Cybersecurity Is Dead – PSW #898

Paul Asadoorian

1. OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks
2. “ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT – LayerX
3. Reversing Bluetooth Packets for Smart Home Device Freedom
4. cisco-ai-defense/mcp-scanner: Scan MCP Servers for vulnerabilities
5. Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office
6. Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter
7. Bytes over DNS – SANS Internet Storm Center
8. CVE-2025-52263 – Startcharge Artemis AC Charger Firmware Upload Vulnerability (Arbitrary Code Execution)
9. Look At This Photograph – Passively Downloading Malware Payloads Via Image Caching
10. Adventures in EM Side-channel Attacks
11. Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques
12. The security paradox of local LLMs – Quesma Blog
13. Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers
14. The YouTube Ghost Network: How Check Point Research Helped Take Down 3,000 Malicious Videos Spreading Malware – Check Point Blog
15. Using Ghidra to patch my keyboard’s firmware
16. GoSpoof – Turning Attacks into Intel – Black Hills Information Security, Inc.

    This looks like an awesome tool to play with: "GoSpoof is a modern Golang-based cyber deception and honeypot tool designed to both frustrate attackers and empower SOC teams with actionable intelligence. It evolved from the older Portspoof utility, adding advanced logging, attack analysis, persistent service deployment, and a web-based dashboard for threat visibility."

17. Ex-CISA chief says AI could mean the end of cybersecurity

    I think we have a long way to go before this is a reality: "Ex-CISA head Jen Easterly claims AI could spell the end of the cybersecurity industry, as the sloppy software and vulnerabilities that criminals rely on will be tracked down faster than ever....That includes through detection, countermeasures, and learning from attacks, but also identifying vulnerabilities and ensuring software is secure by design. Ultimately, she said, "if we're able to build and deploy and govern these incredibly powerful technologies in a secure way, I believe it will lead to the end of cybersecurity." By which she meant that a security breach would be an anomaly, not a cost of doing business."

18. Introduction – Developing UEFI with Rust

    I think this a great project and will help improve the security of UEFI. However, there are already millions of systems and a deep supply chain running and distributing UEFI software written in C and based on the EDKII reference implementation. Rust cannot solve that problem and it would take an eternity to replace all the current UEFI systems.

19. After 35 Years, a Solution to the CIA’s Kryptos Puzzle Has Been Found

    Amazing story! Someone found the answer, but not the way you would think...

20. BIND 9 Cache Poisoning via Unsolicited Answer Records (CVE-2025-40778)

    This could be interesting, especially when paired with auto-update devices that do not cryptographically validate the firmware/software images...

21. O(N) the Money: Scaling Vulnerability Research with LLMs

    To Easterly's point, this research is amazing: "“O(N) the Money: Scaling Vulnerability Research with LLMs” describes a novel approach for scaling vulnerability discovery and prioritization in cybersecurity using large language models (LLMs) and listwise document ranking algorithms. The talk, delivered at Offensive AI Con 2025, introduces two open-source tools: Slice, for build-free static analysis, and Raink, for efficient ranking of arbitrary data sets, which together facilitate the identification and prioritization of high-impact vulnerabilities in massive codebases and datasets."

22. CVE-2025-59287 WSUS Remote Code Execution

    "CVE-2025-59287 is a critical remote code execution vulnerability in Microsoft Windows Server Update Services (WSUS). The flaw is caused by unsafe deserialization of data from an encrypted AuthorizationCookie sent to the GetCookie endpoint. Attackers can craft malicious data, encrypt it to match what the server expects, and submit it as a request. When the server decrypts and deserializes the cookie, it processes the attacker's payload, allowing arbitrary code execution as SYSTEM—without needing authentication. In short: an attacker submits a maliciously crafted, encrypted cookie to WSUS, and the server’s insecure deserialization leads to full remote takeover." Well, if you are still using WSUS, you had better come up with a different plan. Some more details:

