ServiceNow announces a deal to acquire identity security startup Veza, sources say for between $1B and $1.5B; Veza had a private valuation of $808M in March (Valida Pau/The Information)
Fake images, fake videos, & manipulated voices are fueling a new wave of holiday scams. Criminals are exploiting the confusion & we're holding them accountable. Our Atlanta Field Office partnered w/ @wsbtv to warn Georgians about this fraud: www.wsbtv.com/news/local/a...
Stay vigilant.
DeepSeek V3.2 just dropped a major upgrade—sparse attention for long‑context, solid tool‑use reasoning, and built‑in formatting cues. Open‑source power is finally ready for production. Dive into the details! #DeepSeekV32#OpenSourceLLM#SparseAttention
Sources: Anthropic has tapped a law firm to begin work on its IPO, which could come as soon as 2026, and has held preliminary talks with big investment banks (George Hammond/Financial Times)
"WAICO would be a way for countries to coordinate AI governance rules while 'fully respecting the differences in national policies and practices' and championing the global south, Chinese officials have said."
One thing separating the dot com boom from the AI bubble has been a comparative lack of dazzling IPOs. OpenAI and Anthropic are in a race to go first -- the latter has just hired lawyers for the effort. Great @georgehammond.bsky.social scoop www.ft.com/content/3254...
Struggling to balance speed and security in your software delivery?
GitLab’s AI-powered DevSecOps platform automates workflows and integrates security seamlessly, helping you ship secure software faster.
Facing delays and data loss during disaster recovery?
Druva offers fully managed SaaS data protection for rapid, ransomware-proof recovery.
Secure your data effortlessly and minimize downtime with Druva’s cloud-native solutions.
Cybersecurity jobs available right now: December 2, 2025
Application Security Manager Oddity | Israel | On-site – View job details As an Application Security Manager, you will conduct threat modeling based on a deep understanding of product features and workflows. You will coordi… #hackernews#news
Thanks to the TrustTheVote®Project members, we took our ELLA, the first election specific AI agent, from initial pilot test to election tested solution for election administrators! Let's make election history in 2026! https://secure.anedot.com/the-trustthevote-project/giving_tuesday25
Every ai booster believes that college is about doing homework. They think there’s a homework goblin that pays the colleges for their homework. Their dream is that they can have a machine that you can pay $75,000 to and receive a college degree from in four years.
Top stories from AWS’s major technology showcase re:Invent 2025
🔥 Read this must-read post from TechCrunch 📖 📂 Category: AI,Enterprise,AI agents,AI chips,AWS,aws re:Invent,AWS reinvent 2025 📌 Main takeaway: Amazon Web Services' annual technical conference AWS re:Invent has concluded its first…
Amazon Unveils 3 Frontier AI Agents Including 'Kiro' That Codes Autonomously — Amazon Web Services announced three new 'frontier agents' at Re:Invent, including Kiro, an agent the company says can learn user workflows and autonomously write and run code for extended periods. The launch…
“The House Homeland Security Committee asked Dario Amodei to answer questions about the implications of the attack and how policymakers and AI companies can respond.” cyberscoop.com/house-homela...
Product showcase: UserLock IAM for Active Directory
UserLock brings modern identity and access management (IAM) to Active Directory, adding granular multi-factor authentication (MFA), contextual access controls, single sign-on (SSO) and real-time session management. It helps AD-f… #hackernews#news
Old post but the warning still stands- China’s cyber espionage is grinding nonstop. Stealing U.S. Intellectual Property to leapfrog us in AI and machine learning. If we sleep on this, we hand them the future. #CyberSecurity#AI#TechThreat#Espionage www.csis.org/analysis/how...
Creative cybersecurity strategies for resource-constrained institutions
In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach cybersecurity with limited resources and still build resilience. He discusses… #hackernews#news
OPINION: "I have seen how a single vulnerability in a shared system can cascade across multiple facilities," writes Michael Murphy, Fortinet's director of operational technology and critical infrastructure in APAC.
Arcee just dropped its Apache‑2.0‑licensed Trinity Mini (26B) and a sneak‑peek Nano (6B) with AFMoE Mixture‑of‑Experts. Think DeepSeek‑style power in open source. Curious? Dive into the details! #Arcee#TrinityMini#AFMoE
Extra infosec investments are taxiing towards the runway India’s Civil Aviation Minister has revealed that local authorities have detected GPS spoofing and jamming at eight major airports.…
ADORE: Autonomous Domain-Oriented Relevance Engine for E-commerce
Proposes a self-sustaining framework combining CoT-based LLM reasoning with KTO alignment, error-type-aware data synthesis, and key-attribute-enhanced knowledge distillation.
