lemmydev2

A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). [...]

Update before that proof-of-concept comes to bite Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.…

arXiv:2505.13076v1 Announce Type: new Abstract: Autonomous browsing agents powered by large language models (LLMs) are increasingly used to automate web-based tasks. However, their reliance on dynamic content, tool execution, and user-provided data exposes them to a broad attack surface. This paper presents a comprehensive security evaluation of such agents, focusing on systemic vulnerabilities across multiple architectural layers. Our work outlines the first end-to-end threat model for browsing agents and provides actionable guidance for securing their deployment in real-world environments. To address discovered threats, we propose a defense in depth strategy incorporating input sanitization, planner executor isolation, formal analyzers, and session safeguards. These measures protect against both initial access and post exploitation attack vectors. Through a white box analysis of a popular open source project, Browser Use, we demonstrate how untrusted web content can hijack agent behavior and lead to critical security breaches. Our findings include prompt injection, domain validation bypass, and credential exfiltration, evidenced by a disclosed CVE and a working proof of concept exploit.

New Cyber Law Enables Agencies to Neutralize Attackers' Servers Located AbroadThe Japanese Parliament passed the long-delayed active cyber defense bill on Friday, paving the way for government agencies to monitor external telecommunications and preemptively respond to signs of cyberattacks, including neutralizing attackers' servers.

Facial recognition cameras ping cops when suspects appear, sparking backlash.

According to its newest transparency report, Telegram complied with more than 5,000 requests from authorities in the first three months of 2025.

Proving yet again that crims are bad at search hygiene An Alabama man who SIM-swapped his way into the SEC's official X account, enabling a fake ETF announcement that briefly pumped Bitcoin, has been sentenced to 14 months in prison and three years of supervised release.…

Carrier cancelled 7000 flights.

At its annual Build developer conference, Microsoft today announced that it is open sourcing the Windows Subsystem for Linux (WSL), The post The Windows Subsystem for Linux Is Now Open Source appeared first on The New Stack.

Emily Nicolle / Bloomberg: How the crypto industry is adapting to the recent wave of kidnappings: more extensive security around conferences, a rise in personal bodyguards, and more  —  Pijlman works for an Amsterdam-based firm that provides physical security and intelligence services to cryptocurrency holders …

arXiv:2505.11016v1 Announce Type: new Abstract: Modern software supply chain attacks consist of introducing new, malicious capabilities into trusted third-party software components, in order to propagate to a victim through a package dependency chain. These attacks are especially concerning for the Go language ecosystem, which is extensively used in critical cloud infrastructures. We present GoLeash, a novel system that applies the principle of least privilege at the package-level granularity, by enforcing distinct security policies for each package in the supply chain. This finer granularity enables GoLeash to detect malicious packages more precisely than traditional sandboxing that handles security policies at process- or container-level. Moreover, GoLeash remains effective under obfuscation, can overcome the limitations of static analysis, and incurs acceptable runtime overhead.

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.