North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress

The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on th...

Fake Crypto Exchange Ads on Facebook Spread Malware

Bitdefender exposes Facebook ad scams using fake crypto sites and celebrity lures to spread malware via malicious desktop…...

Fake AI Tools Push New Noodlophile Stealer Through Facebook Ads

Scammers are using fake AI tools and Facebook ads to spread Noodlophile Stealer malware, targeting users with a…...

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app...

Fake SSA Emails Trick Users into Installing ScreenConnect RAT

Cybercriminals are using fake Social Security Administration emails to distribute the ScreenConnect RAT Remote Access Trojan and compromise…...

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims

Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems TDSes. The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS...

Authoring Custom Spin Templates

Learn how to create, distribute, and install custom templates for Spin CLI to boost developer productivity and meet regulatory compliance...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in its unlimited resource distribution, which allows attackers to trigger service interruptions.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in its unlimited resource distribution, which allows attackers to trigger service interruptions.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Whispers of Data: Unveiling Label Distributions in Federated Learning through Virtual Client Simulation

Federated Learning enables collaborative training of a global model across multiple geographically dispersed clients without the need for data sharing. However, it is susceptible to inference attacks, particularly label inference attacks. Existing studies on label distribution inference exhibits...

A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems

Digital twins DTs help improve real-time monitoring and decision-making in water distribution systems. However, their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service DoS, and unauthorized access. Small and medium-sized enterprises SMEs that manage these...

JailbreaksOverTime: Detecting Jailbreak Attacks under Distribution Shift

Safety and security remain critical concerns in AI deployment. Despite safety training through reinforcement learning with human feedback RLHF 32, language models remain vulnerable to jailbreak attacks that bypass safety guardrails. Universal jailbreaks - prefixes that can circumvent alignment fo...

DLA-4138-1 distro-info-data - database update

Bulletin has no description...

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry – BlockNovas LLC...

Revisiting Data Auditing in Large Vision-Language Models

With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...

Faraday 5.13.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

CVE-2025-0639

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

Avoiding Leakage Poisoning: Concept Interventions under Distribution Shifts

In this paper, we investigate how concept-based models CMs respond to out-of-distribution OOD inputs. CMs are interpretable neural architectures that first predict a set of high-level concepts e.g., stripes, black and then predict a task label from those concepts. In particular, we study the impa...

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it...

AiXamine: Simplified LLM Safety and Security

Evaluating Large Language Models LLMs for safety and security remains a complex task, often requiring users to navigate a fragmented landscape of ad hoc benchmarks, datasets, metrics, and reporting formats. To address this challenge, we present aiXamine, a comprehensive black-box evaluation...