Hasty Briefsbeta

All tags

#cybersecurity

651 stories total

Bilingual

Instagram data breach reportedly exposed the personal info of 17.5M users
4 months ago
- Instagram data breach exposed personal info of 17.5 million users.
- Leaked data includes usernames, email addresses, phone numbers, and physical addresses.
- Data is reportedly for sale on the dark web and could be used for cybercrimes.
- Breach discovered during routine dark web scan, linked to a 2024 Instagram API exposure.
- Users receiving password reset emails; potential for phishing or account takeovers.
- Meta has not yet released an official statement regarding the breach.
- Recommendations: enable two-factor authentication, change passwords, and review logged-in devices.
Claude Cowork Exfiltrates Files
4 months ago
- Claude Cowork is vulnerable to file exfiltration attacks due to unresolved isolation flaws in its code execution environment.
- Anthropic acknowledges the risk but places the responsibility on users to avoid granting access to sensitive files.
- Attackers can exfiltrate files by hiding prompt injections in documents, such as disguised .docx files, which are then uploaded to the attacker's Anthropic account via API.
- The attack does not require human approval and leverages the trusted Anthropic API to bypass network restrictions.
- Claude Opus 4.5, though more resilient, can still be manipulated via indirect prompt injection to exfiltrate data.
- A potential denial of service (DOS) attack can occur via malformed files that cause API errors.
- Cowork's broad capabilities, including browser and MCP server interactions, increase the risk of prompt injection attacks.
- Users are urged to exercise caution with Connectors, which represent a significant risk surface.
Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking
4 months ago
- Google's Fast Pair protocol, designed for easy Bluetooth connections, has vulnerabilities allowing hackers to hijack audio devices.
- Researchers from KU Leuven University discovered 'WhisperPair' vulnerabilities in 17 audio accessories from 10 companies, including Sony, Jabra, and Google.
- Hackers can take over audio streams, microphones, and even track locations via devices compatible with Google's Find Hub feature.
- Google has acknowledged the issue and released patches, but many devices remain vulnerable due to low update rates among users.
- The attack requires proximity (within ~50 feet) and a device's Model ID, which can be obtained through various means, including a public Google API.
- Some devices, like Google Pixel Buds Pro 2 and certain Sony models, allow hackers to link them to their Google accounts for persistent tracking.
- Manufacturers like Xiaomi and JBL are rolling out updates, but users often don't install them due to lack of awareness or app requirements.
- The vulnerabilities stem from implementation flaws in Fast Pair, with both device manufacturers and chipmakers potentially at fault.
- Researchers suggest cryptographic enforcement of pairings to prevent unauthorized access, emphasizing the need for security alongside convenience.
- Users are urged to update their devices and be vigilant about IoT security, as many vulnerabilities persist due to infrequent updates.
6-Day and IP Address Certificates Are Generally Available
4 months ago
- Let’s Encrypt now offers short-lived and IP address certificates, valid for 160 hours (about six days).
- Short-lived certificates enhance security by reducing the vulnerability window from key exposure, as they expire faster than traditional 90-day certificates.
- Subscribers can opt-in for short-lived certificates by selecting the 'shortlived' profile in their ACME client, though they remain optional and not the default.
- Let’s Encrypt plans to reduce default certificate lifetimes from 90 days to 45 days in the coming years.
- IP address certificates authenticate TLS connections to IP addresses (IPv4/IPv6) and must be short-lived due to the transient nature of IP addresses.
- The development of these certificates was supported by the Open Technology Fund, Sovereign Tech Agency, and other sponsors.
Releasing rainbow tables to accelerate protocol deprecation
4 months ago
- Mandiant releases Net-NTLMv1 rainbow tables to highlight protocol insecurity.
- Net-NTLMv1 is deprecated but still in use, making systems vulnerable to credential theft.
- The released dataset allows key recovery in under 12 hours with consumer hardware.
- Attackers can exploit Net-NTLMv1 to compromise Active Directory objects and escalate privileges.
- Steps to obtain and crack Net-NTLMv1 hashes using tools like Responder and rainbow tables.
- Organizations should disable Net-NTLMv1 and monitor for its usage to prevent attacks.
- Event logs can be filtered to detect Net-NTLMv1 authentication attempts.
Foreigners' data stolen in hack of French immigration agency
4 months ago
