A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

Highlight

🔌 #UnplugTrump: Mach dich digital unabhängig von Trump und Big Tech privacy – The #UnplugTrump series offers 30 tips for reducing dependence on Trump and Big Tech, promoting privacy-friendly alternatives and encouraging a more independent digital world. https://www.kuketz-blog.de/unplugtrump-mach-dich-digital-unabhaengig-von-trump-und-big-tech/

---

News For All

🤖 Booking a Threat: Inside LummaStealer's Fake reCAPTCHA malware – LummaStealer uses fake booking confirmation links and reCAPTCHA to trick users into downloading malware. The malware employs complex evasion techniques to avoid detection. https://www.gdatasoftware.com/blog/2025/03/38154-lummastealer-fake-recaptcha

🦹‍♂️ Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension malware – Polymorphic extensions can impersonate legitimate browser extensions, tricking users into providing sensitive information. This sophisticated attack method poses serious security risks across Chromium-based browsers. https://labs.sqrx.com/polymorphic-extensions-dd2310006e04

🚫 Stop targeting Russian hackers, Trump administration orders US Cyber Command security news – The Trump administration has ordered US Cyber Command and CISA to cease monitoring Russian cyber threats, raising concerns about increased vulnerability to attacks from Russian hackers. https://www.bitdefender.com/en-us/blog/hotforsecurity/stop-targeting-russian-hackers-trump-administration-orders-us-cyber-command

💻 Nearly 1 million Windows devices targeted in advanced “malvertising” spree cybercrime – A sophisticated malvertising campaign has targeted nearly 1 million Windows devices, stealing login credentials and cryptocurrency by exploiting malicious ads hosted on platforms like GitHub and streaming sites. https://arstechnica.com/security/2025/03/nearly-1-million-windows-devices-targeted-in-advanced-malvertising-spree/

🛂 Microsoft unveils finalized EU Data Boundary privacy – Microsoft's EU Data Boundary aims to store European customer data within the EU, but concerns persist over reliance on US entities and potential risks from US regulations. https://www.theregister.com/2025/03/03/microsoft_unveils_a_finalized_eu/

🌃 As Skype shuts down, its legacy is end-to-end encryption for the masses security news – Skype, once a pioneer of end-to-end encryption, is shutting down, but its legacy lives on in the secure communication technologies used by modern apps, enhancing global privacy. https://techcrunch.com/2025/03/03/as-skype-shuts-down-its-legacy-is-end-to-end-encryption-for-the-masses/

🛎️ Android security update contains 2 actively exploited vulnerabilities vulnerability – Google's March security update addresses 43 vulnerabilities in Android, including two actively exploited flaws that allow privilege escalation, highlighting the importance of timely updates. https://cyberscoop.com/android-security-update-march-2025/

🔍 Google’s 'consent-less' Android tracking probed by academics privacy – Research reveals Android users are tracked via cookies and identifiers without consent, raising privacy concerns. Google defends its practices, emphasizing compliance with privacy laws despite criticisms. https://www.theregister.com/2025/03/04/google_android/

📬 Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear cybercrime – A fake ransom note campaign impersonating the BianLian ransomware group targets executives, demanding ransoms via mail. Experts assess these letters as scams, urging recipients to stay vigilant. https://www.guidepointsecurity.com/blog/snail-mail-fail-fake-ransom-note-campaign-preys-on-fear/

🫦 Google Messages is using AI to detect scam texts security news – Google Messages introduces an AI feature to detect scam texts in real time, alerting users to suspicious patterns. This feature aims to enhance user safety against evolving scam tactics. https://www.theverge.com/news/623632/google-messages-pixel-android-updates-scam-detection

🔐 Apple reportedly challenges the UK’s secretive encryption crackdown privacy – Apple is appealing a UK order requiring access to encrypted iCloud files, contesting its legality in the Investigatory Powers Tribunal, amid concerns over user privacy. https://www.theverge.com/news/623977/apple-uk-encryption-order-appeal

💻 Qilin claims attacks on cancer, women's clinics cybercrime – The Qilin ransomware group has claimed attacks on a cancer clinic in Japan and a women's healthcare facility in the US, stealing sensitive patient data and causing significant disruption. https://www.theregister.com/2025/03/05/qilin_ransomware_credit/

