Infosec.Pub

Creators of AI image models for porn and celebrities are running out of easy hosting options as Civitai and Tensor.Art change their policies under pressure.

Ange Lavoipierre / ABC: At the end of June, Australia quietly introduced rules forcing search engine companies such as Google and Microsoft to check the ages of logged-in users  —  In short:  —  Search engines are in line for the same age assurance technology behind the teen social media ban.

Lowering the risks that common vulnerabilities and exposures (CVEs) pose to organizations can be a costly endeavor — but shifting your team's focus away from the deluge can free up your software engineering efforts and unleash business opportunities while reducing risk, a new report has found.

Comments

Russian basketball player arrested in France over alleged ties to a ransomware group accused of targeting U.S. firms and federal institutions. Russian basketball player Daniil Kasatkin (26) was arrested in France in June at the request of the U.S. over alleged ties to a ransomware group targeting hundreds of U.S. companies and federal entities. He […]

switched from awesomwm to cinnamon

great for when i don’t want to think and just use the damn machine :3
@voidlinux

Oh my sweet secret informant lover, what happened in that NATO meeting today? A lovestruck US Air Force employee has pleaded guilty to conspiring to transmit confidential national defense information after sharing military secrets information about the Russia-Ukraine war with a woman he met on a dating app.…

Financial institutions are building stronger defenses against direct cyberattacks, but they may be overlooking a growing problem: their vendors. According to Black Kite’s new report, third-party risk has become one of the biggest cybersecurity threats facing the financial sector. Ransomware attacks by finance subindustry (Source: Black Kite) The vendor blind spot The report finds that while financial institutions themselves are getting better at defending against ransomware and other threats, the companies they rely on, including … More → The post Financial firms are locking the front door but leaving the back open appeared first on Help Net Security.

While IT departments race to implement AI governance frameworks, many employees have already opened a backdoor for AI, according to ManageEngine. The rise of unauthorized AI use Shadow AI has quietly infiltrated organizations across North America, creating blind spots that even the most careful IT leaders struggle to detect. Despite formal guidelines and sanctioned tools, shadow Al has become the norm rather than the exception. 70% of IT decision makers (ITDMs) have identified unauthorized AI … More → The post Employees are quietly bringing AI to work and leaving security behind appeared first on Help Net Security.

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. [...]

Politicians uneasy over potential impact on national security, local reports say Russia, home to some of the world's most lucrative and damaging cybercrime operations, has rejected a bill to legalize ethical hacking.…

Suzanne Smalley / The Record: A German court ruled Meta's tracking pixels embedded in third-party websites and apps violate the EU's GDPR, ordering it to pay €5,000 to a German Facebook user  —  A German court has ruled that Meta must pay €5,000 ($5,900) to a German Facebook user who sued the platform …

Suspects Tied to April Ransomware Attacks Against Retailers M&S, Co-Op, HarrodsThe U.K.'s National Crime Agency on Thursday arrested in England four suspected members of the Scattered Spider cybercrime collective, as part of an ongoing investigation into major, disruptive hack attacks in April against major retailers Marks & Spencer, the Co-Op and Harrods.

Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.…

cross-posted from: https://lemmy.sdf.org/post/38295658

Archived

The Czech Republic has banned the use of any products by the Chinese AI startup DeepSeek in state administration over cybersecurity concerns, authorities said Wednesday.

Czech Prime Minister Petr Fiala said the government acted after receiving a warning from the national cybersecurity watchdog, which noted a threat of unauthorized access to users data because the firm is obliged to cooperate with Chinese state authorities.

The move follows similar steps made by some other countries that aimed to protect users’ data, including Italy, which in January blocked access to the chatbot, and also Australia.

The Czech government in 2018 stopped using the hardware and software made by Chinese telecoms company Huawei and another Chinese telecommunications company, ZTE, after a warning they posed a security threat.

DeepSeek was founded in 2023 in Hangzhou, China, and released its first AI large language model later that year.

No, really, those are the magic words A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the AI model to play a guessing game.…

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.

Extensions load unknown sites into invisible Windows. What could go wrong?

Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204. Compared to the same quarter last year, the volume of detected malware has jumped by 188%, highlighting the escalating scale and sophistication of attacks targeting developers, software teams, and CI/CD pipelines. “Attackers are no longer simply experimenting … More → The post Open source has a malware problem, and it’s getting worse appeared first on Help Net Security.

Low-severity bugs but infosec pros claim they are a 'critical' overall threat – patch accordingly AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure.…