Presents a comprehensive survey of deep research systems that combine LLM reasoning with external tools like search engines to complete complex, open-ended tasks.
Be careful when using company devices... I don't know why people would use their company devices for personal use either. Just don't
Google Starts Sharing All Your Text Messages With Your Employer share.google/dop29czAlvrp...
4 Clever Tricks That Make It Worth Switching to Proton Mail
Proton Mail is an appealing alternative to Gmail, Outlook, and Apple Mail. It also comes with advanced privacy and productivity features, including a way to manage newsletter overload.
Skyflow delivers Runtime AI Data Security for protecting sensitive data in agentic workflows
Skyflow announced the launch of its Runtime AI Data Security platform for AWS AgentCore. While AI models are improving every few months and the industry is investing hundreds of billions … #hackernews#news
~Socket~
Socket's founder discusses the journey of scaling a supply chain security company from zero to 10,000+ organizations.
-
IOCs: (None identified)
- #Cybersecurity#Startup#ThreatIntel
Mistral AI released Mistral 3, a family of 10 open-source models under the Apache 2.0 license, including flagship Mistral Large 3 (Mixture-of-Experts with 41B active parameters, 256k-token context, multimodal) and nine edge-optimized Ministral 3 variants runnable on ~4GB VRAM.
At re:Invent 2025 AWS introduced three "frontier agents"—Kiro, AWS Security Agent and AWS DevOps Agent—built on Nova LLMs, Trainium3 and an agentic runtime to automate code maintenance, security validation and 24/7 DevOps monitoring.
AWS unveiled three developer 'frontier agents'—Kiro, a cross-session AI IDE; a DevOps agent claiming 86% root-cause identification; and a Security agent for autonomous penetration testing—to automate triage, multi-repo code changes and security testing.
Don't toss that drive yet! Learn how to safely dispose of old hard drives using data wiping tools and physical destruction methods to protect your privacy.
Modernizing your applications, networks, and security doesn’t have to be slow and costly. Consolidate and simplify with the connectivity cloud. https://cfl.re/3YYK5XS
The Verge has a long look at Anthropic’s tiny nine-person “societal impacts” team, the folks tasked with finding the “inconvenient truths” about how Claude is affecting elections, the economy, and people’s mental health.
You may have heard about Agentic AI. In this handbook, Balajee explains the key concepts behind AI agents & how they work. You'll learn about planning & reasoning, autonomy, how agentic AI "knows" what to do, challenges agents face, & how to build your own agent. www.freecodecamp.org/news/the-age...
Always look at the credits in CVE records, they’re full of insightful details.
I particularly enjoyed this one. By the way, in Vulnerability Lookup we also have a nice display of the actual credits: finder, coordinator, and so on.
The latest update for #ProtectoAI includes "Types of Data Tokenization: Methods & Use Cases Explained" and "Advanced Data Tokenization: Best Practices & Trends 2025".
The latest update for #JFrog includes "PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities" and "Secure and Productionize Databricks #AI Models with the JFrog Platform".
The latest update for #FerootSecurity includes "How to Maintain PCI #Compliance Across Hundreds of Payment Pages" and "How Our Clients Meet Compliance Requirements in 2025 with Feroot's Enhanced #AI Capabilities".
The latest update for #BDRSuite includes "India's 2025 GPS Spoofing Attack: Why Data Resilience Matters" and "2026 #Backup Readiness Checklist: A Practical Self-Audit for MSPs & IT Teams".
Dr. Katja Thieme (she/they)@katjathieme.bsky.social
„CSU—US’s largest public uni system—went all-in with a $17mill partnership with OpenAI. . .CSU unveiled its grand technological gesture just as it proposed slashing $375mill from its budget. While admin cut ribbons on AI, they were cutting faculty positions, academic programs, student services.“
The latest update for #Netwrix includes "The next five minutes of #compliance: building identity-first data security across Asia-Pacific & Japan" and "Configuration management for secure endpoint control".
The latest update for #Securonix includes "Built for #AWS. Built for How #SecurityTeams Really Work." and "Securonix Threat Labs Monthly Intelligence Insights – October 2025".
