Bitwarden introduces ‘Cupid Vault’ for secure password sharing
Bitwarden has launched a new system called 'Cupid Vault' that allows users to safely share passwords with trusted email addresses. [...]
Aggregator
Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work
4 months 1 week ago
The post Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work appeared first on Security Boulevard.
Avishag Yulevich
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
4 months 1 week ago
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. [...]
Lawrence Abrams
Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle
4 months 1 week ago
The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology.
The post Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle appeared first on CyberScoop.
djohnson
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
4 months 1 week ago
The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes.
SpecterOps Launches BloodHound Scentry to Accelerate the Practice of Identity Attack Path Management
4 months 1 week ago
Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets, and stay ahead of emerging threats.
Gone With the Shame: One in Two Americans Are Reluctant to Talk About Romance Scam Incidents
4 months 1 week ago
Men should take extra care on Valentine’s Day because they are nearly twice as likely as women to fall victim to romance scams.
Microsoft: New Windows LNK spoofing issues aren't vulnerabilities
4 months 1 week ago
Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. [...]
Sergiu Gatlan
Those 'Summarize With AI' Buttons May Be Lying to You
4 months 1 week ago
Microsoft uncovered AI recommendation poisoning in 31 companies across 14 industries, and turnkey tools make it trivially easy to pull off.
Jai Vijayan
Roses Are Red, AI Is Wild: A Guide to AI Regulation
4 months 1 week ago
AI regulation doesn’t have to be romanticized or feared. Understand what matters in AI governance, compliance, and SaaS risk management.
The post Roses Are Red, AI Is Wild: A Guide to AI Regulation appeared first on Security Boulevard.
Grip Security Blog
Odido confirms massive breach; 6.2 Million customers impacted
4 months 1 week ago
Hackers accessed data from 6.2 million Odido accounts, exposing names, contacts, bank details, and ID numbers. Subsidiary Ben also warned customers. Hackers broke into Dutch telecom firm Odido and accessed data from 6.2 million accounts. The company confirmed the breach and said attackers took names, addresses, phone numbers, email addresses, bank account details, dates of […]
Pierluigi Paganini
The Agentic Virus: How AI Agents Become Self-Spreading Malware
4 months 1 week ago
In my previous post, I walked through how disconnected MCP servers and AI agents create a growing blind spot in enterprise identity. The problem: thousands of MCP deployments running with overly broad tokens, no authentication, and no connection to your identity fabric. The solution: federate everything through the Maverics AI Identity Gateway. That post assumed...
The post The Agentic Virus: How AI Agents Become Self-Spreading Malware appeared first on Strata.io.
The post The Agentic Virus: How AI Agents Become Self-Spreading Malware appeared first on Security Boulevard.
Nick Gamb
The Epstein Files Reveal Stunning Operational Security Fails
4 months 1 week ago
Plaintext Emails Trigger Police Probes Into Potential Leaks of State Secrets
A trove of documents connected to American financier Jeffrey Epstein published by the U.S. Department of Justice show that the rich and powerful who orbited the now-deceased convicted child sex offender practiced horrible operational security.
A trove of documents connected to American financier Jeffrey Epstein published by the U.S. Department of Justice show that the rich and powerful who orbited the now-deceased convicted child sex offender practiced horrible operational security.
Cryptohack Roundup: 20 Years for $73 Million Scam
4 months 1 week ago
Also: SafeMoon CEO Gets 8 Years for Fraud, SBF Seeks New Trial
This week, a 20-year sentence in a $73 million scam, SafeMoon CEO got eight years for fraud, Sam Bankman-Fried sought a new trial, Epstein's early crypto investments, a U.K. lawsuit against HTX, a probe of a Trump-linked crypto deal, a crypto-linked home invasion and a $43 billion Bithumb error.
This week, a 20-year sentence in a $73 million scam, SafeMoon CEO got eight years for fraud, Sam Bankman-Fried sought a new trial, Epstein's early crypto investments, a U.K. lawsuit against HTX, a probe of a Trump-linked crypto deal, a crypto-linked home invasion and a $43 billion Bithumb error.
EU Privacy Watchdogs Pan Digital Omnibus
4 months 1 week ago
Critics Say Regulation Amendments Would Chip Away at Fundamental Rights
A slew of amendments to European tech regulations touted by the European Commission as necessary for boosting continental competitiveness is receiving pushback from privacy watchdogs unhappy with changes that could water down EU privacy laws.
A slew of amendments to European tech regulations touted by the European Commission as necessary for boosting continental competitiveness is receiving pushback from privacy watchdogs unhappy with changes that could water down EU privacy laws.
NDSS 2025 – PBP: Post-Training Backdoor Purification For Malware Classifiers
4 months 1 week ago
Session 12B: Malware
Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University)
PAPER
PBP: Post-Training Backdoor Purification for Malware Classifiers
In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor poisoning attacks on ML malware classifiers. These attacks aim to manipulate model behavior when provided with a particular input trigger. For instance, adversaries could inject malicious samples into public malware repositories, contaminating the training data and potentially misclassifying malware by the ML model. Current countermeasures predominantly focus on detecting poisoned samples by leveraging disagreements within the outputs of a diverse set of ensemble models on training data points. However, these methods are not applicable in scenarios involving ML-as-a-Service (MLaaS) or for users who seek to purify a backdoored model post-training. Addressing this scenario, we introduce PBP, a post-training defense for malware classifiers that mitigates various types of backdoor embeddings without assuming any specific backdoor embedding mechanism. Our method exploits the influence of backdoor attacks on the activation distribution of neural networks, independent of the trigger-embedding method. In the presence of a backdoor attack, the activation distribution of each layer is distorted into a mixture of distributions. By regulating the statistics of the batch normalization layers, we can guide a backdoored model to perform similarly to a clean one. Our method demonstrates substantial advantages over several state-of-the-art methods, as evidenced by experiments on two datasets, two types of backdoor methods, and various attack configurations. Our experiments showcase that PBP can mitigate even the SOTA backdoor attacks for malware classifiers, e.g., Jigsaw Puzzle, which was previously demonstrated to be stealthy against existing backdoor defenses. Notably, your approach requires only a small portion of the training data -- only 1% -- to purify the backdoor and reduce the attack success rate from 100% to almost 0%, a 100-fold improvement over the baseline methods.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – PBP: Post-Training Backdoor Purification For Malware Classifiers appeared first on Security Boulevard.
Marc Handelman
MUZZLE:针对间接提示注入攻击的网络智能体自适应智能红队测试
4 months 1 week ago
作者:Georgios Syros, Evan Rose, Brian Grinstead 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2602.09222v1/https://arxiv.org/html/2602.09222v1 摘要 基于大语言模型(LLM)的网络智能体正被广泛部署,通过直接与网站交互并代表用户执行操作,实现复杂在线任务的自动化。...
Атомная станция на Луне? Звучит как фантастика, но в США уже греют топливо
4 months 1 week ago
Если химия топлива и испытания сойдутся, космос получит новый источник энергии и тяги.
Romania's oil pipeline operator Conpet confirms data stolen in attack
4 months 1 week ago
Romania's national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. [...]
Ionut Ilascu
The Gentleman
4 months 1 week ago
You must login to view this content
cohenido