Posts

Schneier - Identifying People Using Wi-Fi Routers

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals . This is accomplished through what is known as WiFi sensing , or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, they interact with the objects and people around them. Those signals can be reflected, scattered, or absorbed. By analyzing how the signal is expected to behave compared with how it is actually received, researchers can infer details about the surrounding environment. “By observing the propagation of radio waves, we can create an image of the surroundings and of persons who are present,” said Thorsten Strufe, a KIT professor and study co-author, in a press release . “This works similar to a normal camera, the difference being that in our case, radio waves instead of light waves are used for the recognition.” from Schneier on Security https://www.schneier.com/blog/arc...
Post a Comment
Read more

KnowBe4 - AI Agent Governance Part 1 - Beyond the Chatbot: Mastering AI Agent Governance

Image
In 2024, we talked to AI. In 2026, AI is talking to our systems, our customers, and increasingly, acting on our behalf. With AI agents, we are moving AI from a tool to an actor, from assistance to agency and from outputs to actions. And that changes the nature of risk. AI agents plan, execute, and interact with the world on our behalf. They send emails, move data, trigger workflows, and increasingly operate across systems without human intervention. from KnowBe4 Blog https://blog.knowbe4.com/ai-agent-governance-part-1-beyond-the-chatbot-mastering-ai-agent-governance
Post a Comment
Read more

The Hacker News - Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity. "Deserialization of untrusted data in Microsoft Office SharePoint allows from The Hacker News https://thehackernews.com/2026/05/microsoft-patches-sharepoint-rce-flaw.html
Post a Comment
Read more

The Hacker News - MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal the second factor: they just need the user to hand it over. If your workforce authenticates with from The Hacker News https://thehackernews.com/2026/05/mfa-prompt-bombing-why-your-second.html
Post a Comment
Read more

The Hacker News - CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability from The Hacker News https://thehackernews.com/2026/05/cert-in-mandates-12-hour-patching-for.html
Post a Comment
Read more

The Hacker News - Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026. The activity, besides embracing from The Hacker News https://thehackernews.com/2026/05/iranian-hackers-deploy-minifast-and.html
Post a Comment
Read more

The Hacker News - KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to from The Hacker News https://thehackernews.com/2026/05/knowledgedeliver-lms-flaw-exploited-to.html
Post a Comment
Read more