📱 1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers malware – Research reveals over 1 million Android devices, including streaming boxes and car infotainment systems, are compromised with backdoors, enabling ad fraud and cybercrime without users' knowledge. https://www.wired.com/story/1-million-third-party-android-devices-badbox-2/

⚽ Leeds United kick card swipers into Row Z after 5-day attack data breach – Leeds United reported a five-day cyberattack that compromised payment card details of some customers on its retail website. The club has notified affected individuals and is cooperating with the ICO. https://www.theregister.com/2025/03/05/leeds_united_card_swipers/

🌵 Cactus Ransomware: What You Need To Know cybercrime – Cactus is a ransomware-as-a-service group that encrypts data and demands ransom, exploiting VPN vulnerabilities. Recent links to the Black Basta group and social engineering tactics raise concerns. https://www.tripwire.com/state-of-security/cactus-ransomware-what-you-need-know

🤐 Anorexia coaches, self-harm buddies and sexualized minors: How online communities are using AI chatbots for harmful behavior security news – A report reveals that AI chatbots are being exploited by online communities to promote harmful behaviors, such as anorexia and pedophilia, posing significant risks to vulnerable individuals, especially minors. https://cyberscoop.com/graphika-ai-chatbots-harmful-behavior-character-ai/

🔞 Chinese AI Video Generators Unleash a Flood of New Nonconsensual Porn security news – AI video generators from Chinese companies lack safeguards against creating nonconsensual pornography, allowing users to easily produce explicit videos using a single image and a text prompt. https://www.404media.co/chinese-ai-video-generators-unleash-a-flood-of-new-nonconsensual-porn-3/

⚠️ AI Chatbots: The New Cybersecurity Threat Lurking in Plain Sight security news – AI chatbots present hidden dangers, including misinformation, manipulation, and cybersecurity vulnerabilities. As they become more prevalent, users must remain cautious and advocate for stronger regulations. https://infosec-mashup.santolaria.net/p/ai-chatbots-the-new-cybersecurity-threat-lurking-in-plain-sight

📰 Hacked health firm HCRG demanded journalist 'take down' data breach reporting, citing UK court order security news – HCRG sought a UK court injunction to remove articles about its ransomware attack from DataBreaches.net. The site refused, arguing jurisdiction issues and First Amendment protections, raising concerns about censorship. https://techcrunch.com/2025/03/06/hacked-health-firm-hcrg-demanded-journalist-take-down-data-breach-reporting-citing-uk-court-order/

🎟️ Suspects cuffed over $635k Taylor Swift ticket heist cybercrime – Two suspects have been arrested for stealing over 900 Taylor Swift tickets using a loophole in an offshore ticketing system, allegedly netting $635,000 from reselling them. https://www.theregister.com/2025/03/07/stubhub_taylor_swift_scammers/

---

Some More, For the Curious

🤞 Undocumented hidden feature found in Espressif ESP32 microchip vulnerability – Researchers discovered a hidden feature in the Espressif ESP32 microchip that could act as a backdoor for impersonation attacks, posing security risks for over 1 billion IoT devices. Comment: this might be a big one https://securityaffairs.com/175102/hacking/undocumented-hidden-feature-espressif-esp32-microchip.html

📶 Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying privacy – Rayhunter is an open source tool by EFF designed to help users detect cell-site simulators used for surveillance. It aims to empower individuals to protect their privacy. https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying

😷 Unmasking Hacktivist Groups: A Modern Approach to Attribution https://blog.checkpoint.com/research/unmasking-hacktivist-groups-a-modern-approach-to-attribution/ security research – Check Point Research reveals how state-sponsored hacktivist groups evolve through geopolitical events, using modern linguistic analysis to uncover hidden connections and enhance cyber threat attribution.