    • WSUS (Windows Server Update Services) was introduced by Microsoft in 2005 to help organizations centrally manage and distribute Windows updates. As of late 2025, WSUS is still supported for in-market products—Microsoft ended new development starting with Windows Server 2025, but security updates and core support continue for now, especially in enterprise environments.
    • A critical security patch for CVE-2025-59287 is available: Microsoft released an urgent out-of-band update on October 23, 2025, after reports of active exploitation; administrators are urged to apply the patch immediately.
23. RF-Clown v2: The Wireless Beast Just Got a Turbo Boost

    open-source BLE and Bluetooth jammer, I want one. AI suammry: "RF-Clown v2 is an upgraded open-source wireless tool built around the ESP32-WROOM-32U MCU, designed for enhanced RF experimentation and attack scenarios. The main improvements over version 1 include a triple-radio array of GT24 Mini (NRF24 compatible) transceivers for significantly extended coverage, upgraded antennas for greater signal range, and an OLED user interface with three tactile switches for structured, menu-driven control and live feedback. The device is outfitted with robust hardware features: an 8 dBi external antenna setup via four IPEX extension cables, single-cell LiPo battery managed by a TP4056 charger, LF33 3.3V regulator, and integrated NeoPixel for dynamic status alerts. The PCB layout and thermal management were carefully considered, adding heatsinks to the radios to address heat buildup during intense use. RF-Clown v2’s capabilities include effective Wi-Fi and BLE disruption—as shown in tests where Wi-Fi access and video feeds were instantly disabled when the device was activated. The project remains fully open-source, with documentation, code, and schematics available via GitHub, allowing others to freely build, modify, and extend the platform. The design prioritizes performance and expandability, with the only major drawback being the increased heat generated by the triple-radio configuration, which is addressed by hardware modifications."

24. Security Advisory Bulletin 056

    "A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later." - This sounds bad. It's authentication bypass at its finest. If you can access the API without authentication, you can do everything the web application can do, but without providing authentication. This is like one of the first things I check when looking at a web app on a device...

25. Announcing The 2025 Hackaday Superconference Communicator Badge

    This is a really cool badge, AI summary: "The 2025 Hackaday Superconference Communicator Badge is an open source, hackable conference badge engineered to foster mesh networking and community interaction at Supercon. Its standout feature is a dense, custom-built hardware mesh network powered by SX1262 LoRa modules that enable badges to both listen and relay messages on chosen topical channels, creating a badge-hosted IRC-like system with high connectivity for conference attendees. The badge sports a custom hardware keyboard inspired by classic portable computers, utilizing dome-switch sheets and a TC8418 I2C keyboard matrix multiplexer. An ESP32-S3 microcontroller sits at the core with 8 MB PSRAM and 16 MB Flash, supporting WiFi, Bluetooth, and various badge functions. It features a unique LCD with a specialist driver and a bring-your-own antenna design for flexible radio experimentation."

26. Mem3nt0 mori – The Hacking Team is back!

    Not only is Hacking Team back, but they are using Leetspeak malware: "The primary spyware used was termed LeetAgent, notable for its leetspeak C2 commands and built-in keylogging, file stealing, and task execution capabilities. LeetAgent’s configuration and communication are obfuscated, and the C2 often used Fastly.net infrastructure for additional payloads. In more advanced attacks from this actor, a sophisticated commercial spyware named Dante—developed by Memento Labs (formerly Hacking Team)—was also deployed. Dante features strong anti-analysis and anti-sandboxing measures, code and string obfuscation, and persistence mechanisms. Its modules are stored locally and encrypted with AES-256, keyed and IV’d using device-unique information such as the CPU identifier and Windows Product ID"

27. New TP-Link Router Vulnerabilities: A Primer on Rooting Routers

    Amazing: "We implemented a ‘normalizer’ script to revert these changes to standard Lua bytecode conventions. After normalizing the headers and tags, decompilers produced correct output and numeric constants decoded properly. With readable Lua source, we resumed auditing LuCI for logic and input-validation issues that led to further vulnerabilities." - Lots more going on here, however, I just really appreciate the effort they went through to be able to read the Lua code!

28. TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware

    This sounds like it was A LOT of work: "This vulnerability disclosure was uniquely challenging because the most popular fork (tokio-tar, with over 5 million downloads on crates.io) appears to be abandonware – no longer actively maintained. In a standard disclosure, a single patch is applied to the main upstream repository, and all downstream users inherit the fix. Because we could not rely on the original project maintainers to apply the fix, we were forced to coordinate a decentralized disclosure across a deep and complex fork lineage"

29. Russian bill would require all researchers to report bugs to the FSB

    AI Summary: "Russian lawmakers are drafting a controversial bill that would require all security researchers and firms to report software vulnerabilities to both vendors and Russian authorities, giving agencies like the FSB oversight of disclosure. The bill introduces criminal penalties for failing to report, mandates registries for bug bounty participants—forcing real-name registration—and aims to regulate all aspects of the white-hat ecosystem, from hobby researchers to corporate programs. Many in the Russian infosec community are pushing back, fearing safety risks and misuse of their data. The move follows China’s 2021 vulnerability law, raising concerns Russia may also leverage reports for offensive operations. The bill is expected to reach parliament by year’s end, with significant industry opposition still unresolved.​" - There is a lot of low-level code vulnerabilities that have been disclosed by Russian researchers over the years. This would be bad.

30. Vibecoding and the illusion of security

    AI summary: "AI-generated code may appear secure, but often misses critical protections and can be fundamentally insecure unless guided closely by security experts. The author tested LLM-assisted coding by building a “secure” 2FA login app, then examined the resulting implementation for real security flaws. While the LLM-generated app featured a seemingly robust 2FA flow, code review immediately revealed a lack of rate limiting, enabling trivial brute force attacks."

Jeff Man

1. From Amazon to Microsoft, tech layoffs to affect over 80,000 amid AI-led restructuring

   E-commerce giant Amazon on 28 October said that it is laying off 14,000 employees as it seeks to reduce bureaucracy and increase investment in artificial intelligence (AI), according to reports. How does/will this impact the cybersecurity industry?

2. More Than 10 Million Patients Affected by Conduent Business Solutions Data Breach

   Not exactly news - other than the appearance of this article in the HIPAA Journal. This article is also light on details, but the breach started about a year ago and lasted for three months.

3. Sweden’s power grid operator confirms data breach claimed by ransomware gang

   Thought this might be up Paul's alley, but then it's just a ransomware attack...still it's a critical infrastructure breach.

4. OPM bringing protections for data breach victims to an end

   I was a "victim" of this breach (I'm sure many of you were as well). I never actually signed up for this identity protection service, but if you did - you should have received notice that it's ending. #PSA

5. 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation

   Well, I don't play Roblox...but my grandkids do. How do we educate folks about youtube security???

6. Ex-CISA head thinks AI might fix code so fast we won’t need security teams

   To clarify, Jen Easterly claims that AI could spell the end of the cybersecurity industry. I'm not quite sure that's a bad thing...

Larry Pesce

1. Chrome to Make HTTPS Mandatory by Default in 2026
2. FULU Bounty Platform Bounties
3. Robot Phone Home…Or Else
4. Connector identification online – The electronic connector book
5. Shove your DMCA claim up your ass, HAK5 · ReFirmLabs/binwalk@54ca1d8
6. School’s AI system mistakes a bag of chips for a gun
7. No Key, No Problem: Vulnerabilities in Master Lock Smart Locks

Lee Neely

1. QNAP warns of critical ASP.NET flaw in its Windows backup software

   QNAP has published a security advisory describing the how a critical ASP.NET Core vulnerability (CVE-2025-55315) recently disclosed by Microsoft may affect QNAP's NetBak PC Agent, which "installs and depends on Microsoft ASP.NET Core components during setup." QNAP urges users to make sure they have installed the most up-to-date version of ASP.NET Core on their Windows systems. CVE-2025-55315 is a security bypass issue that was detected in the Kestrel ASP.NET Core web server, and "allows an authorized attacker to bypass a security feature over a network" via "HTTP Request/Response Smuggling." Microsoft addressed the vulnerability, which has the highest known severity rating ever for an ASP.NET Core vulnerability, in mid-October.

   In addition to applying the update from Microsoft which addresed CVE-2025-55315, you need to update the ASP.NET Core Runtime on systems running NetBak PC Agent. You can do that either by reinstalling the NetBak PC Agent or by downoading/installing the latest ASP.NET Core Runtime from the .NET 8.0 download page.

2. Key IOCs for Pegasus and Predator Spyware Cleaned With iOS 26 Update

   Researchers at iVerify have observed that iOS 26 purges evidence of Pegasus and Predator spyware infections due to the way the shutdown[.]log file is managed. iVerify writes, "For years, the shutdown.log file has been an invaluable, yet often overlooked, artifact in the detection of iOS malware. Located within the Sysdiagnoses in the Unified Logs section (specifically, Sysdiagnose Folder -> system_logs.logarchive -> Extra -> shutdown.log), it has served as a silent witness to the activities occurring on an iOS device, even during its shutdown sequence." Certain types of spyware have been found to leave "subtle traces" in this file, which then serves as an indicator of compromise. With the introduction of iOS 26, the operating system now overwrites the shutdown[.]log file on every device reboot. Earlier versions of iOS appended new entries, preserving older data.

   You shuold be testing iOS 26 and filing feedback/bug reports with Apple. Check behavior in both the released version and the public beta. iOS 26.1 Public Beta 4 is available today. Beyond the ovrewrite of this log, which is likely unintended, some UI changes, such as relocaiton of search boxes, or changes to message filtering, may be frustrating to users, but without feedback Apple cannot address them.

3. A single point of failure triggered the Amazon outage affecting millions

   Amazon has published a post-event summary of the AWS outage that impacted the US-EAST-1 region data center on Monday, October 20, 2025, disrupting sites and online services worldwide. Beginning at 2:48 a.m. EDT, there were increased API error rates in DynamoDB; later in the morning the Network Load Balancer (NLB) experienced increased connection errors, EC2 instance launches were failing, and "customers experienced API errors and latencies for Lambda functions." Amazon has determined that "The incident was triggered by a latent defect within the service’s automated DNS management system that caused endpoint resolution failures for DynamoDB."

   In short the problemmatic components have been disabled and work is underway to improve them to prevent recurrence. For once, it really was DNS. You may need to summarize the report for management asking what happened. Follow that up with a plan for no single points of failure; meaning multi-region network designs, diverse dependencies and incident response readiness,  to contain, not eliminate, failures. 

   Amazon Report: https://aws.amazon.com/message/101925/

4. CISA releases warning about Windows Server Update Service bug, orders agencies to patch

   Late last week, Microsoft released an unspecified scheduled update to address a critical deserialization of untrusted data vulnerability in Windows Server Update Service (WSUS) (CVE-2025-59287). An earlier update did not fully mitigate the existing issue, which affects Windows Server 2012, 2016, 2019, 2022, and 2025, and the vulnerability has been actively exploited. On Friday, October 24, 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to the Known Exploited Vulnerabilities (KEV) catalog with a mitigation deadline of November 14, 2025 for Federal Civilian Executive Branch (FCEB) agencies.

   here is exploit code circulating for CVE-2025-59287, which has a CVSS score of  9.8, and you have to reboot servers after applying the update. You're going to need to apply the update to all your Windows Servers, starting with those which have the WSUS Server role enabled. The update is cumulative, so, if you didn't apply the Windows Security Updates from October 14th, you can apply this instead. Make sure the WSUS ports (8530 and 8531) are not Internet accessible. While the KEV has a remediation due date of November 14th, active exploitation suggests it's unwise to wait that long to take action.

5. Sweden’s power grid operator confirms data breach claimed by ransomware gang

   Swedish electricity transmission system operator Svenska Kraftnäts has confirmed that they suffered a data breach resulting in the theft of information. The organization is investigating what information was compromised. According to a company statement, "the breach involved a limited, external file transfer solution."

   xternal file transfer systems are an integral part of moving to hosted and cloud services and shuold be considered critical infrastructure which threat actors will not hesitate to leverage to exfiltrate your data.  In this case the Everest ransomware gang is claiming to have 280 GB of data. Make sure that you are not only implementing security best practices with your file transfer systems but that you're actively monitoring for malfesience. Verify that unencrypted protocols cannot be enabled or fallen back to. Investigate the practicality of additionally encrypting the tranferrred files themselves; and don't store or transfer the keys in the transfer system.