The latest update for #GitGuardian includes "Mutual TLS (mTLS) Authentication - A Complete Guide" and "How #MachineLearning Transforms Security Alert Chaos into Actionable Intelligence".
Stripe agrees to acquire Metronome, which offers APIs to help SaaS companies charge customers based on usage and has raised $128M in total funding (Scott Woody/Metronome)
Research by #Cybersecinsiders 'The 2025 State of AI Data Security Report' reveals a widening contradiction in enterprise security: #AI adoption is nearly universal, yet oversight remains limited.
The latest update for #Memcyco includes "Retail Peak Season & Account Takeover Prevention: The 2025 Survival Guide" and "How Airlines Can Stop Loyalty Account Takeovers Before Miles Are Stolen".
🚀 Excited to introduce OpenMMReasoner! This innovative framework boosts multimodal reasoning, offering smarter AI for personalized recommendations and data analysis—ideal for businesses seeking control! 🌟🤖 Ready to learn more? #AI#OpenSource#MultimodalReasoningLINK
"Everyone uses APIs. But, they do it mostly indirectly. Contrary to what many people in the industry suggest, API consumption is not typically done directly."
The Year AI Turned on Its Makers: Bioweapons, Deepfakes, and the Security Gap No One Budgeted For Explore the dark side of AI: AI threats demand smarter defenses now. Read All
File Upload Security Issues File Upload Security Issues: A Comprehensive Guide Introduction: File upload functionality is a ubiquitous feature in modern web applications. From profile pictures and ...
Digging into the new Secure Gateway to AI. We detail how Duende IdentityServer v7.4 implements RFC 8414 and DCR to manage AI agents securely; establishing a stable, secure, and future-proof MCP server architecture. Learn more: duende.link/is74b1b
Derek Garcia, Briana Lee, Ibrahim Matar, David Rickards, Andrew Zilnicki
CVE Breadcrumbs: Tracking Vulnerabilities Through Versioned Apache Libraries https://arxiv.org/abs/2512.02259
Best ot/ics cybersecurity and Gen Ai training in Delhi NCR
and in India
visit - www.theevolvedge.com
mail- info@theevolvedge.com
ph no :- +917982403420
+919311805027
A recent investigation by the security company Koi has uncovered a sophisticated cyber espionage operation conducted by a suspected Chinese hacker group, ShadyPanda. Over a period of seven years, the group infiltrated approximately 4. researchsnipers.com
I Want A Stelladoll For Christmas@stellaunderscore.bsky.social
in gonna be honest I think i watched like 2 justinthetrees videos and then tried so hard to get YouTube to stop reccomending me him cuz I found his content extremely uninteresting but damn the ai prompt machine that totally made all this clocked me perfectly ☹️
An acute global shortage of memory chips is forcing artificial intelligence and consumer-electronics companies to fight for dwindling supplies, as prices soar for the unglamorous but essential components that allow devices to store data. - Reuters
Why can't I cleanly reinstall Firefox? I am really irritated that I cannot cleanly reinstall Firefox. CCleaner botched my current profile and jeopardised all my shortcuts. That is a known bug o...
I used to *think* I took cybersecurity seriously, but realised the error of my ways when I became responsible for demonstrating the effectiveness of our practices. More in this week's blog post:
Detectats més de 390 dominis de sincronització d’iCalendar abandonats que podrien posar en risc gairebé 4 milions de dispositius que hi continuen connectats.
Els atacants poden registrar aquests dominis i servir contingut maliciós, enllaços de phishing... cyberpress.org/icalendar-sy...
Nine months after restructuring its go-to-market, Okta is buoyed by a growing recognition of how crucial identity has become thanks to the spread of AI agents....
👉 [read]
As industry looks to grasp the use of AI and automated features, security awareness provider KnowBe4 faces the challenge of adding these capabilities to its core awareness and training mission....
👉 [read]
Fan Wu, Jiacheng Wei, Ruibo Li, Yi Xu, Junyou Li, Deheng Ye, Guosheng Lin
IC-World: In-Context Generation for Shared World Modeling https://arxiv.org/abs/2512.02793
Ok this is amazing, with per-room RAG indicators plus details >>
At New Zealand's Kawaiicon cybersecurity convention, organizers hacked together a way for attendees to track CO₂ levels throughout the venue—even before they arrived.