🔑 The Dangers of Exposed Secrets – and How to Prevent Them cyber defense – Exposed authentication tokens and secrets can lead to severe security breaches. Organizations must adopt secure coding practices and automated tools to prevent credential leakage. https://checkmarx.com/blog/exposed-secrets-and-how-to-prevent-them/

🎯 A Deep Dive into Strela Stealer and how it Targets European Countries malware – Strela Stealer is a targeted infostealer malware focusing on email credentials from users in select European countries. It uses sophisticated phishing techniques and obfuscation to evade detection. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-deep-dive-into-strela-stealer-and-how-it-targets-european-countries/

🕵️‍♀️ Not Lost in Translation: Rosetta 2 Artifacts in macOS Intrusions security research – Mandiant reveals how Rosetta 2's AOT files can serve as crucial forensic artifacts in investigating macOS intrusions, especially with x86-64 malware exploiting compatibility features. https://cloud.google.com/blog/topics/threat-intelligence/rosetta2-artifacts-macos-intrusions/

⚠️ Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate vulnerability – Three critical VMware vulnerabilities could allow attackers to escape a compromised VM and access the hypervisor, threatening multiple customers' networks. Exploitation is reportedly already occurring. Comment: The big one this week. https://arstechnica.com/security/2025/03/vmware-patches-3-critical-vulnerabilities-in-multiple-product-lines/

🥻 Silk Typhoon targeting IT supply chain security research – Microsoft Threat Intelligence reports that the Chinese espionage group Silk Typhoon is exploiting vulnerabilities in IT solutions to gain access to sensitive networks, highlighting their tactics and recent activities. https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/

🔧 GoStringUngarbler: Deobfuscating Strings in Garbled Binaries security research – Mandiant introduces GoStringUngarbler, a Python tool that automates the deobfuscation of strings in garble-obfuscated Go binaries, streamlining malware analysis and enhancing reverse engineering processes. https://cloud.google.com/blog/topics/threat-intelligence/gostringungarbler-deobfuscating-strings-in-garbled-binaries/

❤️‍🩹 Massive botnet that appeared overnight is delivering record-size DDoSes security research – The Eleven11bot botnet, comprising around 30,000 compromised webcams and video recorders, is executing record-size DDoS attacks, exploiting vulnerabilities and overwhelming targets with terabits of data. https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/

💰 Russian crypto exchange Garantex seized in international law enforcement operation cybercrime – U.S. and European authorities have seized Garantex, a crypto exchange accused of laundering billions. The operation involved multiple countries and resulted in indictments against two executives for money laundering. https://cyberscoop.com/garantex-seized-secret-service-doj-russia-crypto-sanctions/

🗳️ CISA completed its election security review. It won’t make the results public security news – CISA has completed an internal review of its election security mission but will not release the findings, raising concerns among election officials about potential impacts on security resources and collaboration. https://cyberscoop.com/cisa-election-security-review-lacks-transparency/

💻 Developer sabotaged ex-employer IT systems with kill switch security news – Davis Lu, a former Eaton Corporation developer, was found guilty of sabotaging company systems with malware and a kill switch, potentially facing ten years in prison for the attack. https://www.theregister.com/2025/03/08/developer_server_kill_switch/

---

CISA Corner

🚨 CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has identified four new vulnerabilities, including issues in the Linux Kernel and VMware ESXi, highlighting significant risks that require immediate remediation by federal agencies. Comment: !!!!!! The big one this week !!!!!! https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning – CISA has added five new vulnerabilities to its catalog, highlighting significant risks to federal networks. Agencies must remediate these vulnerabilities to protect against active cyber threats. https://www.cisa.gov/news-events/alerts/2025/03/03/cisa-adds-five-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA has issued eight advisories regarding vulnerabilities in various Industrial Control Systems, urging users to review them for technical details and mitigation strategies. Comment: Carrier, Keysight, Hitachi, Delta Electronics, GMOD, Edimax (!) https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-releases-eight-industrial-control-systems-advisories ⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA has issued three advisories regarding vulnerabilities in Industrial Control Systems, urging users to review them for critical security information and mitigation strategies. Comment: Hitachi, Schneider Electric https://www.cisa.gov/news-events/alerts/2025/03/06/cisa-releases-three-industrial-control-systems-advisories

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

Highlight

👁️ mySpy-Leak: Vom Partner verwanzt privacy – Leaked messages reveal users are employing the mSpy spyware app to secretly monitor partners and children, often illegally. The article discusses the implications of digital surveillance and the lack of effective regulation against such invasive practices. https://netzpolitik.org/2025/mspy-leak-vom-partner-verwanzt/

