Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan’s Waseda University, South Korea’s KAIST, China’s Peking University and the National University of Singapore, as well as the University of Washington and ColumbiaRead More »Hiding Prompt Injections in Academic Papers
If you didn’t hear about Iranian hackers breaching US water facilities, it’s because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn’t its scale, but how easily the hackers gained access — by simply using the manufacturer’s default password “1111.” This narrowRead More »Manufacturing Security: Why Default Passwords Must Go
Introduction Since early March 2025, our systems have recorded an increase in detections of similar files with names like договор-2025-5.vbe, приложение.vbe, and dogovor.vbe (translation: contract, attachment) among employees at various Russian organizations. The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract.Read More »Batavia spyware steals data from Russian organizations
A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) called DRAT. The activity has been attributed by Recorded Future’s Insikt Group to a threat actor tracked as TAG-140, which it said overlaps with SideCopy,Read More »TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors
BERT is a newly emerged ransomware group that pairs simple code with effective execution—carrying out attacks across Europe and Asia. In this entry, we examine the group’s tactics, how their variants have evolved, and the tools they use to get past defenses and speed up encryption across platforms.
Officials identified the suspect as João Roque, a C&M employee who worked in information technology and allegedly helped others gain unauthorized access to PIX systems. The post Police in Brazil Arrest a Suspect Over $100M Banking Hack appeared first on SecurityWeek.
Taiwan’s National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried out in coordination with the Ministry ofRead More »Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties
Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. “The attacker used a modified version of XMRig with a hard-“coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders,” Wiz researchersRead More »Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS
New research. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China. According to QiAnXin’s RedDrip Team, the threat actor hasRead More »NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
