Cybersecurity

What a decade of data tells us about the state of open source security, via @TechRadar. #OpenSource #CyberSecurity #OSSRA #Tech #Technology https://flip.it/ITrry9

542

5

Malicious #npm Packages Infect 3,200+ #Cursor Users With Backdoor, Steal Credentials (mastodon.thenewoil.org)

submitted 2 months ago by thenewoil@mastodon.thenewoil.org to c/cybersecurity@fedia.io

0 comments fedilink

Malicious #npm Packages Infect 3,200+ #Cursor Users With Backdoor, Steal Credentials

https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

#cybersecurity #malware #AI #Apple #Mac #macOS

543

2

#iClicker site hack targeted students with #malware via fake #CAPTCHA (mastodon.thenewoil.org)

submitted 2 months ago by thenewoil@mastodon.thenewoil.org to c/cybersecurity@fedia.io

0 comments fedilink

#iClicker site hack targeted students with #malware via fake #CAPTCHA

https://www.bleepingcomputer.com/news/security/iclicker-hack-targeted-students-with-malware-via-fake-captcha/

#cybersecurity #education

544

2

Can an #MCP-Powered #AI Client Automatically Hack a Web Server? (mastodon.thenewoil.org)

submitted 2 months ago by thenewoil@mastodon.thenewoil.org to c/cybersecurity@fedia.io

1 comments fedilink

Can an #MCP-Powered #AI Client Automatically Hack a Web Server?

https://it.slashdot.org/story/25/05/11/0027236/can-an-mcp-powered-ai-client-automatically-hack-a-web-server

#cybersecurity

545

16

Yours truly just popped up on ITV News, offering some advice on the latest from Marks & Spencer on its cyberattack. Nina Hossein told me that she could read the titles on the books behind me - eek! (mastodon.green)

submitted 2 months ago by gcluley@mastodon.green to c/cybersecurity@fedia.io

0 comments fedilink

Yours truly just popped up on ITV News, offering some advice on the latest from Marks & Spencer on its cyberattack. Nina Hossein told me that she could read the titles on the books behind me - eek!

https://youtube.com/watch?v=6y-X9nKs9Ac&feature=shared

#cybersecurity #ransomware #databreach

546

1

Fake #AI video generators drop new #Noodlophile #infostealer #malware (mastodon.thenewoil.org)

submitted 2 months ago by thenewoil@mastodon.thenewoil.org to c/cybersecurity@fedia.io

0 comments fedilink

Fake #AI video generators drop new #Noodlophile #infostealer #malware

https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-drop-new-noodlophile-infostealer-malware/

#cybersecurity

547

21

If you're creating an application that displays URLs to users (chat app for example), please make sure to apply spoof checks to avoid use of UTF-8 confusables in IDN homograph attacks. You may want to (infosec.exchange)

submitted 2 months ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io

0 comments fedilink

If you're creating an application that displays URLs to users (chat app for example), please make sure to apply spoof checks to avoid use of UTF-8 confusables in IDN homograph attacks. You may want to block URLs with hostnames that get flagged, or display them in #punycode instead.

As an example, see https://github.com/chromium/chromium/tree/main/components/url_formatter/spoof_checks

In particular https://github.com/chromium/chromium/blob/8e070073d47861b8bfc7548dce8fcfc708a356fb/components/url_formatter/spoof_checks/idn_spoof_checker.cc#L177 is quite interesting read.

#cybersecurity #infosec

548

4

"Encrypted chat apps like Signal and WhatsApp are one of the best ways to keep your digital conversations as private as possible. But if you’re not careful with how those conversations are backed up, (tldr.nettime.org)

submitted 2 months ago by remixtures@tldr.nettime.org to c/cybersecurity@fedia.io

0 comments fedilink

"Encrypted chat apps like Signal and WhatsApp are one of the best ways to keep your digital conversations as private as possible. But if you’re not careful with how those conversations are backed up, you can accidentally undermine your privacy.

When a conversation is properly encrypted end-to-end, it means that the contents of those messages are only viewable by the sender and the recipient. The organization that runs the messaging platform—such as Meta or Signal—does not have access to the contents of the messages. But it does have access to some metadata, like the who, where, and when of a message. Companies have different retention policies around whether they hold onto that information after the message is sent.

What happens after the messages are sent and received is entirely up to the sender and receiver. If you’re having a conversation with someone, you may choose to screenshot that conversation and save that screenshot to your computer’s desktop or phone’s camera roll. You might choose to back up your chat history, either to your personal computer or maybe even to cloud storage (services like Google Drive or iCloud, or to servers run by the application developer)."

https://www.eff.org/deeplinks/2025/05/back-it-back-it-let-us-begin-explain-encrypted-chat-backups

#CyberSecurity #Privacy #Encryption #Messaging #Signal #WhatsApp

549

4

There are security protections, and then there are strong security protections. How to turn on Lockdown Mode for your iPhone and Mac, from @TheVerege: (flipboard.social)

submitted 2 months ago by TechDesk@flipboard.social to c/cybersecurity@fedia.io

0 comments fedilink

There are security protections, and then there are strong security protections. How to turn on Lockdown Mode for your iPhone and Mac, from @TheVerege@flipboard.com:

https://flip.it/xzuEi5

#Tech #iPhone #Mac #CyberSecurity #Privacy

550

3

How #Signal, #WhatsApp, #Apple, and #Google Handle Encrypted Chat Backups (mastodon.thenewoil.org)

submitted 2 months ago by thenewoil@mastodon.thenewoil.org to c/cybersecurity@fedia.io

0 comments fedilink

How #Signal, #WhatsApp, #Apple, and #Google Handle Encrypted Chat Backups

https://www.eff.org/deeplinks/2025/05/back-it-back-it-let-us-begin-explain-encrypted-chat-backups

#cybersecurity #privacy

Cybersecurity

Rules

Community Rules