6. Wordfence Blocked 8.7 Million Attempts to Exploits Known Vulnerabilities in Two WordPress Plugins

   Wordfence says that on October 8 and 9, it blocked 8.7 million attempts to exploit known critical vulnerabilities affecting the GutenKit and Hunk Companion WordPress plugins. The vulnerabilities, CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972, can all be exploited to achieve remote code execution. CVE-2024-9234, "a missing capability check on the installandactivatepluginfrom_external() function (install-active-plugin REST API endpoint)"  issue, allows arbitrary file uploads; it affects the GutenKit plugin up through version 2.1.0. CVE-2024-9707 and CVE-2024-11972 are missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint issues that could lead to unauthorized plugin installation/activation in the Hunk Companion WordPress plugin. CVE-2024-9707 affects Hunk Companion up through version  1.8.4; CVE-2024-11972 affects Hunk Companion up through version  1.8.5. Users are urged to update to the most recent version of both the GutenKit and Hunk Companion plugins, which have 40,000 and 8,000 active installations, respectively.

   WordPress plugin flaws continue to be blood in the water for attackers. Make sure that you're stacking the deck in your favor by not only automatically updating plugins, WordPress and Themes, but you also have a WAF which is being updated to keep abrest of attacks.  Follow up on any reported issues and watch for plugins which only update when licensed. Take it as a given the license cost will be less than the cost of recovery from an incident.

7. New Firefox Extensions Required to Disclose Data Collection and Sharing

   Mozilla has announced a new policy requiring Firefox extensions to disclose whether they collect and/or transmit personal data. Starting Monday, November 3, 2025, "all new Firefox extensions will be required to specify if they collect or transmit personal data in their manifest.json file using the browserspecificsettings.gecko.datacollectionpermissions key." While the requirement applies to new extensions only at first, the policy will be rolled out to all extensions during the first half of 2026.

   Initially only new extensions, not updates to existing ones, are required to implement the new consent. As this rolls out, eventually being required by all extensions, those extensions which don't properly implement the datacollectionpermssions key will be prevented from being submitted to addons.mozilla.org for signing with a message explaining why.  Your data collection settings will be viewable on the Firefox about:addons page permissions tab for each extension.

8. US declines to join more than 70 countries in signing UN cybercrime treaty

   Officials from 72 countries signed the United Nations Convention against Cybercrime, a treaty first proposed by Russia in 2017 to succeed 2001's Budapest Convention, and adopted by the UN in December 2024. The Convention's stated scope is "to prevent and combat the offences established by the Convention, recover the proceeds of these offences, and strengthen international cooperation, particularly in sharing electronic evidence across borders for both Convention-related offences and for other serious crimes.”

   This is the first global treaty to criminalize crimes dependant on the Intenet and recognize the non-consentual distribution of intimate images as an offense. It seeks to create a cross border regime to monitor store and share, cross border, infomation and evidence needed to thwart cybercrime. The risks are  cybersecurity research cuold be criminalized and that level of surveylance will be capturing both illegal and legal activity, driving a need for governance and proection of individal freedoms. The US is still reviewing the treaty and has not signed yet.

9. Counter Ransomware Initiative stresses importance of supply-chain security

   The International Counter Ransomware Initiative (CRI) has published "Guidance for organisations to build supply chain resilience against ransomware," following the group's 2025 summit. Last year's summit called for insurance companies to stop paying ransomware demands. The new supply chain guidance was developed by CRI's policy leads, the UK and Singapore. "The guidance aims to reduce the likelihood of a ransomware incident having a critical effect on an organisation by: a. Raising awareness of the ransomware threat across an organisation’s supply chain; b. Promoting good cyber hygiene to protect supply chains, [and] c. Ensuring supply chain vulnerabilities are factored into an organisation’s risk assessment and decisions, including on procurement." The guidance aims "to help organisations develop an approach to improve their supply chain security posture against ransomware risks" by understanding the importance of supply chain security; identifying supply chain partners, the level of access those partners  have to data, and the partners' security posture.

   Supply chain security requires third-party security as well as an ongoing understanding of your Software, Hardware and Firmware bill of materials so you know what risks are involved. Start with third-party security, knowing and verifying their access and security posture, and how that ties to your systems, then move on to components you use and trust. Don't forget to review this regularly, particularly after a merger or acquisition. As Paul Asadoorian said "The most dangerous vulnerabiliteis often hide in components we trust the most."