---

News For All

🛡️ Brave Desktop Browser Vulnerability Lets Malicious Sites Appear Trusted vulnerability – A vulnerability in Brave Browser allows malicious sites to masquerade as trusted sources during file transfers, risking user data and security. Update to version 1.74.48 or later. https://hackread.com/brave-desktop-browser-vulnerability-malicious-sites-trusted/

😂 On hackers, hackers, and hilarious misunderstandings security news – The article humorously addresses misconceptions about hackers and their motivations, highlighting the importance of understanding the hacker mindset and the often comical misunderstandings that arise. https://gynvael.coldwind.pl/?id=799

⌚ How Garmin watches reveal your personal data, and what you can do security research – Garmin watches store sensitive data easily accessed via USB, raising privacy concerns. Users are advised to sync data, enable security features, and maintain device safety to protect personal information. https://www.pentestpartners.com/security-blog/how-garmin-watches-reveal-your-personal-data-and-what-you-can-do/

🔍 mSpy-Leak: Tipps und Gegenmaßnahmen gegen Spionage-Apps privacy – The article discusses the illegal use of the mSpy spying app and provides measures to take if you suspect such an app is on your device, including disconnecting from the internet, removing suspicious software, and reporting to the police. https://www.kuketz-blog.de/mspy-leak-tipps-und-gegenmassnahmen-gegen-spionage-apps/

🎥 Scammers Are Creating Fake News Videos to Blackmail Victims cybercrime – Scammers are using AI-generated fake news videos to blackmail victims, falsely accusing them of crimes. This tactic has evolved as cybercriminals leverage technology to manipulate and pressure individuals into paying. https://www.wired.com/story/scammers-are-creating-fake-news-videos-to-blackmail-victims/

💥A brief history of mass hacks cybercrime – The article chronicles the rise of mass hacks exploiting vulnerabilities in enterprise security tools, detailing incidents from various software breaches affecting millions of individuals and organizations. https://techcrunch.com/2025/01/31/a-brief-history-of-mass-hacks/

🔧 How to switch off Apple Intelligence on your iPhone, iPad, and Mac privacy – Apple's new software updates automatically enable Apple Intelligence features. Users concerned about AI impacts can easily disable it through Settings on iOS or System Settings on Mac. https://techcrunch.com/2025/01/27/how-to-switch-off-apple-intelligence-on-your-iphone-ipad-and-mac/

🧑‍🏭 LinkedIn Removes Accounts of AI 'Co-Workers' Looking for Jobs security news – LinkedIn has removed AI-generated accounts created by Marketeam that falsely advertised themselves as job-seeking 'co-workers' with the #OpenToWork tag, citing violations of its terms of service. https://www.404media.co/linkedin-ai-coworkers-marketeam-open-to-work/

🍏 Apple’s latest patch closes zero-day affecting wide swath of products vulnerability – Apple has released updates to address a critical zero-day vulnerability (CVE-2025-24085) in its Core Media component, affecting multiple devices. Users are urged to update to mitigate risks. https://cyberscoop.com/apple-security-update-zero-day-january-2025/

🏆 Google Play will now verify VPNs that prioritize privacy and safety security news – Google Play is introducing verification badges for VPN apps that meet specific security standards, enhancing user privacy and safety. Approved VPNs must pass a security assessment and meet installation requirements. https://www.theverge.com/news/599214/google-play-vpn-verification-badges

🌍 ExxonMobil Lobbyist Caught Hacking Climate Activists cybercrime – The DOJ is investigating a lobbying firm for allegedly hacking climate activists on behalf of ExxonMobil, with an Israeli investigator sought for orchestrating the campaign to discredit environmental groups. https://www.schneier.com/blog/archives/2025/01/exxonmobil-lobbyist-caught-hacking-climate-activists.html

🚨 FBI seizes major cybercrime forums in coordinated domain takedown cybercrime – The FBI, alongside international law enforcement, has seized control of cybercrime forums Cracked.io and Nulled.to, redirecting their domains to FBI servers. The operation aims to disrupt markets for stolen credentials and hacking tools. https://cyberscoop.com/fbi-seized-cracked-nulled-sellix-cybercriminal-forum/

🔒 Google will now automatically revoke permissions from harmful Android apps security news – Google's Play Protect will now automatically revoke permissions from potentially harmful Android apps to enhance security. Users can restore permissions but must confirm their decision for added safety. https://www.theverge.com/news/601715/google-play-protect-revoke-app-permissions

