Cyberattacks by AI agents are coming
Agents could make it easier and cheaper for criminals to hack systems at scale. We need to be ready.
https://www.technologyreview.com/2025/04/04/1114228/cyberattacks-by-ai-agents-are-coming/
#cybersecurity #AI #agenticAI #cyberattacks #vulnerabilities #honeypots #LLMhoneypots

'Operation RoundPress' Targets #Ukraine in #XSS #Webmail Attacks. A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-#phishing #attacks that exploit XSS #vulnerabilities.
https://www.darkreading.com/threat-intelligence/operation-roundpress-ukraine-xss-webmail-attacks

#Security experts have discovered new #Intel #Spectre #vulnerabilities

https://www.ghacks.net/2025/05/14/security-experts-have-discovered-new-intel-spectre-vulnerabilities/?utm_source=mas.to&utm_medium=social&utm_campaign=&utm_term=&utm_content=&utm_referrer=https%3A%2F%2Fmas.to%2F%40KNTRO&utm_id=&utm_creative=&utm_channel=mastodon_organic&utm_platform=desktop&utm_location=argentina&utm_language=es-ar&utm_variant=

#Windows #ZeroDay #Bug Exploited for Browser-Led RCE. #Microsoft's May 2025 Patch Tuesday update also contains four other actively exploited zero-day #security #vulnerabilities, two publicly known bugs, and 12 critical patches.
https://www.darkreading.com/vulnerabilities-threats/windows-zero-day-bug-exploited-browser-rce
Well, simply don't use Microsoft products. Use #freesoftware, much less sensible to vulnerabilities, and more respecting your #privacy and your #personaldata
#Linux #Distro are the best

This time I'm begging you to update yo shit!

PSA: iOS 18.5 patches over 30 iPhone security vulnerabilties - 9to5Mac

https://9to5mac.com/2025/05/12/ios-18-5-security-fixes/

Open source project #curl is sick of users submitting “AI slop” #vulnerabilities - Ars Technica

"One way you can tell is it's always such a nice report," founder tells Ars.
#aislop #ai #security

https://arstechnica.com/gadgets/2025/05/open-source-project-curl-is-sick-of-users-submitting-ai-slop-vulnerabilities/

Okay. Every now and then, I may use some AI to help write something.

But if I can't articulate what's wrong or where something is broken to get it fixed, maybe I should leave that up to someone who can.

Open source project curl is sick of users submitting “AI slop” vulnerabilities

https://arstechnica.com/gadgets/2025/05/open-source-project-curl-is-sick-of-users-submitting-ai-slop-vulnerabilities/

Open source project curl is sick of users submitting “AI slop” vulnerabilities https://arstechni.ca/LAhpm #vulnerabilities #bugreports #hackerone #security #Tech #curl #AI

Latest issue of my curated #cybersecurity and #infosec list of resources for week #18/2025 is out!

It includes the following and much more:

France has linked Russian APT to 12 #cyberattacks on French Orgs.;

Cybersecurity experts demand the reinstatement of Chris Krebs' security clearances and the withdrawal of the investigation;

#Vulnerabilities in Apple's #AirPlay Protocol;

New York's Metropolitan Transportation Authority plans to use #AI and cameras to detect potential subway crimes before they happen;

@SentinelOne Targeted by Chinese #PurpleHaze Group;

#Microsoft sets all new accounts #passwordless by default;

The #Trump administration plans to cut $491 million from #CISA's budget;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2025

Latest issue of my curated #cybersecurity and #infosec list of resources for week #17/2025 is out!

It includes the following and much more:

Two top officials from #CISA resigned;

U.S. Defense Secretary Pete Hegseth caught in another information leak;

Yearly Threat Intelligence Reports Released;

U.S. lost record $16.6 billion to #cybercrime in 2024;

5.5 Million Patients Affected by #DataBreach at Yale New Haven Health;

VulnCheck spotted 159 actively exploited #vulnerabilities in first few months of 2025;

FBI is seeking public help to identify Chinese hackers known as #SaltTyphoon and offers $10 million reward;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-17-2025

A Python client for the Global CVE Allocation System has been released.

by @cedric

#cve #gcve #vulnerabilities #vulnerability

https://github.com/gcve-eu/gcve

Threat Actors Don’t Care About Your Compliance Score
https://youtu.be/mYsSUR6z6BA . #cybersecurity #GRC #audits #documentation #threatactors #vulnerabilities #threathunting #riskmanagent #compliance #NIST #CMMC

Please make sure to update your devices!

Update Now: iOS 18.4.1 and macOS Sequoia 15.4.1 Address Actively Exploited Vulnerabilities

https://www.macrumors.com/2025/04/16/ios-18-4-1-security-fixes/

MITRE CVE Contract Extended Just Before Expiration https://thecyberexpress.com/mitre-cve-contract-extended-before-expiration/ #TheCyberExpressNews #TheCyberExpress #Vulnerabilities #FirewallDaily #cybersecurity #CyberNews #MITRE #CISA #CVE #NVD

https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-funding
#cybersecurity #vulnerabilities #CVE #CWE #MITRE #government #defunding

Pulling the plug on the database would cause "an immediate cascading effect that will impact vulnerability management on a global scale" #Cybersecurity #Funding #Software #Vulnerabilities #TechNews

Nonprofit That Tracks Software...

NEW -

DCG real-ucode

Actually provides the latest CPU microcode for AMD and Intel

Version: 2025-04-14
Release: 1

updated ucode for amd and intel with that one !

https://github.com/divestedcg/real-ucode/

#divested
#DivestedComputingGroup

#fsf #FUTO #Fedora #alpinelinux #hardening #linuxtech #cybersec #cybersecurity #infosec #foss
#hackernews #opensource #android #skynet #linuxsecurity #ucode #vulnerabilities #vulnerability #freeyourmind

NEW -

DCG Domain Blocklist available - last updated 2025/04/14

1692406 - Domains blocked with that build !

Supercharging your content blocker to increase privacy and security.

All available lists:
- uBlockOrigin
- Hosts format & Hosts format with wildcards
- dnsmasq with wildcards

Ready to use lists combined from many permissively licensed sources.

https://divested.dev/pages/dnsbl

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #hackernews
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss #freeyourmind

NEW -

DCG rpm-hardened_malloc available

pkgver = 2025/04/04
pkgrel = 1

Release Note = more coverage

Compatibility:
- Fedora 39/40/etc.
- Arch Linux

Hardened allocator designed for modern systems

https://codeberg.org/divested/rpm-hardened_malloc

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #hardened_malloc #hardenedmalloc #linuxtech #cybersec #cybersecurity #antivirus #hackernews
#opensource #android #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #hardening #foss #infosec #freeyourmind

https://www.europesays.com/1970212/ Heritage Foundation documentary highlights aging U.S. nuclear arsenal vulnerabilities #Aging #China #Conflicts #Documentary #HeritageFoundation #IndoPacific #nuclear #U.S.NuclearArsenal #vulnerabilities