Aggregator

Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. [...]

Традиционные защитные программы даже не поймут, что система скомпрометирована.

Britain will likely ban at least some types of ransom payments as it revamps the nation's cybersecurity laws, but many open questions remain, including sectors and the organizational sizes to be covered, and if all payments might be required to pass sanctions checks, said policy expert Jen Ellis.

Artificial intelligence use in healthcare is only as safe and accurate as the governance and trust frameworks surrounding it, particularly in clinical environments where errors or hallucinations can directly impact patient care, said Dave Bailey, vice president at consultancy Clearwater.

Russian Hacking Shows Limits of Preventive Measures
Europe must step up its active defenses against cyberattacks and modernize its IT infrastructure, a leading expert has warned in the wake of a major attack on Poland's energy grid attributed to Russian hackers.

Civil Society Orgs Concerned Deal Could Tilt Cloud Security Space in Google’s Favor
A coalition of European civil society organizations is urging regulators to launch a detailed antitrust investigation into Google's proposed $32 billion purchase of Wiz. They argue the acquisition would strengthen Google's dominance in cloud security and undermine multi-cloud neutrality.

Also: Why AI Agents Are Colliding, What Good Governance Ought to Look Like
In this week's panel, four ISMG editors discussed real-time vishing attacks that are defeating MFA, the growing problem of AI agents making conflicting decisions inside of enterprises and why the next phase of AI adoption depends on governance, accountability and control.

NASCIO Agenda Focuses on AI Policy, Cyber Investment and Critical Infrastructure
State CIOs have lots on their plates, juggling multiple priorities from AI to cybersecurity. But the state IT programs don't have to go it alone. The National Association of State CIOs' 2026 agenda focuses on federal legislation - and federal funds - that could help state IT programs.

在2024年大选前几周，美国军方黑客进行了一项秘密行动，试图破坏俄罗斯水军向美国选民散布虚假信息的工作。

Session 11A: Blockchain Security 2

Authors, Creators & Presenters: Ye Liu (Singapore Management University), Yue Xue (MetaTrust Labs), Daoyuan Wu (The Hong Kong University of Science and Technology), Yuqiang Sun (Nanyang Technological University), Yi Li (Nanyang Technological University), Miaolei Shi (MetaTrust Labs), Yang Liu (Nanyang Technological University)

PAPER
PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation

Formal verification is a technique that can prove the correctness of a system with respect to a certain specification or property. It is especially valuable for security-sensitive smart contracts that manage billions in cryptocurrency assets. Although existing research has developed various static verification tools (or provers) for smart contracts, a key missing component is the automated generation of comprehensive properties, including invariants, pre-/post-conditions, and rules. Hence, industry-leading players like Certora have to rely on their own or crowdsourced experts to manually write properties case by case. With recent advances in large language models (LLMs), this paper explores the potential of leveraging state-of-the-art LLMs, such as GPT-4, to transfer existing human-written properties (e.g., those from Certora auditing reports) and automatically generate customized properties for unknown code. To this end, we embed existing properties into a vector database and retrieve a reference property for LLM-based in-context learning to generate a new property for a given code. While this basic process is relatively straightforward, ensuring that the generated properties are (i) compilable, (ii) appropriate, and (iii) verifiable presents challenges. To address (i), we use the compilation and static analysis feedback as an external oracle to guide LLMs in iteratively revising the generated properties. For (ii), we consider multiple dimensions of similarity to rank the properties and employ a weighted algorithm to identify the top-K properties as the final result. For (iii), we design a dedicated prover to formally verify the correctness of the generated properties. We have implemented these strategies into a novel LLM-based property generation tool called PropertyGPT. Our experiments show that PropertyGPT can generate comprehensive and high-quality properties, achieving an 80% recall compared to the ground truth. It successfully detected 26 CVEs/attack incidents out of 37 tested and also uncovered 12 zero-day vulnerabilities, leading to $8,256 in bug bounty rewards.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – PropertyGPT appeared first on Security Boulevard.

Ankou 一款现代化的模块化指挥控制 (C2) 平台 by ourren

DARPA：AI已成为未来战争关键 — 2026年度预算重点项目分析 by ourren

DARPA 2025年在研项目深度研究报告 by ourren

基于AI Agent的自动化恶意程序分析平台 by ourren

AIxVuln: 一个基于LLM的多Agent全流程漏洞挖掘项目 by ourren

AutoRedTeam-Orchestrator: AI驱动的自动化红队编排框架 by ourren

2025年度全球APT威胁研究报告 by ourren

更多最新文章，请访问SecWiki

E-signatures are now part of your security posture. In 2026, most organizations sign contracts, approvals, onboarding packets, and financial documents electronically. That increases exposure to account takeover, identity theft, document tampering, and audit gaps especially when teams rely on weak methods like a pasted signature image or email-only approval. This guide explains what cybersecurity teams […]

The post Essential E-Signature Solutions for Cybersecurity in 2026 appeared first on Cyber Security News.

Проект GnuPG выпустил обновление 2.5.17 для устранения критической уязвимости

Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. [...]

A vulnerability classified as problematic has been found in ays-pro Popup Box Plugin up to 6.1.1 on WordPress. Affected by this vulnerability is the function publish_unpublish_popupbox. Performing a manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-1165. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.121/6.12.66/6.18.6/6.19-rc5. Affected is the function es58x_alloc_rx_urbs of the component can. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-23037. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.19-rc4. This impacts the function vortex_probe1. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2026-23020. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in hayyatapps Sell BTC Plugin up to 1.5 on WordPress. This affects the function orderform_data of the component Orders Page. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-14554. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.5/6.19-rc4. The impacted element is the function flow_steer_list_lock. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2026-23024. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.