Posts

Schneier - Fast16 Malware

Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: “…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malware tool: By automatically spreading across networks and then silently manipulating computation processes in certain software applications that perform high-precision mathematical calculations and simulate physical phenomena, Fast16 can alter the results of those programs to cause failures that range from faulty research results to catastrophic damage to real-world equipment.” Another news article . Lots of interesting details at the links. from Schneier on Security https://www.schneier.com/blog/archives/2026/04/fast16-malware.html
Post a Comment
Read more

The Hacker News - New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori. "An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux from The Hacker News https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html
Post a Comment
Read more

The Hacker News - New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its real from The Hacker News https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html
Post a Comment
Read more

Black Hills InfoSec - A Practical Guide to BloodHound Data Collection

Image
This blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input. The post A Practical Guide to BloodHound Data Collection appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/bloodhound-data-collection/
Post a Comment
Read more

The Hacker News - Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes. The problem? Most defensive workflows from The Hacker News https://thehackernews.com/2026/04/webinar-how-to-automate-exposure.html
Post a Comment
Read more

KnowBe4 - Phishing Attacks Target Executives via Microsoft Teams

Image
A phishing campaign is targeting senior executives with social engineering attacks conducted over Microsoft Teams, according to researchers at ReliaQuest. The researchers believe former associates of the Black Basta criminal gang are running this operation. from KnowBe4 Blog https://blog.knowbe4.com/phishing-attacks-target-executives-via-microsoft-teams
Post a Comment
Read more

The Hacker News - What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, are we actually safer now?" Crickets. The room goes quiet because an honest answer requires context – which is something that patch counts and CVSS scores were never designed to provide. Exposure from The Hacker News https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html
Post a Comment
Read more