A Survey of Agentic AI and Cybersecurity: Challenges, Opportunities and Use-Case Prototypes

Agentic AI marks an important transition from single-step generative models to systems capable of reasoning, planning, acting, and adapting over long-lasting tasks. By integrating memory, tool use, and iterative decision cycles, these systems enable continuous, autonomous workflows in real-world...

New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA

Financial organizations in the Asia-Pacific APAC and Middle East and North Africa MENA are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said in a technical report published...

TripleCross - A Linux eBPF Rootkit With A Backdoor, C2, Library Injection, Execution Hijacking, Persistence And Stealth Capabilities.

TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON...

SilkETW: Because Free Telemetry is … Free!

Over time people have had an on-again, off-again interest in Event Tracing for Windows ETW. ETW, first introduced in Windows 2000, is a lightweight Kernel level tracing facility that was originally intended for debugging, diagnostics and performance. Gradually, however, defenders realized that ET...

Defenders Need to Embrace Offensive Computer Security Skillsets

MIAMI—Defense may win football championships, but it gets steamrolled in computer security arenas. “A dollar of offense beats a dollar of defense,” said Nate Fick, CEO of Endgame Inc., on Thursday during his keynote address at Infiltrate Conference. Fick’s talk in front of an audience of exploit...

Dan Geer: Security at the Forefront of Policy Decisions

LAS VEGAS – Dan Geer carried his version of computer security’s Ten Commandments to a rapt Black Hat 2014 audience today, offering up 10 personal recommendations and observations related to the current state of security in the context of government surveillance and eroding privacy. Adorned in...

Cyberwar Name Game a Dangerous Play

SAN JUAN, Puerto Rico – The term “cyberwar” is the “zero day” of security jargon; it’s getting so that every bug is a zero day and every attack is hash-tagged cyberwar. This serves only to distract smart people from making smart decisions. Too much brainpower and bandwidth is being wasted on...

NATO Looks to Team With India To Fight Cybercrime

The North Atlantic Treaty Organization NATO is looking to enlist the help of India when it comes to contending with cyber threats from China, according to a recent report. According to a piece in the Economic Times, NATO hopes to strengthen its ties with the Southeast Asia republic, citing its...

Clarke: Public Dialogue Needed on Cyberwar

Richard Clarke, a former top adviser on information security and terrorism in the Bush White House, is calling for Barack Obama to initiate an open public dialogue on the use of offensive and defensive information warfare capabilities and what the consequences of a cyberwar could be for the...

Clarity needed on cyberwar plans, study says

From The New York Times John Markoff and John Shanker A study conducted by the National Academy of Sciences found that the United States military needs to create an open, public dalogue to clarify its plans around using offensive weapons in cyberspace. The study also recommends that the military...

U.S. needs to investigate cyberweapons

Despite what you may have seen on 24 or read in Tom Clancy’s novels, the United States is well behind much of the rest of the world in developing both defensive and offensive cybersecurity capabilities, and that’s a deficit that may end up costing us dearly in the long run, according to a longtim...