今日已更新 339 条资讯 | 累计 19899 条内容
关于我们

标签:#cybersecurity

找到 163 篇相关文章

AI 资讯

Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats

Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats We used to build security systems assuming the attacker was human. That assumption just died. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware — all without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware. All without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. From Static Playbooks to Autonomous Attackers Traditional ransomware follows predictable patterns. A script runs through a fixed playbook: scan, encrypt, demand ransom. If one step fails, the attack often stalls. Autonomous AI agents operate differently. They analyze their environment in real time, adapt when initial attempts fail, make contextual decisions about targets and techniques, and chain multiple exploits together without predefined sequences. This introduces machine-speed lateral movement. Something human defenders and traditional security tools are not built to handle. The Defensive Automation Gap The core problem is asymmetry. Attackers are rapidly automating both reconnaissance and execution. Defenders, on the other hand, still rely heavily on manual processes, static rules, and human-driven response. This "Defensive Automation Gap" creates dangerous imbalances in speed, scale, an

2026-07-07 原文 →
AI 资讯

Operation DragonReturn: DcRAT Deployment via Fake ITR Utilities

Originally published on satyamrastogi.com Seqrite Labs identifies multi-stage DcRAT campaign impersonating India's Income Tax Department. Attackers exploit tax professional workflows to deliver remote access trojans capable of data exfiltration and lateral movement. Operation DragonReturn: DcRAT Deployment via Fake ITR Utilities Executive Summary A China-nexus threat cluster is actively exploiting the predictable workflows of Indian tax professionals, corporate finance teams, and individual taxpayers through phishing campaigns distributing DcRAT (Dark Crystal Remote Access Trojan). Operation DragonReturn, as tracked by Seqrite Labs, demonstrates sophisticated understanding of Indian taxation cycles and organizational structures - critical operational intelligence required for high-success-rate social engineering. From an attacker's perspective, this campaign is methodologically sound: it targets a specific, predictable event (tax filing deadlines), uses trusted entity impersonation (Income Tax Department), and deploys a mature RAT with established evasion capabilities. The selection of DcRAT indicates access to commodity malware-as-a-service (MaaS) infrastructure, likely from Chinese underground forums where such tools are actively monetized and continuously updated. Attack Vector Analysis This operation chains multiple MITRE ATT&CK techniques into a cohesive infection chain: Initial Compromise: Spear-Phishing with Pretexting Attackers execute T1566.002 (Phishing - Spearphishing Attachment) by crafting emails impersonating legitimate Indian Income Tax Department communications. The social engineering layer leverages T1598.003 (Phishing - Spearphishing Link) with URLs pointing to malicious tax filing utilities. Pretexting is enhanced through T1589.001 (Gather Victim Identity Information - Credentials) , as attackers likely harvested tax professional contact lists from public records, LinkedIn OSINT, or previous data breaches. The timing of campaigns around Indian fis

2026-07-07 原文 →
AI 资讯

BOLA: a falha de segurança que a autenticação não resolve (e como eu blindei meu SaaS multi-tenant)