- Hacker posted personal data of foreign nationals residing in France, claiming the attack was for profit.
- Data includes names, entry dates, reasons for stay, email addresses, and phone numbers of individuals from Ukraine, Cameroon, Afghanistan, China, and Israel.
- OFII confirmed the data theft but stated the information came from a subcontractor, not directly from their system.
- Stolen data pertains to immigrants who participated in the 'republican integration contract' (CIR), a program for long-term stay in France.
- OFII plans to file a complaint, sanction the involved operator, and tighten security measures.
- Hacker claims to have 2 million entries, but the exact number of affected individuals remains uncertain.
Mandiant releases rainbow table that cracks weak admin password in 12 hours
4 months ago
- Mandiant released a rainbow table database to hack passwords protected by Microsoft’s NTLMv1 hash algorithm.
- The rainbow table allows password recovery in under 12 hours using consumer hardware costing less than $600.
- NTLMv1 remains in use in sensitive networks due to legacy app dependencies and migration downtime concerns.
- NTLMv1 is vulnerable due to its limited keyspace and reliance on single DES with 56-bit keys.
- NTLMv2, while still weak against brute force for weak passwords, is not susceptible to rainbow tables due to random entropy.
All your OpenCodes belong to us
4 months ago
- OpenCode, a popular open-source AI coding agent, was hit with a massive CVE allowing arbitrary remote code execution (RCE).
- RCE vulnerabilities are highly sought after by nation-state actors, enabling attackers to execute any code on compromised systems.
- The author recalls fixing a potential RCE in Bottlerocket, a Linux OS for secure container workloads, emphasizing the seriousness of such vulnerabilities.
- The OpenCode vulnerability was more dangerous and easier to exploit, exposing endpoints for arbitrary shell commands, terminal sessions, and file reads.
- A demonstration shows how to exploit the OpenCode vulnerability to execute arbitrary code and inject malicious prompts into the LLM's context.
- The vulnerability also exposed agents to prompt injection, a separate attack vector that could lead to further damage or data leaks.
- The lack of AI agent-centric telemetry and audit tooling makes it difficult to understand the full impact of such vulnerabilities.
- Developers often run AI agents with full permissions, equivalent to giving root access to untrusted contractors, posing significant security risks.
- The industry needs to prioritize agentic telemetry and instrumentation to prevent chaos as AI agents become more capable and potentially more vulnerable.
The coming industrialisation of exploit generation with LLMs
4 months ago
- Experiment involved building agents on Opus 4.5 and GPT-5.2 to write exploits for a QuickJS zeroday vulnerability.
- Agents successfully created over 40 distinct exploits across 6 scenarios, with GPT-5.2 solving all scenarios.
- Key conclusion: Offensive cybersecurity tasks may soon be industrialized, with token throughput becoming the limiting factor rather than human hackers.
- Exploit development is ideal for industrialization due to easy environment setup, well-understood tools, and straightforward verification.
- Challenges remain for tasks requiring real-time interaction in adversarial environments, such as lateral movement and maintaining access.
- Current models like Opus 4.5 and GPT-5.2 show promise in automating vulnerability discovery and exploit development.
- Call for frontier labs and AI Security Institutes to evaluate models against real, hard targets using zeroday vulnerabilities.
- Encouragement for researchers to experiment with high-token-budget exploitation problems and share results.
Cloudflare zero-day: Accessing any host globally
4 months ago
- FearsOff is a cybersecurity solution offering elite information security expertise.
- Services include preparing organizations to withstand cyber attacks.
- Research highlights a Cloudflare Zero-day vulnerability allowing global host access.
- Last updated research on the issue was January 19, 2026.
Internet voting is insecure and should not be used in public elections
3 months ago
- Internet voting is inherently insecure with no known technology to make it safe.
- All internet voting systems, including 'End-to-End Verifiable Internet Voting' (E2E-VIV), suffer from critical security flaws.
- VoteSecure, developed by Free and Fair, is insecure and incomplete, lacking essential features like dispute resolution and receipt-freeness.
- Malware on voter devices, servers, or election offices can alter votes without detection.
- E2E-VIV systems fail to provide meaningful verification due to malware risks and lack of dispute resolution.
- VoteSecure's protocol is vulnerable to mass automated vote-buying and vote theft.
- Scientific consensus maintains that internet voting is unsafe, with no foreseeable solution.
