Cybersecurity

Coming to #Apple OSes: A seamless, secure way to import and export #passkeys

https://arstechnica.com/security/2025/06/apple-previews-new-import-export-feature-to-make-passkeys-more-interoperable/

#cybersecurity

#TrendMicro fixes critical vulnerabilities in multiple products

https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserver/

#cybersecurity

#Graphite #spyware used in #Apple #iOS zero-click attacks on journalists

https://www.bleepingcomputer.com/news/security/graphite-spyware-used-in-apple-ios-zero-click-attacks-on-journalists/

#cybersecurity #Paragon #privacy #journalism

#Apple fixes new #iPhone zero-day bug used in #Paragon #spyware hacks

https://techcrunch.com/2025/06/12/apple-fixes-new-iphone-zero-day-bug-used-in-paragon-spyware-hacks/

#cybersecurity

#Password-spraying attacks target 80,000 #Microsoft #EntraID accounts

https://www.bleepingcomputer.com/news/security/password-spraying-attacks-target-80-000-microsoft-entra-id-accounts/

#cybersecurity

Security habits around the world: A closer look at #password statistics

https://bitwarden.com/blog/a-closer-look-at-password-statistics/

#cybersecurity

#Microsoft #Edge now offers secure #password deployment for businesses

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-now-offers-secure-password-deployment-for-businesses/

#cybersecurity

#GitLab patches high severity account takeover, missing auth issues

https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity-account-takeover-missing-auth-issues/

#cybersecurity #FOSS

#Fog #ransomware attack uses unusual mix of legitimate and #OpenSource tools

https://www.bleepingcomputer.com/news/security/fog-ransomware-attack-uses-unusual-mix-of-legitimate-and-open-source-tools/

#cybersecurity #cybercrime

Abandoned Subdomains from Major Institutions Hijacked for #AI-Generated Spam

https://tech.slashdot.org/story/25/06/12/019221/abandoned-subdomains-from-major-institutions-hijacked-for-ai-generated-spam

#cybersecurity

June is BIG for open source 👏

⚡ $9T OSS research
⚡ OpenInfra joins LF
⚡ New Cybersecurity Skills Framework
⚡ Don’t miss #OSSNA

Learn mores: https://www.linuxfoundation.org/blog/linux-foundation-newsletter-june-2025
🎥 Watch the highlights

#LinuxFoundation #OpenSource #OSSNA #AI #CyberSecurity

#SmartAttack uses smartwatches to steal data from air-gapped systems

https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/

#cybersecurity #smartwatch #IoT

#ErieInsurance confirms #cyberattack behind business disruptions

https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/

#cybersecurity #insurance

"AI agents have already demonstrated that they may misinterpret goals and cause some modest amount of harm. When the Washington Post tech columnist Geoffrey Fowler asked Operator, OpenAI’s ­computer-using agent, to find the cheapest eggs available for delivery, he expected the agent to browse the internet and come back with some recommendations. Instead, Fowler received a notification about a $31 charge from Instacart, and shortly after, a shopping bag containing a single carton of eggs appeared on his doorstep. The eggs were far from the cheapest available, especially with the priority delivery fee that Operator added. Worse, Fowler never consented to the purchase, even though OpenAI had designed the agent to check in with its user before taking any irreversible actions.

That’s no catastrophe. But there’s some evidence that LLM-based agents could defy human expectations in dangerous ways. In the past few months, researchers have demonstrated that LLMs will cheat at chess, pretend to adopt new behavioral rules to avoid being retrained, and even attempt to copy themselves to different servers if they are given access to messages that say they will soon be replaced. Of course, chatbot LLMs can’t copy themselves to new servers. But someday an agent might be able to.

Bengio is so concerned about this class of risk that he has reoriented his entire research program toward building computational “guardrails” to ensure that LLM agents behave safely."

https://www.technologyreview.com/2025/06/12/1118189/ai-agents-manus-control-autonomy-operator-openai/

#AI #GenerativeAI #AIAgents #AgenticAI #CyberSecurity #LLMs #Chatbots

Brute-force attacks target #ApacheTomcat management panels

https://www.bleepingcomputer.com/news/security/brute-force-attacks-target-apache-tomcat-management-panels/

#Apache #cybersecurity

#OperationSecure disrupts global #infostealer #malware operations

https://www.bleepingcomputer.com/news/security/operation-secure-disrupts-global-infostealer-malware-operations/

#cybercrime #cybersecurity

#Microsoft fixes #WindowsServer auth issues caused by April updates

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-auth-issues-caused-by-april-updates/

#cybersecurity #Windows

"Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is now rolled out.

This is an extended variant of the prompt injection exfiltration attacks we've seen in a dozen different products already: an attacker gets malicious instructions into an LLM system which cause it to access private data and then embed that in the URL of a Markdown link, hence stealing that data (to the attacker's own logging server) when that link is clicked.

The lethal trifecta strikes again! Any time a system combines access to private data with exposure to malicious tokens and an exfiltration vector you're going to see the same exact security issue.

In this case the first step is an "XPIA Bypass" - XPIA is the acronym Microsoft use for prompt injection (cross/indirect prompt injection attack). Copilot apparently has classifiers for these, but unsurprisingly these can easily be defeated:"

https://simonwillison.net/2025/Jun/11/echoleak/

#AI #GenerativeAI #CyberSecurity #EchoLeak #Microsoft #Microsof365Copilot #ZeroClickVulnerability #LLMs #PromptInjection #Markdown

#DanaBot #malware operators exposed via C2 bug added in 2022

https://www.bleepingcomputer.com/news/security/danabot-malware-operators-exposed-via-c2-bug-added-in-2022/

#cybercrime #cybersecurity #privacy

#ConnectWise rotating code signing certificates over security concerns

https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/

#cybersecurity

#WholeFoods warns of shortages after cyberattack at its primary distributor #UNFI

https://techcrunch.com/2025/06/11/whole-foods-tells-staff-cyberattack-at-its-primary-distributor-unfi-will-affect-product-availability/

#groceries #cybersecurity

Found in the wild: 2 #SecureBoot exploits. #Microsoft is patching only 1 of them.

https://arstechnica.com/security/2025/06/unearthed-in-the-wild-2-secure-boot-exploits-microsoft-patches-only-1-of-them/

#cybersecurity

#Microsoft June 2025 #PatchTuesday fixes exploited zero-day, 66 flaws

https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2025-patch-tuesday-fixes-exploited-zero-day-66-flaws/

#cybersecurity

#Microsoft #Outlook to block more risky attachments used in attacks

https://www.bleepingcomputer.com/news/security/microsoft-outlook-to-block-more-risky-attachments-used-in-attacks/

#cybersecurity #email

#KI ist praktisch – doch gebt nicht zu viel preis! Sensible Daten wie Passwörter oder Bankinfos haben in KI-Tools nichts verloren. Auch Kriminelle nutzen KI für Deepfakes & Betrug. Weniger teilen = besser schützen.

Tipps: 👉 https://www.bsi.bund.de/dok/1113674

#KünstlicheIntelligenz #CyberSecurity