Sam Bowne

1. Largest study of its kind shows AI assistants misrepresent news content 45% of the time – regardless of language or territory

   AI assistants routinely misrepresent news content. 45% of all AI answers had at least one significant issue. Gemini performed worst with significant issues in 76% of responses, more than double the other assistants.

2. Tinder to expand face verification tech to more states

   Tinder will soon require users in more states to use a facial verification tool by providing a video selfie. The videos are erased after an account is verified, but the dating app keeps what it calls a "non-reversible, encrypted face map and face vector" on hand to prevent duplicate accounts, detect fraud and verify new photos.

3. America’s Cyber Resiliency in 2025: Lessons from the Fifth CSC 2.0 Annual Assessment

   The US government is losing cybersecurity protections for the first time in its history. Almost a quarter of recommendations made by the Cyberspace Solarium Commission have lost their "fully implemented" status this year. CSC 2.0 members blame the regression on the loss of manpower at CISA and the rest of the US government.

4. US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer

   Peter Williams was the general manager at Trenchant, a division of defense contractor L3Harris that develops hacking and surveillance tools for Western governments. He apparently leaked hacking tools to a Russian, earning $1.3 million. Williams is not currently in federal custody.

5. Collins Aerospace Hit Twice: 2022 Infostealer Infection Enabled a Separate Breach

   Details of the EU airport hack. Weak FTP credentials stolen in 2022 let the attackers in. The first attackers, named Everest, say they did not use ransomware. However, a second attacker came in and deployed ransomware.

6. Are You Compromised?

   Hudson Rock is an interesting threat intel vendor, gathering data stolen by infostealers. They reportedly purchase the data from threat actors. However they get it, it's interesting data and they have a free report page showing the stolen credentials for a domain.

7. iOS 26 change deletes clues of old spyware infections

   Apple is now rewriting the shutdown.log file after every device reboot, instead of appending new data at the end. This is removing older log entries that contain indicators of compromise with spyware families such as NSO's Pegasus and Intellexa's Predator.

8. OpenAI Atlas Omnibox Prompt Injection: URLs That Become Jailbreaks

   A malformed URL is interpreted as a command to the AI, and can perform dangerous actions like deleting files. Recommended mitigations are to reject malformed URLs and give the agent fewer privileges--these are not likely to do much good. Prompt injection remains a huge, unsolved risk.

9. Fake number, real damage: Europol urges action against caller ID spoofing

   Europol is calling for a coordinated European response to tackle caller ID spoofing-- when criminals falsify the information displayed on phones, making numbers appear legitimate to deceive victims. They are calling for bettter mechanisms to trace fraudulent calls, verify legitimate caller IDs, and block deceptive traffic.

10. Armed police handcuff teen after AI mistakes crisp packet for gun in US

    He had Doritos, not a gun. "Police showed up, like eight cop cars, and then they all came out with guns pointed at me talking about getting on the ground," 16-year-old Baltimore pupil Taki Allen told local outlet WMAR-2 News.

11. Ransomware profits drop as victims stop paying hackers

    The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands. The average and median ransomware payments fell in Q3 compared to the previous quarter, reaching $377,000 and $140,000, respectively. The shift may reflect large enterprises revising their ransom payment policies and recognizing that those funds are better spent on strengthening defenses against future attacks.

12. Organizations are years behind in patching Cisco ASA and VPN devices

    Researcher Kevin Beaumont performed wide version scans of ASA appliances and found that most are never patched.

13. Hacking India’s largest automaker: Tata Motors

    AWS keys in the source code of the website, unprotected API, other exposed secrets. Outrageous Security 101 errors.

14. “ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT

    They tested many phishing attacks, and Atlas only stopped 6% of them, while Edge and Chrome stopped 50% of them. Other AI bnrowsers, Comet, Dia, and Genspark were similarly vulnerable. Also the effects of phishing were larger, since a CSRF request can add malicious instructions into the ChatGPT history. This leaves persistent malware like a rootkit in ChatGPT, affecting future sessions.

15. Zenni’s Anti-Facial Recognition Glasses are Eyewear for Our Paranoid Age

    It works by adding a pink sheen to the surface of the glasses that reflects the infrared light used by some facial recognition cameras. It’s impossible to open an iPhone with FaceID while wearing them and they black out the eyes of the wearer in photos taken with infrared cameras.