- Election officials and journalists should be cautious of claims made via press releases rather than peer-reviewed research.
Threat Actors Expand Abuse of Microsoft Visual Studio Code
3 months ago
- Threat actors linked to North Korea (DPRK) are abusing Microsoft Visual Studio Code task configuration files (tasks.json) to deliver malware.
- Infection begins when victims clone and open malicious Git repositories, often disguised as recruitment or technical assignments.
- Visual Studio Code's trust prompt, if granted, allows automatic execution of embedded malicious commands from tasks.json.
- On macOS, the attack uses nohup bash -c and curl -s to fetch and execute a JavaScript payload via Node.js.
- Payloads are hosted on vercel.app, a platform increasingly used by DPRK-linked actors.
- The JavaScript backdoor provides remote code execution, system fingerprinting, and C2 communication.
- The malware collects hostname, MAC addresses, OS details, and public IP (via ipify.org) for fingerprinting.
- C2 beaconing occurs every 5 seconds, enabling dynamic JavaScript execution from attacker-controlled servers.
- Additional payloads retrieved post-infection show AI-assisted code generation traits and self-cleanup capabilities.
- Developers should vet repositories, avoid blindly trusting tasks.json, and scrutinize npm install scripts to prevent infection.
Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health"
3 months ago
- cURL, a popular open-source networking tool, is ending its vulnerability reward program due to an influx of low-quality, AI-generated reports.
- Daniel Stenberg, cURL's founder, cited the small team's inability to handle the volume of submissions and maintain mental health as reasons for the decision.
- Users expressed concerns that ending the program could harm the tool's security, but Stenberg emphasized the necessity of the move.
- cURL will ban and publicly ridicule those submitting poor-quality reports, with the program termination effective at the end of the month.
- Originally released 30 years ago, cURL is a critical tool for admins, researchers, and security professionals, integrated into Windows, macOS, and Linux.
- Security is crucial for cURL, given its widespread use, and the project previously relied on private bug reports and cash bounties for high-severity vulnerabilities.
You Can't Block Space Internet
3 months ago
- Iran's government imposed an internet blackout amid unrest, but some citizens are using SpaceX's Starlink to bypass restrictions.
- Activists smuggled about 50,000 Starlink terminals into Iran, defying a ban, with U.S. sanctions exemptions aiding the effort.
- Iranian authorities struggle to block Starlink, resorting to warnings, drone confiscations, and electronic jamming with Russian equipment.
- SpaceX waived fees for Iranian users, reacting to political pressure, similar to its response during Ukraine's conflict.
- Starlink's use in Ukraine led to military complications and funding disputes with the Pentagon.
- Scam compounds misused Starlink, prompting SpaceX to disable terminals after U.S. congressional scrutiny.
- Emerging direct-to-cell satellite services could offer better resistance to government censorship but require more setup.
- Gen. Joshua Rudd's lack of strong stances on key cyber issues during his NSA/Cyber Command confirmation hearing drew criticism.
- Positive developments include a DDoS attack on OCCRP signaling impactful journalism, the shutdown of criminal marketplace Tudou Guarantee, and FTC restrictions on GM's data sharing.
- Global cybersecurity updates: SMS phishing in Europe, domain resurrection attacks on Snap Store, Germany expanding surveillance powers, and DRAM shortages affecting firewall costs.
Microsoft collects passwords and scans password-protected zip files (2023)
3 months ago
- Microsoft cloud services scan password-protected zip files for malware.
- Security researchers report surprise at Microsoft's bypass of password protection.
- Microsoft uses methods like extracting passwords from emails or filenames to scan files.
- This practice raises concerns among malware researchers about sharing samples securely.
- Microsoft's scanning applies across all its 365 cloud services, not just SharePoint.
149M Usernames and Passwords Exposed by Unsecured Database
3 months ago
- A database containing 149 million account usernames and passwords was exposed, including 48 million Gmail, 17 million Facebook, and 420,000 Binance credentials.
- Security researcher Jeremiah Fowler discovered the database and reported it to the hosting provider, which took it down for violating terms of service.
- The database also included government system logins, banking credentials, and streaming platform accounts, likely compiled by infostealer malware.
- The database continued to grow during Fowler's month-long attempt to contact the hosting provider, which was a global host with regional affiliates.