Meses atrás eu estava fazendo uma varredura de segurança no sistema multi-tenant da minha empresa, procurando vulnerabilidades. Afinal, já é um sistema que conta com diversos usuários e que a cada mês vem crescendo mais. Cyber security não é a minha área, então pedi um relatório com todos os achados pro nosso querido amigo Fable 5. O primeiro item veio destacado em vermelho, caixa alta, com a categoria mais grave possível: BOLA (Broken Object Level Authorization). Eu nunca tinha visto esse termo, e ele estava registrado como uma falha grave que eu nem sabia que existia. O sistema nasceu antes do advento da IA escrever código do jeito como faz hoje. Começou comigo codando na mão; meu foco era fazer funcionar para melhorar depois. Com a chegada da IA, parei de escrever código e passei a revisar e garantir qualidade. Só que, naquele relatório, eu não entendia metade dos erros listados. Não conhecia os nomes e muito menos sabia por que eram tão graves. E aí me caiu a ficha: eu sou um legítimo impostor. (Pelo menos era o que eu pensava e sentia.) Escrever código era onde eu sentia o esforço, a prova concreta de estar construindo algo com a minha criatividade. Como o Brooks escreve em O Mítico Homem-Mês: "a programação é divertida, porque satisfaz anseios criativos acalentados profundamente dentro de nós". Minha prioridade era resolver o problema, mas, pra resolver, eu tinha que entender onde estava pisando. O que é esse tal BOLA, e por que é tão grave? Este artigo é o que eu descobri. O que é BOLA A OWASP, que mantém a lista das falhas de segurança de API mais críticas, coloca o BOLA em primeiro lugar no ranking de 2023: a mais comum e a mais fácil de explorar. Ou seja, está em todo lugar e não exige um gênio pra abusar. A ideia central é simples. Toda vez que uma API recebe o ID de um objeto e faz alguma coisa com ele, seja POST, GET, DELETE ou o que for, ela precisa checar uma pergunta antes de responder: o usuário logado tem permissão pra acessar este objeto específic

2026-07-06 原文 →
开发者

Reverse Engineering is so cool

I want to share some thoughts about Reverse Engineering. I love JavaScript and TypeScript, but sometimes I don't want to create something, but the opposite, to understand how others programs work. Working with IDA and x64dbg is the best thing in the world. Btw, at the beginning I used Ghidra, but after I tried IDA, I liked it more. What do you think, what tool is better, IDA or Ghidra? 🤗

2026-07-06 原文 →
AI 资讯

TraceTree: Mapping malware behavior to catch supply chain attacks

We just released an important update: retraining our Random Forest model on real malware behavior from the CIC-MalMem-2022 dataset. The challenge was mapping 58,000 complex memory dump traces into a clean 10-feature vector space that our syscall graph extractor produces. How it works: Sandbox target in Docker (network dropped) Trace every syscall with strace -t -f Parse into a NetworkX directed graph Extract 10 features (process count, network connections, file operations, severity scores, etc.) Feed into RandomForest for classification We also resolved module-level import cycles and pinned skops for safer model deserialization in production. Looking for collaborators who understand malware behavior, syscall parsing, or want to contribute detection rules. Open to issues and PRs. https://github.com/tejasprasad2008-afk/TraceTree

2026-07-05 原文 →
AI 资讯

How we built KoshurLock Holmes: an AI detective for cyber attacks, and the night it almost broke me

The problem with a data breach is not finding evidence. It is connecting it. But let me start where I actually was: 4 AM, last day of the hackathon, staring at this in my terminal. RateLimitError: GroqException - Rate limit reached for model `llama-3.3-70b-versatile` on tokens per day (TPD): Limit 100000, Used 99787, Requested 1616. Please try again in 20m12s. Used 99,787 out of 100,000. My deployment was half done, my demo graph was empty on the server, and the free tier had 213 tokens left. The submission deadline was hours away. I had not slept. I had not eaten. My friends were asleep and I was swapping API keys like a gambler swapping chips. This post is the story of how we got there, and how it ended at 7 in the morning with the best sigh of relief I have ever taken. First, some honesty about how I got here When I joined my first WeMakeDevs hackathon, I did not believe in it. I thought it was one of those ordinary online events. Fake prizes, no follow-through, what would I even get out of it. I joined anyway, mostly out of boredom, got into the Discord, talked to people, made a few connections. I landed in the top 50. A few days later an email showed up: a free Claude Max subscription as a gift. I read it twice. I genuinely could not believe a hackathon had actually delivered something. So when this hackathon opened, I did not hesitate. I messaged my friends and said we are joining as a team this time. Three of us: me (Mehraan), Aqib, and Ubaid. The spark We spent the first evening in our group chat throwing ideas around and shooting most of them down. Then one of my friends dropped a thought that stuck: what happens after a company gets hacked? I started digging into it. The answer is honestly depressing. After a breach, the evidence is everywhere. VPN records. File access logs. The email gateway. Badge readers at the office doors. CCTV. HR notes. Anonymous tips. Each system tells one small piece of the story, and a human analyst has to stitch all of it togeth

