project, our scholars investigated this question by evaluating AI agents’ ability to exploit smart contracts on Smart CONtracts Exploitation benchmark (SCONE-bench)­a new benchmark they built comprising 405 contracts that were actually exploited between 2020 and 2025. On contracts exploited after the latest knowledge cutoffs (June 2025 for Opus 4.5 and March 2025 for other models), Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 developed exploits collectively worth $4.6 million, establishing a concrete lower bound for the economic harm these capabilities could enable. Going beyond retrospective analysis, we evaluated both Sonnet 4.5 and GPT-5 in simulation against 2,849 recently deployed contracts without any known vulnerabilities. Both agents uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694, with GPT-5 doing so at an API cost of $3,476. This demonstrates as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible, a finding that underscores the need for proactive adoption of AI for defense...

The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign. The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign aimed at stealing sensitive data from organizations worldwide. Gladinet CentreStack is a software platform that allows organizations to turn their existing file servers, […]

A new UEFI flaw exposes some ASRock, ASUS, GIGABYTE, and MSI motherboards to early-boot DMA attacks, bypassing IOMMU protections. Researchers warn of a new UEFI vulnerability that affects select ASRock, ASUS, GIGABYTE, and MSI motherboards, enabling early-boot DMA attacks that bypass IOMMU protections. UEFI (Unified Extensible Firmware Interface) is the modern firmware standard that initializes […]

Cisco disclosed a critical zero-day (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager, actively exploited by a China-linked group. Cisco disclosed a critical zero-day, tracked as CVE-2025-20393, in Secure Email Gateway and Secure Email/Web Manager, which is actively exploited by a China-linked threat group. Cisco reported a December 10 campaign targeting certain […]

Hewlett Packard Enterprise (HPE) fixed a critical OneView flaw that could allow attackers to achieve remote code execution. Hewlett Packard Enterprise (HPE) addressed a maximum-severity security vulnerability, tracked as CVE-2025-37164 (CVSS score of 10.0), in OneView Software. An attacker can exploit the flaw to achieve remote code execution. HPE OneView is an integrated IT management […]

Resecurity reports a Q4 2025 surge in criminal use of DIG AI on Tor, enabling scalable illicit activity and posing new risks ahead of major 2026 events. During Q4 2025, Resecurity observed a notable increase in malicious actors utilizing DIG AI, accelerating during the Winter Holidays, when illegal activity worldwide reached a new record. With […]

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Cisco reported a December 10 campaign […]

Attackers abuse WhatsApp’s device-linking feature to hijack accounts via pairing codes in the GhostPairing campaign. Attackers are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes in a campaign dubbed GhostPairing, without requiring authentication. Gen Digital first observed the GhostPairing campaign in Czechia, but warns that it can spread globally via compromised accounts. The […]

SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602, in the SMA1000 Appliance Management Console that was exploited as a zero-day in attacks in the wild. The flaw is a local privilege escalation issue […]

French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack. French prosecutors are investigating a suspected cyberattack on the GNV ferry Fantastic, raising fears of a potential remote hijack. The ferry Fantastic sails between Sète and North Africa, and French authorities are investigating a suspected attempt to compromise […]

Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best known for supplying office products, stationery, IT equipment, and everyday business consumables to companies and consumers. It operates large-scale fulfillment and delivery services across Japan and is […]

The fake human verification process led to infostealer and ransomware infections

Winter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise Evaluations

A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up

The availability of exploit code will likely lead to more widespread opportunistic attacks

#1 Ranked in 66 Global Reports

Analysis of the tradecraft evolution across 6 months and 11 incidents

A major milestone: Sophos XDR delivers 100% detection coverage in the latest ATT&CK Evaluation.

Secure by Design.

Sophos has been named one of Computerworld’s 2026 Best Places to Work in IT for the second consecutive year, earning 10th place among large organizations for its innovative, people-focused, and high-impact IT culture.

The ransomware scene gains another would-be EDR killer