💻 Lazarus Group's latest heist hits hundreds globally cybercrime – North Korea's Lazarus Group conducted a large-scale supply chain attack, compromising hundreds of victims by embedding malware in cloned software packages, particularly targeting the cryptocurrency sector. https://www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/

🍝 Italy’s Data Protection Authority Garante requested information from Deepseek security news – Italy's Garante has requested information from Chinese AI firm DeepSeek regarding its data practices, citing risks to user data and requiring a response within 20 days amid concerns over data collection methods. https://securityaffairs.com/173637/digital-id/italys-garante-requested-information-from-deepseek.html

🏮 Fake Reddit and WeTransfer Sites are Pushing Malware security research https://www.schneier.com/blog/archives/2025/01/fake-reddit-and-wetransfer-sites-are-pushing-malware.html

⛲ TeamViewer fixed a bug in Windows client and host applications vulnerability – TeamViewer has patched a high-severity privilege escalation vulnerability (CVE-2025-0065) in its Windows client and host applications, allowing attackers with local access to elevate privileges through argument injection. https://securityaffairs.com/173658/security/teamviewer-windows-client-flaw.html

📉 Archivists Work to Identify and Save the Thousands of Datasets Disappearing From Data.gov security news – Concerns over missing datasets from Data.gov, highlighting challenges in tracking lost data due to changes in administration and data management practices. https://www.404media.co/archivists-work-to-identify-and-save-the-thousands-of-datasets-disappearing-from-data-gov/

⚠️ #UnplugTrump: Was dem Internet jetzt droht und was die Chance ist security news – The article discusses the risks posed by the alignment of right-wing politics and tech billionaires under Trump's influence, highlighting potential impacts on digital rights, privacy, and democracy, while promoting a campaign to explore ways to mitigate these risks. https://www.kuketz-blog.de/unplugtrump-was-dem-internet-jetzt-droht-und-was-die-chance-ist/

🦺 DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot security research – Researchers found that DeepSeek's AI chatbot failed to block any of the 50 jailbreak prompts tested, revealing significant vulnerabilities in its safety measures compared to other AI models. https://www.wired.com/story/deepseeks-ai-jailbreak-prompt-injection-attacks/

---

Some More, For the Curious

🤖 How GhostGPT Empowers Cybercriminals with Uncensored AI security research – GhostGPT, an uncensored AI chatbot, aids cybercriminals in crafting malware and phishing schemes without safety restrictions, making illegal activities easier and more efficient. https://abnormalsecurity.com/blog/ghostgpt-uncensored-ai-chatbot

🤔 Node.js EOL Versions CVE Dubbed the “Worst CVE of the Year” ... security news – CVE-2025-23088 warns about risks of using EOL Node.js versions, sparking debate on its validity as a CVE. Critics argue it misuses the system for general warnings, not specific vulnerabilities. https://socket.dev/blog/node-js-eol-versions-cve-dubbed-the-worst-cve-of-the-year

🔑 Best practices for key derivation cyber defense – Key derivation is crucial for cryptography, but common misuses can lead to vulnerabilities. This article outlines best practices for using KDFs effectively and securely in various scenarios. https://blog.trailofbits.com/2025/01/28/best-practices-for-key-derivation/

🏹 Questions From a Beginner Threat Hunter cyber defense – This article clarifies key concepts in threat hunting versus detection, outlines necessary skills and tools, and explains techniques like C2 over DNS for identifying network compromises. https://www.blackhillsinfosec.com/questions-from-a-beginner-threat-hunter/

⚔️ How cyberattackers exploit group policies hacking write-up – Cyberattackers misuse Windows group policies to distribute malware and execute malicious scripts, gaining significant control over networks. Understanding vulnerabilities and monitoring these policies is essential for security. https://securelist.com/group-policies-in-cyberattacks/115331/

🫏 A method to assess 'forgivable' vs 'unforgivable' vulnerabilities security research – New research by NCSC aims to categorize software vulnerabilities as 'forgivable' or 'unforgivable', focusing on making mitigations easier to implement and improving secure development practices. https://www.ncsc.gov.uk/report/a-method-to-assess-forgivable-vs-unforgivable-vulnerabilities