2026-07-05 原文 →
AI 资讯

AgentGuard vs Semgrep vs CodeQL: 100 Percent vs 0 Percent on AI Agent Security

I ran the same 39 AI agent security samples through three scanners: AgentGuard, Semgrep, and CodeQL. The Results Scanner Detection Rate False Positives AgentGuard v0.6.4 100% (39/39) 0 Semgrep 0% (0/39) 0 CodeQL 0% (0/39) 0 Zero. Semgrep and CodeQL detected nothing. They have zero rules for AI agent security. AgentGuard has 17 detection rules covering all 10 OWASP ASI categories plus 4 novel attack vectors: Memory Poisoning, Tool Output Trust, Action Chain Amplification, and Multi-Agent Collusion. Real World AgentGuard found 332 critical vulnerabilities across Microsoft AutoGen and LlamaIndex. Issues reported directly: autogen#7917, autogen#7918, llama_index#22245. Reproduce git clone https://github.com/dockfixlabs/agentguard-benchmark cd agentguard-benchmark pip install dfx-agentguard python benchmark.py GitHub: https://github.com/dockfixlabs/agentguard PyPI: pip install dfx-agentguard

2026-07-05 原文 →
AI 资讯

I Opened 3 Security Issues on Microsoft AutoGen and LlamaIndex. Here Is Why

I just opened 3 security issues on two of the most popular AI agent frameworks on GitHub (combined 110K+ stars). The Issues microsoft/autogen#7917 : Docker code executor mounts host filesystem into sandboxed containers without trust boundary validation — container escape vector. microsoft/autogen#7918 : Agent self-modification patterns in Canvas memory module — agents can alter their own operating constraints during execution. run-llama/llama_index#22245 : 441 instances of unbounded recursive agent execution across 2,951 files — systemic resource exhaustion risk. All found with AgentGuard v0.6.2 (pip install dfx-agentguard), an open-source AI agent security scanner. Why Issues, Not Articles I have published 12 articles on Dev.to. Average views: 11. GitHub Issues on 50K+ star repos are read by thousands of developers and stay visible for years. This is the correct distribution channel for security findings — direct, unfiltered, and actionable. The Pattern The same vulnerability classes appear across all frameworks: Trust boundary violations (ASI10): agents crossing filesystem and network boundaries Agent recursion (ASI09): unbounded loops without circuit breakers Self-modification (ASI10): agents modifying their own state during execution These are not framework-specific bugs. They are systemic architectural gaps in how we build autonomous agents. Every framework needs guardrails for resource limits, trust boundaries, and behavioral constraints. AgentGuard detects all of them. 16 rules, 83 tests, 36 benchmark samples, 100 percent detection rate. pip install dfx-agentguard

2026-07-05 原文 →
AI 资讯

Someone Built a Physical Gear Shifter for Claude — and It's a Better UX Lesson Than Most Software Ships

A few days ago, Vaibhav Sisinty posted something on X that stopped my scroll: someone had wired up an actual, physical stick shift to switch between Claude models. Not a settings menu. Not a dropdown. A gear shifter, like the one in a car, sitting on a desk. Fable 5 in one gear. Sonnet in another for daily driving. Opus when the problem needs real depth. Slam the stick into position, and the model underneath your workflow changes. The detail that makes this more than a novelty: he built the shifter with Claude, specifically to make his own use of Claude faster. That's a nice little loop — using the model to remove friction from using the model. Why this is a smarter idea than it sounds On the surface it's a gimmick. Under the surface, it's solving a real problem that every heavy AI user runs into: model selection is a decision tax . Every time you open a chat and have to think "is this a Sonnet task or an Opus task?", you're spending attention on meta-work instead of the actual problem. It's a tiny cost, but it's a cost you pay dozens of times a day, and it never shows up on any productivity dashboard. A physical control collapses that decision into a single motor action — the same way a car driver doesn't consciously reason about gear ratios, they just feel the road and shift. That's the actual insight here: the best interface for a decision you make constantly is the one that requires the least conscious thought. A menu makes you look, read, decide, click. A physical lever makes you feel and move. For something you do fifty times a session, that difference compounds fast. A plausible look at how something like this comes together Nobody's published exact wiring diagrams here, but the architecture almost writes itself if you've worked with hobbyist hardware and API-based model switching. Here's roughly what a build like this involves: 1. The physical input layer A repurposed automotive or sim-racing shifter has a set of positions, each one closing a different switc