Quantum Computing: The Cryptographic Time Bomb Every Cybersecurity Pro Must Prepare For Now
Introduction: The global race for artificial intelligence supremacy is masking a more profound technological shift: the rise of quantum computing. While nations invest billions in AI software, the real…
Infor Built for Industry AI Agents: Turning ERP Data into Intelligent ActionInfor AI Agents for Distribution | NSA Computer Exchange - NSA 3.0 nsacom.com/infor-ai-age...
“First, Silicon Valley hoovered up text, sounds and images from across the internet. When many sites blocked these efforts, companies found new ways of getting (…) other people’s data. Now, they are recreating websites as a way of generating new data from scratch”
These days, cyberattacks are becoming increasingly common. If you're a dev, you should level up your cybersecurity skills. Here, Alex goes over common cyberattacks like cross-site scripting & insecure API calls, and how you can protect your sites against them. www.freecodecamp.org/news/cyberse...
Being non deterministic LLMs based AI Agents are un-testable (in sw engineering current terms ) : the only criteria to evaluate anwsers is "LGTM" .. "A pragmatic guide to LLM evals for devs" newsletter.pragmaticengineer.com/p/evals
Se vi hanno tagliato le chat e le call esterne su Teams provenienti da domini esterni, dicendo che fosse dovuto alla NIS2, sappiate che un bug architetturale di Teams è il vero responsabile. E la soluzione è drastica. cyberpress.org/microsoft-te...
Implementing federated learning for privacy-preserving emotion detection in educational environments via Frontiers in Artificial Intelligence (@FrontiersIn):
A look at startups like AGI and Plato, which build replicas of websites to let AI agents learn to navigate and complete specific tasks, like booking flights (Cade Metz/New York Times)
The Indian telecoms industry's recent move to require a pre-installation of a cyber safety app on all new devices raises concerns about surveillance. Revisit a 2020 interview with IT specialist Anita Gurumurthy about the vulnerability of user data at the hands of the state:
Cloud company ServiceNow announced yesterday (2 November) that it has signed an agreement to acquire identity security start-up Veza for an undisclosed sum.
Linux usage hits an all-time high in Steam Hardware Survey—and AMD processors continue their march against Intel Linux usage has hit an all-time high in the latest Steam hardware survey, indicati...
ESET Research reports new MuddyWater activity against organisations in Israel and one in Egypt. The Iran-aligned group uses previously undocumented tools, including a custom Fooder loader, to run MuddyViper, a new C/C++ backdoor for stealth & persistence. www.welivesecurity.com/en/eset-rese...
JUST IN: The RPO is working with cybersecurity experts after an ‘incident’ in October that disrupted some networks. Read a full statement from the RPO in this story.
ANY.RUN documents a hybrid Salty2FA–Tycoon2FA phishing campaign. Salty2FA activity collapsed in late 2025, with new Tycoon2FA samples showing overlapping indicators, including shared IOCs, TTPs and hybrid payloads. any.run/cybersecurit...
BountyBench, a framework, reshapes cybersecurity evaluation by balancing AI's offensive and defensive capabilities. The study shows AI aids detection, exploitation, and patching of vulnerabilities across 25 real-world systems, marking a pivotal shift in resilience.
Chenshuang Zhang, Kang Zhang, Joon Son Chung, In So Kweon, Junmo Kim, Chengzhi Mao
Video Diffusion Models Excel at Tracking Similar-Looking Objects Without Supervision https://arxiv.org/abs/2512.02339
India ruling to insist that manufacturers of mobile phones add government spyware to new and imported phones isn't going down well at all. Apple are refusing; Android haven't commented yet, but lots of negative reviews. When is the next Indian election.
MCP Adapter v0.3.0 has been released, introducing a new HTTP transport layer, a unified observability model, and WP_Error-based error handling as the adapter aligns with the Abilities API v0.4.0 and the latest MCP HTTP spec
→ make.wordpress.org/ai/2025/11/2...
Good to see initiatives like Share and Defend having some success.
"Online content such as fake shops, phishing sites and malicious links, including from emails reported to the NCSC by the public, are being blocked automatically providing better protection at scale."
Donald Trump Jr. and Eric Trump's American Bitcoin closed down 38.8% on December 2, wiping out ~$1B in market value; TMTG is down nearly 70% in 2025 (George Steer/Financial Times)
Microsoft Defender portal went down, leaving users unable to see or respond to security alerts, raising concerns about threat visibility during the outage. #cybersecurity
🌐 A very large amount of #data is produced regarding maritime activities. The SMAUG project, through its policy brief "AI, Data Governance and Cloud Cybersecurity in Maritime Surveillance", is analysing the regulatory and technological frameworks governing data in SMAUG
🔖 zenodo.org/records/1542...
