More results...
Australia’s spy chief warns China-linked actors are probing critical infrastructure and preparing for cyber sabotage and espionage. Australia’s intelligence chief Mike Burgess warned that China-linked threat actors are probing critical infrastructure and, in some cases, have gained access. He said at least two Chinese state-sponsored groups are positioning themselves for future sabotage and espionage operations […]
Synology fixed a critical BeeStation RCE flaw (CVE-2025-12686) shown at Pwn2Own, caused by unchecked buffer input allowing code execution. Synology patched a critical remote code execution (RCE) flaw, tracked as CVE-2025-12686 (CVSS score 9.8), in BeeStation, demonstrated during the hacking competition Pwn2Own Ireland 2025. BeeStation is a plug-and-play device that turns traditional storage into a […]
submitted by /u/CyberMasterV [link] [comments]
“Bitcoin Queen” Zhimin Qian gets 11 years in London for laundering $7.3B from a crypto scam that defrauded 128K victims in China. A British court sentenced a Chinese woman, Zhimin Qian (47), also known as the “Bitcoin Queen,” to 11 years and eight months in jail for laundering $7.3B from a crypto scam that defrauded 128K […]
Microsoft fixed over 60 flaws, including an actively exploited Windows kernel zero-day, in its latest Patch Tuesday updates. Microsoft’s Patch Tuesday security updates for November 2025 addressed 63 vulnerabilities impacting Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure Monitor Agent, Dynamics 365, Hyper-V, SQL Server, and the Windows Subsystem for Linux […]
Disclaimer: I’m the author of this blog post.
In the follow up to my previous post, where I Introduced a new attack class against LLMs which I define as Data-Structure Injection, I extend this method to show how these models can actually provide feedback on which prompts successfully bypass their safety filters.
This matters to both attackers and defenders in that this is crucial intel which can tell – in advance – which exploits work against LLMs.
Read the full blog post here: https://labs.zenity.io/p/modeling-llms-via-structured-self-modeling-ssm
submitted by /u/dvnci1452
[link] [comments]
Tank, whose real name is Vyacheslav Penchukov, climbed to the top of the cyber-underworld not so much with technical wizardry, but with criminal charm. submitted by /u/tides977 [link] [comments]
SAP fixed 19 security issues, including a critical flaw in SQL Anywhere Monitor with hardcoded credentials that could enable remote code execution. SAP addressed 19 security vulnerabilities, including a critical flaw in SQL Anywhere Monitor, with the release of November 2025 notes. The vulnerability, tracked as CVE-2025-42890 (CVSS score of 10/10), is an insecure key […]
Hi everyone, our recent post explores the unpredictability of Java garbage collection and the implications that has for secrets in code. submitted by /u/IncludeSec [link] [comments]
Researchers found Fantasy Hub, a Russian MaaS Android RAT that lets attackers spy, steal data, and control devices via Telegram. Zimperium researchers uncovered Fantasy Hub, a Russian-sold Android RAT offered as Malware-as-a-Service, enabling spying, device control, and data theft via Telegram. The malware allows operators to take over infected devices, gathering SMS messages, contacts, call […]