2026-07-05 原文 →
AI 资讯

The Hidden Dangers of DMARC p=none: Why It's Undermining Your Email Security (Not Just Deliverability)

Understanding DMARC and the 'p=none' Policy DMARC (Domain-based Message Authentication, Reporting, and Conformance), defined in RFC 7489, is an email authentication protocol. It builds upon SPF (Sender Policy Framework, RFC 7208) and DKIM (DomainKeys Identified Mail, RFC 6376) to provide domain owners with greater control. DMARC instructs recipient mail servers on how to handle emails that fail authentication and provides reporting on these failures. The p=none policy is often adopted as a preliminary step in DMARC implementation. It instructs recipient servers to take no specific action on emails failing DMARC alignment. Its primary function is to enable the collection of aggregate and forensic reports without impacting email deliverability. Many organizations view p=none as a safe, non-disruptive way to begin their DMARC journey. This initial perception, however, overlooks critical security implications. While it offers visibility, p=none provides no actual enforcement against malicious email. The Critical Security Vulnerability of p=none The fundamental flaw of DMARC p=none lies in its complete lack of enforcement. When a DMARC record is set to p=none , recipient mail servers will not block, quarantine, or reject messages that fail DMARC authentication. This includes emails that spoof your domain directly. Threat actors exploit this vulnerability to conduct phishing, business email compromise (BEC), and brand impersonation attacks. They can send emails appearing to originate from your legitimate domain, knowing that p=none offers no protective barrier. The recipient mail server simply delivers the fraudulent message. This policy effectively leaves your domain unprotected against direct domain spoofing. Despite having a DMARC record, your organization remains susceptible to advanced phishing techniques. The security posture of your email ecosystem is compromised. The Illusion of Insight: Data Without Action DMARC p=none does provide valuable data through its repor

2026-07-05 原文 →
AI 资讯

AI-Assisted AuthZ Review: Reading Permission Boundaries in Ory Kratos

Second in a series on using AI to review authorization — not to spray reports. Companion reference: AuthZ Smell Catalog . 1. Why AuthZ review is not vulnerability spraying The cheapest thing an AI can do in security is generate suspicion. Point a model at a codebase and it will hand you fifty "possible IDORs" before you finish your coffee. Almost all of them are wrong — guarded three lines up, scoped at the data layer, or protected at a boundary the model never saw. That flood is exactly why several bug bounty programs spent 2026 tightening or pausing: they were drowning in confident, plausible, wrong reports. So this review inverts the usual loop. The AI's job is not to find bugs — it is to over-generate hypotheses cheaply . My job is to kill them. What survives that killing is the only thing worth a human's time, and the record of what died is more useful than the record of what lived. The artifact of an honest review is therefore not a finding. It's a kill table . 2. Target and scope Target: Ory Kratos — an open-source identity and user-management server (login, registration, recovery, verification, sessions, self-service settings). Source-available, Apache-2.0. Why Kratos: it is exactly the shape where authorization goes wrong — multiple identities, a public API and an admin API, and (in Ory's hosted product) multi-tenancy. If a boundary is fragile, this is where it shows. Scope of this write-up: source reading only , on the public repository, single-tenant OSS build. No hosted target was touched. Nothing here is an undisclosed finding — the point is the method and the boundary design , and where relevant, how the design held against the hypotheses I tested. This maps to the reproduction tiers we track: everything below is repo_only , and I say so explicitly rather than implying it reaches a live product. What this review does and does not claim. In this limited, repo-only review, the hypotheses I tested were killed. This is not a claim that Kratos has no vulner

