New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone,...

Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy also known as...

LLM-Assisted Deanonymization

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of...

TikTok is misusing kids’ data, says privacy watchdog

A group of privacy commissioners in Canada have accused TikTok of scooping up information about hundreds of thousands of children who shouldn't have been on the platform. The Chinese social media giant is also accused of collecting data on Canadian users without properly explaining what it does...

What LLMs Know About Their Users

Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...

Meta sent cease and desist letter over AI training

EU privacy advocacy group NOYB has clapped back at Meta over its plans to start training its AI model on European users' data. In a cease and desist letter to the social networking giant's Irish operation signed by founder Max Schrems, the non-profit demanded that it justify its actions or risk...

Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign

Artificial intelligence AI company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used i...

China, Russia, Iran, and North Korea Intelligence Sharing

Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op: Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have...

Hacktivist Groups: The Shadowy Links to Nation-State Agendas

Hacktivist Groups: The Shadowy Links to Nation-State Agendas By Ernesto Fernández Provecho · December 16, 2024 Introduction Hacktivism, the intersection of hacking and activism, has emerged as a potent force in the digital age. It involves using technology to achieve social or political goals,...

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta on Friday said it's delaying its efforts to train the company's large language models LLMs using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission DPC. The company expressed disappointment at...

Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in...

DarkGate again but... Improved?

DarkGate again but... Improved? By Ernesto Fernández Provecho · June 3, 2024 Executive summary During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans RATs by malicious actors. However, this momentum also required...

North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research...

China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents

China's Ministry of Industry and Information Technology MIIT on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensu...

November 30, 2023—KB5032278 (OS Build 19045.3758) Preview

November 30, 2023—KB5032278 OS Build 19045.3758 Preview 11/16/23 IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2023. There will be a monthly security release for December 2023...

Incorrect fee splitting logic

Lines of code Vulnerability details Impact The fee splitting logic does not properly attribute holder and creator rewards. By splitting fees from the total rather than incrementally, it distorts the proportional rewards earned over time. This could undermine the incentive structures and alignment...

The Need for Trustworthy AI

If you ask Alexa, Amazons voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesnt know. It doesnt take much to make it lambaste the other tech giants, but its silent about its own corporate parents misdeeds. When Alexa responds in this way, its obvious that it is...

How AI Could Write Our Laws

Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there ...

January 19, 2023—KB5019275 (OS Builds 19042.2546, 19044.2546, and 19045.2546) Preview

January 19, 2023—KB5019275 OS Builds 19042.2546, 19044.2546, and 19045.2546 Preview NEW 1/19/23 IMPORTANT After March 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only cumulative monthly securi...

Researchers Identify 3 Hacktivist Groups Supporting Russian Interests

At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of...