Introducing premium accounts to fund the matrix(dot)org homeserver

https://matrix.org/blog/2025/06/funding-homeserver-premium/

#FOSS #Matrix #cybersecurity #privacy

"- A company owned by a Russian network engineer named Vladimir Vedeneev controls thousands of Telegram IP addresses and maintains its servers.

• Vedeneev’s other companies have a history of collaborating with Russia’s defense sector, the FSB security service, and other highly sensitive agencies.

• Because of the way Telegram’s encryption protocols work, even users who use its “end-to-end” encryption features are vulnerable to being tracked by anyone who can monitor its network traffic."

https://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle

#CyberSecurity #Privacy #Telegram #Russia #Encryption #FSB

#Microsoft confirms auth issues affecting #Microsoft365 users

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-auth-issues-affecting-microsoft-365-users/

#cybersecurity

#Signalgate 2.0 proves it - there’s no such thing as a “Backdoor for the Good Guys Only”

https://tuta.com/blog/opinion-signalgate

#cybersecurity #encryption

#VictoriasSecret restores critical systems after #cyberattack

https://www.bleepingcomputer.com/news/security/victorias-secret-restores-critical-systems-after-cyberattack/

#cybersecurity

#Cloudflare: Outage not caused by security incident, data is safe

https://www.bleepingcomputer.com/news/security/cloudflare-outage-not-caused-by-security-incident-data-is-safe/

#cybersecurity

"As AI agents powered by Large Language Models (LLMs) become increasingly versatile and capable of addressing a broad spectrum of tasks, ensuring their security has become a critical challenge. Among the most pressing threats are prompt injection attacks, which exploit the agent’s resilience on natural language inputs — an especially dangerous threat when agents are granted tool access or handle sensitive information. In this work, we propose a set of principled design patterns for building AI agents with provable resistance to prompt injection. We systematically analyze these patterns, discuss their trade-offs in terms of utility and security, and illustrate their real-world applicability through a series of case studies."

https://arxiv.org/html/2506.08837v2

#AI #GenerativeAI #LLMs #PromptInjection #AIAgents #AgenticAI #CyberSecurity

Coming to #Apple OSes: A seamless, secure way to import and export #passkeys

https://arstechnica.com/security/2025/06/apple-previews-new-import-export-feature-to-make-passkeys-more-interoperable/

#cybersecurity

#TrendMicro fixes critical vulnerabilities in multiple products

https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserver/

#cybersecurity

#Password-spraying attacks target 80,000 #Microsoft #EntraID accounts

https://www.bleepingcomputer.com/news/security/password-spraying-attacks-target-80-000-microsoft-entra-id-accounts/

#cybersecurity

#Apple fixes new #iPhone zero-day bug used in #Paragon #spyware hacks

https://techcrunch.com/2025/06/12/apple-fixes-new-iphone-zero-day-bug-used-in-paragon-spyware-hacks/

#cybersecurity

#Graphite #spyware used in #Apple #iOS zero-click attacks on journalists

https://www.bleepingcomputer.com/news/security/graphite-spyware-used-in-apple-ios-zero-click-attacks-on-journalists/

#cybersecurity #Paragon #privacy #journalism

Security habits around the world: A closer look at #password statistics

https://bitwarden.com/blog/a-closer-look-at-password-statistics/

#cybersecurity

#Microsoft #Edge now offers secure #password deployment for businesses

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-now-offers-secure-password-deployment-for-businesses/

#cybersecurity

"AI agents have already demonstrated that they may misinterpret goals and cause some modest amount of harm. When the Washington Post tech columnist Geoffrey Fowler asked Operator, OpenAI’s ­computer-using agent, to find the cheapest eggs available for delivery, he expected the agent to browse the internet and come back with some recommendations. Instead, Fowler received a notification about a $31 charge from Instacart, and shortly after, a shopping bag containing a single carton of eggs appeared on his doorstep. The eggs were far from the cheapest available, especially with the priority delivery fee that Operator added. Worse, Fowler never consented to the purchase, even though OpenAI had designed the agent to check in with its user before taking any irreversible actions.

That’s no catastrophe. But there’s some evidence that LLM-based agents could defy human expectations in dangerous ways. In the past few months, researchers have demonstrated that LLMs will cheat at chess, pretend to adopt new behavioral rules to avoid being retrained, and even attempt to copy themselves to different servers if they are given access to messages that say they will soon be replaced. Of course, chatbot LLMs can’t copy themselves to new servers. But someday an agent might be able to.

Bengio is so concerned about this class of risk that he has reoriented his entire research program toward building computational “guardrails” to ensure that LLM agents behave safely."

https://www.technologyreview.com/2025/06/12/1118189/ai-agents-manus-control-autonomy-operator-openai/

#AI #GenerativeAI #AIAgents #AgenticAI #CyberSecurity #LLMs #Chatbots

#GitLab patches high severity account takeover, missing auth issues

https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity-account-takeover-missing-auth-issues/

#cybersecurity #FOSS

#SmartAttack uses smartwatches to steal data from air-gapped systems

https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/

#cybersecurity #smartwatch #IoT

#Fog #ransomware attack uses unusual mix of legitimate and #OpenSource tools

https://www.bleepingcomputer.com/news/security/fog-ransomware-attack-uses-unusual-mix-of-legitimate-and-open-source-tools/

#cybersecurity #cybercrime

June is BIG for open source 👏

⚡ $9T OSS research
⚡ OpenInfra joins LF
⚡ New Cybersecurity Skills Framework
⚡ Don’t miss #OSSNA

Learn mores: https://www.linuxfoundation.org/blog/linux-foundation-newsletter-june-2025
🎥 Watch the highlights

#LinuxFoundation #OpenSource #OSSNA #AI #CyberSecurity

Abandoned Subdomains from Major Institutions Hijacked for #AI-Generated Spam

https://tech.slashdot.org/story/25/06/12/019221/abandoned-subdomains-from-major-institutions-hijacked-for-ai-generated-spam

#cybersecurity

#ErieInsurance confirms #cyberattack behind business disruptions

https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/

#cybersecurity #insurance

"Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is now rolled out.

This is an extended variant of the prompt injection exfiltration attacks we've seen in a dozen different products already: an attacker gets malicious instructions into an LLM system which cause it to access private data and then embed that in the URL of a Markdown link, hence stealing that data (to the attacker's own logging server) when that link is clicked.

The lethal trifecta strikes again! Any time a system combines access to private data with exposure to malicious tokens and an exfiltration vector you're going to see the same exact security issue.

In this case the first step is an "XPIA Bypass" - XPIA is the acronym Microsoft use for prompt injection (cross/indirect prompt injection attack). Copilot apparently has classifiers for these, but unsurprisingly these can easily be defeated:"

https://simonwillison.net/2025/Jun/11/echoleak/

#AI #GenerativeAI #CyberSecurity #EchoLeak #Microsoft #Microsof365Copilot #ZeroClickVulnerability #LLMs #PromptInjection #Markdown

Brute-force attacks target #ApacheTomcat management panels

https://www.bleepingcomputer.com/news/security/brute-force-attacks-target-apache-tomcat-management-panels/

#Apache #cybersecurity

#OperationSecure disrupts global #infostealer #malware operations

https://www.bleepingcomputer.com/news/security/operation-secure-disrupts-global-infostealer-malware-operations/

#cybercrime #cybersecurity

#Microsoft fixes #WindowsServer auth issues caused by April updates

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-auth-issues-caused-by-april-updates/

#cybersecurity #Windows