Dr. T's security brief
dtau...@gmail.com
SharePoint Attacks Include Ransomware Infections
Microsoft confirmed late Wednesday that a threat group it tracks as China-based Storm-2603 is abusing vulnerable on-premises SharePoint servers to deploy ransomware. The security holes affect SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. Fixes for all three have been issued. More than 400 organizations have been compromised thus far, according to Belgium's Eye Security, including the U.S. Department of Energy's National Nuclear Security Administration, which maintains U.S. nuclear weapons.
[ » Read full article ]
The Register (U.K.); Jessica Lyons (July 24, 2025)
Security Measures for Safeguarding Brain Implants
Researchers at Yale University’s Digital Ethics Center recommend measures that brain-computer interface (BCI) manufacturers and government regulators can adopt to protect patients’ safety and privacy. The researchers advised regulators to mandate non-surgical methods for updating and recovering devices, robust authentication schemes for software modifications, and the encryption of data moving to and from patients’ brains. They also recommend steps to guard BCIs against the malicious use of AI.
[ » Read full article ]
YaleNews; Mike Cummings (July 23, 2025)
Researchers Bypass Anti-Deepfake Markers on AI Images
Researchers at the University of Waterloo in Canada developed a tool that can quickly remove watermarks identifying artificially generated content. The UnMarker tool can remove watermarks without knowing anything about the system that generated them or anything about the watermarks. Explained Waterloo’s Andre Kassis, "We can just apply this tool and within two minutes max, it will output an image that is visually identical to the watermark image" but without the watermark indicating its artificial origin.
[ » Read full article ]
CBC News (Canada); Anja Karadeglija (July 23, 2025)
Humans Can Be Tracked Based on How They Block Wi-Fi Signals
Computer scientists at Sapienza University of Rome in Italy have developed a biometric identifier based on the way the human body interferes with Wi-Fi signal propagation. Derived from Wi-Fi Channel State Information, the WhoFi identifier can re-identify a person in other locations most of the time when a Wi-Fi signal can be measured; as a result, a person could be tracked as they pass through signals sent by different Wi-Fi networks.
[ » Read full article ]
The Register (U.K.); Thomas Claburn (July 22, 2025)
Tesla Testing if Its Robotaxis Can Be Hacked Remotely
Tesla has received U.S. Federal Communications Commission approval to test its robotaxis for vulnerabilities to cellular and radio frequency (RF) hacking. The company will simulate RF attacks to assess how resilient its autonomous vehicles are to malicious interference. The tests aim to strengthen cybersecurity measures ahead of broader autonomous vehicle deployment.
[ » Read full article ]
PC Mag; Emily Forlini (July 21, 2025)
Global Hack on Microsoft Product Hits U.S., State Agencies
Hackers exploited a zero-day vulnerability in widely-used Microsoft SharePoint server software to launch a global attack on government agencies and businesses in the past few days, breaching U.S. federal and state agencies, universities, and energy companies. Tens of thousands of servers are at risk, experts said, and Microsoft has issued no patch for the flaw. Researchers said the hackers gained access to keys that may allow them to regain entry even after a system is patched.
[ » Read full article ]
The Washington Post; Ellen Nakashima; Joseph Menn; Yvonne Wingett Sanchez (July 20, 2025)
Nvidia Warns Its GPUs Need Protection Against Rowhammer Attacks
Nvidia has warned customers to implement defenses against Rowhammer attacks after researchers from Canada's University of Toronto identified a vulnerability in one of its workstation-grade GPUs. Rowhammer attacks can disrupt operations by using repeated bursts of read or write operations to "hammer" rows of memory cells. The vulnerability affects Nvidia's A6000 GPU with GDDR6 memory when system-level error correcting code (ECC) is disabled.
[ » Read full article ]
The Register (U.K.); Iain Thomson; Simon Sharwood (July 13, 2025)
Mexico Makes Biometric Identifier Mandatory for Citizens
A new law in Mexico is turning the previously optional biometric-based citizen code into a mandatory document for all citizens. The Unique Population Registry Code (Clave Única de Registro de Población, or CURP) will contain personal and biometric information, including a photograph and a QR code containing biometric fingerprint and iris data. The identifier will be introduced gradually by February 2026 and could be integrated into a single identity platform connected to other state databases and administrative records.
[ » Read full article ]
Biometric Update; Masha Borak (July 18, 2025)
AI Models with Systemic Risks Given Pointers on Complying with EU AI Rules
The European Commission (EC) on Friday unveiled guidelines to help AI models determined to have systemic risks comply with the EU's AI Act. Impacted AI models will have to carry out evaluations, assess and mitigate risks, conduct adversarial testing, report serious incidents to the EC, and ensure adequate cybersecurity protection against theft and misuse. Companies have until August 2026 to comply with the legislation.
[ » Read full article ]
Reuters; Foo Yun Chee (July 18, 2025)
Microsoft Stops Relying on Chinese Engineers for Pentagon Cloud Support
Microsoft has revised its practices to ensure that engineers in China no longer provide technical support to U.S. defense clients using the company’s cloud services. The announcement came days after ProPublica published a report describing the U.S. Defense Department’s dependence on Microsoft software engineers in China. According to the report, Microsoft’s Chinese Azure engineers are overseen by “digital escorts” in the U.S., an arrangement that might leave the U.S. vulnerable to a cyberattack from China.
[ » Read full article ]
CNBC; Jordan Novet (July 18, 2025)
U.S. Aims to Ban Chinese Technology in Undersea Cables
The U.S. Federal Communications Commission (FCC) intends to implement rules prohibiting companies from connecting to undersea telecommunication cables to the U.S that include Chinese technology or equipment, citing national security concerns. FCC Chair Brendan Carr said the rules are necessary to "guard our submarine cables against foreign adversary ownership and access as well as cyber and physical threats."
