Login
Young Brits are souring on the internet, with increasing numbers seeing it as damaging to society and their mental health, according to latest research published by Ofcom.β¦
Sponsored Post AI is moving from experimentation to everyday use inside the enterprise. That shift brings new opportunities, but it also changes the security equation. Attacks are becoming faster and more convincing, while organizations are simultaneously trying to protect new assets like models, prompts, agent workflows, and the sensitive data those systems can access.β¦
Chinese authorities on Thursday certified the China Environment for Network Innovation (CENI), a vast research network that Beijing hopes will propel the country to the forefront of networking research.β¦
New preprint exploring unconventional cryptanalysis:
β’ Framework: βInverse Dimensionalizationβ
β’ Target: SHA-256 structural analysis
β’ Result: 174/256 matching bits (Mβ = 88514, Mβ = 88551)
β’ Time: 3.8 seconds
β’ NOT a collision β but statistically anomalous
Paper + reproducible code: https://doi.org/10.17605/OSF.IO/6YRW8
Full paper with math and code: https://doi.org/10.17605/OSF.IO/6YRW8
Paper: https://osf.io/6yrw8/files/wj9ze
Code: https://osf.io/6yrw8/files/zy8ck
Verification code: https://osf.io/6yrw8/files/pqne7
Device specifications used to find the 174/256-bit match in 3.8 seconds:
β’ Google Colab Free CPU
β’ Intel Xeon
β’ Clock speed: between 2.20 GHz and 2.30 GHz
β’ Cores (vCPUs): 2 virtual cores
β’ RAM: 12 GB
Security implications discussion welcome.
Iβm traveling next week and will need to access a website that is IP address -sensitive. My work computerβs IP address is approved for the site. If I access my work desktop remotely using something like LogMeIn or Team Viewer, will I be able to get onto the website I need to use? Or will my public IP address show up as the one Iβm using from far?
Even Amazon isn't immune to North Korean scammers who try to score remote jobs at tech companies so they can funnel their wages to Kim Jong Un's coffers.β¦
Web browsers for desktop and mobile devices tend to receive regular security updates, but that often isn't the case for those that reside within game consoles, televisions, e-readers, cars, and other devices. These outdated, embedded browsers can leave you open to phishing and other security vulnerabilities.β¦
Your AWS account could be quietly running someone else's cryptominer. Cryptocurrency thieves are using stolen Amazon account credentials to mine for coins at the expense of AWS customers, abusing their Elastic Container Service (ECS) and their Elastic Compute Cloud (EC2) resources, in an ongoing operation that started on November 2.β¦
Built a threat intel platform that runs on $75/month infrastructure. Decided to give the STIX feed away for free instead of charging enterprise prices for it.
What's in it:
- 59K IOCs (IPs, domains, hashes, URLs)
- ThreatFox, OTX, honeypot captures, and original discoveries
- STIX 2.1 compliant (works with Sentinel, TAXII consumers, etc.)
- Updated continuously
Feed URL: https://analytics.dugganusa.com/api/v1/stix-feed
Search API (if you want to query it): https://analytics.dugganusa.com/api/v1/search?q=cobalt+strike
We've been running this for a few months. Microsoft Sentinel and AT&T are already polling it. Found 244 things before CrowdStrike/Palo Alto had signatures for them (timestamped, documented).
Not trying to sell anything - genuinely curious if it's useful and what we're missing. Built it to scratch our own itch.
Tear it apart.
North Korea's yearly cryptocurrency thefts have accelerated, with Kim's state-backed cybercriminals plundering just over $2 billion worth of tokens in 2025.β¦
tl;dr: Ask Claude Code to tee mitmdump to a log file (with request and response). Create skills based on hackerone public reports (download from hf), let Claude Code figure out if it can find anything in the log file.
SonicWall has warned customers of a zero-day flaw in its SMA 1000 remote-access appliance that's being actively exploited, potentially allowing attackers to escalate privileges and take over boxes.β¦
US feds have dismantled a crypto laundering service that they say helped cybercrooks wash tens of millions of dollars in dirty digital cash, seizing its servers and unsealing charges against an alleged Russian operator.β¦
An active phishing campaign has been detection by Evalian SOC targeting HubSpot customers.
Updated An NHS tech supplier is investigating a cyberattack that affected its systems in the early hours of Sunday.β¦
Microsoft says attackers have already compromised "several hundred machines across a diverse set of organizations" via the React2Shell flaw, using the access to execute code, deploy malware, and, in some cases, deliver ransomware.β¦
The UK's Driver and Vehicle Standards Agency (DVSA) has appointed a new chief exec to tackle spiraling waits for practical driving tests with bots overrunning its aging booking system.β¦
The UK's Investigatory Powers Act 2016 (IPA) has several regulatory gaps that must be plugged in future legislative reforms, according to Investigatory Powers Commissioner (IPC) Sir Brian Leveson.β¦
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 17
CyberDanube Security Research 20251215-0Posted by Egidio Romano on Dec 17
------------------------------------------------------------------------------------Posted by LRKTBEYK LRKTBEYK on Dec 17
I tried to report these vulnerabilities to ImmuneFi, but they closed itPosted by Andraz Sraka on Dec 17
MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
FreshRSS 