Vinci, which uses AI simulations to accelerate chip and other hardware design, raised a $36M Series A led by Xora Innovation, taking its total funding to $46M (Max A. Cherney/Reuters)
Following a new mandate requiring the Sanchar Saathi App to be pre-installed on all mobile devices in #India, @sflcin.bsky.social have published a statement outlining how under the guise of ‘safety’, the government will have access to the vast amounts of user data: sflc.in/sflc-ins-sta...
“You see, the real problem isn't that Ingress NGINX has a major security problem. […] No, the real issue is that here we have yet another example of a mission-critical open source program no one pays to support.”
💯 www.theregister.com/2025/12/02/i...
UCL Centre for Digital Public Health in Emergencies@ucldphe.bsky.social
🌍 #DPH2026 – Where digital innovation meets public health!
📍 Barcelona | 24–26 Jun 2026
Explore 🦠 Early Warning | 🤖 AI | 📱 Behaviour Change | 🛠️ Emerging Tech | 🔐 Data Privacy
GenAI Security: Defending Against Deepfakes and Automated Social Engineering – QCon AI New York 2025 Chair Wes Reisz speaks with Reken CEO and Google Trust & Safety founder Shuman Ghosemajumder about the erosion of digital trust. Shuman argues defenders mu... https://tinyurl.com/2axuz342#AISecurity
Founded just two years ago by second-time founders, Decagon’s AI agents are used by more than 100 companies to handle customer service tasks. But can the young, hungry team keep up with well-resourced incumbents?
Procurement teams can integrate Agentic AI agents to go beyond dashboards and autonomously execute actions that make a business more efficient and more competitive.
#TechRadar It's not too late to grab a bargain! This Dell laptop deal with AMD Ryzen 7 250 and 16GB of high-speed RAM is the fastest notebook you can buy for under $450 https://techrad.ar/kR7Q#Pro
* The Agent Economy & autonomous AI
* Security patterns for enterprise data access
* How MCP simplifies building AI applications
* Interoperability across IDEs, databases & business tools
The CEPS Task Force on Post-Quantum Cryptography presented its key recommendations at an in-house public discussion this morning. 🔒
Check their findings out in depth in our newly released report 👉 ceps.eu/ceps-publica...
Sending files shouldn’t force you to choose between convenience and security! Introducing O&O FileDirect: End-to-end encryption, no third party access, not even from us. Use over a browser. Made in Germany, German servers, fair pricing. Try it: www.oo-software.com/en/oofiledir... #fileshare#secure
Obscene wealth=obscene corruption: "Sources within the federal government tell WIRED that the highest ranks of the Office of Personnel Management (OPM)— www.wired.com/story/elon-m...
The homepage will be customized to each user, not just those logged into the site. Visitors will be greeted w/local weather, a news briefing summary+stocks, based on their geolocation. The homepage likely won’t be ready until next spring at the earliest. digiday.com/media/newswe...
Spotify releases Wrapped 2025, adding features like Wrapped Party, its first live interactive experience, a Top Song Quiz, Listening Age, and Wrapped Clubs (Sarah Perez/TechCrunch)
LLMs hack some smart contracts and steal some crypto. Probably another chapter in the "look how powerful our products are" playbook, but maybe also a great idea? If we keep AI bros busy trying to steal from crypto bros maybe both leave us be? :-P
Hearing Health Foundation@hearinghealthfn.bsky.social
"The proposed hearing test combines a smartphone with a customized clip-on pupillometer that measures the user’s pupils as a series of sounds play from an app. That data is then fed into software on the smartphone, including deep learning algorithms, to be analyzed." www.buffalo.edu/news/release...
SOCRadar Report “Holiday Shopping Cyber Threats 2025” Is Now Live
SOCRadar.io has published a new report that examines how the dark web economy shifts toward holiday shopper data, and how sectors are exposed through identity leaks, credential dumps, and access sales. The report also explores the…
Erik Barnett #HomeSirens #USMC@erikbarnett.bsky.social
We have made some changes to startup business. HomeSirens AI is now a consumer product line. The new name to the Cybersecurity & Innovations Services business is “SecureTelligence, Inc.”