[ » Read full article ]
Reuters; David Shepardson; Jasper Ward; Bhargav Acharya (July 16, 2025)
Cybersecurity Bosses Increasingly Worried About AI Attacks, Misuse
A survey of around 110 chief information security officers (CISOs) by Israeli venture fund Team8 found close to a quarter said their firms had experienced an AI-powered cyberattack in the past year. Securing AI agents was cited as an unsolved cybersecurity challenge for about 40% of respondents, while a similar percentage of CISOs expressed concerns about securing employees' AI usage. About three-quarters (77%) of respondents said they anticipate less-experienced security operations center analysts to be among the first replaced by AI agents.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Cameron Fozi (July 17, 2025)
EU Issues AI Guidelines Amid Systemic Risk Concerns
Reuters (7/18) reports that the European Commission released guidelines on Friday to assist AI models identified as having systemic risks in adhering to the European Union’s AI Act. The act, effective Aug. 2, applies to models from companies like Google, OpenAI, Meta, Anthropic, and Mistral. These companies must comply by Aug. 2 next year or face fines ranging from 7.5 million euros to 35 million euros. The guidelines address criticisms about regulatory burdens and clarify obligations for companies, including model evaluations, risk assessments, and cybersecurity measures. General-purpose AI models must meet transparency requirements. EU tech chief Henna Virkkunen stated, “With today’s guidelines, the Commission supports the smooth and effective application of the AI Act.”
Lawmakers Question Tech Giants On Subsea Cable Safeguards
Reuters (7/21, Shepardson) reports three Republican House lawmakers sent letters to the CEOs of Alphabet, Meta, Amazon, and Microsoft on Monday, asking if they have implemented sufficient safeguards to protect submarine communications cables from national security threats. The letter cited concerns about Chinese entities like Huawei Marine and China Telecom potentially compromising cable systems during maintenance. Representatives requested disclosures by August 8 regarding any suspected tampering or irregularities during cable repairs. The lawmakers referenced “a pattern of coordinated malign activity” by China and Russia targeting subsea infrastructure globally. Since 2020, US regulators have halted four cable projects linking the US and Hong Kong.
Amazon Announces Winners Of Inaugural Nova AI Challenge
SiliconANGLE (7/23) reports that Amazon revealed the winners of its first Nova AI Challenge, a global competition in which university teams tested AI coding assistants’ security through live adversarial scenarios. Team PurpCorn-PLAN from the University of Illinois Urbana-Champaign won the defending track by building a secure coding assistant using Amazon’s custom 8 billion-parameter model, while Purdue University’s Team PurCL topped the attacking track by jailbreaking rival models. Amazon, which evaluated teams using AWS tools like CodeGuru and human reviewers, prioritized a balance between safety and usability. Amazon CISO Eric Docktor said the tournament “accelerates secure, trustworthy AI-assisted software development.” Each team received $250,000 in sponsorship and AWS credits, with the winners gaining an additional $250,000 in prize money and the runners-up receiving an additional $100,000. Participants later shared research at Amazon’s Nova AI Summit.
Faulty Microsoft Security Patches May Have Been Exploited In SharePoint Hack
The Wall Street Journal (7/24, McMillan, Volz, Subscription Publication) reports Chinese hackers may have used faulty patches to hone their attacks and gain access to Microsoft’s SharePoint software, according to security researchers. The failed security patches – released earlier this month – represent the latest in a string of big tech misses that China has used to grow its cyber-espionage operations. The Department of Homeland Security last year released a report detailing Microsoft’s mistakes during a 2023 hack in which thousands of emails from top government officials were stolen.
dtau...@gmail.com
Hackers Compromise Intelligence Website Used by CIA, Other U.S. Agencies
Hackers breached the U.S. National Reconnaissance Office's Acquisition Research Center website, compromising intelligence community contract information. The attack exposed proprietary information from vendors supporting the highly classified Digital Hammer program, which develops AI-powered surveillance tools, miniaturized sensors, acoustic systems, and open-source intelligence platforms for countering Chinese intelligence operations. Space Force satellite surveillance programs, space-based weapons development, and the Golden Dome missile defense system may have been compromised as well.
[ » Read full article ]
Cyber Security News; Guru Baran (July 28, 2025)
Nvidia Says Its Chips Have No 'Backdoors' After China Flags H20 Security Concerns
The Cyberspace Administration of China (CAC) has expressed concerns about potential security risks stemming from a U.S. proposal to equip advanced AI chips with tracking and positioning functions. CAC, China's Internet regulator, called for a meeting with Nvidia on July 31 regarding potential backdoor security risks in its H20 AI chip. In response, Nvidia said its H20 AI chip has no backdoors that would enable remote access or control.
[ » Read full article ]
Reuters (July 31, 2025)
Minnesota Calls in National Guard After 'Digital Attack' on St. Paul
Minnesota called in the National Guard after its capitol city of St. Paul was hit with what Mayor Melvin Carter called a "deliberate, coordinated, digital attack." The office of Governor Tim Walz said the Guard, which has a cyber protection component, was deployed because the attack had "exceeded the city's response capacity." Carter said the city shut down its information systems as a defensive measure, triggering Wi-Fi outages across city buildings, disruptions to city libraries, and suspension of network resources.