2026-07-04 原文 →
AI 资讯

Developing a Practical, Ethical Web/AppSec Learning Platform for Modern Vulnerabilities and Patterns

Introduction: The Need for Modern Web/AppSec Training The cybersecurity landscape is evolving at a breakneck pace, but the tools we use to train the next generation of defenders are stuck in the past. Most web/appsec learning platforms still focus on basic, textbook vulnerabilities —XSS popups, simple SQL injection, or trivial IDORs. These labs are like teaching someone to swim in a kiddie pool; they might grasp the concept, but they’re ill-prepared for the open ocean of modern web applications . The gap isn’t just in depth—it’s in relevance . Real-world apps today are complex, API-driven, and riddled with subtle, pattern-based vulnerabilities that don’t fit into neat, isolated lessons. Consider this: a developer misconfigures a GraphQL endpoint, exposing an entire database. Or an API leaks sensitive data because of a flawed rate-limiting mechanism. These aren’t edge cases—they’re common mistakes in modern apps. Yet, most training platforms ignore them, leaving learners to either stumble upon these issues in the wild or remain oblivious. The result? A workforce of security professionals who can theoretically exploit a vulnerability but struggle to identify or fix it in a real-world context . The problem isn’t just outdated content—it’s the lack of ethical, hands-on practice environments . Many aspiring security professionals resort to illegal or gray-area practices to gain experience, risking legal consequences and ethical dilemmas. What’s needed is a platform that simulates real-world scenarios without crossing ethical boundaries, one that teaches not just how to exploit but also why vulnerabilities occur and how to fix them . Here’s the core issue: modern apps are systems, not isolated components . A vulnerability in one part—say, a file upload feature—can cascade into a full account takeover if combined with a session management flaw. Most labs fail to teach this interconnectedness , leaving learners with a fragmented understanding. A practical platform must brid

2026-07-03 原文 →
AI 资讯

Linux LUKS Vulnerability, Android Developer Verification Threat, GitHub Secret Scanning Guide

Linux LUKS Vulnerability, Android Developer Verification Threat, GitHub Secret Scanning Guide Today's Highlights This week's top security news features a critical data leakage bug in Linux LUKS disk encryption, a deceptive new threat leveraging Android developer verification, and GitHub's practical guide to managing secret scanning alerts at scale. These stories highlight the ongoing challenges in OS hardening, mobile supply chain defense, and secrets management. Linux 6.9 LUKS Suspend Bug Leaves Encryption Keys in Memory (Hacker News) Source: https://mathstodon.xyz/@iblech/116769502749142438 A critical vulnerability has been identified in Linux kernels since version 6.9, where Logical Unit Key (LUKS) disk encryption keys are no longer reliably wiped from memory when a system enters suspend mode. This flaw means that after resuming from suspend, or even during a 'cold boot' attack, a sophisticated attacker with physical access could potentially extract the disk encryption keys directly from the system's RAM. Prior to this, LUKS was designed to clear these sensitive keys, providing a layer of protection against memory forensics attacks. The issue fundamentally undermines the security posture of LUKS-encrypted systems that rely on suspend functionality. It poses a significant risk for users and organizations handling sensitive data on laptops or any device where physical access by an adversary is a concern. The practical implication is that suspending a Linux 6.9+ system with LUKS encryption may no longer be a secure operation, forcing users to fully shut down their machines to ensure key erasure. Mitigation strategies include avoiding suspend, reverting to an earlier kernel version if feasible, or diligently monitoring for official patches addressing this severe data leakage vector. Comment: This is a serious regression impacting fundamental data at rest security for Linux users, especially on laptops. If you use LUKS, avoid suspend on Linux 6.9+ until a fix is verif

2026-07-03 原文 →
AI 资讯

Cybersecurity Mission Creep in the US

Interesting paper: “ Cybersecurity Mission Creep .” Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what this Article calls “cybersecuritized.” Before this reframing, these issues present as important but not existential. But once cybersecuritization positions the issues as threats intensified by their technological nature, they gain access to the politics and law of urgency and exceptionalism and invite troubling governance responses...

2026-07-02 原文 →
AI 资讯

CVE-2026-8037: Critical RCE Vulnerability in Progress Kemp LoadMaster Requires Immediate Patching

Introduction: Unveiling the Critical Vulnerability The recently identified CVE-2026-8037 vulnerability in Progress Kemp LoadMaster represents a critical threat to enterprise infrastructure. This remote code execution (RCE) flaw, stemming from an uninitialized heap issue , enables pre-authentication exploitation, allowing attackers to bypass initial security barriers without valid credentials. The root cause lies in the failure to initialize dynamically allocated memory regions, creating an exploitable condition where untrusted input can corrupt critical data structures. Attackers leverage this memory corruption to redirect program execution to malicious payloads, achieving full system compromise—from data exfiltration to operational disruption. Technically, the vulnerability arises during the software’s handling of untrusted input. When memory chunks in the heap are allocated but not properly initialized, they retain residual data or undefined states. Attackers exploit this oversight by crafting inputs that overwrite function pointers or control-flow structures, hijacking the program’s execution path. The causal sequence is precise: uninitialized heap → memory corruption → arbitrary code execution → system compromise. The pre-authentication nature of the exploit exacerbates the risk, as attackers require no prior access to execute their payload, rendering perimeter defenses ineffective. The implications are severe for enterprises relying on Kemp LoadMaster for load balancing and application delivery. Unpatched systems are exposed to infiltration, data theft, and ransomware deployment. Beyond the technical failure, CVE-2026-8037 exposes systemic deficiencies: insufficient input validation in software design and inadequate security testing during development. Organizations further amplify risk through delayed patch management , creating a critical window of opportunity for attackers. Immediate remediation is imperative to prevent catastrophic breaches that could under

2026-07-02 原文 →
AI 资讯

Apple Hide My Email Vulnerability, GitHub Hardening Guide, and Advisory Database Trends

Apple Hide My Email Vulnerability, GitHub Hardening Guide, and Advisory Database Trends Today's Highlights This week, we delve into a critical Apple 'Hide My Email' vulnerability leaking user addresses and a practical guide for GitHub maintainers to enhance project security. We also examine the record-breaking surge in vulnerability disclosures and how the GitHub Advisory Database manages this growing volume. Apple 'Hide My Email' vulnerability reveals peoples' real email addresses (Hacker News) Source: https://easyoptouts.com/guides/apple-hide-my-email-is-leaking-email-addresses This report details a critical vulnerability discovered in Apple's "Hide My Email" service, designed to protect user privacy by providing unique, randomly generated email addresses that forward to their real inbox. The flaw allows an attacker to bypass this privacy mechanism and reveal a user's actual email address. This is a significant concern for user privacy, as it undermines the core purpose of a feature intended to prevent spam and tracking. The article provides examples of how the leak can occur, often involving specific scenarios where the "Hide My Email" alias is used in conjunction with other services, allowing for correlation back to the original address. The vulnerability highlights the challenges in maintaining privacy-preserving features across a complex digital ecosystem. While Apple provides this service, its interaction with third-party applications or specific email processing methods can inadvertently expose the underlying data. Users are advised to be aware of this limitation and consider their risk tolerance when relying on such privacy features. The full technical details of the bypass and the specific conditions that trigger it are explained, offering insights into the potential attack vectors. Comment: This is a serious privacy breach for a feature designed explicitly for privacy. It reminds us that even robust privacy tools can have subtle flaws in complex usage pat

2026-07-02 原文 →