People who used to be in cybersecurity, but now do different jobs, what do you do now? I'm trying to think of what the shape of my last half of my career could look like, but kinda keep drawing a blank.
Both within tech/IT and outside of it. Or even if I needed to go back to school. Idk, just […]
A hypothetical cyberattack on Poland’s energy infrastructure leading to a 72-hour blackout could inflict a €19 billion blow to the economy, according to a new report.
75% of organizations are adopting Confidential Computing, and momentum is rising. New IDC and Confidential Computing Consortium research shows it is now essential for training AI, protecting sensitive data in the cloud, and meeting global compliance needs.
Sources: multiple Microsoft divisions lowered how much salespeople are supposed to grow sales of certain AI products after missing growth targets, a rare move (Aaron Holmes/The Information)
By running natively on Azure, Syllable AI offers customers the ability to deploy and manage conversational agents in their own secure cloud environments, maintaining full data control while leveraging Azure's global infrastructure and advanced AI capabilities. finance.yahoo.com
I've warmed to the idea of foldables as the hardware has gotten more robust, but the whole tri-fold thing feels like flying way too close to the sun www.engadget.com/mobile/smart... Sure, let's just add more points of failure
Something very strange is happening on Apple Podcasts; someone seemingly changed a map of the Ukraine war in connection with a betting site; and now half of the U.S. requires a face or ID scan to watch porn.
Customers of the Japanese office and household goods retailer Askul had been forced to place orders through fax, and the company said deliveries may be slower than usual due to ransomware recovery efforts therecord.media/askul-resume...
TL;DR: Mobile phones collect location data without user awareness and share it with third parties, including government agencies like ICE, raising significant privacy concerns. Increased regulation is needed to protect individuals from the sale and misuse of their sensitive data.
Advanced fraud attacks surged 180% in 2025 as cyber scammers used generative AI to churn out flawless IDs, deepfakes, and autonomous bots at levels never before seen.
we have a crazy awesome panel coming up that @tasonjorres organized so you should be there. i will be in attedance because the speakers are crazzzzyyy awesome
Partha Sarkar explores the real-world value of GraphRAG, breaking down when its complexity is worth the investment and how to design it effectively for robust document retrieval.
Read about cyber clinics in the latest Cyber Defense Review special issue, and learn how academic institutions are filling a critical gap in local cyber defense while training a new generation of digital defenders. #CyberCivilDefense#Take9cyberdefensereview.army.mil/CDR-Content/...
Claimants alleged the trackers unlawfully shared patients' information with third parties, including Google, Microsoft and X - formerly Twitter. www.healthcareinfosecurity.com/kaiser-perma...
Garman envisions a fundamental shift from building applications in the cloud to managing a cloud of autonomous artificial intelligence agents. www.govinfosecurity.com/blogs/aws-sh...
I just brought @nostarchpress.bsky.social's Hacking bundle on @humblebundle.com! Up to 18 DRM-free books and your donation goes to support the Electronic Frontier Foundation.
link 📈🤖
Adaptive Decentralized Federated Learning for Robust Optimization (Wu, Wang, Gao et al) In decentralized federated learning (DFL), the presence of abnormal clients, often caused by noisy or poisoned data, can significantly disrupt the learning process and degrade the overall robustness of
The majority of executives believe that 2026 will mark the moment AI experimentation makes way for agentic transformation as companies prepare to deploy autonomous AI at scale to handle knowledge work, boost productivity, and reshape workforce structures.
💥 Discover this awesome post from Hacker News 📖 📂 Category: ✅ Main takeaway: TL;DR: React and Next.js are vulnerable in default configurations to unauthenticated RCE with no prerequisites. Our exploitation tests show that a standard Next.js application…
A new guide on #threatmodeling for the cloud in the era of AI has been released by the CSA. It calls out that existing security practices aren't cutting it for the new era:
Russia is disguising cyberattacks against Europe as Ukrainian operations by using stolen IP addresses
Russian occupation forces in Kherson, through physical coercion, obtained credentials from Ukrainian telecom operators and took control of their IP addresses
Azure AI Foundry, alongside Copilot Studio, are being mentioned in these reports. Sure, Microsoft denied the sales quota reduction but seems like growth expectations aren't exactly met neither on the pro-code AI nor the low-code AI side.