[ » Read full article ]
Reuters; Raphael Satter; AJ Vicens (July 29, 2025)
Hacker Sneaks Infostealer Malware into Early Access Steam Game
Threat intelligence firm Prodaft found that threat actor EncryptHub, also tracked as Larva-208, injected malicious binaries into the game files of an early access survival crafting game hosted on Steam. As a result, users who clicked on the Playtest of Aether Forge Studios' Chemia game were unknowingly downloading info-stealing malware. The malware, HijackLoader and Fickle Stealer, also were used by EncryptHub last year in a spear-phishing and social engineering campaign that affected more than 600 organizations worldwide.
[ » Read full article ]
BleepingComputer; Bill Toulas (July 24, 2025)
U.K. to Ban Government Bodies from Paying Ransoms to Hackers
The U.K. government plans to prohibit public sector organizations from paying ransoms to hackers. Private companies will be required to notify authorities if they intend to pay a ransom, with the government to offer advice and support. The policy aims to deter cybercriminals and prevent funds from reaching sanctioned cybercriminal groups.
[ » Read full article ]
The Guardian (U.K.); Robert Booth (July 22, 2025)
Heartbeat Detection Unmasks Deepfakes
Researchers at the Netherlands Forensic Institute developed a method for detecting deepfakes by analyzing blood flow patterns in human faces. Photoplethysmography technology that measures pulse rates through subtle changes in skin color resulting from blood circulation was applied to video analysis to detect a human heartbeat. The researchers found consistent correlations between measured heartbeat and variations in skin color under all scenarios and across all skin tones.
[ » Read full article ]
ComputerWeekly.com; Kim Loohuis (July 24, 2025)
dtau...@gmail.com
Two-Factor Authentication Just Got Simpler
Scientists at Sandia National Laboratories in New Mexico developed a new variation of two-factor authentication (TFA) that does not depend on time-based codes. The new method uses a random number generator and enables direct device-to-device authentication without requiring third-party services or GPS connectivity. Intended for devices lacking sufficient processing power, network bandwidth, or GPS access, such as remote sensors, drones, and smart thermostats, this system performs computations once upfront, reducing the need for continuous processing and conserving energy.
[ » Read full article ]
IEEE Spectrum; Charles Q. Choi (August 5, 2025)
Google's AI-Powered Bug Hunting Tool Finds Major Issues in Open Source Software
Big Sleep, Google's AI-driven bug detection tool, autonomously discovered and reproduced 20 security vulnerabilities in open source software projects, including FFmpeg and ImageMagick. Human security workers verified each vulnerability, which remained secret until they were mitigated under Google's 90-day patching policy. The verification process by human experts was done to assuage any concerns about false positives of AI hallucinations. The full list of vulnerabilities ranked by level of impact (low to high) are available from Google.
[ » Read full article ]
TechRadar; Craig Hale (August 5, 2025)
Thousands of ChatGPT Conversations Appearing in Google Search Results
Thousands of private ChatGPT conversations are appearing in Google search results, exposing deeply personal user disclosures. The issue stems from OpenAI’s shareable chat links, which included an optional, but often misunderstood, setting allowing conversations to be indexed by search engines. While the feature has since been removed, previously indexed chats remain public unless deleted by users. Some include details about trauma, mental health, or identity, raising concerns about data privacy, interface design, and broader industry responsibility around user protection and transparency.
[ » Read full article *May Require Free Registration ]
Computing (U.K.); Dev Kundaliya (August 4, 2025)
Nearly Half of All Code Generated by AI Found to Contain Security Flaws
New research from application security solution provider Veracode reveals that 45% of all AI-generated code contains security vulnerabilities, with no clear improvement across larger or newer large language models. An analysis of over 100 models across 80 coding tasks found Java code most affected with over 70% failure, followed by Python, C#, and JavaScript. The study warns that increased reliance on AI coding without defined security parameters, referred to as "vibe coding," may amplify risks.
[ » Read full article ]
TechRadar; Craig Hale (August 1, 2025)
CISA Open-Sources Thorium Platform for Malware, Forensic Analysis
The open source Thorium platform developed by researchers at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Sandia National Laboratories is intended for use by government-, public-, and private-sector malware and forensic analysts. Available through CISA's official GitHub repository, Thorium automates numerous cyberattack investigatory tasks. Integrating commercial, open source, and custom tools, Thorium can schedule more than 1,700 jobs per second and handle more than 10 million files per hour per permission group.
[ » Read full article ]
BleepingComputer; Sergiu Gatlan (July 31, 2025)
Spikes in Malicious Activity Precede New Security Flaws in 80% of Cases
Researchers at threat monitoring firm GreyNoise found new Common Vulnerabilities and Exposures (CVEs) involving edge networking devices often were preceded by increases in network reconnaissance, targeted scanning, brute-forcing attempts, and other malicious activity. In a study of 216 spike events, the researchers identified a new CVE within three weeks of 50% of these events and within six weeks of 80% of these events.
[ » Read full article ]
BleepingComputer; Bill Toulas (July 31, 2025)
Flickering Lights Could Help Fight Misinformation
A team of Cornell University computer scientists developed "noise-coded illumination," a watermarking technique that embeds verification data as imperceptible flickers of light sources in videos. Cameras record these unique flicker patterns, enabling investigators to decode them and verify video authenticity or detect manipulations. Studio lights could be programmed to flicker in unique patterns during a recording, which would then be detectable by a decoder to determine if the video was later altered.
[ » Read full article ]
Engadget; Andre Revilla (July 30, 2025)
NIST Consortium and Draft Guidelines Aim to Improve Security in Software Development
The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE), together with 14 member organizations in its Software Supply Chain and DevOps Security Practices Consortium, is developing guidelines for secure software development in response to White House Executive Order 14306. Their draft, NIST Special Publication 1800-44, outlines high-level DevSecOps practices and intends to expand on the Secure Software Development Framework (SSDF). Public comments on the guidelines are being accepted until September 12, 2025.
