Poems Can Trick AI Into Helping You Make a Nuclear Weapon

It turns out all the guardrails in the world won’t protect a chatbot from meter and rhyme...

Anthropic Has a Plan to Keep Its AI From Building a Nuclear Weapon. Will It Work?

Anthropic partnered with the US government to create a filter meant to block Claude from helping someone build a nuke. Experts are divided on whether its a necessary protection—or a protection at all...

CVE-2025-29594

A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $GET'errorcode' parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scriptin...

The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come

The design of the gun police say they found on the alleged UnitedHealthcare CEO’s killer—the FMDA or “Free Men Don’t Ask”—was released by a libertarian group...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425-WonderCMS-Authenticated-RCE Description Won...

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. "The threat actors used malicious websites to impersonate well-known brands,...

NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders

Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-cli...

The Enduring Danger of Russia’s Cluster Bombs in Ukraine

A brief history and the ramifications of cluster bombs, history’s most indiscriminate weapon...

New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally

A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world. Dubbed th...

Vulnerabilities in Weapons Systems

"If you think any of these systems are going to work as expected in wartime, youre fooling yourself." That was Bruces response at a conference hosted by US Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the Internet. That...

Russia Tested a Space Weapon Last Week

Twitter hack details, a botnet vigilante, and more of the week's top security news...

Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies

SMBv3 "Wormable" RCE Without a doubt, the hottest Microsoft vulnerability in March 2020 is the "Wormable" Remote Code Execution in SMB v3 CVE-2020-0796. The most commonly used names for this vulnerability are EternalDarkness, SMBGhost and CoronaBlue. There was a strange story of how it was...

The Marines’ New Drone-Killer Aces Its First Test in Iran

Last week’s US strike of an Iranian drone is the first reported successful use of the Marines’ new energy weapon...

Valve: Unchecked weapon id in WeaponList message parser on client leads to RCE

Let's look at WeaponList message parser code in the HLSDK: cpp int CHudAmmo::MsgFuncWeaponListconst char pszName, int iSize, void pbuf BEGINREAD pbuf, iSize ; WEAPON Weapon; strcpy Weapon.szName, READSTRING ; Weapon.iAmmoType = intREADCHAR; Weapon.iMax1 = READBYTE; if Weapon.iMax1 == 255...

Pentagon Expands Bug-Bounty Program to Include Physical Systems

The Department of Defense is expanding its “Hack the Pentagon” bug-bounty program to include hardware assets, tapping the Synack, HackerOne and Bugcrowd platforms to attract more white hats to the effort. The news comes two weeks after the Government Accountability Office GAO released a report...

Security Vulnerabilities in US Weapons Systems

The US Government Accounting Office just published a new report: "Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities" summary here. The upshot won't be a surprise to any of my regular readers: they're vulnerable. From the summary: Automation and connectivi...

Lucy Gang Debuts with Unusual Android MaaS Package

There’s a fresh bloom in the malware-as-a-service garden: Researchers have uncovered a new Russian-speaking threat actor hawking a proprietary cyber-weapon dubbed “Black Rose Lucy.” The offering is a malware-as-a-service MaaS bundle with two parts, consisting of a controlling web interface which...

Reverse Engineering the Cuban Sonic Weapon

Interesting analysis and speculation...

Wannacry depth of analysis: the first stage tasksche-vulnerability warning-the black bar safety net

WannaCry ransomware is a 2017 of the most popular ransomware, which uses a Microsoft vulnerability in the global range attacks make the world more than 100 countries, hundreds of thousands of users by the impact. Has a global range of network security education for all. As a security industry...

Misuse of Language: 'Cyber'

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter. The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their...