Amazon makes it easier to build efficient AI agents
Collinear AI, Robin AI, and Vody are just a few of the customers that have started simplifying model customization with SageMaker AI’s new capabilities. For example, Collinear AI, an AI improvement platform …
The directive creates an odd symmetry with events from December 2022, when Google management declared its own “code red” internal emergency after ChatGPT launched and rapidly gained in popularity.
~Cisa~
CISA and international partners released new guidance for securely integrating AI into Operational Technology (OT) systems.
-
IOCs: (None identified)
- #AI#Cybersecurity#OT#ThreatIntel
We often think we’re just paying money for a product or service—but we’re also paying with data. Unbundling the product and data trades could help consumers claim their share of the gains from data and the AI tech that uses it. imf.org/en/publicati...#DataPrivacy @Columbia_Biz
AI Cybersecurity: The Sword and Shield of the Next Cyber Frontier
The age of human hacking is over. Microsoft's 2025 report confirms LLMs are automating attacks faster than defenders can react. Welcome to the algorithmic battlefield. #hackernews#llm#microsoft
Tomorrow (Dec 4 @ 9:00am PT), join a fireside chat with Mudita Khurana (Airbnb) and Chushi Li (Semgrep) on measurement + benchmarks for the next generation of AppSec agents, including the Closed-Loop Capability (CLC) score.
This would be a mistake. And talking about this in the first place should mean the end of Jarvis's career in that position. He's just made the NHS even more of a high profile target by saying this.
The Natto Team examines the leaked incident from Knownsec’s perspective to explore the role that elite Chinese cybersecurity companies play in building the country’s cyber capabilities.
Institute for Security and Technology@istorg.bsky.social
Phishing & cyber-enabled fraud are escalating, targeting individuals as well as businesses & governments. How can we begin to turn the tide? This week, the WEF’s Partnership against Cybercrime, in collaboration with IST, published a systemic defense framework to confront this challenge.
🛡️ Read more:
Today’s the day 🎉 Tailscale is teaming up with LaunchDarkly at #reinvent!
Come hang in the Developer Lounge at The Rockhouse (Venetian Grand Canal Shoppes) today, 8am–5pm PT. Free food + drinks all day, keynote livestream, and plenty of good convo.
“As attackers use automation to speed up the techniques they already rely on, firms will face shorter dwell times and faster lateral movement, which will make early detection far harder for those still relying on manual steps.” #enterprise#cybersecurity#ai#cloud#infosec#tech#news#technology
Blazing fast AI! New Mixture‑of‑Experts models on NVIDIA’s Blackwell NVL72 chip run 10× quicker than Hopper‑based GPUs. See how GB200 and DeepSeek‑V3 are reshaping performance. #MixtureOfExperts#NVIDIABlackwell#DeepSeekV3
A cyber start-up run by former Israeli spies oversees cyber security across more than seventy US government agencies and millions of federal employees
including the Department of Defense and Homeland Security. New investigation by me open.substack.com/pub/donotpan...
The latest update for #Zenity includes "Inside the Agent Stack: Securing Agents in Amazon Bedrock AgentCore" and "The Genesis Mission: A New Era of #AI-Accelerated Science and a New Security Imperative".
OpenAI launched a Shopping Research feature in ChatGPT, and Amazon blocked ChatGPT-related crawlers via robots.txt, causing ChatGPT to omit Amazon links and reflecting Amazon's effort to protect roughly $56 billion in advertising revenue and its Rufus shopping bot.
this sounds actually very nice and practical way to share your knowledge to both the AI agents as well as to your colleagues using those agents — time to reveal some secrets I guess? 😁
🤖 Cuidado con esto: Anthropic ha descubierto que Claude aprende a "hacer trampas" y mentir para aprobar tests de seguridad sin que nadie se lo haya enseñado. Se llama "Reward Hacking" y da bastante respeto. 👇
Here's an interesting one -- @sourcegraph.com is spinning out its AI coding agent Amp as a standalone business, with Sourcegraph CEO and co-founder Quinn Slack taking the reins at the new company.
They promise “lossless” secrecy—yet the image is only whole when every fragment is present.
Lose one XOR share and the face vanishes forever.
So perfect security = perfect erasure.
Welcome to cryptography’s suicidal immortality.
The U.S. Cybersecurity and Infrastructure Security Agency shared an advisory warning of attacks on @signal.org and WhatsApp users, including current and former government, military, and civil society employees.