[ » Read full article ]
National Institutes of Health (July 30, 2025)
China Says U.S Exploited Old Microsoft Flaw for Cyberattacks
The Cyber Security Association of China has accused U.S. hackers of stealing military data and perpetrating cyberattacks against the nation's defense sector. The association said the U.S. actors exploited vulnerabilities in Microsoft Exchange email servers to attack two major Chinese military companies, which it did not name. The hackers reportedly controlled the servers of one key defense company for almost a year, according to the association.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Jane Lanhee Lee; Mark Anderson; Colum Murphy (August 1, 2025)
Alumni Criticize Universities Over Email Account Termination
The Chronicle of Higher Education (8/4, Cutler) reports that universities, including Temple, Vanderbilt, and Wright State, are terminating alumni email accounts due to cybersecurity risks and changes in Google’s storage policies. A Temple alumnus has sued the university after losing access to his email, which he used for various personal and professional accounts. Similar actions by other universities have affected thousands of alumni and retirees. Vanderbilt, “citing cybersecurity risks, announced this spring it planned to discontinue alumni access to Google Workspace later this month.” Ed Hudson, the vice chancellor of information technology at the University of Kansas, “said it’s become more and more difficult to fend off email hacks as the number of alumni and retirees grows.” He added that “when you leave [college], we lose that ability and that insight into what you’re doing, and that increases risk.”
dtau...@gmail.com
Pro-Russia Hackers Suspected of Dam Sabotage in Norway
Pro-Russia hackers are likely behind suspected sabotage at a dam in Norway in April that affected water flows, according to police officials. During the incident, hackers gained access to a digital system that remotely controls one of the dam’s valves and opened it to increase the water flow. A three-minute long video showing the dam’s control panel and a mark identifying a pro-Russian cybercriminal group was published on Telegram in April.
[ » Read full article ]
Associated Press; Emma Burrows (August 13, 2025)
NIST Finalizes ‘Lightweight Cryptography’ Standard to Protect Small Devices
The National Institute of Standards and Technology (NIST) has released its Lightweight Cryptography Standard to protect small, resource-limited devices like IoT gadgets, RFID tags, and medical implants from cyberattacks. Based on the Ascon algorithm family, the standard offers four variants for tasks such as authenticated encryption, hashing, and customizable hash sizes. Ascon supports secure data encryption, authentication, and integrity verification while conserving energy, time, and memory.
[ » Read full article ]
NIST News (August 13, 2025)
South Korean White Hat Hackers Win World’s Top Hacking Contest, Again
White hat hacker team Maple Mallard Magistrates (MMM) from South Korea won the Capture the Flag (CTF) hacking competition at this year’s DEF CON conference, clinching the top prize for the fourth straight year at the world's largest open computer security hacking competition. MMM's victory came just a day after a team from Samsung, the Korea Advanced Institute of Science & Technology, and Pohang University of Science and Technology claimed first place in the conference’s AI Cyber Challenge.
[ » Read full article ]
The Korea Times; Lee Gyu-lee (August 11, 2025)
Encryption Made for Police and Military Radios May Be Easily Cracked
Researchers in the Netherlands uncovered critical vulnerabilities in encryption algorithms for the TETRA radio standard, widely used by police, military, and intelligence agencies. Earlier, the team, from Midnight Blue, uncovered intentional backdoors and weak key reductions in TETRA's TEA1 algorithm. More recently, they found similar flaws in the end-to-end encryption solution through reverse-engineering. One flaw enabled a 128-bit key to be reduced to just 56 bits, enabling eavesdropping.
[ » Read full article ]
Wired; Kim Zetter (August 7, 2025)
Conversations Remotely Detected from Cellphone Vibrations
Computer science researchers demonstrated that transcriptions of phone calls can be generated from radar measurements taken up to three meters (about 10 feet) from a cellphone. The team at The Pennsylvania State University (Penn State) used a radar sensor and voice recognition software to wirelessly identify 10 predefined words, letters, and numbers with up to 83% accuracy. Explained Penn State's Suryoday Basak, "If we capture these same vibrations using remote radars and bring in machine learning to help us learn what is being said, using context clues, we can determine whole conversations."
[ » Read full article ]
PennState News; Mariah Lucas (August 8, 2025)
Microsoft Exchange Server Vulnerability Enables Attackers to Gain Admin Privileges
A critical vulnerability (CVE-2025-53786) in Microsoft Exchange Server hybrid deployments allows attackers with on-premises admin access to escalate privileges to Exchange Online without leaving clear audit traces. Demonstrated at Black Hat 2025, the flaw stems from shared service principals in hybrid authentication. Microsoft began mitigation in April 2025 by introducing dedicated hybrid applications, later formalizing the issue in this CVE.
[ » Read full article ]
Cyber Security News; Guru Baran (August 7, 2025)
A Single Poisoned Document Could Leak 'Secret' Data via ChatGPT
A vulnerability in OpenAI's ChatGPT Connectors allows sensitive information to be extracted from Google Drive via an indirect prompt injection attack called AgentFlayer, revealed researchers Michael Bargury and Tamir Ishay Sharbat of Zenity during a recent session at Black Hat USA 2025. The exploit involves hiding a malicious prompt in a shared document, unseen by humans but executed by the AI, causing ChatGPT to leak data.
