Transparency on Microsoft Defender for Office 365 email security effectiveness
Read how Microsoft is transparently sharing performance data from Microsoft Defender for Office 365 and other ecosystem providers to help customers evaluate email security solutions.
[tl;dr sec] #288 - Prompt Injection in Malware, Preventative Security, Top Bug Bounty War Stories
Checkpoint finds malware containing prompt injection, why preventative security is hard, @Rhynorater talk sharing 11 of his most impactful and technically challenging vulnerabilities
Armenian, Ukrainian nationals among Ryuk ransomware actors facing US hacking charges
Armenian national Karen Serobovich Vardanyan, 33, was extradited from Ukraine last month and now faces up to five years in prison for his role in Ryuk, prosecutors said on Wednesday.
Chinese hackers breached National Guard to steal network configurations
The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks.
Max severity Cisco ISE bug allows pre-auth command execution, patch now
A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices.
Airbus prépare l’A400M à devenir le « vaisseau mère » des drones de combat
L’Airbus A400M, connu depuis ses débuts comme une référence mondiale du transport militaire, s’apprête à endosser de nouveaux rôles. Parmi eux ? Celui de « vaisseau mère » pour les drones de combat. Initialement conçu pour l’emport de charges lourdes et le soutien logistique, l’A400M voit ses missions s’élargir au
Elite Russian university launches degree program on sanctions evasion
The Higher School of Economics (HSE), a leading Russian institution, said the two-year course will focus on international corporate compliance and business ethics, and will be taught in both Russian and English.
UK NCA officer jailed for stealing bitcoin from darknet criminal he previously helped investigate
A former National Crime Agency investigator who worked on the Silk Road case was sentenced to more than five years in prison for stealing 50 bitcoin seized in that operation.
The database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.
Compliance is Falling Behind with Non-Human Identities | CSA
Every major compliance framework, including PCI DSS, GDPR, and ISO 27001, requires strong access controls. Yet Non-Human Identities (NHIs) are often overlooked.
Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks
The value of losses to crypto thefts has soared this year to more than $2 billion over the first six months, the blockchain analytics company Chainalysis found.
Security Vulnerabilities in ICEBlock - Schneier on Security
The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making false promises regarding user anonymity and privacy, being “misguided” about the privacy offered by iOS, and of being an Apple fanboy. The issue isn’t what ICEBlock stores. It’s about what it could accidentally reveal through its tight integration with iOS...
Comment la Chine a infiltré la Garde Nationale américaine pendant 9 mois
Une unité de la Garde nationale américaine a été « massivement » compromise par le groupe de cyberespionnage chinois « Salt Typhoon ». Survenue entre mars et décembre 2024, l'opération aurait permis aux pirates d’accéder à des informations sensibles, compromettant potentiellement la sécurité de multiples
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses.