BuzzSec

In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel's Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is designed as a hardware feature in Intel server processors that allows applications to be run in a Trusted Execution from The Hacker News https://thehackernews.com/2025/10/new-wiretap-attack-extracts-intel-sgx.html

At KnowBe4, everything we do is built on a foundation of innovation and trust. As we bring more artificial intelligence (AI) into our human risk management platform, we believe it’s essential to be transparent and responsible every step of the way. from Human Risk Management Blog https://blog.knowbe4.com/building-trust-in-ai-knowbe4s-journey-toward-iso-42001-certification

The calendar has flipped into October, so now it’s time to let the Cybersecurity Awareness Month games begin! from Human Risk Management Blog https://blog.knowbe4.com/get-your-game-on-3-ways-to-use-the-2025-cyberawareness-month-resource-kit

But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (“REIW”)!  The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/wrangling-windows-event-logs-with-hayabusa-sof-elk-part-2/

In our previous blog post , we discussed the behavioral science behind why people click on malicious links. from Human Risk Management Blog https://blog.knowbe4.com/going-deep-a-simple-framework-for-a-complex-problem

A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. It also facilitates data from The Hacker News https://thehackernews.com/2025/10/critical-red-hat-openshift-ai-flaw.html

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router's API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy, from The Hacker News https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html

New report: “ Scam GPT: GenAI and the Automation of Fraud .” This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and more likely to either perpetuate scams or fall victim to them. AI-enhanced scams are not merely financial or technological crimes; they also exploit social vulnerabilities ­ whether short-term, like travel, or structural, like precarious employment. This means they require social solutions in addition to technical ones. By examining how scammers are changing and accelerating their methods, we hope to show that defending against them will require a constellation of cultural shifts, corporate interventions, and eff­ective legislation. from Schneier on Security https://www.schneier.com/blog/archives/2025/10/use-of-generative-ai-in-scams.html