[ » Read full article ]
Wired; Matt Burgess (August 6, 2025)
Researcher Deploys Fuzzer to Test Autonomous Vehicle Safety
Research using a fuzzing framework to test autonomous vehicle teleoperation systems against unsafe or malicious commands was detailed during a session by Zoox product security engineer Zhisheng Hu at Black Hat USA 2025. The technique generated edge cases that could cause collisions, revealing vulnerabilities that might appear benign until specific conditions arise. The findings highlight fuzzing as a key method for scaling autonomous vehicle safety and security in real-world conditions.
[ » Read full article ]
Dark Reading; Arielle Waldman (August 7, 2025)
Russia Suspected to Be Behind Breach of Federal Court Filing System
U.S. investigators believe Russia is at least partly responsible for a yearslong hack of the federal court system, compromising sealed records tied to national security and overseas criminal cases. Affecting at least eight district courts, the breach prompted urgent instructions to remove sensitive files from PACER and the Case Management/Electronic Case Files system. Recent orders bar uploading sealed documents to PACER in some districts.
[ » Read full article *May Require Paid Registration ]
The New York Times; Adam Goldman; Glenn Thrush; Mattathias Schwartz (August 12, 2025)
Columbia University Continues Investigating Cyberattack That Impacted About 870K People
Bloomberg (8/8, Subscription Publication) reported that a recent breach of Columbia University’s computer systems “compromised personal information of about 870,000 people, including students and applicants, according to the school’s reports to state officials in the US.” The hack “included ‘any personal information’ provided in connection with applications or was collected during students’ studies, according to drafts of letters from the university to potentially affected individuals.” That includes “contact details, demographic information, academic history, financial aid-related information and insurance and health-related data shared with the university.” The university’s investigation is “ongoing and the school is still working to determine the number of individuals impacted, a Columbia official said Friday.”
dtau...@gmail.com
FBI Warns of Russian Hacks Targeting U.S. Critical Infrastructure
The U.S. Federal Bureau of Investigation (FBI) and researchers at Cisco Talos warn that Russian hacker groups are using a seven-year-old vulnerability in Cisco IOS software to target critical U.S. infrastructure. The Cisco researchers said the hackers are undertaking en masse extraction of device configuration information. The FBI issued a separate advisory noting it had identified incidents over the last year in which hackers collected configuration files "for thousands of networking devices associated with U.S. entities across critical infrastructure sectors."
[ » Read full article ]
Reuters; A.J. Vicens (August 20, 2025)
Internet-Wide Vulnerability Enables Giant DDoS Attacks
Researchers at Tel Aviv University in Israel have discovered a new HTTP/2 vulnerability that could enable massive distributed denial-of-service (DDoS) attacks affecting up to one-third of websites globally. The “MadeYouReset” flaw circumvents last year’s “Rapid Reset” fix by exploiting server-initiated stream cancellations to overwhelm back-end systems. Though many vendors have patched against the threat, others remain vulnerable.
[ » Read full article ]
Dark Reading; Nate Nelson (August 18, 2025)
Hijacked Satellites Bring Weapons to Space
Hackers aligned with Russia demonstrated the dangers of cyberwarfare in space by hijacking a satellite broadcasting television to Ukraine during Moscow’s Victory Day parade to show Russian tanks and troops, underscoring how satellites increasingly are targets in modern conflict. Attacks on satellites can disable critical systems by exploiting outdated software or disrupting signals, threatening GPS, communications, and military operations.
[ » Read full article ]
Associated Press; David Klepper (August 18, 2025)
Travel eSIMs Secretly Route Traffic over Chinese Networks
Northeastern University researchers found that many travel electronic identity modules (eSIMs) route user traffic through foreign networks, often without disclosure. In a test of 25 providers, researchers discovered that data frequently passed through China Mobile’s infrastructure, sometimes making devices appear located in China. They also found that eSIM profiles engaged in hidden communications with overseas servers, and that becoming an eSIM reseller requires minimal verification but grants access to sensitive identifiers and even approximate device location.
[ » Read full article ]
itnews (Australia); Juha Saarinen (August 19, 2025)
Tool Sniffs 5G Traffic to Launch Attacks
An open source framework developed by security researchers at the Singapore University of Technology and Design exploits vulnerabilities in 5G mobile networks during the pre-authentication phase when devices connect to networks. The Sni5Gect framework can detect uplink/downlink traffic with more than 80% accuracy from up to 20 meters away to launch attack payloads. The tool targets the brief unencrypted messaging period between the base station and target handset that occurs during handshaking and authentication.
[ » Read full article ]
The Register (U.K.); Gareth Halfacree (August 18, 2025)
NIST Issues Guidelines to Help Detect Face Photo Morphs
The U.S. National Institute of Standards and Technology (NIST) issued guidelines to help organizations combat face morphing attacks, in which blended photos deceive facial recognition systems and enable identity fraud. The new guidelines highlight two approaches to detecting such attacks: single-image detection, which analyzes only a suspicious photo, and differential detection, which compares it against a verified image. Single-image tools can be highly accurate but often fail on unfamiliar morphing software, while differential methods are more consistent, though they require an additional photo.
[ » Read full article ]
NIST News (August 18, 2025)
Study Reveals Alarming Browser Tracking
University of California, Davis computer scientists found that GenAI browser assistants typically collect and share personal and sensitive information with first-party servers and third-party trackers. Their study covered nine popular search-based GenAI browser assistants. Some gathered only the data on the screen when the questions were asked, but others collected the full HTML of the page and all textual content. One also collected form inputs, including the user's Social Security number.
[ » Read full article ]
UC Davis College of Engineering News; Jessica Heath (August 13, 2025)
U.K. Expands Police Use of Facial Recognition
The U.K.'s Home Office plans to deploy 10 new live facial recognition vans across seven English police forces. The vans scan faces in public and compare them to watchlists, a system credited with 580 London arrests in a year. Privacy campaigners warn of a “surveillance state” and are pursuing legal challenges, citing misidentifications and lack of a legal mandate. The government counters that the technology is accurate, proportionate, and focused on serious offenders.
[ » Read full article ]
BBC News; Kate Whannel (August 13, 2025)
Microsoft Curbs Early Access to Notifications About Cybersecurity Flaws
Microsoft is restricting Chinese companies’ access to its cybersecurity vulnerability program after investigating whether a leak contributed to the recent SharePoint breaches that affected 400 organizations, including the National Nuclear Security Administration. The Microsoft Active Protections Program previously gave partners, including a dozen Chinese firms, early details and proof-of-concept code for flaws. Now, those in countries requiring vulnerability reporting to governments, like China, will receive general written descriptions only when public patches are released.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Ryan Gallagher (August 20, 2025)
U.K. Drops Request That Apple Create a Back Door
The U.S. has secured an agreement with the U.K. that spares Apple from creating a tool giving U.K. law enforcement access to customers’ encrypted cloud data. U.S. Director of National Intelligence Tulsi Gabbard said Britain agreed to drop the mandate, which Apple argued threatened civil liberties and global data security. The move followed Britain’s amendments to the Investigatory Powers Act and a secret order compelling Apple to comply.
[ » Read full article *May Require Paid Registration ]
The New York Times; Tripp Mickle (August 19, 2025)
FBI Partners With Texas Tech On Cybersecurity
KAMC-TV Lubbock, TX (8/18, Salazar) reports the Texas Tech University System (TTU System) has announced a “first-of-its-kind partnership with the Federal Bureau of Investigation (FBI) aimed at strengthening cybersecurity, protecting critical infrastructure, and advancing US national security.” Through the Cooperative Research and Development Agreement, “the FBI will tap into research conducted at Texas Tech’s Critical Infrastructure Security Institute (CISI), which focuses on addressing vulnerabilities in key systems such as the electric grid, water utilities, communication networks, military assets, and other infrastructure vital to the economy.” By combining resources, “the TTU System and FBI plan to advance research, expand workforce training, and bolster the resilience of sectors including energy, telecommunications, health care, water, and defense.”
House Plans CISA 2015 Reauthorization
Federal News Network (8/19, Doubleday) reports the House Homeland Security Committee in September will “mark up a reauthorization bill for a soon-to-expire cybersecurity law that’s viewed as critical to cyber collaboration across government and industry.” House Homeland Security Committee Chairman Andrew Garbarino (R-NY) “confirmed the committee will mark up a reauthorization bill for the Cybersecurity Information Sharing Act of 2015 once Congress returns from August recess.” The reauthorization of CISA 2015 is “expected to be a priority for new National Cyber Director Sean Cairncross.”
dtau...@gmail.com
FBI Warns Chinese Hacking Campaign Expanded to 80 Countries
The U.S. Federal Bureau of Investigation (FBI) and globally allied intelligence agencies warned that a Chinese-government hacking campaign has expanded far beyond U.S. telecom firms, targeting at least 200 U.S. organizations as well as entities in 80 countries. The joint advisory named three private companies that allegedly participated in the attacks, saying they provided services to multiple units in China's People’s Liberation Army and Ministry of State Security.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Joseph Menn (August 27, 2025)
Alternative free article from NextGov/FCW: Salt Typhoon hackers targeted over 80 countries, FBI says - Nextgov/FCW
Hacker Used AI to Automate 'Unprecedented' Cybercrime Spree
Anthropic revealed that a hacker exploited its Claude AI chatbot to run what it called the most advanced AI-driven cybercrime spree yet, targeting at least 17 companies. Over three months, the hacker used Claude to identify vulnerable firms, build malware, organize stolen files, analyze sensitive data, and draft ransom emails. Victims included a defense contractor, a financial institution, and several healthcare providers, with stolen data ranging from medical records to defense-regulated files.
[ » Read full article ]
NBC News; Kevin Collier (August 27, 2025)
Hackers Sabotage Iranian Ships
Researchers at U.K.-based Iranian opposition activist group Nariman Gharib found that hackers had launched a coordinated cyber assault on Iran's sanctioned tanker fleets earlier this month by infiltrating Fanava Group, the IT provider that manages their satellite communications. The attackers gained access to a centralized database by exploiting vulnerabilities in outdated iDirect Falcon terminals running legacy Linux systems. The hackers simultaneously disrupted email, weather updates, communications, and port coordination across 64 ships with a single orchestration script and overwrote storage partitions on satellite modems so remote recovery was impossible.
[ » Read full article ]
Cyber Security News; Tushar Subhra Dutta (August 25, 2025)
Login System Helps Spot Online Hacks Without Sacrificing Privacy
A privacy-preserving system developed by Cornell Tech researchers helps users detect compromised accounts without exposing personal data to Web services tracking. The Client-Side Encrypted Access Logging (CSAL) system uses end-to-end encryption with keys known only to client devices, generating cryptographic tokens that service providers store but cannot decrypt. This allows users to verify login authenticity while preventing platforms from collecting tracking data through device fingerprints.
[ » Read full article ]
Cornell Chronicle; Grace Stanley (August 25, 2025)
FTC Chair Warns U.S. Platforms Not to Weaken Privacy by Applying EU's DSA
In a letter to Apple, Google, and other U.S. tech platforms, U.S. Federal Trade Commission (FTC) Chair Andrew Ferguson urged them not to implement the EU Digital Services Act (DSA) or other EU or U.K. online laws. Ferguson said such laws "present emerging and ongoing threats to the free exchange of ideas."