- Credentials for Yahoo, Microsoft Outlook, Apple iCloud, .edu accounts, TikTok, OnlyFans, and Netflix were also found in the database.
- The data was publicly accessible and searchable via a web browser, with an automated system organizing logs for easier searching.
- Infostealer malware lowers the barrier for cybercriminals, allowing them to collect vast amounts of credentials for as little as $200-$300 per month.
NIST is rethinking its role in analyzing software vulnerabilities
3 months ago
- NIST is reevaluating its role in analyzing software vulnerabilities due to increasing demand and concerns about the National Vulnerability Database (NVD).
- The agency is struggling to keep up with the volume of vulnerabilities, leading to a backlog in the enrichment process.
- NIST plans to prioritize vulnerabilities based on factors like known exploits, federal agency usage, and critical software.
- The agency is reconsidering its role in the vulnerability ecosystem and plans to engage with partners to understand their needs.
- NIST aims to transfer vulnerability enrichment work to CVE Numbering Authorities (CNAs) but needs to provide guidance first.
- The agency views this shift as a return to its core functions of research and standards-setting.
- NIST is coordinating with CISA and other international entities like GCVE to avoid duplication and fragmentation in vulnerability analysis.
- An ongoing audit by the Commerce Department’s inspector general is expected to conclude soon.
Poland's energy grid was targeted by never-before-seen wiper malware
3 months ago
- Poland’s electric grid was targeted by wiper malware, likely by Russian state hackers.
- The cyberattack occurred in late December, aiming to disrupt communications between renewable installations and power operators but failed.
- Security firm ESET identified the malware as a wiper, designed to permanently erase data and disrupt operations.
- ESET attributes the attack to the Russian-aligned Sandworm APT group with medium confidence.
- Sandworm has a history of destructive attacks, including a 2015 Ukraine blackout affecting 230,000 people.
Europe wants to end its dangerous reliance on US internet technology
3 months ago
- The internet's sudden failure could disrupt payment systems, healthcare, and communication.
- Europe is urged to build technological independence from US big tech firms due to vulnerabilities.
- US companies like AWS, Microsoft Azure, and Google Cloud dominate 70% of Europe's cloud market.
- Recent technical failures (AWS, Cloudflare) and power cuts highlight risks of dependency.
- Europe is testing digital resilience, e.g., Helsingborg's blackout preparedness project.
- Schleswig-Holstein in Germany is transitioning to open-source software, reducing reliance on Microsoft.
- EU nations are investing in open-source platforms for sovereign digital infrastructure.
- The EU's Cloud Sovereignty Framework aims to keep European data under European control.
- Individuals should consider data storage, access, and backup for personal digital resilience.
- Complete digital independence is unrealistic, but Europe can ensure crisis-resistant systems.
SoundCloud Data Breach Now on HaveIBeenPwned
3 months ago
- SoundCloud experienced a data breach in December 2025.
- Unauthorized activity led to mapping of public profile data to email addresses for 20% of users.
- Compromised data included 30M email addresses, names, usernames, avatars, follower/following counts, and sometimes country.
- Attackers attempted extortion before releasing the data publicly the next month.
- Recommended actions: change passwords, enable two-factor authentication (2FA), and use a password manager like 1Password.

first prev26next

About|Login

#cybersecurity

Instagram data breach reportedly exposed the personal info of 17.5M users

Claude Cowork Exfiltrates Files

Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking

6-Day and IP Address Certificates Are Generally Available

Releasing rainbow tables to accelerate protocol deprecation

Foreigners' data stolen in hack of French immigration agency

Mandiant releases rainbow table that cracks weak admin password in 12 hours

All your OpenCodes belong to us

The coming industrialisation of exploit generation with LLMs

Cloudflare zero-day: Accessing any host globally

Internet voting is insecure and should not be used in public elections

Threat Actors Expand Abuse of Microsoft Visual Studio Code

Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health"

You Can't Block Space Internet

Microsoft collects passwords and scans password-protected zip files (2023)

149M Usernames and Passwords Exposed by Unsecured Database

NIST is rethinking its role in analyzing software vulnerabilities

Poland's energy grid was targeted by never-before-seen wiper malware

Europe wants to end its dangerous reliance on US internet technology

SoundCloud Data Breach Now on HaveIBeenPwned