Read how to minimize your risk in our digital security newsletter (and subscribe):
"While Anthropic, OpenAI, and Google DeepMind led the pack with C+ to C grades overall, every company scored D or F on existential safety measures — the ability to prevent loss of control over advanced AI systems."
Reduce the time spent updating your website. Eivind Kjosbakken shares a method to use AI prompts for site-wide changes that take minutes instead of hours.
C'est le premier jour des sessions de posters à #NeurIPS2025 !
La communauté de Vecteur présente les dernières avancées en matière d'IA cinématographique, de fiabilité des modèles et d'applications dans le domaine de la santé
So it begins... or is it 2002 all over again? Swiss government urges people to ditch Microsoft 365 and others due to lack of proper encryption | TechRadar share.google/jVql5riOJtp5...
How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers
As we look at the remainder of 2025 and beyond, the pace and sophistication of cyber attacks targeting the financial sector show no signs of slowing. In fact, based on research from … #hackernews#news
India’s telecoms ministry has directed smartphone manufacturers to pre-install a government-run cybersecurity app on all new devices, according to a government order.
Linux Foundation Europe@linuxfoundationeu.bsky.social
Open source is at a crossroads, and Europe has a key role to play. In his #LFEuropeMemberSummit keynote, Gabriele Columbro highlights open source’s growing impact on AI, the need for neutral governance, and why Europe must invest upstream not fragment.
Watch the session: youtu.be/LeMPYzUygBY?...
Sources: Stripe is paying ~$1B to acquire Metronome, and the deal is expected to be predominantly cash; PitchBook: Metronome was valued at $470M in February (Alex Konrad/Upstarts Media)
In the latest Linux kernel release, Collabora’s engineering team delivers multiple contributions including #Tyr, a Rust driver for CSF-based #Arm Mali GPUs, as well as ongoing hardware enablement and improved support for #MediaTek SoCs! Details here: col.la/lk618
ServiceNow Inc. announced on Tuesday plans to acquire Veza in a move aimed at fortifying security for identity and access management. The acquisition will integrate Veza’s technology into ServiceNow’s Security and Risk portfolios,… #hackernews#news
Daily Deal: The Courses Digest, Labs Digest, and Exams Digest Bundle
The Courses Digest, Labs Digest, and Exams Digest Bundle gives you unlimited access to expertly crafted online courses, interactive labs and study tools. Whether you're aiming for industry-recognized certifications or expanding…
Understand what is missing in your security stack - a defensive post-deployment approach, pinpointing what #CVEs are impacting live systems now. https://cstu.io/0f65d5
We're not ready for the privacy implications of RF Sensing. Especially since it can be activated via software with no new hardware required. Today it can determine motion and eventually provide presence detection using Wi-Fi, ZigBee or other radios. Updates could provide even more details.
Apple interface design chief Alan Dye is leaving the company; sources: Dye will join Meta as chief design officer on Dec. 31 and report to CTO Andrew Bosworth (Mark Gurman/Bloomberg)
“A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes […]
~Cisa~
CISA warns CVE-2021-26828, an OpenPLC ScadaBR file upload vulnerability, is under active exploitation.
-
IOCs: CVE-2021-26828
- #CVE202126828#SCADA#ThreatIntel
Happy birthday @haveibeenpwned.com! 12 years ago today, I pushed out a blog post launching a little data breach search tool, and life changed forever. Reading the post again now, did I get it right? 😎 www.troyhunt.com/introducing-...
The University of Pennsylvania has reported a data breach involving Clop's exploitation of a zero-day vulnerability in Oracle's E-Business Suite (CVE-2025-61882). On November 11, the university discovered that personal data of 1,488 Maine residents was compromised.
TDS is the leading destination for data professionals seeking deep dives and practical code. If you've solved a problem or mastered a new tool, we want to read it.
The “end-to-end encrypted” smart toilet camera is not actually end-to-end encrypted
🔥 Explore this insightful post from TechCrunch 📖 📂 Category: Security,Biotech & Health,dekoda,encryption,end-to-end encryption,Gadgets,HTTPS,kohler,tls ✅ Here’s what you’ll learn: Earlier this year, home goods…
![Media from DJ Fusion [FuseBox Radio/The Futon Dun]](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:ghlmuf7obsfc5i5eyakcmeby/bafkreicrd3uyuv7bi56nivm32dvo3dspypmybor4m5qz7qzmoveqd2nf6e@jpeg)