[ » Read full article ]
Euractiv; Anupriya Datta (August 22, 2025)
Russia Orders State-Backed MAX Messenger App Pre-Installed on Phones, Tablets
The Russian government is requiring that all mobile phones, tablets, and other gadgets sold in that country come pre-installed with the state-backed messenger app MAX beginning September 1. The move comes after Russia said this month it had started restricting communications on WhatsApp and Telegram, accusing the foreign-owned platforms of failing to share information with law enforcement.
[ » Read full article ]
Reuters; Andrew Osborne (August 21, 2025)
Defense Groups Take Aim at Underwater Security
Companies in the defense sector are preparing for a surge in government spending on protecting national maritime assets and critical infrastructure. Recent attacks on seabed pipelines and telecom cables have highlighted vulnerabilities, prompting initiatives like the U.S.’s recent tightening of subsea cable regulations. Defense technology companies are investing in naval technologies including AI-driven autonomous vehicles, sensors, and data systems for anti-submarine and infrastructure protection.
[ » Read full article *May Require Paid Registration ]
Financial Times; Sylvia Pfeifer (August 26, 2025)
DARPA Seeks to Secure Communications with Quantumness
The U.S. Defense Advanced Research Projects Agency (DARPA) launched the Quantum-Augmented Network (QuANET) program to explore how quantum devices can enhance security in existing communication networks. Unlike a full quantum Internet, which faces technological hurdles, QuANET focuses on near-term applications such as transmitting quantum-encoded images at video-quality speeds. Researchers are testing innovations like hyperentanglement, which could secure more data with fewer signals, and developing quantum-like light and interface cards to integrate quantum features into traditional systems.
[ » Read full article *May Require Paid Registration ]
New Scientist; Karmela Padavic-Callaghan (August 22, 2025)
US Weighs Sanctions On EU Members Involved In Implementing Tech Law
Reuters (8/25) reports the Administration is “considering imposing sanctions on European Union or member state officials responsible for implementing the bloc’s landmark Digital Services Act...over US complaints that the law censors Americans and imposes costs on US tech companies.” State Department officials “have yet to make a final decision on whether to go ahead with the punitive measures that would likely come in the form of visa restrictions.” It was also “unclear which EU or EU member state officials the action would target, but US officials held internal meetings on the topic last week.” Reuters notes that while trading partners “frequently complain about domestic rules they see as unfairly restrictive, sanctioning government officials over such a regulation is extremely rare.”
Google Previews Cyber “Disruption Unit”
CyberScoop (8/27, Starks) reported Google says it is starting a “cyber ‘disruption unit,’ a development that arrives in a potentially shifting US landscape toward more offensive-oriented approaches in cyberspace.” Sandra Joyce, vice president of Google Threat Intelligence Group, “said at a conference Tuesday that more details of the disruption unit would be forthcoming in future months, but the company was looking for ‘legal and ethical disruption’ options as part of the unit’s work.” Speaking at a Center for Cybersecurity Policy and Law event, Joyce cited “intelligence-led proactive identification of opportunities where we can actually take down some type of campaign or operation.” Joyce, who also called for partners in the project, said, “We have to get from a reactive position to a proactive one” if “we’re going to make a difference right now.”
dtau...@gmail.com
Hackers Issue Ultimatum to Google After Data Breach Warning
Hackers claiming to be from a group called Scattered LapSus Hunters have threatened to leak Google databases unless the company fires employees Austin Larsen and Charles Carmakal, both of whom work in Google’s Threat Intelligence Group. The hackers also demanded a suspension of investigations into their network. The group reportedly consists of members from Scattered Spider, LapSus, and ShinyHunters. No proof of database access has been provided, but in August reports indicated that ShinyHunters obtained data from Salesforce, a Google third-party provider.
[ » Read full article ]
Newsweek; Theo Burman (September 1, 2025)
EU to Expand Satellite Defenses After GPS Jamming of EC President's Flight
The European Union (EU) plans to deploy additional satellites in low Earth orbit to strengthen its ability to detect GPS interference, following an incident targeting European Commission (EC) President Ursula von der Leyen’s flight. Pilots reportedly had to rely on paper maps to land von der Leyen’s plane safely in Plovdiv, Bulgaria. An EU spokesperson said Bulgarian authorities suspect Russia was behind the jamming, though the Kremlin denies involvement. Similar GPS disruptions have affected the Baltic region and previous EU and U.K. flights.
[ » Read full article ]
Computing (U.K.); Franklin Okeke (September 2, 2025)
NIST Enhances Security Controls for Improved Patching
The U.S. National Institute of Standards and Technology (NIST) updated its Security and Privacy Control catalog to improve software patch and update management. The revisions focus on three key areas: standardized logging syntax to speed incident response, root cause analysis to address underlying software issues, and designing systems for cyber resiliency to maintain critical functions under attack. The update also emphasizes least-privilege access, flaw-remediation testing, and coordinated notifications.
[ » Read full article ]
Dark Reading; Arielle Waldman (September 2, 2025)
EU Court Backs Latest Data Transfer Deal Agreed by U.S. and EU
Europe’s General Court upheld a transatlantic data transfer pact between the EU and the U.S. The agreement, struck in 2023 after two previous frameworks were invalidated, was challenged by French lawmaker Philippe Latombe, who argued it failed to adequately protect Europeans from bulk U.S. surveillance. The European judges dismissed these concerns, ruling U.S. oversight mechanisms offered sufficient safeguards. The case could still proceed to the European Court of Justice, which has the final word on the region’s data protection law.