🔓 Get FortiRekt, I Am The SuperAdmin Now – Fortinet FortiOS Authentication Bypass CVE-2024-55591 hacking write-up – CVE-2024-55591 is a critical authentication bypass vulnerability in Fortinet's FortiOS, allowing attackers to gain super-admin access via crafted WebSocket requests. Immediate patching is advised due to active exploitation. https://labs.watchtowr.com/get-fortirekt-i-am-the-superadmin-now-fortios-authentication-bypass-cve-2024-55591/

📍 Everyone knows your location: tracking myself down through in-app ads privacy – A study revealed that over 2000 apps collect geolocation data without user consent. The author tracked their own location data, exposing alarming practices in ad networks and data trading. https://timsh.org/tracking-myself-down-through-in-app-ads/

🗃️ PyPI’s New Archival Feature Closes a Major Security Gap security news – PyPI introduces a project archival feature, allowing maintainers to mark inactive packages. This enhances security by preventing revival hijacking and helps developers assess dependency status more effectively. https://socket.dev/blog/pypi-adds-support-for-archiving-projects

🤝 Open-source security spat leads companies to join forces for new tool security news – In response to Semgrep's licensing changes limiting community contributions, over 10 security firms have launched Opengrep, a new open-source static analysis tool aimed at preserving accessibility and community involvement in software security. https://cyberscoop.com/opengrep-static-analysis-security-tool-semgrep-open-source/

🍟 Apple chips can be hacked to leak secrets from Gmail, iCloud, and more vulnerability – New vulnerabilities in Apple A- and M-series chips allow attackers to exploit side-channel attacks, leaking sensitive data like credit card info and locations from browsers such as Chrome and Safari. https://arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/

🔄 Backups & DRP in the ransomware era cyber defense – Ransomware threats necessitate a rethinking of disaster recovery plans. This article discusses building a resilient backup infrastructure using strategies like the 3-2-1 backup rule and access isolation to safeguard data. https://blog.nviso.eu/2025/01/29/backups-drp-in-the-ransomware-era/

💉 Google Online Security Blog: How we estimate the risk from prompt injection attacks on AI systems security research – Google discusses the threat of indirect prompt injection attacks on AI systems like Gemini, outlining their evaluation framework and automated red-teaming methods to mitigate risks and enhance security. http://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html

⚔️ Adversarial Misuse of Generative AI security research – Google's Threat Intelligence Group analyzes the misuse of AI systems by threat actors, particularly focusing on indirect prompt injection attacks and the use of generative AI in cyber operations, revealing how actors exploit tools like Gemini for malicious purposes. https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai/

⚠️ Critical remote code execution bug found in Cacti framework vulnerability – A critical vulnerability (CVE-2025-22604) in the Cacti framework allows authenticated users to execute remote code by injecting malformed OIDs, potentially compromising sensitive data. A fix is available in version 1.2.29. https://securityaffairs.com/173597/security/critical-rce-cacti-framework.html

💂 Your Private Wireguard Network from Scratch cyber defense – This article guides readers through setting up a private WireGuard network, emphasizing the importance of self-hosting for security and privacy. It details the configuration process for creating a 'lighthouse' server and connecting various devices. https://taggart-tech.com/wireguard/

☁️ Infrastructure Laundering: Blending in with the Cloud cybercrime – The FBI and international law enforcement have seized cybercrime forums linked to organized crime, highlighting the trend of criminals using U.S. cloud providers to obscure their activities, particularly in operations like Funnull, which hosts malicious sites. https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/

---

CISA Corner

⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has issued seven advisories regarding vulnerabilities in various Industrial Control Systems, including products from B&R Automation and Rockwell Automation. Users are urged to review these advisories for security updates. https://www.cisa.gov/news-events/alerts/2025/01/28/cisa-releases-seven-industrial-control-systems-advisories ⚙️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA issued advisories on vulnerabilities in various Industrial Control Systems, urging users to review them for essential security updates and mitigations. https://www.cisa.gov/news-events/alerts/2025/01/30/cisa-releases-eight-industrial-control-systems-advisories

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-24085, a use-after-free vulnerability affecting multiple Apple products, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation confirmed by Fortinet. https://www.cisa.gov/news-events/alerts/2025/01/29/cisa-adds-one-known-exploited-vulnerability-catalog

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub