Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. federal agencies from using Kaspersky software, mandating its removal within 90 days.

Malware 271

Malware Antivirus DDOS Software 271

Penetration Testing

JUNE 25, 2025

CISA, FBI, and NSA call for adopting memory-safe languages (Rust, Go, Java, Swift) to slash software vulnerabilities. Android saw a 52% drop in memory bugs after embracing MSLs.

Software 70

Software Cybersecurity 70

Schneier on Security

FEBRUARY 13, 2025

DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

Government 363

Government Artificial Intelligence Banking Software 363

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker ­ and not its government customers ­ is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government 312

Government Spyware Mobile Hacking 312

Schneier on Security

APRIL 23, 2025

Beyond such isolation at the software, network, and microarchitectural layers, a Guillotine hypervisor must also provide physical fail-safes more commonly associated with nuclear power plants, avionic platforms, and other types of mission critical systems.

Architecture 228

Architecture Healthcare Software Risk 228

Schneier on Security

APRIL 16, 2025

“CVE naming and assignment to software packages and versions are the foundation upon which the software vulnerability ecosystem is based,” Romanosky said. “Without it, we can’t track newly discovered vulnerabilities. We can’t score their severity or predict their exploitation.

CSO 309

CSO Government Software Cybersecurity 309

The Hacker News

JUNE 10, 2025

A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries," Kaspersky said. The malicious functionality of the campaign

Software 91

Software Cyber Attacks 91

Penetration Testing

JUNE 25, 2025

CISA warns of critical flaws in ControlID iDSecure On-premises, including SQL Injection, auth bypass, and SSRF, risking vehicle access control systems.

Software 110

Software Risk Authentication Cybersecurity 110

SecureList

APRIL 7, 2025

Such software enjoys the trust of monitoring tools and doesn’t raise suspicions. Attackers get round this protection mechanism by using legitimate drivers that have the right signature, but contain vulnerable functions that allow malicious actions in the context of the kernel. But what if a security solution performs unsafe activity?

Software 103

Software Encryption Malware Firmware 103

Zero Day

JUNE 30, 2025

PT islander11/Getty Images Industry eyebrows were raised recently at New York Federal Reserve Bank data showing  software engineering graduates face higher unemployment rates than art history majors. It's complicated Here's the mindset shift you need to strengthen your job security in today's rapidly changing market.

Software 104

Software Password Management Small Business Engineering 104

Krebs on Security

JUNE 10, 2025

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.

Software 212

Software Engineering Internet Internet 212

Schneier on Security

DECEMBER 17, 2024

. […] Because the vulnerability that allowed him to rewrite the plates’ firmware exists at the hardware level—in Reviver’s chips themselves—Rodriguez says there’s no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display.

Firmware 268

Firmware Hacking Software 268

Zero Day

MAY 30, 2025

Imagine a single rogue line of code slipping past your tired eyes - and suddenly your entire app is compromised. AI coding agents could be the silent saboteurs of the next big cybersecurity crisis.

Software 102

Software Cybersecurity 102

Adam Shostack

JANUARY 2, 2025

The second major inflection is driven by governments re-arranging liability from software operators to software makers. AI, especially generative LLMs, replace finicky, unpredictable, expensive people with finicky, unpredictable, expensive software that doesnt complain when told to come into the office.

Software 243

Software Government Security Awareness Passwords 243

Schneier on Security

FEBRUARY 3, 2025

Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks. ” It is not clear who was behind the attack.

Spyware 262

Spyware Government Hacking Software 262

Adam Shostack

JANUARY 2, 2025

Software on Microsoft Windows uses an application programming interface (API) called "CreateFile" to access files. Ransomware works by going through files, one by one, and replacing their content with an encrypted version. Sometimes it also sends copies elsewhere, but that turns out to be slow, and sometimes sets off alarms.)

Ransomware 246

Ransomware Encryption Software 246

Krebs on Security

DECEMBER 10, 2024

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.

Authentication 262

Authentication Engineering Software Accountability 262

Schneier on Security

JUNE 25, 2025

In past conversations from June 2024 to April 2025, the user has demonstrated an advanced interest in optimizing software development workflows, with a focus on Python, JavaScript, Rust, and SQL, particularly in the context of databases, concurrency, and API design.

Architecture 325

Architecture Surveillance Accountability VPN 325

Schneier on Security

MAY 13, 2025

The case is over : A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I’m sure it’ll be appealed. Everything always is.

Software 196

Software Hacking 196

Schneier on Security

JANUARY 16, 2025

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. According to the FBI , at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

Malware 237

Malware Hacking Software 237

Krebs on Security

FEBRUARY 11, 2025

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. Windows enterprise administrators would do well to keep an eye on askwoody.com , which often has the scoop on any patches causing problems.

Artificial Intelligence 221

Artificial Intelligence Engineering Software Internet 221

The Last Watchdog

OCTOBER 23, 2024

INE Security advises businesses to secure their network by using firewalls, encrypting data, and regularly updating security software. Tip 4: Regularly Updating and Patching Systems Keeping software and systems up to date is crucial in protecting against vulnerabilities. Many cyber attacks exploit vulnerabilities in outdated software.

Small Business 162

Small Business Data breaches Backups Passwords 162

Krebs on Security

JANUARY 14, 2025

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

Artificial Intelligence 298

Artificial Intelligence Social Engineering Encryption Internet 298

Krebs on Security

NOVEMBER 19, 2024

Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. However, it did reference many of the same banks called out as Finastra customers in the Nov.

Data breaches 316

Data breaches Banking Cybercrime Advertising 316

Krebs on Security

JANUARY 31, 2025

The “fud” bit stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances. “The Cybercrime Team is on the trail of a number of buyers of the tools,” the Dutch national police said. ” U.S.

Phishing 282

Phishing Cybercrime Advertising Malware 282

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. Araneida Scanner. LinkedIn finds this same altugsara[.]com Neither Altug Sara nor Bilitro Yazilim responded to requests for comment.

Hacking 255

Hacking Cybercrime Advertising Data breaches 255

The Last Watchdog

DECEMBER 3, 2024

In the modern world of software development, code quality is becoming a critical factor that determines a project success. Code analysis is the process of detecting errors, flaws, and security defects in software. I hope we can assist you in improving your software development processes.

Risk 200

Risk Software Education Banking 200

Schneier on Security

APRIL 29, 2025

This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves.

Engineering 236

Engineering Architecture Software 236

Zero Day

JUNE 26, 2025

If you accidentally install the software, it searches your gallery and sends your data to nefarious parties who can wipe out your wallet or target your other accounts. 

Password Management 124

Password Management Small Business Passwords Artificial Intelligence 124

Zero Day

JUNE 6, 2025

" Also:  Stop paying for antivirus software. With both date of birth and SSNs being compromised, malicious actors have all the information they need to conduct fraud and impersonate AT&T customers. If they haven't already, the affected users should be notified and actively monitor their credit for any signs of fraud."

Password Management 128

Password Management Passwords Identity Theft Software 128