[ » Read full article ]
Reuters; Foo Yun Chee; Sudip Kar-Gupta (September 3, 2025)
U.S. Puts GDP Data on the Blockchain
The U.S. government has begun publishing GDP data on public blockchains. The Commerce Department released official GDP data hashes across nine blockchains, including Bitcoin, Ethereum, and Solana, with support from Pyth and Chainlink, "oracles" that serve as third-party providers of data to crypto apps. Officials stressed the move creates another avenue—not a replacement—for publishing the economic data.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Josh Wingrove; Olga Kharif; Jennifer A. Dlouhy (August 28, 2025)
dtau...@gmail.com
White Hat Hackers Reveal Vulnerabilities in NASA Software
White hat hackers uncovered vulnerabilities in open-source software used by space agencies and companies to control satellites, potentially allowing attackers to hijack spacecraft. The flaws, now patched, were disclosed at the Black Hat USA and DEF CON conferences. Andrzej Olchawa and Milenko Starcik of space cybersecurity company VisionSpace described the flaws in NASA’s core Flight System and in the Yamcs mission control system as “easy to exploit” and warned that overlooked cybersecurity poses risks to both open- and closed-source space systems.
[ » Read full article ]
IEEE Spectrum; Tereza Pultarova (September 10, 2025)
CISA Sounds Alarm over TP-Link Wireless Routers Under Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that two flaws in routers produced by China's TP-Link, CVE-2023-50224 and CVE-2025-9377, are under active attack. The vulnerabilities expose users to credential theft and remote code execution on models including Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. CISA urged organizations to prioritize remediation as part of their vulnerability management programs. A third bug in the CWMP protocol, disclosed separately, can crash routers.
[ » Read full article ]
The Register (U.K.); Iain Thomson (September 8, 2025)
Online Images Can Hijack Your Computer
Researchers at the University of Oxford in the U.K. warn that AI agents may be vulnerable to hidden attacks embedded in images. Explained Oxford's Yarin Gal, any such sabotaged image can trigger a computer “to retweet that image and then do something malicious, like send all your passwords. That means that the next person who sees your Twitter feed and happens to have an agent running will have their computer poisoned as well.”
[ » Read full article ]
Scientific American; Deni Ellis Béchard (September 4, 2025)
Boffins Build Automated Android Bug Hunting System
Computer scientists at Nanjing University in China and The University of Sydney in Australia have developed an AI system that identifies and validates Android app vulnerabilities. Unlike traditional tools that overwhelm developers with false positives, the A2 tool mimics human bug hunters by planning, executing, and validating attacks. In testing, it achieved 78.3% coverage on the Ghera benchmark—far higher than existing analyzers—and uncovered 104 zero-day flaws in production apps, including one with 10 million downloads.
[ » Read full article ]
The Register (U.K.); Thomas Claburn (September 4, 2025)
ICE Reactivates Contract with Previously Banned Spyware Vendor
U.S. Immigration and Customs Enforcement (ICE) has resumed its $2-million contract with Paragon Solutions, a spyware company previously sidelined under an executive order from the previous administration targeting unethical surveillance vendors. A government filing on Aug. 29 lifted the stop-work order imposed last year, though ICE has not explained the reversal. Paragon drew criticism after its Graphite spyware was discovered on devices belonging to Italian journalists, migrant advocates, and associates of Pope Francis.
[ » Read full article ]
The Washington Post; Joseph Menn (September 2, 2025)
Google Accepts Seoul's Security Requirements for Map Data Transfer
Google said it will comply with South Korea’s security demands to remove latitude and longitude coordinates from its map in order to gain approval to export high-precision map data overseas. The company also pledged to strengthen partnerships with local technology firms and to consider purchasing government-approved satellite images from local partners like Tmap Mobility. South Korea restricts overseas transfers of maps with a scale finer than 1:25,000 for security reasons.
[ » Read full article ]
The Korea Times (September 10, 2025)
Children Hacking Schools for Fun, U.K. Watchdog Warns
The U.K. Information Commissioner’s Office (ICO) issued a warning about the growing problem of students hacking school and college IT systems. Most insider breaches in education originate from pupils, often starting as dares or challenges, but sometimes causing serious damage. Since 2022, the ICO investigated 215 insider attacks, and found more than half (57%) were carried out by children, some of whom accessed staff systems, altered records, or stole personal data from peers.
[ » Read full article ]
BBC News; Joe Tidy (September 11, 2025)
House Considers Legislation Enhancing DHS Intel Sharing
Industrial Cyber (9/4, Ribeiro) reported the House Committee on Homeland Security “held a markup on Wednesday to consider legislation aimed at preserving key cybersecurity tools, enhancing public safety, strengthening the Department of Homeland Security (DHS)’s counterterrorism mission, improving intelligence sharing, and defending critical infrastructure.” Chairman August Pfluger, a “Texan Republican of the Counterterrorism and Intelligence Subcommittee,” introduced the “Generative AI Terrorism Risk Assessment Act,” which would examine “how foreign terrorist groups could weaponize artificial intelligence to recruit and radicalize individuals, both on U.S. soil and globally.” Rep. Ryan Mackenzie (R-PA) “proposed the ‘DHS Intelligence Rotational Assignment Program and Law Enforcement Support Act,’ which would require DHS personnel in the Office of Intelligence and Analysis to participate in a program that increases collaboration across the intelligence community.” Additionally Resident Commissioner Pablo Hernández’s “‘Strengthening Oversight of DHS Intelligence Act’ will help improve how the DHS handles intelligence to protect privacy and civil liberties.”